Hartley Health

Privacy Policy

The Hartley Health digital recipe and cooking platform is an online space to learn new skills and discover new recipes through the Hartley Health website (the Site).

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.


Services is the website operated by Hartley Health Pty Ltd –

“Service providers”
We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.

“Usage Data”
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).



1. Information Collection and Use

Our primary goals in collecting information are to provide and improve our Services and to enable our users to enjoy, use, and easily navigate our Services. To provide you with a consistent user experience and to recognise you as a user across our Services, we may collect and combine data as described below; for example, data collected when you visit the Site from one browser or device may be combined or linked with data collected when you visit the Site from a different browser or device, which may also be combined or linked with product usage data.

Generally, we collect two types of information: Personal Data and Other Information. “Personal Data” is information that can be used to identify or is reasonably linkable to you as an individual, and may include Usage Information (as defined below). “Other Information” is information that is not linkable to you as an identifiable individual, including information that has been de-identified or aggregated with data from other users.


When you use the Services, we may collect the following Personal Data:

  • Your contact information, such as your first and last name, email address, mailing address, and phone number;
  • Your billing information, such as your credit card number and billing address;
  • Your Hartley Health account information, including your user name, account number, and your encrypted Hartley Health password;
  • Information you voluntarily provide about yourself, such as allergies, dietary restrictions, food preferences, and groceries that you want to purchase;
  • Your preferences, such as food and recipe preferences, order history, and marketing preferences;
  • Your user content (including video and images) you provide to use certain features
  • Your Usage Information, as described further below; and
  • Your desktop/mobile device model and ID number, user settings, location (if you enable this feature), and information about your use of the site when applicable.

Your Personal Data is processed only to the extent necessary to pursue the purposes set out in this Privacy Notice. To learn about how long Hartley Health keeps your Personal Data, see Section 3, Data Retention.

Many of our services and features require some Personal Data. If you choose not to provide the necessary Personal Data, you may not be able to use certain services or features. If you choose not to share your Personal Data, features that require personalisation will not work for you.


2. Use of Data:

We use your Personal Data to provide our Services and administer your enquiries. For example, when you create an account and become a Registered User, we may ask you for Personal Data so we can create your account or populate your profile (see “Registered Users” below). We may also use your Personal Data to update our Services or features, troubleshoot, protect our Sites, and users, or provide support to you.

We also use your Personal Data to improve and develop our products and services, personalise our products, make recommendations to you, and send you relevant offers. We may also use your Personal Data to send you Hartley Health newsletters, marketing or promotional materials, or other information that may be of interest to you. Where required by applicable law, we will obtain your consent to send you these communications. If you decide at any time that you no longer wish to receive them, please follow the unsubscribe instructions provided in any of the communications or update your user preferences information.

Registered Users. Once you become a Registered User, you will be able to use and update your dashboard/profile page by submitting certain Personal Data. The profile page will display your profile name as well as your profile picture, if you choose to upload one. You can choose what other Personal Data you provide as part of your profile. Providing such information is voluntary and should correlate with the degree of interaction you want to have with Hartley Health.

Other Information. Other Information will be considered Personal Data if it is combined with other data in such a way that enables you to be identified. However, where Other Information is taken alone or combined only with other non-identifying information, it will not be treated as Personal Data. We may use Other Information for any purpose, unless prohibited by law.

We may combine your Personal Data with Other Information and aggregate it with information collected from other users to attempt to provide you with a better experience, to improve the quality and value of the Services and to analyse and understand how our Services are used. We may also use the combined information without aggregating it to serve you specifically – for instance, to deliver information to you according to your preferences or restrictions.

