Privacy and Data Policy
Secret Cinderella Cakes believes it is important to protect your Personal Data (as defined in Chapter 1, Article 4 of the General Data Protection Regulations (GDPR - Regulation (EU) 2016/679)) and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect Personal Data about you.
o Your privacy as a user and protection of your data are human rights
o We have a duty of care to the people whose data we collect and process
- o Data is a liability, it should only be collected and processed when absolutely necessary
- o We dislike spam as much as you do!
- o We will never sell or rent your data, and will only distribute your data with our third party partners with your specific consent. Only in exceptional circumstances would your information be shared when appropriate to comply with the law, enforce our site policies or protect the rights of others or ourselves, property or safety.
Personal information – what this website collects, when and why…
When using our contact form on our site, as appropriate, you will be asked to enter your name, email address, phone number or other details to help you with your experience and allow us to contact you with the information you have requested.
We collect information from you when you respond to a survey, fill out a form or enter information on our site. This allows us to respond to enquiries, provide you with a service or it can provide us with feedback on our products or services.
We may use the information we collect from you when you contact us, make a purchase, respond to a survey, in marketing communication, use our website, or use certain other site features, in the following ways:
- To allow us to better service you in responding to your customer service requests.
- To administer a contest, promotion, survey or other site feature.
- To quickly process your transactions.
- To ask for ratings and reviews of services or products
- To follow up with them after correspondence (email or phone inquiries)
What lawful basis do we rely on to use your personal data?
The lawful basis that we rely on for processing your personal data are:
- o You have provided your consent to us using your personal data for a specific purpose. We will ask for your consent to use your personal data to send you electronic communications such as emails. You always have the right to withdraw your consent at any time.
- o It is necessary in connection with the performance of a contract with you. Sometimes it is necessary to process your personal data so that we can enter into contractual relationships with you. For example, if you wish to order a product or service, we will need to process certain information in order to provide you with that service.
- o It is necessary for compliance with a legal obligation to which we are subject. This would include where we have to retain certain records, for example. Or where we are required to disclose personal data to any regulators or law enforcement agencies.
- o It is within our legitimate interests. Applicable law allows personal data to be collected and used if it is reasonably necessary for our legitimate interests or a third party’s legitimate interests (as long as the processing is fair, balanced and does not unduly impact individuals’ rights). We will rely on this ground to process your personal data when it is not practical or appropriate to ask for your consent, and where we are confident that this will not impact your rights.
When we process your personal data to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
We will not use your personal data for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law)
Sensitive or special category data
Secret Cinderella Cakes does not collect sensitive data from you (i.e. data on health, ethnicity, race, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation) unless you explicitly share this information in regards to specific aspects of a cake order e.g. wedding cake topper. This information is not stored or used for any purpose after the event or delivery of your order.
- Right to restrict processing
In certain circumstances you have a right to require us to stop processing your personal data in a particular way. You can request that we stop processing personal data about you for certain purposes at any time by contacting us at email@example.com or in writing to the address at the end of this policy.
- Right to removal
You have the right to request that your personal data is removed from our database in certain circumstances. Please email firstname.lastname@example.org or in writing to the address at the end of this policy and inform us of what information you wish to have removed and we will action your request within 2 working days.
- Right of access
You have a right to ask for a copy of the personal data we hold about you. If you want to access your personal data, please send a description of the personal data you want to see and proof of your identity to email@example.com, data provision is free of charge.
- Right to rectification
Secret Cinderella Cakes want to make sure that your personal data is accurate and up to date. We may check accuracy with you when processing any order information however please also let us know if your details change. You may also ask us to correct or remove personal data which is inaccurate. You can email information updates, corrections or request removals to firstname.lastname@example.org or in writing to the address at the end of this policy.
- Right to object
You can also opt-out of receiving all or some of our marketing communications or request that we stop processing personal data about you for certain purposes at any time by contacting us at email@example.com or in writing to the address at the end of this policy.
- Right to data portability
In certain circumstances you have a right to data portability which means we will provide you (or a third party you nominate) with your personal data in a structured, commonly used and machine-readable format.
Please note that you may only use/ benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) www.ico.org.uk or please contact us using the details below.
- Data retention
We keep personal data for as long as there is a need to keep it in connection with the purposes for which it was collected and in accordance with our Data Retention Policy. In the event that you ask us to stop sending you marketing communications, we will retain certain details, such as your name, to help us ensure that you are not contacted again.
Website visitation tracking & Third Party Data Processors
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, some of the features that make your site experience more efficient may not function properly. It won’t affect the user’s experience that make your site experience more efficient and may not function properly.
- Yola.com who host this site also use Mixpanel. You can opt-out of Mixpanel’s analytics service at Mixpanel Opt Out.
- Fullstory.com. You can opt-out of FullStory’s analytics service at FullStory Opt Out.
About Website server:
This website is hosted by Yola.com
Full details of Yola.com and how they store data can be found here https://www.yola.com/privacy-policy
How do we protect your information?
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information
No payment details are stored as these are made directly to our bank account and we do not currently have any other form of payment service available.
Order forms, once confirmed as accurate by you the client, are used to create your order to ensure accuracy in design and detail. These are securely stored and only made available to the staff who are directly working on your order. Personal data will be removed from order forms following 2 years since the order completion date. Non identifying information such as dates, order number and cost will be stored further for accounting purposes as required by HMRC.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
We do not sell, trade, or otherwise transfer to outside parties your personal information unless we provide users with advance notice. The only exception to this is where an outside party needs your address to deliver an order. Currently this only happens with mail order brownies.
This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites
We do not specifically market to children under the age of 13 years old. Children under the age of 16 should seek parent or guardian permission before providing their contact details
Jo Wright 106 Newtown Road, Hereford, HR4 9RZ UK07769357597