Privacy and Cookies Policy

 

  1. Introduction

Welcome to Farmhouse Biscuits Ltd. We are committed to protecting and respecting your privacy. This Privacy and Cookies Policy explains how we collect, use, and safeguard your personal data in accordance with applicable data protection legislation, including but not limited to the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) (collectively referred to in this Privacy and Cookies Policy as the “Data Protection Legislation”).

By using our website (the “Website”), purchasing our products, or otherwise providing personal data to us, you confirm that you have read and understood this Privacy and Cookies Policy.

Controller

Farmhouse Biscuits is the data controller for the purposes of the Data Protection Legislation. Our registered address is:

Farmhouse Biscuits Ltd, The Bakery, Brook Street, Nelson, Lancashire, BB9 9PX England

If you have any questions or concerns about this Privacy and Cookies Policy or about how we collect and use your personal data, please contact us at:

customerservices@farmhouse-biscuits.co.uk 

You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

  1. Data Protection Principles

We comply with data protection law, which states that any personal information we hold about you must be:

  1. Used lawfully, fairly, and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.
  1. What Information We Collect About You

We may collect and process the following categories of personal data about you:

  • Identity Data: includes your name, title, username or similar identifier.
  • Contact Data: includes billing address, delivery address, email address, and telephone numbers.
  • Demographic Data: includes postcode, preferences, and interests.
  • Financial Data: includes payment card details for processing transactions. However, we do NOT store credit/debit card numbers after your transaction is processed.
  • Transaction Data: details about payments to and from you, and details of products or services you have purchased from us.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our trusted partners, along with your communication preferences.
  • Technical Data: includes internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this Website.

We do not knowingly collect any personal data relating to children via our website. If you are under the age of 16, please do not provide any personal information.

Please note that we do not share your details with any unaffiliated third parties for their marketing purposes. Any sharing of your data is covered in Section 7 below.

  1. How We Collect Your Personal Data

We use different methods to collect data from and about you, including through:

  1. Direct Interactions
    You may give us your personal data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
    • Create an account on our website;
    • Order our products;
    • Subscribe to our marketing communications;
    • Request marketing information to be sent to you; or
    • Enter a competition, promotion, or survey.
  2. Automated Technologies or Interactions
    As you interact with our website, we may automatically collect certain Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
  3. Third Parties or Publicly Available Sources
    We may receive personal data about you from various third parties (and public sources), including:
    • Analytics providers (e.g., Google Analytics);
    • Advertising networks;
    • Search information providers;
    • Social media platforms (if you engage with our pages or content).
  1. The Lawful Basis for Processing

Under the Data Protection Legislation, we must have a lawful basis to process your personal data. We rely on one or more of the following lawful bases:

  • Performance of a Contract: We may process your personal data where it is necessary to perform a contract with you (e.g., to fulfil your order) or to take steps at your request before entering into a contract.
  • Compliance with a Legal Obligation: We may process your personal data where necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: We may process your personal data where it is necessary for our legitimate interests (or those of a third party), provided that these interests are not overridden by your fundamental rights and freedoms.
  • Consent: We may rely on your consent to process your personal data (e.g., for certain marketing purposes). Where we rely on consent, you have the right to withdraw it at any time by contacting us (see Section 11).
  1. How We Use Your Personal Data

We may use the information we collect from you in the following ways:

  1. To fulfil orders and supply products you have requested or purchased, and to manage payments, fees, and charges.
  2. To manage our relationship with you, including notifying you about changes to our terms or policies.
  3. To maintain our accounts and records for business and financial purposes.
  4. To provide customer support, respond to your inquiries, and handle any complaints.
  5. To improve our products and services, including conducting internal market research, analytics, and Website improvements.
  6. To send marketing communications (where you have given your consent) such as promotional emails about new products, special offers, or other information we believe may be of interest.
  7. To send periodic communications for feedback or market research purposes (again, only where we have a lawful basis for doing so).
  8. To administer and protect our business, including troubleshooting, data analysis, system maintenance, and network security.
  9. To comply with legal or regulatory obligations, including fraud prevention and detection.

If you have previously agreed to us using your personal information for direct marketing purposes, you may opt out at any time (see Section 11).