Usage Information. When you visit or use the Services or use a Hartley Health website or mobile application that has Hartley Health features our servers automatically record information that your browser or mobile device sends or transmits (“Usage Information”). This Usage Information may include information such as your computer’s Internet Protocol (IP) address, browser type or the webpage you were visiting before you came to our Site, pages of our Site (or of the site you visited that had the Hartley Health feature), the time spent on those pages, information you search for, access times and dates, the model and device ID number of your mobile device, user settings, location (if you enable this feature), and statistics and information about your use of the Site. We use this information to provide and improve the Services, develop new products, and offer products and services that may be of interest to you. We also use Usage Information to monitor and analyse use of the Services, for technical administration, to secure the Site and protect those who visit the Site, to improve functionality and user-friendliness, and to better tailor our Services to our visitors’ needs. For example, some of this information is collected so that when you revisit the Services, we will recognise you and can serve advertisements and other information appropriate to your interests. Some of the Usage Information (like your IP address) is Personal Data.

Cookies. Like many websites, we use cookies, pixels, web beacons, APIs and similar technologies to collect Usage Information. Pixels and web beacons are small pieces of code placed on web pages and content that communicate when the page or content has been viewed. A cookie is a small data file that your browser places on your computer that helps us understand how you interact with the Site and use our Services. We use two types of cookies. We use persistent cookies to save information like your search preferences, your account settings and login information, so that we can remember you and your settings when you return to the Site and personalise your experience. We use session cookies to enable certain features of our Services, but unlike persistent cookies, session cookies are deleted when you leave or log off and/or when you close your browser. Third-party advertisers on the Site may also place or read cookies on your browser. Most Internet browsers automatically accept cookies but you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of or all functionality of our Services.

We also use other parties (including Google Analytics) to provide usage analytics for our Services. These other parties will place their own cookies to collect traffic and activity data in order to deliver us relevant metrics and information. The collection of this data by these other parties is subject to their own privacy notices.


Legal Basis for Processing

Below is an explanation of the different legal grounds we have for processing your information:

  • To satisfy our contractual obligation to you.
  • For example: allowing you to register for an account and providing the services for you.
  • With your consent.
  • For example: processing health information, such as information about your allergies, so that we can filter our recipe library for you; processing your entry into a prize promotion/competition; sending you customised marketing communications related to our products and services electronically (including email, notifications from other party’s services, and notifications from mobile applications); and sharing your Personal Data with our selected trusted partners to help us send customised marketing communications with your consent.
  • When we have a legitimate business interest to do so.
  • For example: managing the requests for information you send us, including handling complaints; preventing fraud; enforcing our rights before the courts; improving the performance and security of our products and our Services, including the Site; sending you customer care communications concerning products or services you have used or which you showed interest in, and in order to carry out customer satisfaction surveys; unless you opt-out, contacting you for marketing purposes; and carrying out activities useful for the transfers of business and business branches, takeovers, mergers, demergers or other transformations and for the execution of such transactions.
  • For legal obligations. We may also use your Personal Data to the extent necessary to comply with our legal obligations.

If you do not want Hartley Health to use your electronic contact details for marketing purposes, you can always follow the instructions to “unsubscribe” in our emails; or in accordance with Section 14 of this Privacy Notice below.


4. Data Retention

Hartley Health will process and access your Personal Data for as long as it is necessary to achieve the purposes described above.


5. Information Shared with Others

We only share your Personal Data as described in this Privacy Notice. Through the Services, you are able to share your Personal Data when you share something through our Service, when you give us your consent to do so (like when we notify you that the information you provide will be shared in a particular manner and you provide us with such information), or when you share Personal Data with another party service (if you allow such sharing). We may share Other Information, such as de-identified data, with other parties.

Service Providers. We may share any of your data with companies and individuals we engage to facilitate our Services, to provide services to us or on our behalf, to perform related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of our features) or to assist us in analysing how our Services are used. We also share information about your use of Hartley Health products that does not personally identify you with service providers that store this information to improve the Services.

Compliance with Laws and Law Enforcement. In certain situations, Hartley Health may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Hartley Health cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Hartley Health or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.

Business Transfers. Hartley Health may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, re-organisation or sale of assets or in the event of bankruptcy.


