As a company we value our customers and have always taken care to ensure that we treat you with respect. This very much includes our approach to handling and using your personal data. The aim of this page is to let you know what we do to protect your data and what you can expect from us.
As a Data Controller and Processor under the General Data Protection Regulation (GDPR) we fully understand our obligations in respect to your privacy and the security of your personal data. We also understand your rights under this regulation and will always act to respect your wishes.
In order to provide products and services to our customers it is necessary for us to store delivery and contact information, which in the context of GDPR is personal information. This currently includes name, address, telephone number(s) and email address.
In addition to this we engage in a limited amount of marketing with customer infomation, solely for the purposes of promoting offers, products and services we feel could be of interest to customers. For this we actively request consent either over the phone, through web forms or links. We will NEVER share or sell customer data with third parties for marketing purposes.
Processing Your Data
Customer data is primarily stored in electronic format on a encrypted hard drives. Our customer database is password protected and backed-up on a weekly basis. All electronic devices used to store data are physically kept in locked premises and physical access is restricted to authorised staff only. Direct access to the data is limited to staff that require it to perform their duties.
Temporarily customer data is stored in hard copy for the purposes of preparing and delivering the products. At the end of each day these are accounted for and are subsequently destroyed in batches.
For the convenience of customers when reordering the personal data listed above is stored for a period of 18 months from the last order received. Given the seasonal nature of the business, this allows for the typical order interval to be covered, whilst adhering to our responsibilities under GDPR. As a data subject, all customers may request the removal of their personal data from our systems and in this instance the people should contact us directly.
A limited number of third party service providers are engaged in the capacity of Data Processors. In these in cases, their compliance with GDPR and our own policy is verified.