Data Privacy Policy

Data Privacy Policy   

This Privacy Policy explains what we do with your personal data, It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

 This Privacy Policy applies to the personal data of our Customers, Potential Customers, Suppliers, Potential Employees. Employee’s will be issued with a Privacy Notice.

Listed below is the data we collect:

 

Customer Data

In order to provide the best possible products and services to our customer’s we need to process certain information. Tower Bakery only request details that will genuinely help us to deliver these products and services, such as your name, job role, and contact details; including but not limited to: Telephone number, email address, first and last name and in some instances your home address details. Where Tower Bakery. are required by you to process payments for goods and services by way of debit or credit card we will also process these details, but only for this purpose.

Supplier Data

We collect a minimum amount of data from our suppliers to ensure that we can easily process transactions. Tower Bakery will collect contact details for the main contact and any associate contacts within the business that assist us in processing any number of transactions. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).

 

We Collect your data in the following ways:

 

Customer Data

We collect customer data directly from you.

Supplier Data

 

We collect supplier data directly from you.

 

How do we use your personal data?

 

Customer Data

There are two main reasons for using your personal details. Firstly, details will be used to help us  process ongoing requests that you have made of us, i.e. raising a quote or processing an order, through to delivery of these requests.

 

Supplier Data

The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.

 

Website Users

If you send us an application form, your CV or contact us with personal information for employment purposes, we may store that information for 6 months. We do not share your information with any third parties and would only contact you within that 6 month period should a suitable post arise.

 

How do we safeguard your personal data?

We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.

Those processes include but are not limited to; encrypted server access, all antivirus and gateway security settings are up to date and monitored.

 

How long do we keep your personal data for?

Data stored and processed in our Sales Order Management system. If we have not had meaningful contact with you for a period of seven years, we will remove your personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.

 

How can you access, amend or take back the personal data that you have given to us?

If we are holding or using your personal information, you may change your mind at any time by writing to the Data Protection Officer, Tower Bakery, Shore Road, PERTH, PH2 8BH or emailing us at info@towerbakery.co.uk. We will process the removal of your personal information within 7 days.

Right to object

If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.

Right to erase

In certain situations, you have the right to request us to “erase” your personal data. We will respond to your request within a maximum of 30 days and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will remove your data. We will assume that you would prefer us to keep a note of your name on our system as a person who would prefer not to be contacted by us as this will ensure that we can minimise the future risk of your data being resubmitted and used in the future. If you would prefer that this is not the case please let us know.

 

 Our legal basis for processing your data

 

Legitimate interests

Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”

 

Customer data

We think it reasonable that if you have communicated with us in the past or we have had meaningful contact with you within the past 5 years that there is legitimate interest that you will continue to benefit from our continued communication.

We want to provide potential customers with the opportunity to hear about our products and services and request additional information. We therefore deem it that if you operate in a sector that regularly benefits from our products and services and your information has been made available in the public domain that we can contact you to advise you of our products and services. We will have an upfront and honest approach to this and provide you with the opportunity to opt out of any further communications from us.
Personal details may be used to for administrative purposes including invoicing.

Supplier data

We store and process the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.

 

Contractual

Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”

 

In this context, a contract does not have to be a formal signed document, or even written down, as long as there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, you both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).

 

Customer data

Where we and you have entered in a contractual agreement to deliver products and services we will process the appropriate and required information in order to do so. i.e. address details of the company.