Freedom Chocolate

PRIVACY NOTICE

1. Who are we?

This privacy notice is issued by and applies to Freedom Chocolate and the website https://www.freedomchocolate.co.uk/

It outlines how we and our website safeguard your personal information and comply with UK Data Protection legislation and the General Data Protection Regulation (GDPR) 2018.

We are an English based business, located in Cumbria, making and selling artisanal, hand crafted chocolate products.

Maintaining the security of your data is our priority and are committed to protecting your privacy and the confidentiality of your personal information, not just from a legal perspective but also as an inherent aspect of our core values.

We are resolute in respecting your privacy rights. We commit to handle your data fairly and legally always. We are dedicated to being transparent about what data we collect about you and how we use it.

By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this notice.

This notice, which applies whether you use our services, use your mobile device or go online, provides you with information about: –

  • What personal data we collect and process
  • How we legally use and protect your data
  • how we ensure your privacy is maintained
  • your individual rights relating to your personal data

We undertake to preserve the security and confidentiality of all information you provide to us and request and expect that you do likewise.

This privacy notice has been compiled in order to comply with the law of The United Kingdom of Great Britain & Northern Ireland. If you think it fails to satisfy the law of your jurisdiction, please let us know.

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.

2. What Personal Data we do collect?

We may, (through our website, social media, attendance at trade shows/markets or via direct contact), collect, process, use, store and transfer different kinds of personal data about you.

This data may include: –

  • Personal information such as title, first name, last name, date of birth, and other identifiers.
  • Contact information such as billing address, delivery address, email address(es), telephone number(s) and any other information you have given to us for the purpose of communication, ordering or meeting.
  • Financial data such as your bank account and payment card details.
  • Transaction data such as details about payments or communications to and from you and information about products and services you have purchased from us.
  • Technical data such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Marketing data such as your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
  • Your correspondence and other communication with us
  • other publicly available personal data, including any which you have shared via a public platform (such as, but not limited to, a LinkedIn profile, Twitter feed, Instagram post or public Facebook page).
  • Personal information held in public record archives.

We may aggregate anonymous data such as statistical or demographic data for our own internal purposes such as monitoring the demographic of our clients. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity. For example, we may aggregate profile data to assess levels of interest in a specific product or service we offer.

If, at any time, we combine or connect aggregated data with your personal information so that it can identify you in any way, we treat the combined data as personal information and it will be used in accordance with the measures detailed in this privacy notice.

Freedom Chocolate will not pass on your information to any party unless legally obliged to do so.

We will only email you newsletters or notifications if you have subscribed on our website or provided your consent in person. You are able to change your preferences at any time.

3. Special Categories of Personal Data

GDPR classifies Special Categories of personal information. This is data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. It also includes information about criminal convictions and offences.

We will never ask you for any special categories of personal information.

3.1 What If you do not provide the personal information we need?

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may not have a legal basis for providing a service to you. If so, we will notify you of this at the time.

4. How we legally use and protect your data?

We are required to determine under which of six defined legal bases we process different categories of your personal information, and to notify you of the basis for each category. If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data. If the basis changes then, if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

4.1 Information we process because we have a contractual obligation –

When you use our website, buy product(s) from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. “Contract” is therefore our legal basis in such circumstances.

To carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We may use it to: –

  • provide you with our product(s) or service(s)
  • communicate with you
  • provide you with suggestions and advice on products, services and how to obtain the most from using our website.

We process this information on the basis there is a contract between us, or that you have requested we process the information before we enter into a legal contract.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.

4.2 Information we process with your consent –

We ask for your consent for marketing purposes and when using cookies on our website. You are free to withdraw your consent at any time by advising us in writing, following the “unsubscribe” link in our e mails or updating your cookie preferences online.

If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.

We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.

4.3 Information we process in order to manage, operate and control our activities –

When there is no contractual relationship between us, such as when you browse our website or ask us to provide you with more information about our organisation, including our products and services.

Where we implement business management practices e.g. implementing a CRM system or creating a database to support the efficient and effective operation of our activities we will process personal information using legitimate business interest as the legal basis.

4.4 Personal Data of Minors –

We do not sell products or provide services for purchase by children or those under 18, nor do we directly market to children. If you are under 16, you may use our website only with consent from a parent or guardian. We collect data about all users of and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children. Such child users and visitors will inevitably visit other parts of the site and will be subject to whatever on-site marketing they find, wherever they visit.

You may withdraw your consent at any time by instructing us via our contact details below. However, if you do so, you may not be able to use our website or our services further.

4.5 Personal data at trade events or markets

We collect/process personal data of attendees visiting our stand in person at trade shows, specialist food events and markets in order to efficiently manage or activities on the day and in the future.

We may also be provided with details of registered attendees by the organisers. It is your responsibility to satisfy yourself of data management and processing practices of those with whom you provide your information.

