Skip to main content
Pre-order the first limited edition box now, for delivery in February 2021.

Privacy Policy

Introduction

This privacy policy sets out how we use and protect the information that you provide to us via Our Sites.

In this privacy policy any references to “Our Sites” are to this website, www.bakeoffbox.co.uk (the “Website”) and any other account or pages created and/or operated by us on online/ social media platforms including for example, Twitter, Facebook, YouTube and Instagram (“Social Media Platforms”) (but not the Social Media Platforms themselves). This privacy policy applies to your use of Our Sites. Social Media Platforms have their own privacy policies and you should also read the applicable privacy policy for the social media platform that you are using to see how the social media platform will collect and use your personal information. By accessing and continuing to use Our Sites and, if you submit personal information to us, by submitting personal information to us, you confirm that you agree to this privacy policy.

Our details

In this privacy policy “we”, “us” or “our” refers to The Great Product Exchange Ltd. Our company details are as follows:

  • Registered in England and Wales
  • Company Registration Number: 09189901
  • Registered Office Address: Unit 1 & 2 Kingsley Farm, Kingsley Road, Harrogate, North Yorkshire, HG1 4RF
  • VAT number: GB 196504190

Your privacy is important to us and we are committed to protecting your privacy. This privacy policy explains why we collect and use personal information, what we do to ensure it is kept private and secure and your rights in relation to your personal information. For the purposes of data protection law, we are the Data Controller in relation to all personal information submitted to and/or collected on Our Sites. We are registered with the Information Commissioner’s Office as a data controller with registration number ZA792210.

We may need to make changes to this privacy policy from time to time to reflect changes in our business and changes in law and regulation. If you submit your personal details to us, be sure to check back to this page to ensure that you have read the latest version of this privacy policy.

This privacy policy forms part of, and should be read in conjunction with, our Terms and Conditions of Use of Our Sites, our Terms and Conditions of Sale and our Cookie Policy.

 

  1. What Personal Information do we ask for and why?
    1. “Personal Information” is information relating to you, which can be used to identify you personally (either directly or indirectly).
      • full name;
      • email address;
      • telephone number;
      • date of birth;
      • billing address;
      • delivery address for your orders (if different to the billing address);
      • where you are buying a product for someone else, the name and delivery details of the person who is to receive the gift;
      • your username and password;
      • payment details (i.e. card details and billing address);
      • delivery instructions;
      • Customer Service reports following any communication you have had through that route.
    2. We collect this Personal Information so that it can be used for the purposes set out in the Terms and Conditions of Sale, including, but not limited the following purposes:
      • to register you as a customer, manage your account and keep track of your orders;
      • to allow you access to your account;
      • to communicate with you, in relation to your orders, account details, enquiries and when you contact customer services (this may include recording of telephone calls, but you will be advised of this before the call commences);
      • to facilitate your orders, payment and delivery;
      • for security purposes, for example to verify your age and identity;
      • to communicate with you on Social Media Platforms, by way of response to your messages, likes or other forms of comments that invite reply (depending what permissions you have set on such platforms); and
      • where you have given permission, to send you marketing messages about our products.
    3. We may also collect information about your usage of Our Sites, such as browsing patterns, but information collected in this way will not identify you personally. Our servers also automatically record certain information that your web browser sends whenever you visit any website. This may include your web request, internet protocol address, browser type, browser language, URLs, URLs domain names, pages viewed and other matters together with cookies which may identify your browser. We use this information to find out about how visitors use Our Sites.
  2. What is our lawful basis for using your Personal Information?
    1. We will only use your Personal Information when we have a valid reason (also known as a lawful basis) to do so. Which lawful basis is applicable will depend on precisely how we are using your Personal Information and for what purpose.
    2. Most commonly, we will use your Personal Information:
      1. because it is necessary to pursue our legitimate interests and where there is no undue adverse impact on you;
      2. in order to prepare to perform and to perform a contract with you;
      3. in order to comply with a legal obligation to which we are subject;
      4. because you have consented to us doing so.
    3. Where we are processing your Personal Information for the purposes of pursuing our legitimate interests, those interests may include:
      1. responding to any enquiries you may have, providing you with information you request and/or to help us operate and improve Our Sites;
      2. creating your account and identifying you when you contact us or use our Website;
      3. performing our contract with you, i.e. to set up and collect payments and to fulfil orders that you place, including delivery via our delivery provider;
      4. forward planning purposes (in relation to procurement and product stocking) and as part of our processes to detect and avoid fraud;
      5. retaining records of our transactions with you, so that they are available to us for legal and/or financial purposes and also to you should you request the same;
      6. managing our relationship with you and to maintain customer satisfaction;
      7. market research, reporting, analysis and modelling, so as to improve the products and services we provide (including via Social Media Platforms);
      8. improving our understanding of customer interest in our products and analysing your engagement with Our Sites; and
      9. ensuring that our service meets all appropriate technical requirements and that we can respond effectively to technical issues and improve the experience you have on Our Sites.
    4. Where we are processing your Personal Information in order to prepare to perform and to perform a contract with you, the processing we undertake may include:
      1. recording your personal details to enable us to perform any contract we have with you;
      2. obtaining authorisation to charge to your nominated bank or credit card charges that you incur when ordering a subscription or products from us;
      3. processing in order to fulfil any order you have placed with us; and
      4. maintaining records of your subscriptions in order to fulfil these on a continuing basis.
    5. in order to comply with a legal obligation to which we are subject, the processing we undertake may include:
      1. responding to any legal or regulatory enquiry or investigative action;
      2. initating a product recall;
      3. co-operating with any audit requirement that we may be subject to.
    6. Where we are processing your Personal Information when you have given your consent, the processing we undertake may include:
      1. providing you with marketing communications; and
      2. responding to enquiries you make through the Website and through our Customer Service team;
  3. Sharing your Personal Information with third parties
    1. We will not share your information with any third parties except:
      1. where we have your consent;
      2. where required, in order to fulfil your order, including for the purposes of processing payment from you and delivering the product(s) to you;
      3. to our professional advisers, for the purposes of obtaining professional advice or establishing, exercising or defending legal rights;
      4. to Processors that we appoint as detailed at paragraph 3.3 below, together with other service providers and suppliers where necessary, for the purposes of fulfilling your orders or otherwise conducting our business;
      5. where a third party acquires all or a substantial portion of our business and your Personal Information is, at that time, in our possession as part of the transferred business assets in such sale/ transfer and we may share the same with any prospective purchasers and their advisors; and
      6. where we are required by law to provide Personal Information to law enforcement agencies, government entities, tax authorities or regulatory bodies.
    2. We will not share your information with third parties for marketing or market research without your explicit consent.
    3. Processors – We have engaged the following service providers (“Processors”) to ensure that the service we provide you with operates as efficiently as possible and to help facilitate your orders. The Personal Information we share with each of these Processors and the lawful basis upon which processing is conducted is described in the table below. We also provide details of the privacy policy for each of these Processors.

