INTRODUCTION AND DEFINITIONS
The Stone Bake Oven Company Limited (“we“, “our” and “us“) is committed to protecting and respecting your privacy.
This notice sets out the basis on which any personal data, which we collect about you, that you provide to us or that we have received from a third party source, will be processed by us.
If you have questions about correcting or deleting your personal data please refer to sections 3and 8below.
References in this notice to “data protection law” mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.
References in this notice to “data or “information” include “sensitive personal data” and “special categories of data” (as defined under data protection law) where applicable.
1 OUR DETAILS
1.1 The data controller with conduct of your personal information is Stone Bake Oven Company Limited (company number 12991632) of Units 4a, Venture Business Park, Weir Lane, Worcester, WR24AY
2 HOW WE USE YOUR INFORMATION
2.1 The following sections explain what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.
Which information do we process and for what purpose?
2.2 Information we collect from you: we collect the following information that you give us by filling in forms on our site or providing it in writing or over the phone or by any other method you use to contact us (including social media):
2.2.1 Title, first name, second name, delivery / home address (includes country), email, telephone number.
2.2.2 PID number (Norwegian customers only)
2.2.3 Credit card details (phone orders only, not saved).
2.2.4 VAT number where applicable
2.3 Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
2.3.1 Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
2.3.2 Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
2.4 Information we receive from other sources. We may work with third parties in relation to the operation of our site, such as analytics providers, and we may also use third parties to provide services in connection with sales of products made on our site, such as payment service providers, credit reference agencies and logistics, or fulfilment providers, and we may receive information about you from them.
2.5 Purposes. We process the information we have about you for the following purposes:
If you are a customer:
2.5.1 to supply you with the products and/or services you have purchased from us;
2.5.2 to reference your purchase and delivery history, invoice you and manage your account with us;
2.5.3 to provide you with product service and support, assess warranty claims and to contact you about product recalls should the need arise;
2.5.4 to improve our products and services, including our website;
2.5.5 if you are a potential customer that has added items to the online shopping basket on our website but you have not completed a purchase, to contact you about our products and services after your visit;
2.5.6 to notify you about changes to our products and services, and our latest offers;
2.5.7 to send you newsletters providing interesting brand related material such as recipes, or ‘oven of the month’ competitions.
If you are a supplier to us:
2.5.8 to place orders with you and to manage our relationship with you as a supplier of goods or services; and
Whether you are a supplier or a customer:
2.5.9 to keep financial and other records relating to our business and our dealings with you and to comply with our regulatory and legal obligations.
What are the grounds for processing your information?
- We are processing your data on the following grounds:
2.6.1 you have consented to the processing for the purposes stated in section 2.5, above (this may apply where you have applied to register with us and have agreed to receive emails about our promotions and product changes);
2.6.2 if you are a customer, because it is necessary for the performance of the contract between you and us. This includes where you have instructed us to take some pre-contractual steps prior to us formalising the contract.
2.6.3 the processing is necessary for us to comply with our legal obligations, such as our obligations to keep accounting records and tax records.
2.6.4 the processing is necessary for pursuing our legitimate interest of operating our business of selling pizza ovens and related products and services, improving our products and services and promoting the business. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for this purpose.
Duration and further processing
2.7 We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
2.8 Generally speaking, we retain your information for the following periods of time:
2.8.1 if you are a customer and you have subscribed to our newsletter, we keep your information until you indicate that you no longer want to hear from us;
2.8.2 if you are a customer and you have not subscribed to our newsletter, we keep your information for at least 10 years;
2.8.3 if you are a supplier or retailer (or an employee of a supplier or retailer) then we keep your information whilst you (or your employer) remains a supplier or retailer, and for a reasonable period after that time in case we are likely to contact you again in the future.
2.9 If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.
Who is your information shared with?
2.10 In order to achieve the purpose(s) set out in section 2.5 above, we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We will not share your personal data with third parties for marketing purposes. We may share your information with selected third parties including:
2.10.1 payment service providers, logistics service providers or other sub-contractors for the performance of any contract we enter into with you;
2.10.2 analytics and search engine providers that assist us in the improvement and optimisation of our site;
2.10.3 credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;
2.10.4 our outsourced IT providers may have access to your personal data on our IT systems if such access is required to enable them to resolve problems with our systems. Typically, your personal information will be encrypted before it is transferred to our hosts but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with your account on our computer system. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
2.10.5 our legal advisers or other professional advisers, if necessary to defend claims, protect our rights, or receive advice on compliance with the law. Such transfers will be protected by confidentiality obligations owed by our advisers; and
2.10.6 should we ever decide to sell our business, to potential purchasers of our business, subject to those persons entering into strict confidentiality obligations with us and only to the extent permissible under data protection law.
2.11 We use an external third party to deliver emails on our behalf, and we may share your personal data with them in order that we can carry out certain functions, such as communicating about an enquiry, processing your order and to assist with the general running of our site. Whilst this party is based outside of the European Economic Area, they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. We may also share your personal data with third party website agencies where this is necessary for us to carry out our obligations to you. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
2.12 To the best of our knowledge, understanding and belief, and save as set out above, your information will not be transferred outside of the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know and we will make sure that your personal data is adequately protected by ensuring that the person we share your personal data with has signed up to the EU/US Privacy Shield or put other adequate safeguards in place to protect your personal data.
Automated decision making
2.13 We do not make automated decisions about you based on your information.
3 YOUR RIGHTS
- Under data protection law you have the following rights:
3.1.1 the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 5, below;
3.1.2 the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 8, below;
3.1.3 the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
3.1.4 the right to object to us processing your personal information in certain other situations;
3.1.5 the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
3.1.6 the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
3.2 From 25 May 2018 you will have the following additional rights under data protection law:
3.2.1 enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and
3.2.2 in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 5, below.
3.3 You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 8, below. The Information Commissioner’s Office website is www.ico.org.uk.
3.4 For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).
4.1.2 Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
4.1.3 Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
4.1.4 Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
5 ACCESS TO INFORMATION
5.1 Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details in section 8 below.
5.2 in certain circumstances, be entitled to receive the information in a structured, commonly used and machine readable form.
6 DATA SECURITY
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7 CHANGES TO OUR PRIVACY NOTICE
This notice was last updated in April 2021. Any material changes we may make to our privacy notice in the future will be uploaded to our website and if the change is significant we will send you the updated notice by email. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org