“Popkakery Products Ltd”, (“we” or “us”) is sensitive to concerns that personal information collected from its customers (“you” or “your”) be handled respectfully and appropriately.
1. Information Collected from You and How It Is Used
1.1 If you order our products on our website or via email or phone, your name, phone number, address and email address may be collected. Popkakery Products Ltd may also collect your IP address information and non-personal information such as operating system, browser software, Internet domain and host names, and activity on the website.
1.2 We never share your personal information with 3rd parties. Under no circumstances does Popkakery Products Ltd rent, trade or share your details with any other company for their marketing purposes, unless you specifically opt in and consent via a specific marketing campaign or promotion.
1.3 Your personal details that you have provided are only used by us to improve our services as well as to contact you in relation to your enquiry, special offers, online order processing, online and event registration. Also, to contact you in connection with our own business development, market research and gifting service.
1.4 Data Processing
1.4.1 We process data at our offices at Unit A9 Greenway Business Park, Winslow Road, Great Horwood, Bucks, WD6 3NJ
1.4.2 We apply UK data protection law to our processing.
1.4.3 The Data Protection Officer at Popkakery is Sarah Turner..
1.5 Personal data that we capture during marketing promotions and competitions is always subject to an opt in policy to comply with 2018 GDPR legislation but if you wish to have your details deleted either: Click Unsubscribe at the bottom of any of our email marketing OR Email us at firstname.lastname@example.org and ask to have all your personal information deleted. This is guaranteed to be done within 30 days to meet 2018 GDPR legislation.
1.6 Your personal details are available to see at any time via a request which we try and complete in 7-14 days unless extreme circumstances, otherwise guaranteed to be within 30 days to comply with GDPR legislation.
1.7 To request deletion of all your data please allow 14-21 days, with a maximum time limit of 30 days. In extreme circumstances we may have to refuse to show you, or delete your personal information, this may be for legal reasons. However, we will inform you of this immediately as well as inform you of your rights to complain to the Supervisory Authority and to a judicial remedy.
2. Data Policy & Processing
2.1 At Popkakery we only hold and store personal data for 2 reasons:
2.1.1 Customers/Clients/Members –this is for record purposes only and for customer contact in connection with a purchase. Your details are stored onsite using password protected specialist programs on password locked computers. All personal data is password protected and encrypted. We never share or sell your personal data with 3rd party companies.
2.1.2 Marketing –To send you offers and information on services to ensure you always get the best offers and information. All our email marketing is conducted via a special e-marketing service that has data security and offers a simple 1 click way for you to opt out of our newsletters and emails.
3. Data Security
3.1 We take appropriate steps to maintain our contact information in a secure format and environment to prevent unauthorised usage. Our staff are bound by contract to our GDPR policy.
4. Data Breach
4.1 In the case of a Data Breach the problem will be instantly reported to the Data Protection Officer who will conduct a full investigation and report the breach to the ICO, UK data protection supervisory authority immediately.
4.1.1 Data log, Data Usage & Data Storage will be assessed immediately.
4.1.2 All employees will be questioned in connection with the said data breach, and the results will be logged and reacted on accordingly.
4.1.3 Passwords on all data files will instantly be changed.
4.1.4 123-reg and/or other companies where data is stored will be contacted and asked for a report on security breach, if relevant.
4.1.5 Minimising the impact of the data breach will be assessed on a hourly basis and after 24 hours every 12 hours until resolved.
4.1.6 Any one affected will be contacted and informed of the problem if necessary.
4.1.7 The company insurance company will be contacted with a logged reference.
4.1.8 If necessary the Police will be informed and a crime number will be logged in the data breach report.
4.1.9 All documents that contain credit card and personal data will have passwords changed and any one affected will be contacted and advised of the breach with advice to change passwords and or contact their credit card company immediately.