Makes By Megs Privacy Notice
Makes By Megs Bakery are committed to protecting your privacy. In order to provide our services to the customer and to provide a more personalised shopping experience, we need to collect certain information from you. This Privacy Notice explains when and why we collect personal information about you as well as the types of personal data we may collect when you interact with us in-store, online or over the phone. It also explains how we’ll look after your data and keep it safe.
1. Explaining the legal bases we rely on
The GDPR law on data protection sets out a number of different reasons a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent - e.g. when you tick a box online or sign up in store to receive email communication from Makes By Megs Bakery.
In some instances, we need your personal data to comply with our contractual obligations. For example, if you place an order with us, we need your address details to deliver your order and we also need to pass your details to a courier.
We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting Makes by Megs Bakery, we need to pass details to law enforcement.
We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your purchase history and shopping preferences to offer more personalised offers or products.
2. How we collect your personal data
There are a number of ways in which we may collect information about you:
• When you visit our website, TIK TOK shop, create an account with us and use your account to buy products
• When you purchase products in any of our shops or over the phone
• When you sign up to any of our loyalty programmes
• When you call our shop or fill in a website contact form
• When you enter a competition or prize draw or fill in a survey
• When you engage with us on social media
• When you have given a third party permission to share information they hold about you with us
3. The type of personal data we collect
The personal data we may collect includes your name, billing/delivery address, email address, telephone number, notes from conversations we have with you, information from voucher redemptions, your IP address, which websites you came from when visiting ours, which of our web pages you visit, any search terms you entered on our website, information gathered by cookies in your web browser, any information that you may have told us that suggests your preferences (e.g. you may have told us that you are vegetarian) and your social media username if you communicate with us. Please note that when you set up an account with us, your password to log in is encrypted and when you place an order, we do not hold your card details, it is collected by Stripe, our third party payment processors who use secure online capture and processing methods. If you choose to save your credit card details these will be securely held with Stripe.
4. How and why we use your personal data
When you engage with us, we want to give you the best possible experience. By collecting data about you, it allows us to offer a great and tailored service.
We use your data so we can fulfill our contractual obligations to you (such as deliver your food) but also to offer you products and promotions that are more likely to be of interest to you. The data privacy law allows this as part of our contractual obligations and legitimate business interest in understanding our customers and providing the highest levels of service. We will hold your data in our systems for as long as is necessary for each relevant activity or as long as is set out in any contract we have with you.
If you ever wish to change how we use your data, you can do so. If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Here are some ways that we'll use your personal data and why:
• To process any orders you make in a shop or on our website. If we don't collect your personal data during checkout, we won't be able to process and deliver your order and comply with our legal obligations e.g. your details are passed to a courier company so that your order can be delivered. We will keep your details for a reasonable period afterwards in order to fulfill any contractual obligation such as a refund or exchange.
• Our shop staff need to be able to respond to your queries, complaints or process a refund so we need your contact information in order to respond. We will keep a record of your information including notes on how we communicated with you and what was discussed. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with remarkable customer service and it helps us improve this service to you.
• We keep your personal data to maintain, update and safeguard your account and to protect our business and your account from fraud or other illegal activities. We'll also monitor your browsing activity on our website in order to identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
• For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.
• When you place an order with us, your card details are collected by our third party payment processors Stripe who use secure online capture and processing methods. This helps to protect you from fraud. We do this on the basis of our contractual and legitimate business interests.
• With your consent, we will use your personal data, preferences and details of your transactions to keep you informed about relevant products and tailored special offers, discounts, promotions, competitions and events by email and post. As ever, you can always opt out of hearing from us through these channels at any time.
• To comply with our legal obligations, we will send you communications required by law or which are legally necessary e.g. significant updates to this Privacy Notice, product recall notices and legally required information relating to your orders. These messages are to inform you about changes to the service we provide you and will not include any promotional content and so do not require prior consent when sent by email or phone.