      Processor

      Data is shared with the Processor for the following purpose(s)

      Personal Information Shared

      Klaviyo

      Klaviyo help us manage our subscription list and communicate with you where you have an active subscription and or /have requested/ consented to receive our emails and/or marketing messages. Klaviyo’s privacy policy may be found here: https://www.klaviyo.com/privacy/policy.

      Full Name

      Email Address

      Order Information

      Shopify

      Shopify is our chosen commerce platform who help us to manage products, inventory and order fulfilment. Shopify’s privacy policy may be found here: https://www.shopify.com/legal/privacy/customers. Payment data received by Shopify may be checked by a third party to eliminate risk of fraud.

      Full Name

      Email Address

      Order Information

      Billing Information


      Shipping Information

      Stripe

      Stripe is a payment processing platform. We obtain any payments that you have agreed to make to us through Stripe. Your payment information is directed to Stripe – we have limited access to your bank or credit card details. Stripe’s privacy policy can be found here: https://stripe.com/en-gb/privacy.

      Billing Information

      Name on Card

      Expiry Date

      Recharge

      Recharge is our subscription management platform, helping us to process monthly and prepaid subscription orders. Recharge's Privacy Policy: https://rechargepayments.com/privacy-policy/

      Full Name

      Email address

      Subscription Information

      Order Information

      Billing Information

      Shipping Information

      Royal Mail

      Royal Mail is our chosen delivery provider, who will deliver your order to you. Royal Mail’s privacy policy can be found here: https://www.royalmail.com/privacy-notice.

      Email address

      Name for address label

      Delivery address

      Delivery instructions

      Ventrica

      Ventrica is our customer care provider handling any questions you may have. Ventrica’s privacy policy can be found here:  https://www.ventrica.co.uk/legal/privacy-policy.

      Full Name

      Email address

      Telephone number

      Date of Birth

      User Notes

      Order Information

      Subscription Information

      Billing Information

      Shipping Information

    4. We use other service providers from time to time to support transaction processing and dispatch. All service providers are assessed for compliance with General Data Protection Regulation ((EU) 2016/679) (GDPR) and when located in the United Kingdom, compliance with the Data Protection Act. When located outside of the United Kingdom we ensure that their privacy policies incorporate appropriate recognition of GDPR and other relevant Data Protection requirements.
  4. Promotional and marketing information
    1. If you no longer wish to receive this information, you can tell us at any time:
      1. by clicking the “unsubscribe” link in the marketing emails you receive from us; or
      2. by contacting our Customer Service Team.
  5. Posting content on Our Sites
    1. Posts and comments on Social Media Platforms (and, if relevant, the Website www.bakeoffbox.co.uk) are publicly available and you should bear this in mind when you post or upload content to Our Sites (including checking your privacy settings to ensure that they reflect the level of privacy that you wish to maintain for the relevant social media account);

      www.bakeoffbox.co.uk  and the services we provide through the website are not intended for access and use by children under 18. If you are under that age of 18 you should ask your parent’s or legal guardian’s permission before using the Website. 

