27th February 2020

Privacy policy

cake.

Privacy Statement

Who are we?
We are cake., referred to as we/us. Based at The Avenue, Shoreham-By-Sea, West Sussex, BN43 5GJ

Information collected by us

To fulfil your order and comply with tax legislation, we need to collect:

  • Your name and address
  • Your Telepone number (if you supply it)
  • Items that you have ordered from us
  • Your email address
  • We also collect anonymous data about your website visit which we cannot use to identify you
Why We Need Your Information and How We Use It
We rely on the following legal bases to collect your information:

To fulfil the contract between you and us, when you place an order with us, and to ensure performance levels can be verified for customer service or dispute resolution, Your positive consent to sign up for our mailing list. This may be withdrawn at any time by clicking the Unsubscribe link at the bottom of any email or contacting us directly.

To comply with accounting and tax regulations.

Under a legitimate interest to improve our service to you, we may ask for your feedback in the form of a survey or a review.

Information sharing and disclosure

Information about our customers is critical – if we don’t have the right information, we cannot guarantee that your product will reach you. It also helps us make sure that we provide you with the best possible service that we can. Occasionally, we use external services to help us do our job better, which we may need to share your data with. To be transparent, we use the following services:

MailChimp – we use MailChimp to allow us to send email newsletters if you have given us your explicit permission to do so.
Their privacy policy can be found here: https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation
Royal Mail – we use The Post Office’s services to allow us to process orders more efficiently. Their privacy policy can be found here: https://www.postoffice.co.uk/privacy
Stripe – we use Stripe to process payments and detect fraud. We do not process, hold or see any of your credit card data. This is dealt with by Stripe entirely. Their privacy policy can be found here: https://stripe.com/gb/privacy
Paypal – Paypal is one of our payment gateways. Their privacy policy can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
Jetpack – We use Jetpack to capture information about visitors to our site in order to improve our own performance. We do not have access to IP addresses, names or identities of users to our site. 
Should we be approached by the Police, or another legal agency who have correct documentation, we will be obliged to share the data with them.

Data Retention

We will retain your data for the shortest time we can. These are the length of times that our system will retain information and/or orders input by you:

  • Inactive accounts retained for one year
  • Pending orders retained for one month
  • Failed orders retained for one week
  • Cancelled orders retained for one week
  • Completed orders are legally required to be contained for up to seven years but will be retained for our accounting and performance records indefinitely, unless you request for specific information to be erased after the seven year period

 

Transfers of Personal Information Outside the EU

Some services that we may use are based outside of the EU. We will only ever do this when we feel it necessary and all services are certified under a relevant scheme.

Currently, we have the following services based outside of the EU:

MailChimp – MailChimp are based in the USA, and are certified under Privacy Shield
https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr
Stripe – Stripe process EU originating data in the EU, under Stripe Payments EU, based in Ireland. Some data may be transferred to their US parent company. Should this happen, this is done under their Privacy Shield certification.
https://stripe.com/privacy-shield-policy
Your Rights

If you reside in certain territories, including the EU, you have several rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. These rights are described below:

You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.

Update information held about you. If we hold incorrect information about you, we will update it unless we have good reason not to, without undue delay.

You have the right to ask us to delete data that we hold about you. We may not be able to comply with this should we have a legal obligation or overriding reason for this. If we do, we will give you a full reason, and tell you about your right to complain to the overseeing body.

You may ask to restrict what we may do with your data. You may withdraw your consent from any marketing at any time.
If you wish to restrict our processing of your data, we will suppress your data from any marketing or processing. We may continue to store your data in its entirety, or a subset of your data if it is required for legal reasons, or if we require it to ensure your request for suppression is upheld.
You can object to Our processing of some of your information based on legitimate interests and receiving marketing messages from us after providing your express consent to receive them.
In such cases, we will suppress your data until we can examine your reasoning for objection and take action appropriate to the decision.
Should you disagree with our decision, you may complain to the appropriate overseeing authority.

If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
In the first instance, please raise your concern with us, using the details specified at the bottom of this document. If you are unsatisfied with our response, you may complain to the overseeing body.
In the UK, the overseeing body is the Information Commissioner’s Office (ICO). Details on how to make a complaint can be found here: https://ico.org.uk/concerns/
How to Contact Us
For purposes of EU data protection law, Kara Challen is the data controller for ‘cake.’

Cookies on your device


We leave cookies on your device, with your permission, so that we can analyse usage and improve your experience with us. To see how we use use cookies, tap here 

If you have any questions or concerns, you may contact us at info@cakesussex.co.uk

Instagram
Facebook
Twitter
Pinterest