6. International Transfers

We may transfer to people in foreign countries any of your personal information to fulfill the purposes set out in this Privacy Policy. In many cases the transfer will be necessary for the performance of our contract with you, for the implementation of measures taken in response to a request by you or for the performance of a contract with a third party which is concluded in your interests. The countries to which such disclosures are made, and types of personal information disclosed, depend on the specific circumstances of the services being provided by us.

We may also store, process or back-up personal information on servers that are located overseas (including through third party service providers). In some circumstances, we use third party service providers to carry out its functions and provide services.
While reasonable steps are taken to ensure these overseas recipients are subject to and comply with Privacy Laws, you acknowledge that these recipients may not be accountable under the Privacy Act and consent to the transfer of your information on this basis. If you are located in the EU, there may be additional restrictions on the overseas transfer of your information and we have also taken steps to give you the protections available to you under GDPR.


7.  Managing Your Data

We give you options to help you understand what Personal Data we use and to request that we change how we use it. At any time, you may contact us to:

  • be informed on the purposes and methods of the processing of your Personal Data;
  • ask for access to your Personal Data (commonly known as making a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you;
  • ask for updating or rectification of the Personal Data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
  • request erasure of your Personal Data. This enables you to ask us to delete or remove your Personal Data where there is no good reason for us continuing to process it. You can also ask us to delete or remove your Personal Data where you have successfully objected to processing or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for reasons which will be communicated to you, if applicable, at the time of your request;
    restrict the processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where you allege that our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
  • object to the processing, wholly or partly, of your Personal Data where we are relying on legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
  • where we are relying on consent to process your Personal Data, you can revoke the consent to the processing of your Personal Data freely and at any time, and also opt-out of marketing communications by clicking on the unsubscribe option at the bottom of our marketing communications; or
  • make your Personal Data available to you or to a different provider in some circumstances. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that Personal Data we process based on our legitimate interests (or those of a third party) may not be portable.
    If you wish to manage your data as described above, or raise any questions about the Personal Data we hold about you, please contact us as per section 14 of this Privacy Policy.


8. Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Hartley Health aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

1. The Right To Access, Update Or Delete The Information We Have On You. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

2. The Right Of Rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

3. The Right To Object. You have the right to object to our processing of your Personal Data.

4. The Right Of Restriction. You have the right to request that we restrict the processing of your personal information.
The Right To Data Portability.  You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.

5. The Right To Withdraw Consent. You also have the right to withdraw your consent at any time where Hartley Health relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

9. Advertising

As described above, we and other parties we do business with (including advertisers on the Site), may place or recognise unique cookies or other technologies on your browser or device when you visit the Site or use Hartley Health. In addition to the uses above, these technologies enable the collection of information about online activities over time and across different websites and apps, which can be used to customise advertisements to you as you browse the Internet.


10. Security

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.


11. Links to Other Sites

Our Services may contain links to other websites, apps, and platforms. If you click on an ad or another third party link, you will be directed to that third party’s website, app, or platform. The fact that we link to a website or present a banner ad or other type of advertisement is not an endorsement, authorisation or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Data from you. Other sites follow different rules regarding the use or disclosure of the Personal Data you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit. This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any other parties.


12. Our Policy Toward Children

Our Service does not address or is recommended to be utilised or accessed by anyone under the age of 18 years old.

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.


13. Amendments and Updates

Please note that this Privacy Policy forms part of the Terms and Conditions for use of the Service and forms part of the Agreement between you and us. We may, from time to time, amend this Privacy Policy, in whole or part, at our sole discretion. Any changes to this Privacy Policy will be effective immediately upon the posting of the revised Privacy policy on the Site. Depending on the nature of the change, we may announce the change on the Site or by email if we have your email address.
However, in any event, by continuing to use the Site following any changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Privacy Policy, as it may be amended from time to time, in whole or party, you must terminate your use of the Site.


14. Contact Us

If you have any questions about this Privacy Notice, please contact us via email at [email protected]