Let’s start with introductions.
Your privacy is important to us. When we process your personal data, we comply with the UK GDPR and the Data Protection Act 2018, together with other relevant data protection and privacy legislation.
Your personal data includes all the information we hold that identifies you or is about you. More information about the types of personal data we collect from you is set out below.
Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We will comply with the relevant legislation to make sure that your information is properly protected and used appropriately.
This privacy notice provides information about the personal data we process about you, why we process it and how we process it. It applies to customers and suppliers as well as candidates contacting us in relation to job vacancies.
Privacy and data protection are ever changing and enhancing the rights of individuals. As such, we review how we use personal data, and we may update this privacy notice from time to time to reflect changes in applicable laws or the way we use your personal data. The privacy notice displayed on this page is always the most up to date version.
We would encourage you to re-visit our privacy notice from time to time so that you are aware of any relevant updates we have made.
Our company registration
Coopland & Son (Scarborough) Limited is a company incorporated in England and Wales with registered company number 00465947 and with a registered office address at Caxton Way, Pindar Business Park, Eastfield, Scarborough, North Yorkshire, YO11 3YT. Throughout this notice, when we use terms like ‘we’, ‘us’, ‘our’, or even ‘Cooplands’, we’re referring to Coopland & Son (Scarborough) Limited.
Our data protection registration
We are the organisation that is responsible for the processing of your personal data (or the ‘controller’ for the purposes of the data protection) and, as such, we are registered with the UK’s data protection supervisory authority the Information Commissioner’s Office (the “ICO”).
The details of our registration with the ICO are:
Data Controller Name: Coopland & Son (Scarborough) Limited
Registration number: Z5443704
Our Privacy & Data Protection team
If you ever have a query about how we’re handling your personal data, or you want to exercise a right in relation to your information (as set out below), there’s a number of ways you can contact our team.
You can write to us at: Coopland & Son (Scarborough) Ltd, Caxton Way, Pindar Business Park, Eastfield, Scarborough, North Yorkshire, YO11 3YT.
If you prefer to email: info@cooplands-bakery.co.uk
If talking is more your thing, call us on 01723 585222
Your data protection rights
We’ll talk more later on about what we call ‘subject access requests’, but if you’d like to exercise one of these rights, you can submit a request using our individual rights form above, it’s quick, easy and goes straight to our Privacy & Data Protection team.
What information will we collect about you?
To help explain the different types of information we use, we use categories. Now, it’s worth pointing out that we only collect personal data that is appropriate and lawful, and we comply with data protection legislation around the world, and there may be locations where we are not permitted to collect the types of information we’ve listed below. But in general terms, this describes the categories we use.
Identity Data: this includes your full name, marital status, title, date of birth and gender.
Contact Data: this includes your billing address, delivery address, email address, social media handles and telephone numbers.
Financial Data: this includes your bank account and payment details.
Transaction Data: this includes details about payments from you and other details of products and services you have purchased from us.
Technical Data: this internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data: this includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data: this includes information about how you use our website, products and services.
Marketing and Communications Data: this includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We will not collect any special category data about you.
How we may collect personal data.
Personal data you voluntarily provide to us.
We use different methods to collect data from and about you including through:
Direct Interactions: You may give us your personal data through a whole host of different methods. Some of these will include (but are not limited to): filling in forms on our website, corresponding with us by post, phone, email or otherwise or raising any queries with us or provide feedback/complaints;
creating an account on our website;
signing up to attend events, meetings or training sessions we are hosting, sponsoring or organising;
applying for employment with us;
purchasing any of our goods or services;
subscribing to receive marketing materials; or
entering our competitions or promotions.
Automated Technologies or Interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. For more details regarding cookies, please see below.
Third Parties: We may receive personal data about you from various third parties and public sources as set out below: Analytics providers such as Google Analytics;
Advertising networks such as MailChimp
search information providers, Companies House and the electoral register; and
referees, recruitment agencies, educational organisations or previous employers (if you have applied to us for a job).
Being transparent about our personal data processing.
Lawful basis.
There are specific reasons set out in the applicable data protection legislation that ensure personal data processing is lawful, these are known as the ‘lawful bases for processing”.
