This “Privacy Policy” sets out how Sweet Treats Durham Ltd (“we”, “our”, “us”, “STDL”, or “Treats”) uses and protects your information. We are committed to protecting the privacy of all users of our website. Please note that all data thus captured will be used and held in accordance with the requirements of the Data Protection Act 2018 and GDPR law.
We are the “data controller” of the information you provide to us and are a UK registered company.
1. Contact us regarding your Information
If you have any requests concerning your personal data or any queries with regard to how we handle your data you can contact our Data Protection Committee by emailing us on our webpage.
2. Information
We collect two types of information from you; ‘Personal Information’ (anything which identifies you as an individual, either on its own or by reference to other information) and ‘Aggregate Information’ (non-personally identifiable and anonymous data).
2.1 What we collect
The information we collect depends on the context of your interactions with us. We may collect the following information:
- Full name
- Contact information (including email, phone, postal address)
- Demographic information (such as postcode, preferences)
- Other information relevant to customer surveys
2.2 Why we collect Information
We will only ever hold, use or disclose your Information for Treats Café & Tearooms business. We collect personal information so that we can operate effectively and provide customers with the best possible service. These include:
- Improvements to our products and services
- Keeping you up to date with important changes to Treats Café & Tearooms
- Emailing you about new services, offers or other information we think you may find interesting using the email address which you provided. You will be given an option to opt-out of these newsletters and have an option to unsubscribe at any time.
- From time to time, we may also use your information to contact you for market research purposes
- To answer your queries regarding Treats Café & Tearooms services
We may use the information to customise the website according to your interests - Processing a card payment through a third-party who only have access to the Information you provide directly to them when you make the card payment
3. Processing your Personal Information
We are committed to processing Personal Information fairly, lawfully and in a way you would expect given the nature of our relationship with you. Under new laws, the main reasons we would process your Information are:
1. You have given us consent; where consent is required for our use of your Personal Information we will ask you to positively opt-in; such as job applications
2. To enable us to pursue your legitimate interest to deliver services or products to improve our offering to you, such as marketing, we will respect your preferences for contacting you.
4. Marketing
We would like to use your personal data to send you details of our products or services identified as likely to be of interest to you. We will only send you information in line with the venue and preferences you selected when you provided this personal data.
You may unsubscribe to our emails at any time or through an unsubscribe option at the bottom of every email you receive from us.
5. Third-party data processors
In carrying out our business, including our obligations to you, we may share your Information with other trusted third-party service providers, such as email broadcasters, marketing agencies, reservation systems. Such providers are required under their data processing agreements with us, to handle your Personal Information in accordance with applicable laws and principles related to privacy and data protection.
6. Retention periods
We will keep your Personal Information for as long as is reasonably necessary for the purpose for which it was collected, as explained in this Policy. For example:
- Gift cards; we will keep your Information for 3 years after your last purchase. We need to retain this data for our own accounting and operational purposes and for legal and tax purposes
- Email marketing; we will keep this data for as long as we are able to market to you and if you withdraw your consent or opt-out of marketing communications, we will keep your contact details only to ensure that we do not contact you again for marketing purposes
- Booking reservations; we will keep the Information you have provided for 18 months after your booking date and we retain this data with permission to improve your service and experience with us
- Competition entries; we will only hold your data for as long as we need to run the competition and announce the winner/s
- Job applicants; we will retain your data for as long as we need to process your application and maintain application statistics and we will make this known to you
In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example your email address) in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes. However if you have any question with regards to what we hold please refer to the next section.
7. Data subject’s rights
You have rights in respect of your personal data we hold about you. We will need to confirm your identity before we can consider your request but details of these rights are set out below.
You can exercise any of these rights by contacting us at the postal address or email address shared at the top of this page; free of charge.
If you want to know more about your rights, the ICO has more guidance on their website.
7.1 Right of access; you have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request.
7.2 Right to rectification; you have the right to have any incorrect personal data corrected or completed if it is incomplete. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request.
7.3 Right to erasure; this right, often referred to as the right to be forgotten allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request.
7.4 Right to restrict processing; you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request.
7.5 Right to data portability; you have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. We will respond to your request within 28 days of receipt of your request.
7.6 Right to object; you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.
(i) Legitimate interests/legal task – your objection should be based on your
particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests
(ii) Direct marketing – you have an absolute right to ask us to stop processing
for the purposes of direct marketing. We will action your request as soon as possible
(iii) Scientific/historical research and statistics – your objection should be
based on your particular situation. If we are conducting research where the
processing is necessary for the performance of a public task, we can refuse to comply with your objection
7.7 Rights relating to automated decision making/profiling; you have the right in respect of automated decision making, including profiling. Where we carry out solely automated decision making, including profiling, which has legal or similarly significant effects on you, we can only do this if it is in connection with a contract with you, we have a right under law or you have provided your explicit consent. We will tell you if this happens and tell you how you can request human intervention or challenge the decision.
8. Complaints
If you are unhappy with any aspect of our handling of your data you can contact us at the postal address or email address above. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using ico.org.uk/concerns.
9. Cookies
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser.
10. Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
11. Third party websites
Our website may contains links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, you should read their privacy policy, which may differ from ours.
12. Changes to the Privacy Policy
Treats Café & Tearoom may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25/2/2021.
© 2021 SWEET TREATS DURHAM LTD. All rights reserved.