The contents of this website are provided by the British Chocolate Factory. Although British Chocolate Factory has attempted to ensure that all information on this website is right, the content of this website is given to you ‘as is’ without representation or guarantee of any kind (express or implied) including, without limitation, any implied guarantees of merchantability, fitness for a specific purpose or non-infringement. British Chocolate Factory assumes no responsibility for any direct, unique, indirect or consequential loss or harm of any kind arising from the use of any information obtained directly or indirectly from this website or for any viruses that may infect your computer equipment or other properties as a result of your access, use, downloading or browsing of this website. All such liability is excluded to the fullest extent permitted by law. The information on this site is subject to change and may be amended or withdrawn at any time without notice. These Conditions of Use may be changed at any time without notice.
British chocolate factory (the ‘Company’) is a company
For the purposes of the General Data Protection Regulation (‘GDPR’), the company will be the ‘controller’ of the personal data you provide. Please read the following information carefully in order to understand the company’s practices in relation to the treatment of your personal data. Should you have any questions, please email us at firstname.lastname@example.org
We use your personal information in the following cases:
- The Company will process all personal data in a lawfully, fair and transparent manner;
- The Company will only collect personal data where it is necessary;
- For the Company to provide a service to you;
- For you to provide a service to the Company;
- For the Company to keep you informed of its products and services; or
- For the Company to comply with its legal and regulatory obligations.
The personal data collected by the Company will be adequate, relevant and limited to what is necessary in relation to the specific purpose for which your data will be processed;
The Company will take all reasonable steps to ensure that personal data is accurate and, where necessary, kept up-to-date;
The Company will maintain personal data in a form that permits identification no longer than is necessary for the purposes for which the personal data has been collected for processing.
The Company will hold and process personal data in a manner that ensures appropriate security;
The Company will only share personal data where it is necessary to provide the agreed service or where it is necessary for the Firm to comply with its legal and regulatory requirements.
The Company will only utilise a service provider based outside of the UK for the processing of personal data where this is strictly necessary to facilitate our services to you. In all cases, we will ensure service providers are fully compliant with GDPR ahead of transferring any personal data.
What personal data does the Company collect and why?
In the course of providing products/services to you, the Company may collect information that is considered personal information (e.g. name, contact details, address, passport number, driving licence).
As a client, contact or employee of the Company, we will require some personal information in order to verify your identity and have the applicable relationship with you. Some of this information may be required to satisfy legal obligations (e.g. to comply with obligations arising under the Money Laundering Regulations whereas other information may be required in connection with the provision of services to you). The information collected will vary depending on the service the Company provides to you or you provide to the Company, but typically includes:
Personal information: Such as your name, date of birth, passport number or national insurance number;
Contact information: Including your address, telephone number and email address.
Where does the Company store my personal data?
- The Company has comprehensive policies and procedures in place to ensure your personal data is kept safe and secure, with these including:
- Data encryption;
- Intrusion detection;
- 24/7 physical protection of the facilities where your data is stored (i.e. Microsoft’s UK data centres);
- Background checks for personnel that access physical facilities; and
- Security procedures across all service operations.
How long does the British Chocolate Factory (company) retain personal data?
As a regulated entity, the Company is required to maintain its books and records for a prescribed period (five years from either the ceasing of a business relationship, or, in the case of non-clients, from the making of a record.
Any information that is outside the scope of this requirement will be retained whilst relevant and useful, and destroyed where this ceases to be the case or where the data subject specifically requests this.
How have I been categorised in accordance with GDPR?
The GDPR requires the Company to inform you of the legal basis on which we maintain your personal data. Typically, the Company will reach out to you personally to confirm this; however, as a general rule the following is applicable:
Clients – Information is maintained on the basis of contractual obligation and/or legitimate interests (where relevant) and/or legal obligation;
Service providers – Information is maintained on the basis of contractual obligation; and
Database/marketing contacts – Information is maintained on the basis of legitimate interest and/or consent.
What are my rights?
Once you have provided your details to the Company, you have certain rights which apply, depending on your relationship with the Company, the information you have shared with us and the Company’s legal and regulatory obligations.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some, or all, of your personal information, please email the Company at email@example.com. The company will provide this information to you within one month (with the ability to extend this by an additional two months where necessary), free of charge.
You have the right to request that the information the company holds about you is erased under certain circumstances including where there is no additional legal and/or regulatory requirement for the Firm to retain this information.
As a client, you have the right to request that any information the company holds about you be provided to another company in a commonly used and machine-readable format, otherwise known as ‘data portability’.
You have the right to ensure that your personal information is accurate and up to date, or where necessary rectified. Where you feel that your personal data is incorrect or inaccurate and should therefore be updated, please contact firstname.lastname@example.org
You have the right to object to your information being processed, for example for direct marketing purposes.
You have the right to restrict the processing of your information, for example limiting the material that you receive or where your information is transferred.
You have the right to object to any decisions based on the automated processing of your personal data, including profiling.
You have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/concerns/) if you are not happy with the way that we manage or process personal data.
Will I be notified of changes to this policy?
The company may, from time to time, review and update this policy. The Company will maintain the latest version of this policy on its website, and where the changes are deemed material, it will make you are aware of these.
Who should I direct questions to?
If you have any questions, concerns or complaints about the practices contained within this document or how the company has handled your data, please email: email@example.com.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
We will normally process your Personal Data within the European Union. Notwithstanding this, the global nature of our business involves that your Personal Data may occasionally be disclosed to non- European entities of the British Chocolate Factory for which they have entered into a data transfer agreement regulating these cross-border transfers.
We also use some third party suppliers to help us provide business services. These third parties may have access to or merely host your Personal Data, but will always do so under our instructions and subject to a contractual relationship. When these third parties are located in territories (such as the USA) which may not offer an equivalent level of protection to privacy as that applicable within the EU, we will take all the necessary steps to verify that your Personal Data receives an adequate level of protection. This, either by entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection schemes (for example, EU-US Privacy Shield).