At Cook it Recipes (hereinafter Cook it), transparency about how we collect, use and disclose your personal data is important to us.
If you have any questions about this policy or our personal data handling practices, you can contact us at:
Person in charge of personal data
279 Sherbrooke West #301
Montréal, QC H2X 1Y2
As a participant in the AdChoices self-regulatory program in Canada managed by the Digital Advertising Alliance of Canada (DAAC), we adhere to DAAC’s principles for interest-based advertising, providing you with improved notification, transparency and control of our digital marketing practices. Click here for more information on our digital marketing practices.
- Personal data related to the Cook it Services subscription
When you choose to sign up for Cook it Delivery Services, we will first ask you to verify whether we deliver to your area. To do this, we will collect your email address and postal code.
In order to offer you the full range of Cook it Services and to deliver your food box to your desired address, we collect personal data such as the number of adults and children in your delivery package, your menu preferences, the number of recipes to be sent per week, your first name, your last name, your email address, your phone number, your payment method and your address for the Cook it box delivery.
We collect personal data about your transactional purchases, including the history, the amount, the type of products ordered, and your comments on previous recipes and ratings. Your account contains personal data such as your delivery schedule, language choice and food preferences.
These personal data are not shared with third parties for commercial purposes. If we share information about the use of our Delivery Services and product popularity, for example, we ensure that we prepare aggregate data that does not identify our subscribers.
- Personal banking and financial data
To provide our Delivery Services, we collect personal data related to your credit card. Our service provider, BrainTree, offers credit card payment as well as payment through your PayPal account. We do not have access to your credit card number, which is processed exclusively through BrainTree.
- Data related to the Star Chef and Gold Star Chef programs
All Cook it Services subscribers are automatically enrolled in the Star Chef program. The Star Chef program is a rewards program that allows you to earn stars with every purchase, by participating in Cook it challenges and activities and by referring Cook it to your friends. Subscribers who accumulate more than 5,000 stars are eligible for the Gold Star Chef program. In addition, subscribers can exchange their stars for items from the Cook it pantry and/or access promotions. As part of this program, we collect information about your stars, your rewards and about friends you refer to Cook it. We do not use their personal data for any other purpose unless we have the consent to do so.
- Automatically generated personal data
When you use the Cook it Services, our servers automatically collect data about your access to the Services, including your IP address, your browser type and configuration, your operating system, the length of your visit, pages viewed, your geographic location, your language preferences and your device’s information. We collect this information to make our Services work efficiently, to fix bugs and to ensure the security of our Services. For example, we may collect your browser language to present you with the correct language version of the web application service.
To ensure the security of our digital infrastructure—we collect and control audit logs particularly to monitor system performance, potential security threats and vulnerabilities, resource utilization, and to detect unusual system activity or service requests.
- Personal data related to customer service
We will process your personal data to respond to your customer service requests or technical support requests related to our Delivery Services. We use external service providers for these purposes, including the Zendesk integrated ticketing system. Some of these providers are located in the United States. We will process the personal data you provide to us only for the purpose of responding to your requests, or to improve our Services in response to that request.
- Personal data related to employment
If you decide to apply for one of the jobs on our website, we will collect any personal data you provide with your application and only for the purpose of processing your application. We use third parties who are responsible for facilitating the receipt of applicant profiles. Hiring service providers may host the personal data you share with them on servers located outside of Canada, including the United States. Here are some examples of our service providers: Grenier, Indeed.
- Personal data related to communications and social media
When you communicate with us through forms, emails, contests, or social media, we collect the personal data you choose to share with us.
Yes, and we maintain procedures to comply with applicable laws. You may withdraw your consent to receive email promotions at any time by using the automated feature in the emails, or by contacting us at vieprivé[email protected] We do not purchase mailing lists, nor do we sell our mailing lists to third parties.
A “cookie” is a small file that is transferred from a website to your computer. It is used to store information about your interactions with our website, such as your preferences when you browse our website, and can be retrieved later by the website. Cookies may come from third parties, or they may be set by us. Cookies may be temporary, or they may be set for a longer period of time, up to a maximum of 24 months.
|Session Cookies||We use session cookies to better understand how you interact with our website, and to monitor overall usage and web traffic information. A session cookie is a cookie that is set only for the duration of your browsing session.|
|Persistent Cookies||We use persistent cookies to recognize you each time you return to our website. For example, we create a persistent cookie that includes some basic information about you, such as your most recent search, the date of your most recent visit, pages visited, and files downloaded. A persistent cookie is set for longer than your browsing session and is necessary for behaviour analysis. They are never set for more than 2 years.|
We use the following types of cookies:
- Cookies that are essential to the operation of the website and functional cookies that are required for certain features to be available, even if they are not essential to your use of the website.
- Analytics cookies, which are used to generate aggregate statistics about traffic to our website and visitor behaviour. This type of cookie does not allow us to identify you individually. These cookies are often set by third parties, and this usage data is collected by them. Analytical cookies may be used to count the number of times an ad is shown to one of our subscribers and to calculate the cost of those ads. They also help us track the number of times you take certain actions, such as making a purchase following an advertisement. For example, the _fbp cookie is used by Facebook to provide us with analytical services and is set for a period of 90 days.
