1. About this policy
a. During the course of our activities we will process personal data (which may be held on paper, electronically, or otherwise) about our customers and we recognise the need to treat it in an appropriate and lawful manner, in accordance with GDPR. The purpose of this policy is to make you aware of how we will handle your personal data.
b. However data technology and rules change regularly, so we reserve the right to amend it at any time.
2. Data protection principles
a. We will comply with the seven data protection principles according to GDPR which say that personal data must be:
i. Processed fairly and lawfully.
ii. Processed for limited purposes and in an appropriate way.
iii. Adequate, relevant and not excessive for the purpose.
v. Not kept longer than necessary for the purpose.
vi. Processed in line with individuals’ rights.
vii. Be kept secure.
b. “Personal data” means recorded information we hold about you from which you can be identified. It may include your contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
3. How we are likely to use your personal data.
a. We will usually only process your personal data where you have given us your explicit consent for example to register for access to our website, or for entry into a prize promotion, or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in GDPR.
i. We will only process your personal data for the specific purpose or purposes notified to you or for any other purposes specifically permitted by GDPR.
ii. Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you.
iii. We will seek to keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be deleted. However, it is your obligation to keep us informed of any changes to your personal data, eg if you move house, or if you become aware of any inaccuracies in the personal data we hold about you. You may do this by sending an email as indicated in section six.
iv. We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required, which is typically two years from your last interaction with us, by email, website or other means.
v. We will only process your data in line with your data rights.
b. You have the right to:
i. Request access to any personal data we hold about you.
ii. Prevent the processing of your data for direct-marketing purposes.
iii. Ask to have inaccurate data held about you amended.
iv. Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
v. Object to any decision that significantly affects you being taken solely by a computer or other automated process.
c. To exercise any of these rights, please send us an email to the contact addresses in section six with your full name and contact details. We will respond within the timeframes set out by The GDPR. But do please understand that changes may not be immediate.
d. We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
e. We will ensure that we have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of deletion.
4. Providing information to third parties
a. Unless we have obtained your specific consent, we will never transfer your data to third parties for them to communicate directly with you. The only exception is where it is necessary to fulfil our obligations to you, for example to give a fulfilment company your address to send you a prize. But we will only transfer personal data if the other company agrees to comply with our data procedures and policies, and if they put in place adequate data security measures.
5. Subject access requests
a. If you wish to know what personal data we hold about you, you may make a request in writing by post or email. Send all such requests to the address in section 7.
a. We are always particularly mindful about maintaining the privacy of children who visit our website. The Little Treats Bakery encourages parents to instruct their children in the safe and responsible use of personal data whilst using the internet.
7. Data Contacts
a. For email requests : firstname.lastname@example.org
b. For written requests : The Little Treats Bakery, Rudheath, Northwich, Cheshire, CW9 7RQ
c. Full Address of the Data Controller : The Little Treats Bakery, Rudheath, Northwich, Cheshire, CW9 7RQ
d. Our company registration number is 00170133
e. Written communications should be marked for the data controller.
8. About this Policy
a. This policy was written and approved on 24th May 2018. Any amendments will be available on this page.