  6. Providing us with other people’s Personal Information
    1. Before disclosing any Personal Information of another person to us, you must obtain that person’s consent to both the disclosure and processing of that person’s Personal Information in accordance with this Privacy Policy. By disclosing any person’s Personal Information to us you confirm that you have the necessary consents to do so.
  7. Keeping your Personal Information up to date
    1. Please ensure that any Personal Information you provide us with is up to date and accurate. If your Personal Information changes, you can let us know by updating the details through your account on our Website or contacting our Customer Service Team.
  8. Your rights in respect of your Personal Information
    1. You have the right to:
      1. access your Personal Information (via what is commonly known as a “data subject access request”);
      2. require us to correct any mistakes in your Personal Information which we hold;
      3. withdraw your consent to the processing of your Personal Information (if we are relying on consent as our lawful basis for using your Personal Information);
      4. require the erasure of your Personal Information;
      5. require us to restrict processing of your Personal Information, in certain circumstances;
      6. receive the Personal Information you have provided to us, in a structured, commonly used and machine-readable format and/or transmit that information to a third party, in certain situations; and
      7. object to our continued processing of your Personal Information, in certain situations.
    2. Please note that not all of these rights are absolute – in some cases they will not apply to you, or to the particular use that we are making of your Personal Information (for example if we have to process the information to comply with our own legal obligations). For further information on each of these rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. If you wish to access a copy of your Personal Information or exercise any of your other rights your request must be made in writing to DPO@thegbexchange.com and we will endeavour to respond within a reasonable period and in any event, within one month in compliance with applicable data protection legislation. You can also contact us using the same email address if you wish to complain about a marketing communication that you have received in error.
    3. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at ico.org.uk.
  9. Keeping your information safe
    1. We and our Processors employ a variety of physical, technical and organisational measures to keep your information safe and to prevent unauthorised access to, or use of, or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means).
    2. We use Secure Server Technology to ensure that all data submitted through the Website is protected by the highest standards.
    3. Any payment information you provide will be sent via a secure SSL connection which provides an encrypted link between your web browser and our web servers.
    4. We cannot absolutely guarantee the security of the internet or external networks or your own device. Accordingly, any online communications (e.g. information provided by email or through the Website) are at your own risk.
    5. You shall be responsible for keeping any user access information for your account (e.g. username(s)/ password(s)) secure and confidential.
  10. How long will we keep your information?
    1. We will only keep your Personal Information for as long as necessary for the purposes for which we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
    2. We regularly review what data we have and delete that in accordance with our data deletion policy.
    3. When we share your Personal Information with government bodies, regulatory bodies or law enforcement organisations so that they can carry out their legal functions or the Personal Information is required in connection with legal proceedings, your Personal Information may be held for longer than the periods stipulated below, and held for so long as appropriate in the circumstances.
    4. Details of the review and retention periods for different aspects of your Personal Information are set out in the table below.

      Ref

      Type of Data

      Details

      Review Period

      Retention Period or Criteria

      1

      Personal Details

      Full Name

      Email Address

      Date of Birth

      12 months

      5 years

      (6 months if no orders are placed)

      2

      Contact Details

      Billing Address

      Delivery Address

      Telephone Number

      12 months

      5 years

      3

      Enquiries made to Customer Services

      Details of Enquiry and response given to the Enquiry

      12 months

      6 months

      4

      Financial

      Subscription Details

      12 months

      7 years

      5

      Transactional Data

      Order information, product purchased, total cost, payment information, billing and delivery information including details of recipient if different to the Customer

      36 months

      7 years

      6

      Technical Data

      Eg Internet Protocol (IP) address, login data, browser type and version, time-zone setting and location, browser plug in types and versions, operating system and platform and other technology devices used to access the Website, length of visit, number of pages viewed

      12 months

      5 years

      7

      Profile Data

      Order history, preferences,

      12 months

      5 years

      8

      Marketing Data

      Preferences in receiving marketing and communications

      12 months

      3 years

  11. Transferring data outside of the UK
    1. Where we transfer your Personal Information outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the Personal Information concerned. This can be done in a number of different ways, for example: the country to which we send the Personal Information may have been assessed by the European Commission as providing an “adequate” level of protection for personal data; the recipient may have signed a contract based on standard contractual clauses, approved by the European Commission. In other circumstances, the law may permit us to otherwise transfer your Personal Information outside the EEA. In all cases, however, any transfer of your Personal Information will be compliant with applicable data protection law.
  12. Cookies
    1. Our website uses cookies, our Cookie Policy can be accessed by clicking this link. We recommend you read our Cookie Policy as it contains important terms about our use of cookies on our website.
  13. Third party websites
    1. Our website may contain links to third party websites. The privacy policy for those websites will be different to our privacy policy and you should read the applicable privacy policy before submitting information to any such third party.
  14. Monitoring
    1. We may monitor any communications we receive from you to improve Our Sites, to improve the products that we supply, or to ensure compliance with our practices and procedures.

 

© The Great Product Exchange Ltd. 2020

Published 12 November 2020