4.6 Other disclosure of Personal Data

In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We may have to share your personal data with the parties set out below:

  • service providers who provide IT and system administration services
  • professional advisers including accountancy, legal, banking, marketing and insurance services
  • government bodies that require us to report processing activities
  • third parties to whom we may sell, transfer, or merge parts of our business or our assets

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

5. Retention period for personal data

Different retention periods apply for different types of data, however we will not retain your data for longer than either: –

the period(s) of time mandated by law

OR

that necessary for the purposes set out in this notice. The longest we will normally hold any personal data is 7 (seven) years.

Personal data recorded on paper or other hard copy will be securely destroyed once information has been entered onto our electronic databases and within a maximum time of one month.

6. How we ensure your privacy is maintained?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We are committed to keeping your personal data safe and secure. Our security measures include: –

  • Encryption
  • Implementing risk management and data protection impact analysis
  • Regular cyber security assessments of all service providers who may handle your personal data
  • Security controls which protect our IT infrastructure from external attack and unauthorised access
  • Internal policies setting out our data security approach and training for staff.

7. How you can help protect your data?

You should take all reasonable steps to keep your personal information held on our IT systems secure.

We will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Freedom Chocolate asking you to do so, please ignore it and do not respond to it.

If you are using a computing device in a public location be sure to satisfy yourself of the validity of any public Wi-Fi service available before connecting to it.

Always log out of your account and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety: –

  • keep your account passwords private. Remember, anybody who knows your password may be able to access your account.
  • when creating a password, use at least 16 characters. A combination of letters, symbols and numbers is best. Try not to use easy to guess words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your passwords.
  • Avoid using the same password for multiple accounts.

8. Accessing your personal data?

The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org and our Privacy Policy.

You have a number of rights: –

  • To the right to ask what personal data that we hold about you at any time
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you
  • the right to opt out of any marketing communications that we may send you.

If you wish to exercise any of the above rights, please contact us using the contact details set out below.

9. International transfer of personal data?

To deliver a full range of services to you, it may be necessary for Freedom Chocolate to share your data outside of the UK or European Economic Area. This will typically occur when you and/or service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection legislation and regulation.

If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice will be to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed here –

http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm

10. Cookies on our website?

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser, others last indefinitely.

Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use (see below).

Our website uses cookies. They are placed by software that operates on our web providers servers, and by software operated by third parties whose services we use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.

If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website.

We use cookies in the following ways:

  • To track how you use our website
  • To record whether you have seen specific messages we display on our website

Our website is hosted on the WordPress platform and we sell our products using Woo Commerce.

We also use Google analytics to better understand how our site is used.

WordPress provides us with the online platform that allows us to display and market our services to you. Your data may be stored through WordPress and Woo Commerce data storage, databases and general cookie applications. They store your data on secure servers behind a firewall. Further details relating to these platforms can be found via:

https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/

and

https://woocommerce.com/gdpr/#

You can change cookie settings on your web browser. The way you do this varies depending on the browser you are using. Follow these links for some of the most commonly used browsers: – the following links explain how to access cookie settings in various browsers:

Cookie settings in Firefox

Cookie settings in Internet Explorer

Cookie settings in Google Chrome

Cookie settings in Safari (OS X)

Cookie settings in Safari (iOS)

Cookie settings in Android

To opt out of being tracked by Google Analytics across all websites, visit this link: –

http://tools.google.com/dlpage/gaoptout.

Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.

11. Complaints

If you wish to complain about any of the content on our website please contact us in writing clearly explaining your concerns to the address below: We shall investigate your comments and if we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.

Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content that offends you.

If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.

When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint.

If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.

If you are not happy with our Privacy Notice or policies or if you have any questions or feel a complaint is warranted, then please contact us.

If a dispute is not able to be settled by us we expect all parties to attempt to resolve it by engaging, in good faith, in a process of mediation or arbitration.

If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO). This can be done at:

https://ico.org.uk/make-a-complaint/

Or in writing to the ICO at the appropriate office address – See

https://ico.org.uk/global/contact-us/: –

We would expect that you contact us in the first instance to secure a resolution before contacting the ICO.

12. Review of this privacy notice

We reserve the right to modify this privacy notice at any time, so please check it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this notice, we will notify you here (See date on footer at bottom of page) that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

13. Communicating with us

When you contact us, whether by telephone, through our website, social media or by e-mail, we collect the data you have given to us in order to reply with the information you need.

We record your request and our reply in order to increase the efficiency of our business.

We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.

If you have any questions relating to this Privacy Notice or the information we hold about you, please contact us either: –

via our website Contact Us page

via phone: – 07939 443240

via our e-mail address: – hello@freedomchocolate.co.uk

Or write to us at: –

Freedom Chocolate,
The Vicarage,
High Hesket,
Carlisle, Cumbria,
CA4 0HU