The food delivery service has been fined £140,000 for a “seven-month spamming campaign of 79 million emails and one million texts.”
Customers were also not given enough information that their data would be used for marketing for up to 24 months after cancelling their subscriptions, the Information Commissioner’s Office (ICO) said.
The ICO began its investigation in March 2022 following 14 complaints made directly to the regulator as well as 8,729 to the 7726 spam message reporting service.
The investigation found the company continued to contact some individuals even after they had asked it to stop.
Andy Curry, head of investigations at the ICO, said: “This marked a clear breach of trust of the public by HelloFresh.
“Customers weren’t told exactly what they’d be opting into, nor was it clear how to opt out. From there, they were hit with a barrage of marketing texts they didn’t want or expect, and in some cases, even when they told HelloFresh to stop, the deluge continued.
“In issuing this fine, we are showing that we will take clear and decisive action where we find the law has not been followed. We will always protect the right of customers to choose how their data is used.
“The investigation that led to this fine began following complaints filed by the public, both to the ICO and to the 7726 service. This shows just how important it is that if you are being contacted with nuisance calls , texts or emails, that you report it straight away.”
HelloFresh first came to the UK in 2012 and allows its customers choose from dozens of recipe options every week, from 10-minute “super quick” meals to vegetarian options and more.
The meals are portioned depending on how many people you choose to cook for and are delivered straight to your door, instead of having to head out to a supermarket for ingredients.
A HelloFresh spokesman said: “Customers are at the centre of everything we do and we take our data protection obligations extremely seriously.
“Of the emails sent, the ICO only received three complaints.
“We have worked closely with the ICO, we have carefully considered their feedback and have made changes to our SMS and email policy.”