Proof Bakery Privacy Policy

last updated: 27/08/2018

1. Controller

As the controller (as defined by the GDPR) of your personal data, Proof Bakery is therefore responsible for any collection, processing, use and disclosure that may be carried out in relation to your personal data. 

References to the terms “we”, “us” and “our” in this Privacy Policy are to Proof Bakery.

References to “Customers” are to all private individuals or business customers who have previously indicated an interest in our products through electronic or physical communications or who currently hold subscriptions to our products.

2. Purpose of this Privacy Policy

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.proofbakery.co.uk (the “Site”).

It is important that you read this Privacy Policy together with any other privacy policy update or fair processing notice that we may provide on specific occasions when we are collecting or processing personal data about you.

3. Updates to this Privacy Policy

This Privacy Policy may be updated from time to time. The “Last Updated” section at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes that we make to this Privacy Policy will be effective from the date specified at the top of the revised privacy policy. Your use of our services following any such changes indicates that you have accepted them.

4. Duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

5. Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

6. Our services

Proof Bakery is an organisation that trains and employs refugees to make bread, which is then sold to customers who are either private individuals or businesses. In order to provide our services, we may collect personal data through a number of sources. Please see the ‘How is your personal data collected’ section for more information.

Where we need to collect personal data by law, or under the terms of a contract we have (or are negotiating) with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel all or part of the services you have with us, but we will notify you if this is the case at the time.

7. How we process and use your data

“Personal data” is information that identifies you as an individual or relates to an identifiable individual.

We will only use your personal data when the law allows us to and we will not sell, trade or otherwise deal with your personal data in any way that contravenes this Privacy Policy (as may be updated from time to time).

We have set out below a description of the ways we plan to use your personal data, and on which legal basis we do so. Where we rely on our legitimate interests as a legal basis for processing, we have identified the nature of those legitimate interests.

Use of Customer data for providing our services and managing our relationship with you:

We use Customer data in this category for the following activities:

  • Processing transactions including: payments for bread orders, subscription cancellations and changes to your subscription
  • Informing you of any upcoming changes to the products you have ordered, such as discontinuation, changes in price, or changes of ingredients
  • Maintaining a record of our dealings with you for audit and accounting purposes
  • Responding to your enquiries and fulfil your requests, when you contact us for example, when you send us questions, suggestions, or feedback, or other information about, our services
  • Organising business events and meetings, such as focus groups, tastings and parties
  • Screening orders for potential risk or fraud

The types of personal data we will collect in order to do so are:

  • Name
  • Billing address
  • Email address
  • Telephone/mobile numbers
  • Payment card information (please note all our payment processing functions are handled by third party PCI compliant providers)
  • Name of your organisation/ employer
  • Office address
  • Bank account details
  • Tax ID/National insurance number
  • Passport or similar documented identification

Our basis for processing your data under this category as follows:

  • Necessary for our legitimate interests: providing our services, running our business and administrative purposes.

Use of Customer data for marketing communications and newsletters

The types of data we collect in order to provide marketing communications and newsletters are:

  • Name
  • Email address
  • Telephone number
  • Name of organisation/employer
  • Office address

Our basis for processing your data under this category is as follows:

  • We will only send you marketing communications if you consent to be contacted for this purpose
  • It is necessary for our legitimate interests (to develop our services, to grow our business and to inform our marketing strategy)

Use of funder or investor data

We will use funder or investor data for the following activities and purposes:

  • Identity verification;
  • Funder/investor communications including regular newsletters and funder reports;
  • Ongoing grant or investment management;
  • Due diligence and know-your-customer checks;
  • To respond to your enquiries and fulfill your requests;
  • Cash distributions and payments;
  • Maintaining a record of contacts; and
  • Organising meetings with you.