We will only use your personal data when a lawful basis for processing exists. Most commonly we will use your personal data in the following circumstances:
where we need to perform the contract we are about to enter into or have already entered into with you;
where it is necessary for our legitimate interests and your interests and fundamental rights don’t override those interests;
where we need to comply with a legal obligation; or
where we have your consent.
Where you have given your consent for us or a 3rd party to process your data, you can withdraw your consent at any time by contacting us. Where consent has been used as the lawful basis for processing your information, the information we give you to allow you to make a decision as to whether you consent, will be fair, transparent and unambiguous.
There are a number of ways in which we may process your use personal data. We have set out a description of these below, together with the lawful basis we rely on to do so.
If you have any questions about the reasons, we are processing your information please don’t hesitate to contact us.
PROCESSING TYPE
DATA CATEGORY
OUR LAWFUL BASIS
SPECIFIC PURPOSE, & THE RESPECT OF YOUR INFORMATION RIGHTS
To register you as a new customer and to deliver/process any orders you make
Identity, Financial, Profile & Contact data
Contractual Obligation
When you create an account online with us or purchase any of our products, we will use your personal data to set up your account or to process and deliver any goods ordered.
Communication via email, post or telephone
Contact data
Contractual Obligation
When you’ve asked us to, we’ll use your information to contact you with details of our products, events and services and to facilitate our relationship with you, your business or colleagues. You can of course ask us not to contact you, but it’s likely to affect our ability to fulfil our obligations to you.
Customer relationship management
Identity & Contact data
Legitimate Interest
We organise our customer records within customer relationship systems, basically an electronic rolodex. We securely store, access, and analyse the information that we have in our CRM systems. The use of our CRM systems helps us ensure the smooth operation of our businesses, plan effectively and it helps us analyse how our business is doing. You can ask for access that that information, ask us to update it, or for us to remove it.
Customer service tickets
Identity, Contact, Technical data
Legitimate Interest
When you have enquiry or complaint, we use customer service tickets to help us manage the process properly. You can ask for access that that information, ask us to update it, or for us to remove it
Training and other corporate events
Identity, Contact, Special category health data
Contractual Obligation / Consent
The information you provide will be used to communicate with you about your attendance at the event and to follow-up on your experience post-event. The personal data we may process could include your name, job title and employer, address and phone number, email address, dietary requirements, access requirements. We will ask for your consent to process health related data.
Email marketing to consumers
Identity & Contact data
Legitimate Interest
We like to let our customers know about our services, products or projects, and when you’re already a customer, we think you’ll be happy for us to send you relevant information. But you can object or opt out of that at any point.
Promotional Images and film footage
Identity Data
Consent
We may take photographs and / or video footage at our offices or an event we host, which could capture personal data of staff, customers, visitors and other third parties. We will always notify participants when a photographer or filmmaker is present at our offices or events. Written consent will always be obtained, and we will respect the wishes of anyone who signals their desire not to have their image taken and will always ask for consent where photos are to be published alongside a name or other personal identifier. You have the right to withdraw consent at any time or to opt out of the activity.
Collection/analysis of statistical information about website usage
Technical & Usage data
Consent
To manage and improve how people engage with our public-facing channels. The information we collect tells us about how you use our website, what links you follow and tells us what you’re most interested in.
Sharing information with Companies House, Accountants, legal advisors, HMRC and Statutory authorities
Identity, Contact, Financial & Special category data
Legal Obligation
We are subject to audits and assessments from industry standard bodies and in the protection of our interests and to comply with UK law, we may be obligated to share information with the statutory authorities.
Administrative purposes
Identity, Contact & Financial data
Legitimate Interest
We may disclose your personal data to, third parties who provide services to us, including our service providers and data processors (providing services such as hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, marketing, human resources, professional services, tracing services and when we investigate suspected theft) and our consultants and professional advisors (such as accountants, compliance, lawyers, auditors).
Fulfil job roles and recruitment
Identity, Contact, Special category health data
Contractual Obligation / Legitimate Interest
If you apply for a job with us, in addition to the specific position which you have applied for, we pass your personal data to other departments, for the purpose of offering alternative or additional employment opportunities. We’d really like to find work for you, but of course, you can ask us not to do this.
