Document Version 2.0.2 – Effective From 2018.05.25
Who we are
We are Holtwhites Bakery Limited (referred to as “we” or “us” or “our”). We own and operate this website. Our full contact details are available on our contact page. Please contact us if you have any questions or feedback about this policy.
For the purposes of relevant data protection regulations, we are the data controller for information gathered via this website except in any circumstances explicitly stated as exceptions in this policy.
The point of this policy
This policy is here to inform you, to the best of our ability, about personal information collected from you when you use our website. This includes how we get that information, how we might process or use that information, how and when we might disclose it and how you can control what we do with your information.
You should not use this website or provide us with any information via forms on our website unless you are completely happy with this policy. If you do use our website we will assume that you have read, understood and are happy with the terms of this policy.
Changes to this policy
This policy is reviewed regularly and is subject to change. In the event that the policy is updated we will update this page and display a notice that the policy has been updated on our website home page.
If we make material changes to how we treat personal data we will employ our best efforts to notify you by email through a notice on the website home page. The date this policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting our website and this policy page to check for any changes.
The data we collect
When you visit a website, information can be collected and stored about you and your visit. When you visit our website, that information can be categorised as follows:
- Information you give us This is information you might choose to give us by filling out forms on our web site and might include things like your name, address, email addresses and telephone numbers etc. Often these forms might also include options to specify your interests, ask questions, make comments or provide other optional information about you relevant to your enquiry.
- Automatically collected information (web server logs) When you visit our website some anonymous technical information is usually recorded automatically by both your Internet Service Provider (ISP) and the Internet Service Provider (ISP) web server that hosts our website. Examples include the Internet Protocol (IP) Address used to connect your computer to the internet, the time and date of the connection, software information such as browser type and version, type of operating system and platform (e.g. windows, mac or mobile device etc) and the pages visited. This information is not stored or processed by us.
How we collect information
We collect personally identifiable information via our website when you choose to fill out and submit an online form. These forms are provided to you as a convenient and structured alternative to sending us an email and employ the same technology and security as sending us an email directly.
Lawful basis for processing your personal data
We have a lawful basis for our processing of your personal data, including processing for our legitimate interests (when balanced against your rights and freedoms), to fulfil our obligations to you under any contract with you, as required by law and with your consent.
Within the European Union the processing of your Personal Data is lawful only if it is permitted under the applicable data protection laws. We have a lawful basis for each of our processing activities (except when an exception applies as described below):
- Legitimate interests We will process your personal data as necessary for our legitimate interests. Our legitimate interests are balanced against your rights and freedoms and we do not process your personal data if your rights and freedoms outweigh our legitimate interests. Specifically, our legitimate interests are to: facilitate communication between us and you; detect and correct bugs and to improve our website, products, and services; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crime (including misappropriation of intellectual property); promote and market our business; check your credit and perform risk assessments; and develop our product and services.
- To fulfil our obligations to you (under agreement or contract) We process your personal data in order to fulfil our obligations to you pursuant to any agreement or contract with you to deliver our products and services to you.
- As required by law We may also process your Personal Data when we are required or permitted to by law; to comply with government inspection, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
How we process / use your information
We work hard to make sure that any information you give us is used only to fulfil the purpose for which the information was given to us. For example, should you decide to give us your name and email address so that we can respond to an enquiry you make, your information will be used solely for the purpose of answering that enquiry.
Reasons that we might collect, process and use your information include:
- To help us to communicate with you effectively and for the provision of products and services we supply to you.
- To answer questions that you ask or respond to feedback, queries or comments that you submit to us and to verify or validate any claims that you may make.
- To notify you about important product and service information that may directly affect you (non-marketing communications).
- If you have given us permission, to notify you about products and services that may be of interest to you (marketing communications). We will always be clear about if, when and how your information might be used for marketing purposes at the point that you give us the information and you will have to explicitly opt-in to receive marketing communications (and you can of course easily opt-out again as detailed in this policy).
- We may use personal data to recognise you when you visit or return to our site so we can increase security, prevent or detect fraud or abuses or to help us improve our site and services.
- We might retain personal data from closed or obsolete user accounts in order to comply with legal obligations, enforce our terms and conditions, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations and take other actions as permitted or required by law.
- We may access, remove, alter, store, disclose or otherwise use any personal data if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if we are required to do so by law or appropriate authority.
