Due to new data protection laws, we are updating our Privacy Notice to clarify how we collect, share and retain personal data, including: -
• your rights in relation to your personal data under relevant data protection laws
• our policies for retaining personal data how we use your data to inform you about our products and services,
This Privacy Notice will help you understand how we collect, use and protect your personal information. If you have any queries about this Privacy Notice or how we process your personal information, please contact email@example.com
Who we are
The organisation responsible for the processing of your personal information is Beyond Bread. This means that we are a 'data controller' under the Data Protection Act 1998 (and, once in force, to the General Data Protection Regulation (also known as the GDPR)).
What information we collect about our clients / customers
The personal data you have provided, or we have collected from you includes: -
• contact details including name, address, telephone numbers and email addresses.
• dietary requirements
• Financial information, including credit/debit card details (although we do not retain complete payment card information for Wholesale Clients)
How we collect information about our clients
Most of the personal information we hold about you is that which we collect directly from you, for example:
• when you purchase our products or services via email, websites, mail
• when you register to receive information from us
• each time you interact with us or respond to communications.
• when you make enquiries or raise concerns with our customer service team.
What we use your information for and the legal bases for processing
We may store and use your personal information for the purposes of:
(a) carrying out anti-fraud and anti-money laundering checks (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
(b) assessing financial risks, including by carrying out credit reference checks and credit scoring assessments (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(c) providing you with related services (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(d) using your payment details to process payments relating to your purchases (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(e) communicating with you about your orders including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(f) administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance contract between you and us and/or as is necessary for our legitimate interests);
(g) undertaking market research and statistical analysis. This allows us to develop new, or improve existing products and service is necessary for our legitimate interests);
(h) fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).
Our "legitimate interests" as referred to include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, In accordance with all applicable legal and regulatory requirements.
Using your personal data for marketing
We can send you marketing about similar products and services by post, telephone, SMS, email and through digital channels. Digital channels include social media and similar such digital marketing channels. This allows us to serve you with relevant marketing messages.
You can object to receiving marketing from us at any time. Please provide your details via email to firstname.lastname@example.org
We consider that it is within our legitimate interests to send you information about our products and services for marketing purposes.
We keep our own do not call list to anyone who says they do not want our calls and we screen against this list. We always display our number to the person we are calling.
Who we share your data with:
We do not share your information with any third parties.
How long your information is kept
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 7 years on our main systems after which time it will be archived, deleted or anonymised. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please email@example.com
Under the Data Protection Act 1998 you have the following rights:
to obtain access to, and copies of, the personal information that we hold about you; to require that we cease processing your personal information if the processing is causing you damage or distress;
• to require us not to send you marketing communications.
Once the GDPR comes into force on 25 May 2018, you will also have the following rights:
to require us to erase your personal information; to require us to restrict or object to our data processing activities; to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; to require us to correct the personal information we hold about you if it is incorrect.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website: www.ico.org.uk.
Published 24/05/2018 Review Date 24/05/2019