The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
CONTACT & COMMUNICATION
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the EU GDPR. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This Policy set outs our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal information.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so, but our Quality Manager has overall responsibility for data protection compliance in our organisation. If you have any questions about this Policy or what we do with your personal information, please us the “Contact Us” section of the site.
Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us or in providing services to our members or just managing our relationship with you.
When we hold or use your personal information as a data processor (see below for a description of what this is) we will provide you with a privacy notice which sets out in detail what information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
THE DIFFERENCE BETWEEN DATA CONTROLLERS/PROCESSORS
A data controller is a person who controls how personal information is processed and used. A data processor is a person who processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller.
This distinction is important. You have certain rights in relation to your personal information, for example the right to be provided with the personal information held about you and details of its use and the right to have certain parts of your personal information either erased or anonymised, commonly referred to as the right to be forgotten (see below to see what rights you have). These rights can generally only be exercised against a data controller of your information.
In most cases we will not be a data controller of your personal information. In any case where we are not a data controller this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the data controller (i.e. the person who controls how we process the personal information). In these cases we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.
WHAT DATA OF YOURS WE COLLECT
Brunos Bakery, or third-party data processors acting on our behalf, may collect and use the following personal data that you provide us:
- Personal details such as name, age, date of birth, and gender
- Contact details including your phone number, email address, postal address including billing and delivery addresses
- Your purchase and order history
- Your browsing activity on the website
- Preferences, feedback, and survey responses
- We will not retain your data for any longer than necessary, unless required by a legal obligation
Your data is yours, and you have the right to ask what personal data we hold about you at any time. If you ever wish to know the data that we have of yours, please see the Your Rights section at the end of this document.
How We Protect Your Data:
- We fully comply with all applicable Data Protection and consumer legislation, and we treat any information shared with us as confidential
- Customer information is held on secure servers which is only accessible by authorised access.
- We employ security controls which protect our IT systems from external attack and unauthorised access
You have rights as an individual which you can exercise in relation to the information we hold about you:
- the right to ask what personal data that we hold about you
- the right to ask us to move, delete, update and correct any out-of-date or incorrect personal data, that we hold about you; The right to erasure or “right to be forgotten”.
- the right to ask us to restrict processing and the right to object to processing regarding the personal data that we hold about you
- the right not to be subject to a decision based solely on automated processing, including profiling about automated decisions
- the right to opt out of any marketing communications that we may send you, by clicking unsubscribe on the bottom of any marketing communications.
You should note that some of your rights may not apply as they have specific requirements and exemptions which apply to them and they may not also apply to personal information recorded and stored by us. However, your right to withdraw consent or object to processing for direct marketing are absolute rights.
If you are unhappy with the way we are using your personal information you can complain to the UK Information Commissioner’s Office or your local data protection regulator. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/. However, we are here to help and would encourage you to contact us to resolve your complaint first.
LEGAL BASIS FOR PROCESSING CUSTOMER PERSONAL DATA
Why We Collect Your Data, is to provide you with a streamlined, easy-to-use customer experience and is necessary for:
- Pursuit of Legitimate Interests.
- Contractual necessity engaging in commerce regarding products and services
- Compliance with Legal Obligations
Contacting you about special offers, promotions, and products or services using the lawful basis of Consent. If you would like to change or withdraw your email marketing consent unsubscribe my clicking on the bottom: of any email marketing you receive from us.
- To verify your identity when you shop with us
- For market research to provide you with more products you love
- To allow our sales team to interact with you should you need them
- For the prevention and detection of fraud and crime, and related purposes
- With your consent, to contact you about special offers, promotions, and products or services that we feel you might be interested in
- For instances when we have a legal duty or right to use or disclose your information, for example in legal disputes or when required by a local authority for an investigation
- To monitor and improve our website
- In the event that you purchase through our website, we will send you an email confirmation which will enable you to review your order
- For analysis reporting, financial processing, risk management, legal obligations, and monitoring for our day-to-day business
SHARED DATA AND THIRD PARTIES
WE NEVER HAVE AND NEVER WILL SELL YOUR PERSONAL DATA TO ANY THIRD-PARTY COMPANY.
