GDPR Statement 2018
PRIVACY, SECURITY AND DATA PROTECTION FOR PATISSERIE HOLDINGS USERS/CUSTOMERS
This guidance describes how and for what purposes we collect and use personal data from our website users and in store customers. It has been made available electronically to help meet the needs of various users who may access it. This guidance is applicable for all entities within the Patisserie Holdings Plc Group (“the Group”).
How we will use your data
The information you give to us will be used to provide you with the service for which it was intended. In addition, your data may be used to:
Contact you if we need to resolve a query
Enable us to deliver an effective service
Assess the quality of the services we have provided to you
Help us assure quality of the services we provide to you in the future
Provide us with broad demographic data
Provide us with information to help us develop new products or services
Provide you with up to date information where requested on products, services and promotions
We may be legally obliged to share your data upon receipt of a legitimate request, but we will only do so in accordance with the law.
Your data and third parties
We may share or discuss your data with appropriate parties involved in any products you purchase, but we will only do so in line with data protection requirements. For example, we may need to discuss your Afternoon Tea Voucher purchased via a third-party supplier with that supplier, or we may need to obtain information from another store within our brand family from which you have obtained services previously, in order to ensure the service we are providing to you is accurate.
From time to time, we may use the data we obtain from you for statistical analysis and research which may be used at a corporate, national or global level by ourselves. We may also provide data showing trends to third party suppliers. It will not be possible to identify you or any other individual from such data.
How to opt out of disclosure of your information
If you would like to explicitly refuse consent for information to be shared, for example with other departments or third-party suppliers, it may mean that the service that can be provided to you is limited. If the service to which this applies is in a store, you should advise the staff of your wishes at the point of ordering. If the service was received via another means, such as via patisserie-valerie.co.uk, you should contact email@example.com to discuss this request.
Where your data will be stored
Your data will be held on the computer system(s) within the Group stores, Bakeries & Head Office involved in your order and on any paperwork relevant to the provision of services to you. Your data may also be held by systems and support networks within the Group involved in processing your order- for example if you provide data to any of the Group websites or the Customer Feedback team. Your data may also be backed up or archived within purpose-built, professionally managed, secure data storage facilities in the UK, which will be monitored 24 hours a day, 365 days of the year. Appropriate security measures are in place in line with our legal requirements to protect your data.
How we comply with the Data Protection
The Group has internal procedures to ensure that all information which is collected and held about you is held in accordance with the legal requirements and principles of the Data Protection Act 1998 and GDPR guidelines in 2018.
The main principles are listed below together with an explanation of how the Group complies with these principles.
A summary of the data protection principles
1. Personal data shall be processed fairly and lawfully
The Group has developed procedures to ensure that all information collected about you is processed fairly and lawfully. In addition, the Group has developed this guidance to help you understand the purpose of our data collection and the steps we have taken to protect your data.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
The Group has notified you about the purposes for which we will use your information and it will not without prior consent be used in any other form
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
The data we collect is used only for processing the service you have requested or the product you have purchased. Sometimes we may aggregate data, so we can identify trends and draw wider conclusions. In these circumstances the data will be anonymised to prevent identification of any individuals.
4. Personal data shall be accurate and, where necessary, kept up to date
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose, those purposes, or for any future services provided by the Group.
The information that the Group collects from you and from which you are identifiable will be updated at your request. We may ask for appropriate evidence before updating this information.
5. Personal data shall be processed in accordance with the rights of data
Your rights are fully observed. If you feel that your rights are being contravened, then you have full recourse to the Information Commissioner's Office, but please contact us at firstname.lastname@example.org in the first instance to discuss any concerns.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
The Group. recommends that you review the paragraphs above which set out the measures which we have taken to protect your data.
6. Personal data shall be kept for no longer than necessary
We are legally required to keep some information for a certain length of time. Your information will be held in line with our legal requirements and internal policies. It will be held for an appropriate period which allows us to provide an effective service to you and to refer to the information in the future, if we may reasonably be required to do so. For example, if you had a complaint about our services or products, we may need to check the information we held at the time.
7. Personal data shall be protected against unauthorised or unlawful processing and against accidental loss, destruction or damage
We have various physical and technical security measures in place to prevent unauthorised access to your data, such as passwords on computer systems to which only our staff have access. We also have systems to prevent unexpected loss of your data, such as secure computer backup facilities.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
We abide by the high level of data protection regulation within the UK and consequently you can be assured that your information is processed in accordance with UK data protection principles.
Keeping your data up to date and requesting copies of the data held about you
If you would like to update your details, please contact the relevant store from which you received a service. If you would like to update your details with respect to a service received through a Group website such as patisserie-valerie.co.uk, then please contact email@example.com. If this does not meet your requirements, if you have a specific or detailed query about the use of your data, which is not covered within this guidance, or if you would like to obtain a copy of the data held about you, please speak to our team on 0121 777 7000