What is the purpose of this notice?
Derbyshire Oatcakes takes its responsibility regarding the security and privacy of your data seriously. We gather and use information about you as part of our business and to manage our relationship with you. We will be clear and transparent about the information we are collecting and what we will do with that information in accordance with the General Data Protection Regulation (GDPR).
What we need
Derbyshire Oatcakes will be what’s known as the “Controller” of the personal data you provide to us. We only collect basic personal data about you which does not include any special categories of personal information about you (known as Special Category Data). This does, however, include name, address, e-mail, telephone number, financial information (payment information such as bank details) and other information relevant to customer surveys and/or offers.
Why we need it
We need to know your basic personal data in order to provide goods and services to you, process your orders, provide you with marketing and tell you about our products and services. We will not collect any personal data from you that we do not need to provide and oversee this service to you.
What we do with it
We only ever use your personal data with your consent, or where it is necessary:
- to enter into, or perform, a contract with you
- to comply with a legal duty
- to protect your vital interests
- for our own (or a third party’s) lawful interests, provided your rights do not override these.
We can process your personal information for the purpose or purposes it was collected for (or for closely related purposes) without your knowledge or consent. We will not use your personal information for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.
We may process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers
- to identify and prevent fraud
- to enhance the security of our network and information systems
- to better understand how people interact with our websites
- to provide postal communications which we think will be of interest to you
- to determine the effectiveness of promotional campaigns and advertising.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
You have the right to object to this processing. You should be aware that if you do object this may affect our ability to carry out the tasks above for your benefit.
Where we keep it
We are based in the UK and we store our data within the EU. Some organisations which provide services to us may transfer personal data outside of the EU, but we will only allow them to do so if your data is adequately protected.
How long we keep it
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing e-mails, we will stop storing your e-mails for marketing purposes (though we will keep a record of your preference not to be e-mailed).
We continually review what information we hold and delete what is no longer required. We never store payment card information. We will not retain your data for any longer than necessary and the longest time that we will hold your data will be six years.
Sharing your personal information
We will share your personal information with other organisations to carry out our obligations under our contract with you or for our legitimate interests.
We will also share your personal information if required or permitted to do so by law; if required to do so by any court, or any other applicable regulatory, compliance, governmental or law enforcement agency; or if necessary in connection with legal proceedings or potential legal proceedings.
We do not send your personal information outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your information will be explained.
We would, however, like to use your name and e-mail address to inform you of our future offers and similar products. This information is not shared with third parties and you can unsubscribe at any time via phone, e-mail or on our website.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
For more information about cookies and how to stop cookies being installed visit the following website: http://www.allaboutcookies.org.
What are your rights?
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights.
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Please keep in mind that there are exceptions to the rights above. We will always try to respond to your satisfaction but there may be situations where we are unable to do so.
If you wish to raise a complaint on how we have handled your personal data, please write to Owlgreave Farm, Combs, High Peak, Derbyshire, SK23 9UW who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain directly to the Information Commissioner’s Office, the UK supervisory authority for data protection issues and whose contact details can be found at (ico.org.uk).
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.