The types of data we collect in order to do this are:

  • Name
  • Residential/office address
  • Date of birth
  • Tax ID/National insurance number
  • Passport or similar documented identification
  • Nationality
  • Email address
  • Telephone/mobile numbers
  • Bank account details

Our basis for processing your data under this category is as follows:

  • It is necessary for our legitimate interests (for providing our services, running our business,  administrative purposes and making decisions on whether to enter into investor and funder agreements)
  • To allow the performance of our contract with you, if any
  • To comply with legal and tax obligations
  • Details required to establish whether you are a politically exposed person
  • Criminal background checks

Use of data for dealing with, managing and considering training/internship/job/employment applications

The types of data we collect in order to do this are:

  • Name
  • Residential address
  • Date of birth
  • Tax ID/National insurance number
  • Passport or similar documented identification, including your right to work in the UK
  • Nationality
  • Email address
  • Telephone/mobile number(s)
  •  Job title/position of responsibility
  • Curriculum vitaes (CVs)
  • Employment history

Our basis for processing your data under this category is as follows:

  • Necessary for our legitimate interests (for providing our services, running our business,  and administrative purposes)
  • To allow the performance of contractual relations with you

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Such may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Unless we request it, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., national insurance numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise.

8.  How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • Request our products or services;
    • Complete an online order form;
    • Request marketing to be sent to you;
    • Submit employment applications;
    • Give us feedback;
    • Use our website (www.proofbakery.co.uk); or
    • Use our social media pages including TwitterFacebook and Instagram.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. This information does not reveal your specific identity. We collect this personal data by using server logs and other similar technologies such as IP address identification and logging.
  • Cookies. Proof Bakery may also use cookies to collect information on you such as your browser type, time zone, time spent on the services, pages visited, language preferences, and other traffic data. For more information on our use of cookies, please see our Cookie Policy here. If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. If, however, you do not accept cookies, you may experience some inconvenience in your use of the services. We use information from cookies  and automated technologies or interactions to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
  • Third parties or publicly available sources. We may receive personal data about you from various third parties including our payment processing services Chargebee and Stripe.
  • Public sources. Identity data from publicly available sources such as Companies House and the Electoral Register based inside the EU.

9. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the contact details provided in the “Contact Details” section.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

10. Disclosures of your personal data

Proof Bakery will only disclose personal data in accordance with this Privacy Policy (as may be updated from time to time), General Data Protection Regulation and UK laws such as the Data Protection Act.

We may disclose personal data to third party service providers (including IT system administrators, professional advisers, providers of finance, HM Revenue & Customs, regulators and other authorities) to facilitate services they provide to us. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. In such circumstances, we do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

11. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We cannot guarantee the security of any personal data that you disclose online, for example when it is sent by email. You accept the inherent security risks of providing information online over the internet and will not hold Proof Bakery responsible for any breach of security unless this is due to Proof Bakery's negligence or willful default.

12. Data retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Upon termination of a relationship with a customer (such as in event that a customer cancels all current orders and unsubscribes from our mailing list) we will automatically clear that customer’s personal data from our systems within 14 days.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

You can request details of retention periods for specific categories of your personal data by contacting us using the details provided in the “Contact Details” section.

13. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Such rights include your right to:

  • Request access to your personal data;
  • Request correction of your personal data;
  • Request erasure of your personal data;
  • Object to processing of your personal data;
  • Request restriction of processing your personal data;
  • Request transfer of your personal data; and
  • Withdraw consent.

If you wish to exercise any of the rights set out above, please contact us using the details provided in the “Contact Details” section.

We give you choices regarding our use and disclosure of your personal data for marketing purposes. You may opt-out from receiving electronic communications from us by contacting us using the details provided in the Contact Details section or by following the ‘Unsubscribe’ link provided at the footer of any marketing materials that you may have received from Proof Bakery by email.

14. Complaints

You have the right to lodge a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so we would encourage you to contact us in the first instance.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

15. CONTACT DETAILS

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at proofbakeryuk@gmail.com or by mail using the details provided below:

Proof Bakery
147 De Montfort Way
Coventry CV4 7DW

Please note that we also use proofbakeryuk@gmail.com for general queries. For queries related to our Privacy Policy or use of your data, please clearly specific ‘Privacy Policy’ in the subject so that we can more easily respond.