Grace’s Bakery Limited is a controller of your personal data. We respect your data and your privacy is important to us.
This Privacy Notice explains what personal data we collect and how it is used. This notice also explains what rights you have over your personal data and how you can use those rights.
You have the right to object to some of the processing which we carry out. More information about your rights and how to exercise these is set out in the “Your rights” section of this notice.
Grace’s Bakery Limited’s registered office is 178 High Street, Ryde, Isle of Wight, PO33 2HW
Summary of how we use your data and your rights
We use your data to provide and improve our products and services, including for marketing, research, feedback and enquiries.
You have the right to object to some of the processing Grace’s carries out. More information about your rights and how to exercise these is set out in the “Your rights” section of this notice.
When you give consent, you are able to withdraw that consent at any time, for instance by emailing firstname.lastname@example.org. You can also email email@example.com to exercise any other data rights, such as obtaining a copy of your data, correcting, deleting or restricting how we use your data. Please see “Your rights” for more information.
You can unsubscribe from marketing communications at any time. To opt out of marketing, including profiling for direct marketing purposes, you can click “unsubscribe” at the bottom of your emails.
Information we collect from you
We collect information from you when you sign up to our Loyalty Card scheme.
We keep information you give us directly such as contact details (including name, email, address and telephone number), comments, date of birth, gender, location, frequency of visits, feedback, purchases and marketing opinions.
We record and analyse details of your purchases and where you take advantage of our promotions.
If you engage with us online via our websites or app our cookies and similar technologies will capture your IP address, your location, and record how you use the site to help improve it and improve your user experience, where your browser settings or permission allows for this.
If you post information online about us or provide feedback, we may keep a record.
If you contact us directly and complain or give feedback, receive compensation, we will record details and all related information such as emails, letters and phone calls.
We use CCTV in our stores for the prevention and detection of crime and for safety and security reasons.
How we use information and the legal basis
We are allowed to use your data only if we have a proper reason to do so such as:
- To fulfil a contract we have with you;
- When it is in our legitimate interest;
- When you consent to it; or
- To comply with the law.
A legitimate interest is when we have a business or commercial reason to use your data. This involves us making an assessment of when we can rely on our legitimate interests.
We have set out below how and why we may use your personal information and the legal basis we rely on. This is also where we tell you what our legitimate interests are.
When you sign up to or use your Loyalty Card, we use your information to fulfil our contract with you.
We take information to communicate with you, check your identity, take payment, and provide products and services, including awarding loyalty points.
To run our business and pursue our legitimate interests, we use your information.
Our legitimate interests include keeping our records up to date, fulfilling our legal, compliance and contractual duties, working out which of our products and services may interest you, improving our site and services, developing new products and services, and telling you about them and conducting market research.
Further details of our legitimate interests:
To run and promote our business, we use your information:
- To provide and improve our products and services, including the Grace’s Loyalty Card scheme and to respond to you if you contact us.
- When we monitor the Grace’s Bakery website, social media platforms such as Facebook and Twitter and responses to email marketing. If you post comments online or in other media we may capture this information, contact you, and use it to improve our products and services.
- To run competitions and promotions and track which offers seem of interest to you.
- To understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us.
- To send you emails including offers tailored to your perceived preferences where you are a Loyalty Card member and your preference settings permit this. We record which emails seem to be of interest to you.
- To contact you where you provide us with market research feedback or pass this data to a third-party business partner of ours for panel market research analysis.
To prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, including where we are required to do so by law we may:
- Review CCTV in our stores.
To comply with law, assess and uphold legal or contractual rights and claims, and for monitoring, auditing and training on compliance matters:
- We keep records to comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents.
We may, if you give us consent
- Send you electronic marketing, including promotions and offers, in relation to our products and services if you are a member of our Loyalty Card scheme. Loyalty Card customers can subscribe or unsubscribe from our marketing communications at any time. For instance, customers can unsubscribe from emails by clicking “unsubscribe” at the bottom of our emails.
- Use data for other purposes where we explain that purpose when we ask for your consent.
When you give consent, you are able to withdraw that consent at any time by contacting us, for instance by emailing firstname.lastname@example.org. If you do so we can only continue to use your data if another legal basis applies, such as when we’re required to do something by law.
Nevertheless, you have an absolute right to opt-out of direct marketing, including profiling for direct marketing purposes, at any time. You can opt out of marketing by selecting “unsubscribe” in emails or by emailing email@example.com.
When the law requires us to process your data we will do so. This can include
- Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
- When you exercise your rights under data protection legislation, including when you ask to subscribe or unsubscribe from our marketing communications.
Grace’s Bakery limited is a family business based in Ryde with 5 shops across the Isle of Wight. All customer data received in our shops, such as when you fill out a loyalty card application form, is sent to our head office at 178 High Street, Ryde, Isle of Wight, PO34 5JG where it is safely stored.
To communicate with you via email, we use the website MailChimp to collect and store personal data and to send marketing communications.
If our business is to be integrated with another business or sold, your details would be shared with our advisers and any prospective purchaser’s advisers. Your information will be passed to the new owners and you would be notified.
Personal data may be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.
Cookies and similar technologies
We keep your data to enable us to fulfil our contract with you or to provide services, whilst you are an active user of our site or the Loyalty Card scheme, where required by law or to protect legal rights.
We always look to keep your data for the minimum time in line with data protection principles and our processes. For example, we keep:
- Information on Loyalty Card customers.
- Records of payment information in line with tax law and audit requirements.
- Customer feedback and correspondence depending on the nature of the interaction and any applicable law, such as health and safety. This enables us to respond to any questions or complaints.
- Information to maintain records according to rules that apply to us.
If you unsubscribe from marketing communications, we keep a record of this request indefinitely to ensure we do not send you direct marketing again.
We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons.
You have rights over your personal data.
- ask for a copy of your information;
- ask for information to be corrected;
- ask for information to be erased or deleted;
- ask for us to limit or restrict processing;
- object to us processing your data, in particular where we use the data for direct marketing, including profiling for direct marketing purposes. The right to object does not apply if we must process the data to meet a contractual or legal requirement;
- ask us to send you a copy in a structured digital format or ask for us to send it to another party.
Some rights, however, may be limited. We may be obliged by law or regulation to keep information. We must respect other people’s privacy as well, which means we may need to redact or remove information where it includes personal data about someone else, even if it is connected to your data. On occasion there may be a compelling legitimate interest to keep processing data.
If you want a copy of your data, to object to how we use your data, or ask us to delete it or restrict how we use it or, please email firstname.lastname@example.org To process a request from you, we may need to confirm your identity to ensure we’re accessing the right data.
You have a right to complain to an EU data protection authority. This can be where you live, work or where the matter occurred. In the UK, the authority is the Information Commissioner’s Office (the “ICO”).
To exercise any of your rights or to withdraw consent you can email: email@example.com.
To discuss or change your Loyalty Card account details, including preference settings, you can email firstname.lastname@example.org.
For any queries relating to data protection please contact email@example.com or in writing to us at Grace’s Bakery, 178 High Street, Ryde, Isle of Wight, PO34 5JG.
If we make any changes or updates to this notice we will communicate these.