Privacy Policy for The Great British Sweet Shop
The Great British Sweet Shop is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make purchases, or interact with our services. We adhere to the principles of the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.
1. Information We Collect
We may collect personal data from you in various ways, including when you place an order, sign up for our newsletter, create an account, participate in surveys, or contact us. The types of personal data we may collect include:
- Identity Data: Name, title, date of birth.
- Contact Data: Billing address, delivery address, email address, telephone numbers.
- Financial Data: Payment card details (though processed by secure third-party payment gateways, we do not store full card details ourselves).
- Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
- Profile Data: Your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
- Usage Data: Information about how you use our website, products, and services.
- Technical Data: Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
2. How We Use Your Information
We use the personal data we collect for various purposes, primarily based on legitimate interests, contractual necessity, or your consent:
- To process and fulfill your orders: This includes managing payments, deliveries (e.g., bespoke sweet hampers, nostalgic confectionery gifts, corporate sweet treat packages), and returns.
- To manage your account: Including providing access to your order history and managing your preferences.
- To improve our website and services: Through data analysis, research, and understanding user trends to enhance our online ordering platform, product selection (traditional British sweets, international candies), and overall customer experience.
- To send marketing communications: With your consent, we may send you newsletters, promotions, and information about new products or services, including those relevant to event sweet tables.
- To respond to your inquiries and provide customer support: Addressing questions or issues related to our sweet products or services.
- For internal business purposes: Such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities.
- To comply with legal obligations: Including accounting, auditing, and other regulatory requirements.
3. Disclosure of Your Information
We may share your personal data with the following categories of third parties for the purposes described in this Privacy Policy:
- Service Providers: Third-party vendors and service providers who perform services for us or on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
- Delivery Partners: To fulfill your online orders and ensure timely delivery of your confectionery.
- Legal and Regulatory Authorities: When required by law or to respond to valid legal processes, such as subpoenas, government requests, or to protect our rights, property, or safety, or that of our users or the public.
- Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
We ensure all third parties respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
4. Data Security
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal data we process. However, please remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal data, transmission of personal data to and from our website is at your own risk. You should only access the services within a secure environment.
5. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
6. Your Data Protection Rights
Under UK GDPR and other applicable data protection laws, you have certain rights concerning your personal data:
- The right to be informed: About how your personal data is being used.
- The right of access: To your personal data (commonly known as a "data subject access request").
- The right to rectification: To have inaccurate personal data corrected.
- The right to erasure ("the right to be forgotten"): In certain circumstances, to have your personal data deleted.
- The right to restrict processing: To block or suppress processing of your personal data.
- The right to data portability: To obtain and reuse your personal data for your own purposes across different services.
- The right to object: To processing based on legitimate interests or direct marketing.
- Rights in relation to automated decision making and profiling: Not to be subject to a decision based solely on automated processing.
To exercise any of these rights, please contact us using the contact details provided below.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track the activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.
8. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
9. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
The Great British Sweet Shop
14a Regent Street,
London, Greater London,
SW1Y 4PD
UK