  1. Disclosure of Your Personal Data

We may share your personal data with selected third parties in the following circumstances:

  1. Service Providers and Partners
    • IT and system administration service providers;
    • Payment processors (to complete your purchases securely);
    • Delivery and logistics companies (to deliver your orders).
  2. Professional Advisors
    • Lawyers, accountants, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
  3. Legal Requirements
    • Where disclosure is required by law or in response to valid requests by government authorities (e.g., for tax or regulatory purposes, or in connection with legal proceedings).
  4. Business Transactions
    • In the event that we sell or buy any business or assets, or if all of our assets are acquired by a third party, personal data may be disclosed as one of the transferred assets.

We do not sell your personal data or share it with unaffiliated third parties for their own marketing purposes without your explicit consent.

  1. Data Security

We are committed to ensuring that your personal data is secure. We have implemented appropriate technical and organisational measures to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. Examples include:

  • Secure Socket Layer (SSL) technology to encrypt payment transactions;
  • Access controls to restrict who can access personal data;
  • Secure servers and firewalls to safeguard our IT infrastructure.

Despite our best efforts, no transmission of data over the internet or any other public network can be guaranteed to be 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

 

  1. Cookies and How We Use Them

A cookie is a small file placed on your computer’s hard drive. Once you agree to the use of cookies, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a specific site. Cookies enable web applications to respond to you as an individual and tailor operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.

9.1 Types of Cookies We Use

  • Analytics Cookies (e.g., Google Analytics)
    We use these cookies to identify which pages are being used and to analyse data about webpage traffic. This helps us improve our website by tailoring it to customer needs. The information is aggregated, which means we cannot identify you personally.
  • Functional Cookies
    These enable core website functionality and remember choices you make (e.g., language preferences). If you disable these, some parts of our website may not function properly.
  • Advertising/Marketing Cookies
    We may use these cookies to track visitors across websites to display ads that are relevant to the individual user.
  • Social Plugins
    Buttons and plugins for social networks (e.g., Facebook, Twitter) may use cookies to collect usage information.

9.2 Controlling Cookies

You can accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the Website. 

  1. Data Retention

We will keep your personal data only for as long as is necessary to fulfil the purposes for which it was collected and to satisfy any legal, accounting, or reporting requirements. We may retain your data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period, we consider:

  • the amount, nature, and sensitivity of the personal data;
  • the potential risk of harm from unauthorised use or disclosure of your personal data;
  • the purposes for which we process your personal data and whether we can achieve those purposes through other means;
  • and any legal, regulatory, tax, accounting, or other requirements.

Once the relevant period has ended or we no longer need your personal data for the purposes it was collected, we will securely destroy or permanently de-identify the data in accordance with our data retention and deletion policies (unless we are required by law to retain it for a longer period).

  1. Your Rights & How to opt Out

11.1 Your Rights
Under Data Protection Legislation, you have specific rights regarding your personal data. You have the right to:

  1. Access the personal data we hold about you.
  2. Request correction of the personal data that we hold about you if it is inaccurate or incomplete.
  3. Request erasure of your personal data when there is no compelling reason for us to continue processing it.
  4. Object to processing of your personal data if we are relying on a legitimate interest (or those of a third party) and you feel our processing impacts your fundamental rights and freedoms.
  5. Request restriction of processing of your personal data in certain circumstances (for example, if you dispute the accuracy of your data).
  6. Request the transfer of your personal data to you or to a third party (also known as data portability), in certain scenarios.
  7. Withdraw consent at any time, where we rely on your consent to process your personal data (such as for direct marketing).

11.2 Opting Out of Marketing
If you have previously agreed to us using your personal data for direct marketing purposes, you may opt out at any time by doing any of the following:

  • Clicking the “unsubscribe” link in any marketing email we send you.
  • Emailing us at customerservices@farmhouse-biscuits.co.uk and stating you no longer wish to receive marketing communications.
  • Writing to us at:

Farmhouse Biscuits Ltd, The Bakery, Brook Street, Nelson, Lancashire, BB9 9PX England

We will promptly remove you from all future marketing correspondence upon receipt of your request.

11.3 Exercising Your Rights
To exercise any of the rights described above, please email us at customerservices@farmhouse-biscuits.co.uk or write to us at the address above. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

11.4 Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would appreciate the opportunity to resolve your concerns, so please do contact us first if you have any questions or complaints regarding our handling of your personal data.

 

0
    Your Cart
    Your cart is emptyReturn to Shop
    Continue Shopping