We may disclose personal data you allow us to collect to third party service providers in instances such as those below:
- If you purchase goods from us, we may have to disclose your details to our third-party payment service providers to enable your order to be processed and fulfilled
- To support our business operations and audit purposes
- Your personal information will be shared, safely and securely, with our third-party service providers in order to process and fulfil your orders.
HOW TO PROTECT YOUR DATA
Try to use different passwords for each of your online accounts. This way if one is ever compromised, the others remain inaccessible to unauthorised parties. Multiple passwords keep your information safer.
- Keep passwords private and do not share accounts
- Avoid passwords that contain common phrases like ‘password’, your own name, or details like your phone number
- Try to use a mixture of upper and lower-case letters, numbers, and special characters to make passwords stronger. We recommend making a password 8 characters or longer
- We will never ask you to confirm any bank details or credit card details via email or post. If you receive an email requesting this information that claims to be from us, we recommend that you ignore it. If you’re contacting us regarding an order you have placed please do not include bank or credit card details in your communication.
- To protect your privacy, we can only discuss an account or order with the account holder or individual that placed the order
- When you finish shopping online in a public location, logging out of any accounts you have used helps to ensure your data remains secure
The privacy and security of any payments you make with us are high priorities. We ensure your payment and personal details are protected when you shop with us.
- Our website uses high-level, industry standard SSL Encryption (Secure Sockets Layer) technology. Currently, this is the most advanced security software available for online transactions
- Any sensitive information, such as credit card details, that you share with us is encrypted. This means information passed between your computer and our website cannot be read even in the unlikely event that it is intercepted by an unauthorised party
- We strongly recommend that you only connect to secure wireless networks that you trust. Using unsecured networks like those in public places can pose a risk
- You are always able to check that a page is secure as the beginning of the URL at the top of the page will change from ‘http’ to ‘https’ when you are browsing a protected page. A locked padlock symbol will also appear next to the URL.
- Our checkout processes involve security checks from third-party services to keep your existing card account protected against any unauthorised use when you shop with us. These third-parties all have their own privacy policies which you will need to read at the point of submitting out your details.
If and when you exercise your right to be forgotten and have your personal data deleted, your personal data will be deleted, destroyed or otherwise disposed of as follows below. We will endeavour to do so within one month of the request being made unless your data is required to be kept for a legal obligation.
- Personal data stored electronically, including any and all backups thereof, shall be deleted by us as the data processor. Any personal data stored with a third-party data controller will have to be deleted by them and you would need to contact them directly to do so. We will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.
- Personal data stored in hardcopy form shall be shredded.
We like to keep you updated about our best offers and new collections, so with your permission we will send you updates via email, post, or both. This is a completely optional service, and you can opt out at any time.
- Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with GDPR.
- No personal details are sold on to third parties nor shared with companies / people outside of the companies that operates this website
- Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list].
- This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
- In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.
- Our contact with you will be relevant so you can enjoy great deals and new releases
- We will only ask you for things like feedback, and never for personal information such as payment details
- Tips, guidance, and lifestyle information will help you make the most of our products
- Alternatively, if you receive an email from us and you no longer want to be subscribed to our mailing list, you can scroll to the bottom and click on ‘unsubscribe’ to stop receiving emails from us.
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website.
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
ADVERTS AND SPONSORED LINKS
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
SOCIAL MEDIA PLATFORMS
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
SHORTENED LINKS IN SOCIAL MEDIA
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
CHANGES TO THIS POLICY
Any changes we may make to this Policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. When we change this Policy in a material way, we will update the version date at the bottom of this page. Please check back frequently to see any updates or changes to this Policy and should you object to any alteration, please contact us as set out in the “Contact Us” section on our website.
RESOURCES & FURTHER INFORMATION
GDPR Information Commissioners Office
Privacy and Electronic Communications Regulations 2003
Privacy and Electronic Communications Regulations 2003 – The Guide
By: Brunos Bakery, 38 High Street, Studley, Warwickshire, B80 7HJ.
VISIT OUR LIBRARY
Click on the link below and browse though some of our showroom products, stock antique mirror patterns or designs that you can apply to the glass of your choosing.
CLICK HERE to see our library categories