Under data protection legislation we are the Data Controller and are therefore required to inform you of the information contained in this Policy.
This Policy only relates to the collection, protection, disclosure and use of personal data belonging to individuals who visit www.cake-of-the-day.co.uk (the “Site”) or who otherwise provide us with their personal information. It does not relate to other websites that may be linked to from our site. We will use your information only for the purposes for which it was collected.
This Policy has been prepared to meet the requirements of all relevant laws and regulations relating to data protection, whether local, national or supranational, including (i) the Privacy and Electronic Communications Regulations (EC Directive) 2003 (S/2003i2426) (ii) the Data Protection Act 2018 (iii) all applicable requirements of the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time in the UK unless and until the GDPR is no longer directly applicable in the UK and then (iv) any successor legislation to the GDPR and the Data Protection Act 2018 and also The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, (the “Acts”).
By providing your personal information to us, you agree that we may collect and use all personal information provided in the ways described in this Policy. If you do not agree with the terms of this Policy then please do not provide personal details to us.
Please note that we may need to update this policy on a regular basis to reflect changes in the law. We recommend that you check this page regularly to ensure that you have read the most recent version and are happy with any changes.
This policy was last updated on: 8th June 2020.
1. Information we may collect from you
1.1 It is your choice whether or not to provide us with your personal information. Personal information (or ‘personal data’) means any information about an individual from which that person can be identified. It does not include data where the the identity has been removed (anonymous data).
1.2 The information we may collect from you includes but is not limited to:
- Personal contact details including: name, title, address, telephone number, email address, your communication preferences that you may provide to us by filling in forms on our Site, or if you request information from us or when telephoning us;
- Correspondence, or a record of it should you contact us;
- Details of your visitis to our Site (including, but not limited to, traffic data, location data and other communication data);
- It is important that the personal information we hold on you is accurate and current. Please advise us if your personal information changes during your time with us.
1.3 We may provide you with the option to select whether you would like to receive information from us by opting in or out of receiving promotional offers. In some circumstances, you will not have the option to opt out, for example, when we are administering a transaction requested by you, or if we are satisfying a legal requirement.
2. How do we collect your information?
2.1 Ways in which you may be providing us with personal information include:
- Registering on our site;
- Contacting us with an enquiry;
- Signing up to receive a newsletter and/or exclusive offers;
- Purchasing a product;
- Requesting us to forward a product to another email address;
- Reporting a problem;
- Giving us feedback
2.2 The information we may collect includes, but is not limited to, data concerning traffic on our Site and location data.
2.3 By providing any personal information to us, you fully understand and clearly consent to the transfer, collection and processing of such personal information on accordance with the terms of this Policy.
3.1 Like many other websites we use ‘cookies’ to help us gather and store information about visitors to our Site.
4. Uses made of the information by us
4.1 We will only use personal information collected from you for the purposes for which it was collected (or for related purposes), to provide specific services that you request and to provide additional services that may be of interest to you, or in the following circumstances:
- Ease of use – To ensure that content from our Site is presented in the most effective manner for you and your computer.
- Transactional Purposes – To carry out our obligations arising from any contracts entered into between you and us, to respond to your queries and requests, maintain you accounts and manage transactions, such as credit card payments for any products that your order from us, or the fulfillment of such transactions.
- Communication – To notify you about any changes to information we place on our Site or to our services.
- Marketing Communications – We may use your personal information to communicate with you about our products and services for our own internal marketing analysis.
- Compliance – To comply with a legal duty or regulatory obligation to which we are subject.
- Any information or statistics relating to our business that we disclose to others shall not identify you personally. We may, for example, perform statistical analyses of the behaviour of the users of our website in order to measure interest in the various areas of our Site. This information, and any other general information about our users that we share with others, will not contain personal information about you.
- We will not, under any circumstances, sell your personal information to anyone.
5. Change of purpose
5.1 We will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is comparable with the original purpose then please contact us by email at [email protected].
5.2 If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
5.3 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required by law.
6. Links to other websites
7. How and where do we store your personal information?
7.1 All personal information we collect from you is stored on secure servers.
7.2 The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. If your personal information is shared, you can expect a similar degree of protection in respect of your personal information as we require third parties to respect the security of your data and to take appropriate measures to protect your personal information in line with this Policy.
7.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent any unauthorised access.
8. How long do we keep your personal data for?
8.1 We will only retain your personal information for as long as necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, and for the uses set out in this Policy. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Disclosure of your information by us
9.1 We may disclose your personal information to:
- Third parties to whom you have provided your consent in order that they will be able to prepare and send any communications to you,
- In the event that we sell or buy any business or assets, we may disclose your personal information to the prospective buyer or seller,
- If Cake of the Day, or all of its assets are acquired by a third party, in which case personal data held will be transferred to one of its assets.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply other agreements. This includes exchanging personal information with other companies and organisations for the purposes of fraud protection.
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not permit our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
10. Information security
10.1 We have a number of procedures and security measures in place to prevent your personal information being accidentally lost, used or accessed in an unauthorised way. In addition, we limit the access to your personal data to those employees and other third parties who have a business need to know. the will only process your personal information on our instructions and they are subject to a duty of confidentiality.
10.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Your rights
11.1 How can I access the information you hold about me?
- Under the GDPR you have the right to access information we hold about you (more commonly known as a ‘Data subject access request’) free of charge. If you would like a copy of this information please email us at [email protected].
11.2 Can I change the information you hold about me?
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific reason you have the right to withdraw your information for that purpose at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent we may not be able to provide you with certain products or services. We will advise you if this is the case at the time you withdraw your consent. If you would like to withdraw your consent please email us at [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we have another legitimate basis for doing so in law.
11.3 Under certain circumstances, you also have the right to:
- Request access to the personal information that we hold about you. This enables you to receive a copy of the personal information that we hold about you and to check that we are lawfully processing it.
- Request correction of personal information that we hold about you. This enables you have any incomplete or inaccurate information we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us. It is important that they information that we hold about you is accurate and current. Please let us know if your personal information changes.
- Request erasure of your personal information where this is no good reasons for us to continue to process it.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- Request the transfer of your personal information to you or a third party.
12. Time to respond to you
12.1 We try and respond to all legitimate requests within one month. Occasionally it may take us longer to respond if your request is particularly complex of if you have made a number of requests. In this case, we will notify you and keep you updated.
13.1 You have the right to make a complaint at any time to the Information’s Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Questions, comments and requests regarding this policy are welcomes and should be sent to [email protected].