- For internal record keeping and to improve our products or services
How long we keep your information
We will hold the information you give us for as long as necessary to fulfil the purpose for which it was given and for a reasonable period thereafter. We will review the information held on a periodic basis and delete information which we assess will no longer be required for any future dealings between you and us.
How and when we might disclose information
Unless otherwise stated in this policy (and only when required to fulfil the purpose for which the information was given), we do not share, sell, distribute, modify, lease or otherwise disclose the information you give us via this website to any third party for marketing or any other purpose unless:
- we are instructed to do so by law or appropriate authority
- we have reason to believe that it breaches our terms and conditions
- such steps are necessary to protect us or others
- we have reason to believe that a criminal act has been committed
- for the purpose of facilitating conflict resolution
- we have your explicit consent
We may store or transfer personal data outside the European Economic Area for the purposes stated in this policy.
We reserve the right to disclose information as required in the case of an actual or proposed sale (including negotiations for) or merger or business combination involving all or the relevant part of our business.
Except as otherwise specifically included in this policy, this document addresses only the use and disclosure of information we collect from you. If you disclose your information to third parties, whether they are other users of our site or other websites, different rules may apply to their use or disclosure of your information.
Current third-party disclosures
|Tsohost||Tsohost is the Internet Service Provider (ISP) that hosts our website. We do not share information you give us with Tsohost, however ISPs will often track anonymous information about traffic to and from their servers. For more information about them and their privacy policies, please visit www.tsohost.com.|
|We do not share information you give us with Google but we do use their analytical cookies to help us understand how people use our website. More information can be found in our cookies policy.|
Special categories of information
Unless otherwise stated in this policy we do not ask you to provide, and we do not knowingly collect, any special categories of personal data from you, such as data that reveals your racial or ethnic origin, political opinions, religious, philosophical beliefs, or trade unions membership, or the processing of data concerning your health or data concerning your sex life or sexual orientation or history of criminal convictions.
Automated decision making
We do not use your personal data with any automated decision-making processes.
Security is a high priority. We take appropriate precautions to protect personal data from loss, misuse, unauthorised access or disclosure, alteration or destruction using the same safeguards as we use for our own proprietary information.
Please note that communications over the internet are never totally secure and that the forms on our website employ standard email technology and as such are only as secure as sending us a normal email directly. Your communications may pass through third party servers in a number of countries before they reach us.
We do not accept responsibility for any unauthorised access to or loss of personal data that stems from a cause beyond our control. Nor can we be held responsible for the actions or omissions of other users or third parties who may misuse your personal data which they collect from the website.
If you have given us your permission we might send you marketing communications, usually by email, to update you about what we’ve been up to and promote products and services that we think will be of interest to you.
Whenever you receive a communication of this kind from us you will be offered the opportunity to stop receiving any future marketing communications from us (an unsubscribe / opt-out option). You can also contact us to tell us that you would like to start or stop receiving some or all marketing communications.
Please note that a request to stop receiving marketing communications is not a request to never be contacted by us again. We might still need to contact you about non-marketing related topics and to fulfil any legitimate service or obligation as stated previously in this policy.
Change of purpose
We aim to only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another purpose and that purpose is sufficiently compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If at any time we wish to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above, where this is required or permitted by law.
Your rights and controlling your information
You have certain rights under applicable data protection laws, including the right to access and update your personal data, restrict how it is used, transfer certain data to another controller, withdraw your consent at any time and the right to have us erase certain personal data about you. You also have the right to complain to a regulatory authority about our processing of your personal data. You can learn more about your rights regarding your personal data from the Information Commissioner’s Office.
If you believe that any information we are holding about you is incorrect or incomplete, please contact us as soon as possible. Every reasonable effort will be made to promptly correct any errors.
You can access and rectify any personal data we hold about you by contacting us by the means shown on our website.
In the event that you request to have information about you erased, we will make every effort to comply except where legal restrictions or regulations prevent us from doing so. If applicable, you will be notified of any such relevant restrictions at the time of your request.
Links to Other Websites
Any information collected by us via remarketing is used only for remarketing purposes.
We value our customers above all else and are committed to providing you with the best service possible – and that includes respecting your right to privacy. If at any time you feel unhappy with our web site, our services or our handling of your data please contact us in the first instance to give us a chance to put things right.
Should you feel that you have a data protection issue that we cannot resolve and you wish to make a formal complaint to the UK regulator, you can contact the Information Commissioner’s Office.
If you have any questions about data protection or how we use your data please contact us. For additional information about your rights under UK data protection laws, please visit the Information Commissioner’s web site.