• If you enter a competition or prize draw run by us we will use your information to contact you in the event of you winning based on your agreement to the terms and conditions of the competition at the time of entry.
• To display the most interesting content to you on our website we’ll use data we hold about your product purchases and so on. We do so on the basis of your consent for our website to place cookies or similar technology on your device. e.g, we might display a list of items you’ve recently looked at, or offer you recommendations based on your purchase history and any other data you’ve shared with us.
• We use your data to develop, test and improve our systems and products. We’ll do this on the basis of our legitimate business interests. e.g. customer research to improve our product range, survey feedback etc.
• To comply with our contractual or legal obligations to share data with law enforcement.
5. Protection of your personal data
The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can and in line with new legislation as we know it is important to you as well as us.
Here are some ways we secure your data:
• The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can and in line with new legislation as we know it is important to you as well as us.
• Here are some ways we secure your data:
• We use encrypted https links between our web server and your browser which means that all data passed between you and us cannot be intercepted.
• We do not store your card details ourselves, but instead utilise Stripe, who are a PCI compliant payment processing provider for all orders placed online,.
• All personal data is stored and encrypted.
• We monitor and check our data security systems for possible vulnerabilities and attacks.
6. How long will we assume your consent for mailings?
After your initial consent to sign up to our mailings, we assume you still want to hear from us if you're engaging with Makes By Megs Bakery by opening our emails, visiting the website, placing an order from us or re-registering in-store. If you haven't done any of these things for a period of seven years, we'll get in touch to reconfirm that you still want to hear from us. If we can't re-establish contact with you, we will opt you out of further communication.
If you've given us consent to receive postal communications, we often only send out menus and vouchers to our most active customers so we would encourage you to regularly re-register in-store to re-confirm that you still want to hear from us.
7. Length of time we keep your personal data
We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised and for example aggregated with other data to be used for business planning and analysis.
For instance, if you placed an order with us, we keep your details for 7 years and after that it is anonymised.
If we don't see you in-store or online for a period of seven years, we will automatically anonymise your account details.
8. Who we need to share your personal data with and why
At times we need to share your personal data with trusted third parties e.g., delivery couriers, IT companies, mailing houses, credit card processing services and so on. We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for. Your data is deleted or rendered anonymous if we stop working with them.
We want your customer journey with Makes By Megs Bakery (from ordering to fulfilment of your order, or to signing up to our mailing list in a shop and receiving your menu) to be as smooth as possible. We use the following companies who will process your personal data as part of their contracts or terms and conditions with us:
• Google Analytics - for monitoring the volume, details and actions of visitors to our website
• Facebook - for personalising ads into your news feeds (which you can opt out of on Facebook)
• Mailchimp - The online mailing company we use
Please note the above suppliers are non exhaustive and may change from time to time, but we will endeavour to keep the list above accurate and as up-to-date as possible.
Sharing your data with third parties for their own purposes
We will never sell or trade your contact details with any third parties, unless you have given us your consent to do so.
There are some instances where we may have to share your information based on our legal obligations, for instance:
• Fraudulent activity in our shops or online systems
• If the police/government ask us to disclose information we may be required to share your personal data with them, however we would assess this sort of request very carefully
• For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies
For further information please contact our Data Protection Officer.
9. Where your personal data may be processed
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia or the USA.
Protecting your data outside the EEA
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.
For example, this might be required in order to fulfil your order, process your payment details or provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA by ensuring they are compliant with the EU-US Privacy Shield specification.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
10. Your rights over your personal data
You have a choice as to whether or not you receive marketing information from us and you can withdraw your consent from specific communication channels at any time.
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
• Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails
• If you have an account, log in into your account on our website at www.makesbymegs.co.uk, visit the ‘My Account’ area and change your preferences
• Contact our Customer Care team at firstname.lastname@example.org
Legitimate Business Interests
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered please email us at email@example.com