Privacy and Cookies Policy
Your privacy and security is important to us. This Privacy & Cookies Policy (the “Policy”) sets out how we will treat your personal information and will inform you as to how we deal with personal information we obtain from you and how you may remove it.
We are registered with the Information Commissioner’s Office under Registration Number Z1871760
This Policy only relates to the collection, protection, disclosure and use of personal data belonging to individuals who visit www.hummingbirdbakery.com (“our Site”) or who otherwise provide us with their personal information. It does not relate to data which emanates from companies or other entities, although the general principles regarding our collection and use of data is broadly the same irrespective of whoever is the user of our website, or our customer. We will use your information only for the purposes for which it was collected.
This Policy has been prepared to meet the requirements of all relevant laws and regulations relating to data protection, whether local, national or supranational, including (i) the Privacy and Electronic Communications Regulations (EC Directive) 2003 (S/2003i2426) (ii) the Data Protection Act 2018 (iii) all applicable requirements of the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time in the UK unless and until the GDPR is no longer directly applicable in the UK and then (iv) any successor legislation to the GDPR and the Data Protection Act 2018 and also The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, (the “Acts”).
By clicking the “Got It” button on the drop-down banner that will appear on the first page you enter on our Site you signify your acceptance of our Cookies Policy set out at Clauses 3 to 5 in this document. Please note that this banner will only appear the first time you enter the Site.
By providing your personal information to us, you agree that we may collect and use all personal information you provide to us in the ways described in this Policy. If you do not agree with the terms of this Policy, please do not provide personal details to us.
Please note that we may need to update this Policy from time to time to reflect changes in the law. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. We recommend that you check this page regularly to ensure that you have read the most recent version and are happy with any changes.
This Policy was last revised on 19 May 2018.
- INFORMATION WE MAY COLLECT FROM YOU
- It is your choice whether or not to provide us with personal information. Personal information (or ‘personal data’) means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
- The information we may collect from you includes, but is not limited to:
1.2.1 personal contact details such as name, title, address, telephone number, email address, your preferences for receiving marketing from us and your communication preferences that you may provide to us by filling in forms on our Site, or if you request information from us or when telephoning us;
- correspondence, or a record of it if you should contact us;
- details of your visits to our Site (including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own purposes or otherwise) and the resources that you access;
- surveys that we use for research purposes, which we may ask you to complete, although you do not have to respond to them.
- It is important that the personal data we hold about you is accurate and current. Please advise us if your personal information changes during your relationship with us.
1.4 We may provide you with the option to select whether you would like to receive information from us by opting in or out of receiving promotional offers. In some circumstances, you will not have the option to opt out, for example, when we are administering a transaction requested by you, or if we are satisfying a legal requirement.
- HOW DO WE COLLECT YOUR INFORMATION?
2.1 Ways in which you may be providing us with personal information include, for example,
2.1.1 registering on our Site;
2.1.2 contacting us with an enquiry;
2.1.3 signing up to receive a newsletter, news and/or exclusive offers;2.1.3 joining our specialist corporate mailing list;
2.1.4 purchasing a product;
2.1.5 requesting us to forward a product to another email address;
2.1.6 completing a survey which contains your personal information;
2.1.7 reporting a problem.; and/or
2.1.8 giving us some feedback.
2.2 The information we may collect from you includes, but is not limited to, data concerning traffic on our Site, location data, weblogs and other communication data, (whether this is required for our billing purposes or otherwise) and the resources that you access.
2.3 By providing any personal information to us, you fully understand and clearly consent to the transfer, collection and processing of such personal information in accordance with the terms of this Policy.
- IP ADDRESSES & COOKIES
3.1 Like many other websites, we use “cookies” to help us gather and store information about visitors to our Site.
3.2 We may collect information about your computer, including your IP address, operating system and browser type, for system administration. This is statistical data about our Site users’ browsing actions and patterns, and does not identify you as an individual.
3.3 A “cookie” is a small text file which is created on your computer’s hard disk when you access certain websites. Cookies allow the website to recognise your computer. A cookie can identify the pages that are being viewed and this can assist us to select the pages that the visitor sees.
3.4 “Session” cookies only exist whilst visitors are online on a particular occasion. These are temporary cookies that aid your journey around the Site and remember the preferences you have selected during your “session”.
3.5 "Persistent" cookies, which are not session-based, remain on a visitor’s computer, so that you can be recognised as a previous visitor when you next visit our Site. This allows us to collect information about your browsing habits whilst on our Site, and this can be useful in assisting us to monitor and improve our services.
