1. Introduction
Biglands Bakery ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website, contact us, or use our services.
This policy applies to all information collected through our website, bakery location, telephone communications, and any related services.
2. Information We Collect
2.1 Personal Information
We may collect the following personal information:
- Name and contact details (email address, phone number)
- Order information and preferences
- Special dietary requirements or allergies
- Event details for custom orders (dates, specifications)
- Payment information (processed securely through third-party providers)
- Communication preferences
2.2 Automatically Collected Information
When you visit our website, we may automatically collect:
- IP address and browser information
- Pages visited and time spent on our website
- Device information (type, operating system)
- Referral source (how you found our website)
3. How We Use Your Information
We use your personal information for the following purposes:
- Order Processing: To fulfill your bakery orders, custom cake requests, and provide customer service
- Communication: To respond to inquiries, provide order updates, and send important notifications
- Service Improvement: To enhance our products, services, and website experience
- Marketing: To send promotional materials and updates (only with your consent)
- Legal Compliance: To comply with food safety regulations and legal requirements
- Business Operations: To manage our bakery operations and maintain records
4. Legal Basis for Processing
Under UK GDPR, we process your personal data based on:
- Contract Performance: To fulfill orders and provide services you've requested
- Consent: For marketing communications and optional services
- Legitimate Interest: For business operations, website improvement, and customer service
- Legal Obligation: To comply with food safety and business regulations
5. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- Service Providers: With trusted partners who help us operate our business (payment processors, delivery services)
- Legal Requirements: When required by law, regulation, or legal process
- Business Protection: To protect our rights, property, or safety, or that of our customers
- Consent: With your explicit permission for specific purposes
6. Data Security
We implement appropriate security measures to protect your personal information:
- Secure data storage and transmission protocols
- Limited access to personal information on a need-to-know basis
- Regular security assessments and updates
- Staff training on data protection best practices
- Secure payment processing through certified providers
However, please note that no method of transmission over the internet or electronic storage is 100% secure.
7. Data Retention
We retain your personal information only as long as necessary for the purposes outlined in this policy:
- Order Information: Kept for 7 years for business and tax purposes
- Marketing Preferences: Until you withdraw consent or unsubscribe
- Website Analytics: Anonymized data may be retained for statistical analysis
- Communication Records: Kept for reasonable periods to ensure quality service
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right to Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate information
- Right to Erasure: Request deletion of your personal data (subject to legal requirements)
- Right to Restrict Processing: Request limitation of how we use your data
- Right to Data Portability: Request transfer of your data to another service
- Right to Object: Object to processing for marketing or legitimate interest purposes
- Right to Withdraw Consent: Withdraw consent for processing at any time
To exercise any of these rights, please contact us using the information provided below.
9. Cookies and Website Technologies
Our website uses cookies and similar technologies to:
- Improve website functionality and user experience
- Analyze website traffic and usage patterns
- Remember your preferences and settings
- Provide relevant content and advertisements
You can manage cookie preferences through your browser settings. However, disabling cookies may affect website functionality.
10. Third-Party Services
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.
Third-party services we may use include:
- Google Analytics for website statistics
- Payment processors for secure transactions
- Email service providers for communications
- Social media platforms for marketing
11. Children's Privacy
Our services are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information, please contact us to have it removed.
12. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will:
- Post the updated policy on our website
- Update the "last updated" date at the top of this page
- Notify customers of significant changes via email or website notice
Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
13. Contact Information
If you have questions about this privacy policy, want to exercise your rights, or have privacy concerns, please contact us:
We will respond to your inquiry within 30 days as required by UK GDPR.
14. Data Protection Officer
For data protection matters, you can contact our designated representative at the contact information provided above. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.