Privacy policy
Your personal information
This privacy policy explains how we collect and process your personal data. Personal data, or personal information, means any information about an individual from which that person can be identified. This includes information that you tell us, what we learn from you and the choices you make about the marketing you want us to send to you. This policy explains how we do this, what your rights are and how the law protects you.
We do not knowingly collect data relating to children.
Changes to data protection law
The law in relation to data protection changed on 25th May 2018 when the General Data Protection Regulation came into force in the United Kingdom and across Europe.
This privacy policy was last updated on 1st March 2019. It tells you about most of your rights under the new law, but we may need to make changes to it in the future. Your use of our website and services/products will be subject to the most current version of this privacy policy posted on our website at the time of your use. We recommend that you check the website from time to time to inform yourself of any changes – we will notify you every time we make a change to this policy. We may need to ask you to agree to the changes or refresh your consent to us using your personal information.
Who we are and how you can contact us
We are The English Cheesecake Company Limited. Our registered office is at Finsgate, 5-7 Cranwood Street, London, EC1V 9EE.
You can contact us by email at info@englishcheesecake.com or by telephone on +44 (0)20 8964 9556. If you need to you can write to us at Unit 1 North, Oxgate Centre, Oxgate Lane, London, NW2 7JA.
Our representative for all queries in relation to this policy and your data protection rights is Josh Laurier josh@englishcheesecake.com.
When we refer to our website, we mean our website at https://englishcheesecake.com/
Where we collect your personal information from
We may collect personal information about you in the following ways:
Data you give to us:
Data you give to us when you purchase goods from us.When you talk to us on the phone.When you use our website or send us enquiries through our contact forms.In emails or letters to us.If you sign up to our promotions, events or newsletter.When you give us feedback.Data we collect when you use our services:
Payment and transaction data.Profile and usage data, including data we gather from the devices you use to connect to those services such as computers and mobile phones, using cookies (please see our cookies policy below) and other internet tracking software.Data from third parties we work with:
Social networks.Public information sources, such as Companies House if you are a business.Agents or contractors working on our behalf (such as SSB Consulting).Credit Reference Agencies.
Data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity data – name, username and title.
Contact data – billing address, delivery address, email address or telephone numbers.
Financial data – bank account and payment card details.
Transaction data – details about payments to and from you and other details of products and services you have purchased from us.
Technical data - internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Profile data – your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage data – information about how you use our website, products and services.
Marketing and communications data – your preferences in receiving marketing from us and your communication preferences.
We do not collect any special categories of personal data about you. This includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we use your personal information
Your privacy is protected by law.
We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below: the personal information which we collect from you, how we use it, and the legal ground on which we rely when we use the personal information.
In some circumstances we can use your personal information if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
What we use your personal information for
What personal information we collect
Our legal grounds for processing
Our legitimate interests (if applicable)
To register you as a new customer
Identity dataContact dataProfile dataPerformance of our contract with you
To process and deliver (if applicable) your order
Identity dataContact dataPerformance of our contract with you
To manage payments
Financial Data Performance of our contract with you
To manage our relationship with you
Identity dataContact dataProfile dataLegitimate interest
To keep your records up-to-date and ensure that we run our business efficiently
To enable you to receive our exclusive offers and special events (including when you sign up to receive our newsletter)
Identity dataContact dataMarketing and communications dataConsent Legitimate interest
To grow our business and keep you informed of offers and events that may interest you
To use data analytics to improve our website, products, marketing, customer relationships and experiences
Technical dataProfile dataUsage dataLegitimate interest
To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about goods that may be of interest to you
Identity dataContact dataMarketing and communications dataLegitimate interest
To keep you informed of new products or similar products to the ones you showed an interest in
Who we share your personal information with
We may share your personal information with any of the following organisations, for the purposes of providing the goods which you have requested from us:
Agents and advisers that we use.Our credit card processors (Sage Pay).Our marketing automation platform provider (Signup.to and Ekomi). Our delivery services provider (APC Couriers).External service providers (acting as data processors) that provide applications/functionality, data processing or IT services to us (for example, we use third parties to support us in storing processed data).
You can find details of how these third parties use your personal information by looking at their privacy policies, all of which should be available on the relevant websites, or on request.
We require all organisations who we share your data with to respect the security of your personal data and to treat it in accordance with the law. We do not allow any of our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Failing to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Third party links
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
Transferring your personal information outside the EEA
The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal information outside the EEA we have to tell you.
We do not transfer your data outside of the EEA.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
How long do we keep your personal information?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements, to respond to any questions or complaints from you, or for the establishment or defence of legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you would like to know more about the retention periods we apply to your personal data, please contact us at info@englishcheesecake.com.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. We will keep your personal information for as long as you are our customer.
Marketing
We may use your personal information to tell you about relevant goods and any upcoming offers.
We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so.
You can ask us to stop sending you marketing messages at any time – you just need to contact us or use the opt-out links on any marketing message sent to you.
We will not share your personal data with any third party for its marketing purposes.
Where you opt out of receiving marketing messages from us, this will not apply to personal data provided to us as a result of purchasing our goods or services or any other transaction between you and us.
Your rights
You have certain rights which are set out in the law relating to your personal information. The most important rights are set out below.
Getting a copy of the information we hold
You can ask us for a copy of the personal information which we hold about you, by writing to us at info@englishcheesecake.com. This is known as a data subject access request.
You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive or excessive. In such circumstances we can charge a reasonable fee or refuse to comply with your request.
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month and in that case we will notify you and keep you updated.
Telling us if information we hold is incorrect
You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact us at info@englishcheesecake.com if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.
Telling us if you want us to stop using your personal information
You have the right to:
object to our use of your personal information (known as the right to object); orask us to delete the personal information (known as the right to erasure); or request the restriction of processing; orask us to stop using it if there is no need for us to use it (known as the right to be forgotten).
There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Withdrawing consent
You can withdraw your consent to us using your personal information at any time. Please contact us at info@englishcheesecake.com if you want to withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain products or services.
Request a transfer of data
You may ask us to transfer your personal information to a third party. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Making a complaint
Please let us know if you are unhappy with how we have used your personal information by contacting us at info@englishcheesecake.com.
You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.