Yes, we use various cookie services provided by Google, including analytics and targeted advertising services, such as the DoubleClick, AdWords, AdSense and Google Analytics products. Through features provided by Google, we can combine these products with our other targeted advertising products, and target individuals based on their preferences.
Browsers and devices have tools that allow you to control cookies: you can block them, ensure that you are notified when you are subject to cookies and control the cookies already stored on your device. However, if you block all cookies, you may not be able to access all the functionalities of the Services.
Depending on the browser that you are using, different instructions apply. Click on your browser to have more information:
We may share personal data with third parties in certain circumstances, including to administer, provide, secure and improve our Services, to respond to requests for assistance, to host our Services, to prevent fraudulent activity, or as required by law under a subpoena or other legal process.
Our categories of third parties are:
- Website/infrastructure/storage hosting providers
- Payment services providers
- Customer support tools providers
- Employee recruitment services providers
- Communication tools providers
- Delivery services providers
- Analytics and promotional services providers
We ensure that appropriate contractual clauses are included in our contracts when suppliers have access to personal data.
Data about our subscribers are business assets of Cook it. As a result, subscriber data, including personal data, may be disclosed in connection with a merger or acquisition involving Cook it, the formation of a separate business, the sale or pledge of Cook it’s assets, and in the event of insolvency, bankruptcy, liquidation or legal redress.
We retain personal data for as long as necessary to provide you with our Services or as required by applicable law, whichever is longer. We use both persistent and session cookies. Session cookies are deleted as soon as you close your browser, while persistent cookies remain active on your device for some time. For example, Google Analytics cookies remain on your device for two (2) years.
We implement security measures commensurate with the risks, including using providers that have appropriate certifications and safeguards. Our credit card payment service provider, BrainTree, is PCI DSS Level 1 certified, and they do not host your payment validation code when you pay online. We use 3D Secure 2 (3DS2), the new industry standard for authenticating individuals for credit card payments to protect you from identity theft. When you pay by credit card, your credit card number is stored in BrainTree Vault, which is encrypted with multiple encryption keys, so that even in the event of unauthorized access to the Vault, your credit card information would be unreadable. We use multi-factor authentication to protect our account access to BrainTree, which also conducts vulnerability scans on a quarterly basis and ensures that an intrusion test is conducted annually on the credit card processing environment.
Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. It is your responsibility to keep your credentials secure and we suggest that you use secure networks, such as a private network, when shopping online.
Our web platform is hosted on Amazon Web Services (AWS) servers located in Canada. However, our service providers may process your personal data outside Quebec, including in the United States, depending on their location. These countries may have different laws to protect or provide access to your personal data.
While not absolute, the rights that may apply to you include the right to access your personal data and the right to rectify your personal data if they are incorrect, incomplete, invalid or ambiguous.
To exercise your rights or if you have any questions about how we collect, use or disclose your personal data, or about how we have responded to your request, please let us know by contacting us at:
514-544-2665 (Montréal, QC)
279 Sherbrooke West #301
Montréal, QC H2X 1Y2
If you wish to exercise any of these rights and the situation allows it, we will assist you at no additional charge. However, if you request a transcription, reproduction or transmission of your personal data, we may charge you reasonable fees to process your request—subject to applicable law. In this case, we will contact you regarding such fees before processing your request.
For security reasons and to prevent fraudulent requests, we may ask you to provide proof of identity with your request. Once the request is processed, we will securely delete this personal data.
If your request is denied, we will notify you in writing and provide detailed reasons and information on how to challenge our decision. We will retain the relevant personal data until you have exhausted your options. We will certainly respond to your request within thirty (30) days.
Please note that the Office of the Privacy Commissioner of Canada drafted this informative page to help you access your personal data when it is held by a business.
If you have any questions about your rights regarding the protection of your personal data, you may contact Quebec’s Commission d’accès à l’information (Access To Information Commission):
Email: [email protected]
Hours of operation: 8:30 a.m. to 12:00 p.m. / 1:00 p.m. to 4:30 p.m.
|City of Québec office|
525 René-Lévesque Boulevard East
City of Québec, QC G1R 5S9
2045 Stanley Street
Montréal, QC H3A 2V4
If you live outside the province of Quebec, you may contact the Office of the Privacy Commissioner of Canada:
9 a.m. to 4 p.m. (ET)
Office of the Privacy Commissioner of Canada
30 Victoria Street
You can also fill out this information request form.
If you have a complaint. We will do our best to answer your questions and, if necessary, improve our privacy protection processes. We will also provide you with additional information about our practices if requested.
If you are still not satisfied, you can file a complaint with Quebec’s Commission d’accès à l’information using this online form or with the Office of the Privacy Commissioner of Canada using this online form.
Latest update: July 4, 2021