3.6 We do not store sensitive information such as account numbers or passwords in any cookies, and cookies in themselves, do not contain enough information to identify you. You will only become personally identifiable in relation to your browsing habits after you have formally provided us with your personal data for the purposes outlined in Clause 2 above.
3.7 In addition to using cookies, we might also use GIFs and other web tools, such as Google Analytics, to collect information about your browsing activities whilst on our Site. In this respect the information that is provided is similar to the information supplied by cookies, and we use it for the same purposes.
3.8 Any information that we acquire about you using cookies, GIFs, or other web tools is subject to the same restrictions and conditions as any other information we collect about you, as outlined in this Policy.
- THE COOKIES USED ON OUR SITE
4.1 Cookies set by our Site include:
4.1.1 CFID, CFTOKEN, CFCOOKIE. These cookies are used to log in and verify users, enable the basket and the check out and order processes. No personal information is recorded by these cookies. CFCOOKIE allows us to determine if we have provided you with information about our cookies.
4.1.2 The CFID and CFTOKEN cookies enable services you have specifically asked for. They are essential in order to enable you to move around the Site and use its features, such as accessing secure areas of the Site. Without these cookies, services that you have asked for, like shopping baskets or e-billing cannot be provided.
4.1.4 The _cfduid, PHPSESSID, secure_customer_sig, _landing_page, cart_sig, cookietest, _y, _s, _shopify_s, _shopify_fs, _shopify_sat_t, _shopify_sa_p, CookieConsent, _shopify_y, storefront/track, storefront/page, storefront/session-attribution cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
4.1.5 The smart-payment-buttons-experiment-value-prop cookie is used by the website to remember payment preferences at check out.
4.1.6 The _okgid, custPostCode, _orig_referrer, _okck, wcsid, hblid, _ga, _gid, _gat, jslog/log.png cookies are used to help us to understand how visitors interact with hummingbirdbakery.com by collecting and reporting information anonymously
4.1.7 The r/collect, tr, fr, collect, _okbk, _ok, _okdetect, _oklv, VISITOR_INFO1_LIVE, PREF, YSC cookies used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party
4.2 Cookies set by Google Analytics include:
4.2.1 _utma, _utmb, _utmc, _utmz, or others within the range _utma to _utmz. These cookies are used to store information about the number of visits, duration of browsing, referring sites and other analytical information and compile reports for us on Site activity. No personal information is stored in these cookies.
4.2.2 These cookies collect information about how you use a website, for instance which pages you go to the most often and if you get error messages from web pages. All information these cookies collect is aggregated and therefore anonymous. They are only used to improve how a website works, by managing the performance and design of the Site.
4.2.3 For more information about the way in which Google Analytics uses these cookies, please visit the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
4.2.4 We have enabled Google Analytics Demographics and Interest Reporting (based on Google Display Advertising) to help us to better understand who our users are including their age, gender and interests. The data we collect is used by us to develop the Site’s content and our Site generally to address our user’s interests. If you wish to opt out of Google Analytics for Display Advertising you can do this by using the Ads Settings.
4.2.5 Google stores the information collected by the cookies on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google state that they will not associate your IP address with any other data held by Google. By using our Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
4.3 If you wish to know all the cookies we have set and how to delete or manage them, please refer to www.allaboutcookies.org
- HOW TO DISABLE/ENABLE COOKIES
5.1 You have the ability to accept or decline cookies by modifying the settings in your browser. You can find out how to do this by checking your browser’s ‘Help’ menu. For example, in Internet Explorer, you can go to Tools and then Internet Options, where there is the option to change your settings to disable cookies. However, you may not be able to use all the interactive features of our Site if cookies are disabled.
5.2 You also have the ability to delete cookies that have been installed in the cookie folder of your browser. To do this you should search for “cookies” in your “Help” function for information on where to find your cookie folder.
5.4 To prevent Google Analytics cookies being set, you may install the Google Analytics Opt-Out Browser Add-On which is compatible with all major browsers by clicking on this link - http://tools.google.com/dlpage/gaoptout and following the instructions.
- USES MADE OF THE INFORMATION BY US
6.1 We will only use personal information collected from you for the purposes for which it was collected (or for related purposes), to provide specific services that you request and to provide additional services that may be of interest to you, or in the following circumstances:
6.1.1 Ease of Use – To ensure that content from our Site is presented in the most effective manner for you and for your computer.
