Privacy and security of our visitors is one of our top priorities. We pledge to handle your data fairly and legally at all times. This policy applies whether you visit this website online through a mobile device or tablet, on a computer or direct email, by phone or if you speak with us face to face.
How we use your data
to provide goods and services to you, to make a tailored website available to you, to verify your identity, to manage any potential and confirmed orders, for crime and fraud prevention, for market research purposes,with your agreement to notify you of any promotional offers or news we think will interest you, in which you may unsubscribe from at any time, to enable us to manage customer service interactions with you or where we have a legal right or duty to use or disclose your information.
We do not share any of your information with third parties without your permission, except in the cases of complying with our legal obligations, exercising our legal rights, prevention, detection and investigation of a crime and for the protection of our employees and customers.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
What personal data do we collect?
We may collect the following information about you: your name, date of birth, billing and delivery address, telephone numbers, email addresses, orders made by you, when you place an order with us via credit/debit card payment, your payment card details, your communication and marketing preferences, your interests, preferences, feedback and survey responses, your location, other publicly available data, including any shared via a public platform.
Our website is not intended for children and we do not knowingly collect data relating to children.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you send an email to our enquiries email address. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
How we protect your data
We are committed to keeping your personal data safe and secure. We have internal policies setting our data security approach and regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents,
What you can do to help protect your data
We will never ask you to confirm any bank account details online or through email. If you are making a payment via bank transfer, or calling us to make a card payment over the phone, we recommend this is never done in a public place.
You have the following rights: the right to ask for a copy of personal data that we hold about you (the right of access), the right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten), the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification), the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object), the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing), and
the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
If you wish to exercise any of the above rights, please contact us.
Legal basis for using data
We collect and use customers' personal data because it is necessary for the pursuit of our legitimate interests: the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer, or complying with our legal obligations.
In general, we only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of Cakes & Carousels, including: selling and supplying goods and services to our customers, protecting customers, employees and other individuals and maintaining their safety, health and welfare, promoting, marketing and advertising our products and services, sending promotional communications which are relevant and tailored to individual customers, understanding our customers’ behaviour, activities, preferences, and needs, improving existing products and services and developing new products and services, complying with our legal and regulatory obligations, preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies, handling customer contacts, queries, complaints or disputes, managing insurance claims by customers, protecting Cakes & Carousels, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Cakes & Carousels, effectively handling any legal claims or regulatory enforcement actions taken against Cakes & Carousels and fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
Cookies are small data files which are placed on your computer or other devices (such as smart ‘phones or ‘tablets’) as you browse this website. They are used to ‘remember’ when your computer or device accesses our websites. Cookies are essential for the effective operation of our websites. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.
The main purposes for which cookies are used are: -
1. For technical purposes essential to effective operation of our websites, particularly in relation to on-line transactions and site navigation.
2. For us to market to you, particularly web banner advertisements and targeted updates.
3. To enable us to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.
4. To enable us meet its contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.
Our website may not operate properly if cookies are switched off.
This policy was last updated in May 2018. Cakes & Carousels is GDPR compliant.