NOTTO Pasta is the trading name for DoubleZero Delivery Ltd (otherwise known as ‘we’, ‘us’ or ‘our’) a Limited company registered in the UK (Company number 13225620).
We recognise our responsibilities as data Controllers and we aim to provide transparency and accountability in the processing of data at all times.
London W1J 9EZ
Information we collect about you
Information is obtained about you when you visit our websites, communications with you relating to our products and services, information obtained via comments and messages sent via our social media pages and when you sign up to our newsletters.
We will only retain the data you provide us for the purposes of the services we provide you. If we don’t hear from you for more 24 months we will remove you from our records.
Data we collect directly
We may collect the following information:
• Contact information including name, address, telephone numbers and/or email address
• Demographic information such as postcode, preferences and interests
• User name, password and email address when you set up an account
• Financial transactional details when processing payments but we do not collect or store your payment card details.
• Other information relevant to customer surveys, online competitions and/or offers
Browsing data we collect – cookies
Cookies are small files of unique letters and numbers that are sent to a device’s browser from a website when users visit and navigate the site. They allow a website to recognise a device when users revisit, recollect previous browsing history and any information provided to the site.
What we do with the personal data we collect
We use your data to deliver your service requirements and manage your account. This includes
- Processing of orders you have submitted.
- Customer Service communications relating to products and services of your interest
- Updates, essential announcements, responses to inquiries, questions and related requests
- Internal record keeping to support ongoing, personalised service delivery
Any information you provide may be used to help us improve the services we deliver and respond efficiently to requests and ongoing support
We may use your data to better understand your requirements and provide you with a premium service
- We may use your product interests and purchase history to provide you with personalised offers and services
- We may periodically send promotional emails about new products, special offers or other information (including samples) we think you may find of interest. You may opt out of these communications at any time.
- We will only use the email address you have provided in line with your marketing preferences and our management of this data
- We may use your information to carry out our obligations when you actively participate in competitions and related activities
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We can use the information to customise the website according to your interests
Automated data processing
We do not process your data without human intervention under the GDPR Automated Data Processing definition. We may, however, analyse and profile individuals’ purchase history and profiles to provide a more personalised service.
You can withdraw your data processing in respect of this by contacting us at [email protected].
We will only process your personal data if there is a necessity to do this in relation to the services we are providing and in accordance with your individual rights.
Delivery of services
Our lawful basis for processing your personal data in respect of orders and related customer services is that we have a contractual obligation to you in the delivery (or negotiation) of services within the terms and conditions of these agreements. Please refer to our Terms and Conditions.
- We also exercise our Legitimate Interests to promote relevant commercial services we provide to existing customers in respect of related products, updates and services.
- We base our Legitimate Interests on an understanding of your interest in our products and services and we will only provide you with promotions relating to these interests within an appropriate timeframe. We deliver this through email communications and opportunities to opt out of promotions are provided at all times.
- Where individuals opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information etc based on the lawful basis of consent. If at any time users would like to unsubscribe from receiving emails, we include clear instructions at the bottom of each email or users may contact us
- In the unlikely event of legal, security or personal safety requirements there may also be a need to process your information in order to comply with a statutory obligation. This is outside of our delivery of business services or promotional activities and we will adhere to the directives of authorities in respect of this.
- You can contact us in respect of our lawful basis or any aspect of our processing of your personal data at any time at [email protected].
Your individual rights
The GDPR accords individuals clearly specified rights over the data they provide and their expectations of organisations using their personal information. We are committed to upholding these rights and your requirements of us as your data Controllers
- The right to be informed – we will uphold your right to be aware of any processing, privacy and security in respect of your data at any time
- The right of access – you have the right to submit ‘Subject Access Requests’ to us in any respect of your data collected and processed. We will respond within 30 days should you wish to do so
- The right of rectification – we will update and rectify any amendment to your personal data you advise us of
- The right to erasure – unless required to maintain data aspects for legal or contractual reasons we will delete your data from our systems and processing within 30 days of your request
- The right to restrict processing – please inform us if there are aspects of data processing that you would prefer to be excluded from
- The right to data portability – if you request, we will transfer the data you have given us to requested parties in a digital and standard format
- The right to object – you can object to data processing under Legitimate Interests and remove consent at any time
Exercising your Individual rights and managing your personal information
You can contact us in respect of your Individual rights at any time via email ([email protected]) or through the contact details provided above
You may also maintain and update your data processing preferences in your engagement with our services
- Responding or unsubscribing to emails you have previously given consent to or have received on the basis of our Legitimate Interests
- Using the opt-in boxes we provide whenever you are asked to fill in a form on one of our websites
- This will allow you to freely and actively opt in to receipt of information from us for direct marketing
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at [email protected].
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
If you do consent to receipt of promotional activities about third parties they may send you emails in relation to their products and services. You can opt out of these at any time.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.
In order to deliver a premium service we may use selected third party organisations to fulfil orders and enhance your customer experience.
We will only share your information with these parties for the purposes stated in this privacy statement and administration of our business services. These may be for the following purposes:
- Payment processing organisations
- Delivery organisations
- Fraud prevention, screening and credit risk management companies
- Mailing houses (including email and/or SMS disseminators)
- Data cleansing providers
- Data management services
- Analytical consultants
You can contact us in respect of data sharing and the third parties we use at any time via [email protected].
We need your payment address, postcode and IP address in order to be able to verify your payment and to enable us to charge your card
- When you submit your credit card details to us, we use industry standard Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption technology to guard your information
- Your credit or debit card details, along with your personal information, are encrypted during transactions to ensure payments are processed securely
- Payment card details are entered into the site of our payment gateway provider Opayo (formerly known as Sagepay) and are not known to or retained by us. Opayo processes all payments off site. Please see this policy page for more details on how Opayo will keep your details safe.
- We will reveal only the last four digits of your credit card number when confirming an order
- Your browser will show when you are in a secure environment by displaying either a locked padlock or an image of a key in the grey bar at the bottom of the page
- The web site address should begin with https – the ‘s’ standing for ‘secure’
International data transfers
In the unlikely event that personal data is required to be shared across international jurisdictions outside of the UK and EU we will maintain lawful steps to ensure that your information is protected in accordance with GDPR security and privacy requirements.
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we process.
This covers all areas of data collection, management, processing and payments, ensuring against unauthorised access, alteration, disclosure or destruction
- Where relevant, data is stored on secured servers, encrypted and password protected
- Access to data is limited to authorised personnel
- Where data transfer is necessary for third party agreements (such as data processing services, for example), data is passed in accordance with GDPR requirements and we uphold our responsibility as Controller to vet, monitor and regulate suppliers’ processing of your data
For more information on our data security, our suppliers or the conditions of these agreements you can contact us at any time at [email protected].
Links to other websites
Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Changes to this policy
Should you have any reservations or complaints about the way in which we process your data you can contact the ICO at the following web address https://ico.org.uk
This policy is effective from 03/05/2021