When you visit any website, it may store or retrieve information on your browser, mostly in the form of 'cookies'. This information, which might be about you, your preferences or your internet device (computer, tablet or mobile), is mostly useD to make the site work as you expect it to. The information is not usually personally identifiable to you, but can be used to give you a more personalised web experience. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling forms.
You can set your browser to block or alert you about this cookies, but some parts of our website will not then work. These cookies do not store any personally identifiable information.
When you are using our websites (www.thecakeartstudio.co.uk and www.cakeartcreations.co.uk), The CakeArt Studio is the data controller.
Contact: The CakeArt Studio, 85b Long Street, Atherstone, CV9 1BB.
Why do we collect your personal data?
We may state the obvious, but, in order to be able to offer you different services, we will need to collect your personal data and we may share it with third parties. All these reasons are regulated by law:
- Contractual obligations. We collect and use your data to deliver an on-line order placed through our website and we pass it on to our courier.
- Direct Marketing and legitimate interest. We collect and use your data (including your e-mail address and purchase history, for instance) to send you relevant information about our offers, discounts, new products etc. We can also use the data we have about you and collate it with other people’s data; this will allow us to obtain statistics that help us improve the quality of our services, products etc.
- Legal compliance. Sometimes, we can pass on details of people involved in fraud or other criminal activity affecting us.
When do we collect your personal data?
Here is a list of possible scenarios when we will need to collect your personal data:
- you visit any of our websites and create an account with us to buy products and services.
- you make an on-line purchase and check out as a guest.
- you purchase a product or service in store or by phone but don’t have (or don’t use) an account, especially if it is a back order and it needs shipping.
- you engage with us on social media.
- you contact us by any means with queries, complaints etc.
- you enter prize draws or competitions.
- you book any kind of appointment with us, for instance classes.
- you choose to complete a survey of ours.
- you comment on or review our products and services.
- you fill in any forms (i.e. an accident record).
What personal data do we collect?
- Your name, billing/delivery address, orders and receipts, e-mail, telephone number and an encrypted record of your login password (for your protection). We need them all when you open an account with us.
- Details of your interaction with us: emails, comments, product reviews or complaints that you have made using our message system, wish lists, products that you have viewed or added to your basket without purchasing, your voucher history, pages you have viewed etc.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
- Payment card information.
- Your image may be recorded on CCTV when you visit our shop. This is purely for security reasons.
Please remember that we will only ask for this data to be able to fulfil a contractual obligation or to tailor our services to your best interest. We will never disclose these information to anybody else unless you have given us direct and positive consent.
Of course, it’s always your choice whether you share such details with us; keep in mind, though, that if you opt out from us using some of your personal data, you may miss the full experience of our services or we may not be able to provide some of the services you have required.
How do we use your data?
The data privacy law allows us to collect relevant information about you and your purchase behaviours as part of our legitimate interest. That means we will do our best to understand you, as an individual and to provide you with tailored promotions, products, services and rewards that will most likely interest you.
Of course, if you wish to change the way we use your data, you can always adjust this through our website (https://www.thecakeartstudio.co.uk/my-account) or by directly contacting us:
The CakeArt Studio
Here’s how we’ll use your personal data and why:
- To process any orders that you make by using our websites or in store. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
Please note that we may keep your details for a reasonable period afterwards (5 to 10 years) in order to fulfil any contractual obligations such as refunds, guarantees etc. and to comply with current tax legislation.
- To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests.
- To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.
- To protect our customers, premises, assets and employees from crime, we operate CCTV systems in our store which record images for security. We do this on the basis of our legitimate business interests.
- To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
- We will use your personal data, preferences and details of your transactions to keep you informed by email, web, text or telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. We’ll do this on the basis of our legitimate business interest.
Of course, you are free to opt out of hearing from us by any of these channels at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
- To comply with our contractual or legal obligations to share data with law enforcement.
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account.
To summarise all the above, within the legal boundaries and our legitimate business interest, we can send you information about our great products, offers, services and other exciting stuff. Just remember, if you ever feel that you don’t want to keep in contact with us, you will have the option to stop receiving messages by opting out. It is your legal right.
How we protect your data?
We know how much data security matters to all our customers. With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected and sensitive data (such as payment card information) is secured and encripted to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks and we carry out penetration testing to identify ways to further strengthen security.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. It is your right to be forgotten, that is why you can delete your account if you no longer wish us to keep your personal data. You can do this by sending us a request at firstname.lastname@example.org. At the end of the retention period (see below), your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Here are some examples of customer data retention periods:
When you place an order, we’ll keep the personal data you give us for five years so we can comply with our legal and contractual obligations.
If your order included a warranty, the associated personal data will be kept until the end of the warranty period (this may be up to 10 years), but no less than 5 years.
Any accounts that are created on our website and have never been used (there are no valid orders associated with them or no sign of activity) will be deleted after 2 years. After deletion, you will be able to use the same email address to create a different account with us.
Who do we share with?
We sometimes share your personal data with trusted third parties.
For example, delivery couriers or for fraud management, to handle complaints, to help us personalise our offers to you and so on.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
IT companies who support our website and other business systems.
Operational companies such as delivery couriers.
Direct marketing companies who help us manage our electronic communications with you.
Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
Data insight companies to ensure your details are up to date and accurate.
Sharing your data with third parties for their own purposes
We will only do this in very specific circumstances, for example:
With your consent, given at the time you supply your personal data, we may pass that data to a third party for their direct marketing purposes. For example, if you enter a prize drawing competition and tick a box agreeing that the manufacturer company can send you promotional information directly.
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We may, potentially, expand, reduce or sell our business and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
For further information, please contact us directly