6.1.2 Transactional Purposes – To carry out our obligations arising from any contracts entered into between you and us, to respond to your queries and requests, maintain your accounts and manage transactions, such as credit card payments for any products that you order from us, or for the fulfilment of such transactions.
6.1.3 Communication – To notify you about changes to information we place on our Site or to our services.
6.1.4 Marketing Communications– We may use your personal information to communicate with you about our products and services and for our own internal marketing analysis, for example, to assess trends amongst our consumers or to measure the amount of traffic to our Site.
- Compliance – To comply with a legal duty or regulatory obligation to which we are subject.
- Legitimate Interests – Where it is necessary for our legitimate interests, and when your interests and fundamental rights do not override those interests. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Any information or statistics relating to our business that we disclose to others shall not identify you personally. We may, for example, perform statistical analyses of the behaviour of the users of our website in order to measure interest in the various areas of our Site. This information, and any other general information about our users that we share with others, will not contain personal information about you.
- We will not, under any circumstances, sell your personal information to anyone else.
- CHANGE OF PURPOSE
7.1 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us by sending an email to us at firstname.lastname@example.org or writing to us at The Hummingbird Bakery Limited, First Floor, 20 Brewer Street, London, W1F 0SJ.
- If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7.3 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law
- OPTING OUT
You can ask us to stop sending you marketing messages at any time by logging into the Site and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by sending an email to us at email@example.com or writing to us at The Hummingbird Bakery Limited, First Floor, 20 Brewer Street, London, W1F 0SJ.
- LINKS TO OTHER WEBSITES
Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy notice of every website you visit.
- HOW AND WHERE DO WE STORE YOUR PERSONAL INFORMATION?
- All personal information we collect from you is stored on secure servers.
- The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. If your personal information is shared, you can expect a similar degree of protection in respect of your personal information as we require third parties to respect the security of your data and to take appropriate measures to protect your personal information in line with this Policy.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
- HOW LONG DO WE KEEP YOUR INFORMATION?
We will only retain your personal information for as long as necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, and for the uses set out in this Policy. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- DISCLOSURE BY US OF YOUR INFORMATION
12.1 We may disclose your personal information:
12.1.1 to third parties to whom you have provided your consent in order that they will be able to prepare or send any communications to you,
12.1.2 to assist us in connection with any of our administrative or business functions, (including, but not limited to warehousing and delivery, marketing and advertising and credit card and data processing) or in the provision of any of our services and/or products to you.
12.1.3 in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer.
12.1.4 if The Hummingbird Bakery Limited, or substantially all of its assets, are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
12.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not permit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- DATA SECURITY
13.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
13.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- INTERACTIVE AREAS OF OUR SITE/BLOG
14.1 Information that you post via social networking (including but not limited to Facebook and Twitter) is generally accessible to, and may be collected by, others and may result in unwelcome communications. For your own safety and security you should not provide information about yourself on these areas of our Site or via social networking.
14.2 If you disclose any information via social networking, we do not accept any responsibility or liability for any breach of privacy, loss, damage, effect on your reputation or otherwise whatsoever.
- YOUR RIGHTS
- How can I access the information that you hold about me?
Under the GDPR you have the right to access information we hold about you (commonly known as a "data subject access request") free of charge. If you would like a copy of this information, please email us at firstname.lastname@example.org or write to us at The Hummingbird Bakery Limited, First Floor, 20 Brewer Street, London, W1F 0SJ.
- What if I don’t want you to hold my information any more?
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by marking your preferences on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com or writing to us at The Hummingbird Bakery Limited, First Floor, 20 Brewer Street, London, W1F 0SJ.
- Can I change the information you hold about me?
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. To withdraw your consent, please contact us on firstname.lastname@example.org or write to us at The Hummingbird Bakery Limited, First Floor, 20 Brewer Street, London, W1F 0SJ. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- Under certain circumstances you also have the right to:
- Request access to the personal information that we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
- Request erasure of your personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(a) if you want us to establish the data's accuracy;
(b) where our use of the data is unlawful but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal information to you or to a third party.
If you want to contact us with regards to the information we hold about you as above, please do so by emailing us at email@example.com or writing to us at The Hummingbird Bakery Limited, First Floor, 20 Brewer Street, London, W1F 0SJ. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
- TIME LIMIT TO RESPOND TO YOU
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to firstname.lastname@example.org or to The Hummingbird Bakery Limited, First Floor, 20 Brewer Street, London, W1F 0SJ.