Marketing engagement metrics
Identity, Contact, Technical & Usage data
Consent
If you would like to receive tailored information about products and services, you will have the opportunity to consent to this. We use cookies to help with the process of delivering digital marketing and tracking your preferences.
Maintaining business relations with suppliers or other business contacts
Identity & Contact Data
Legitimate Interests
If you work for one of our suppliers or are one of our business contacts, we usually process your name and business contact details, such as your business email address and phone number and the address of your organisation. We process the information on the grounds of our legitimate interests in maintaining our relationship with you
MARKETING
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us (by opting in on any forms, competitions, promotions or surveys that you submit either online or in one of our shops) or if you purchased goods or services from us and you have not opted out of receiving that marketing.
Third Party Marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting Out
You can ask us or third parties to stop sending you marketing messages at any time by:
By emailing us at info@cooplands-bakery.co.uk
By writing to us at Data Protection Officer, Coopland & Son (Scarborough) Ltd, Caxton Way, Eastfield, Scarborough, YO11 3YT
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see [LINK TO YOUR COOKIE POLICY].
When we share your personal data.
When processing your personal data for the reasons set out in the table above, we may be required to share your personal data with third parties. We may share your personal data with the following:
legal advisers to the extent they need to see your personal data to provide us with legal advice;
third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice; and
any third parties to whom you ask us to transfer personal data, for example on termination or expiry of our contract with you.
credit reference agencies, debt collection and tracing agencies, financial organisations.
our third-party vendors and service providers, who are engaged to provide business, support, operational and/ or administrative functions such as IT support, auditing, legal, marketing, website maintenance, payment, fulfilment and delivery of orders.
regulatory authorities, statutory bodies or public agencies, including to support their investigations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Sharing your information internationally
We do not transfer your personal data outside of the EEA.
The security of your personal data.
Unauthorised access.
We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Specific access.
We limit access to your personal data to those employees, agents, contractors and other third parties who have been authorised to access your personal data.
Vulnerabilities.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the appropriate supervisory authority of a breach where we are legally required to do so.
How long we keep personal data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Where you are a customer of ours, your personal data is retained for no more than 7 years from the date you place your order. This enables us to deal with returns and warranties. After that date your personal data will be deleted or anonymised so that it is no longer personally identifiable. Your information will be kept securely at all times.
Where you are a supplier or business contact, your personal data is retained for the duration of our relationship with you or the organisation for which you work. Please let us know if you leave the organisation or if your details change. If we receive notification from you or your organisation that you no longer work at that organisation, or if we no longer maintain a working relationship with your organisation, we will delete your information from our system.
Where you have applied for any job with us, if you are successful in gaining employment, we will retain your personal data in line with our employee facing privacy notice, a copy of which will be provided to you. If you are unsuccessful, we will retain your application, CV and/or covering letter and any other personal data you provided to us for 6 months from the date we reach our decision in case any other suitable roles arise in which we think you may be interested, or in case you have any questions about our decision. After that date, your personal data will be permanently deleted or destroyed
You have rights when it comes to your personal data.
You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data. There are certain caveats and exemptions to those rights which mean that in some circumstances you may not be entitled to exercise them, if we believe that is the case upon receipt of a request from you we will let you know.
Access to your data
You have the right to ask us to confirm that we process your personal data, as well as access to and copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.
2. Rectification of your data
If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information.
3. Right to be forgotten
In some circumstances, you have the right to ask us to delete personal data we hold about you.
4. Right to restrict processing
In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we do not have to delete it.
5. Data portability
You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller.
6. Right to object
You are entitled to object to us processing your personal data:
if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
for direct marketing purposes (including profiling); and/or
for the purposes of scientific or historical research and statistics.
We do not intend to use your personal data to send you direct marketing nor for scientific or historical research and statistics.
Automated decision making
Automated decision making means making a decision solely by automated means without any human involvement.
We do not carry out any automated decision making using your personal data.
What to do when things don’t go as planned.
The UK’s supervisory authority is the Information Commissioners Office.
Postal Address:
Information Commissioner, Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Web: https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
If you’d like more information about this privacy notice.
If you have any queries about this privacy notice, please feel free to get in touch with our Privacy & Data Protection team and we will do our best to answer your questions.
This Privacy Notice is effective from May 2022.