Privacy Policy

This policy describes how Posh & Cake collect and process your personal data obtained on our website poshandcake.co.uk (Our Website).

It is important that you read this policy together with any other privacy policy/notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data from Our Site.

We may change the terms of this policy from time to time. This version is dated March 2021.

Georgiana-Minodora Tamas is a Sole Trader trading as Posh & Cake and the legal entity which is the data controller collecting and processing the information provided by users of Our Website (reference no: ZA746307) and it may be contacted via contact@poshandcake.co.uk

Personal data, or personal information, means any information that you provide in order to identify you.

Identity Data includes, but not restricted to, first name, last name, email address, username.

You may give us your Identity Data by ordering from our shop page or by filling out the contact form

We will only use your personal data where the law allows us to, including in the following circumstances:
- To provide and improve our services.
- To fulfil our legal and regulatory obligations.
- To manage our relationship with you.
- For other legitimate business purposes.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to receive an explanation as to how processing for the new purpose is compatible with the original purpose, please contact our Data Protection Lead.

We do not sell, distribute or otherwise make personal data commercially available to any party.

We take the security of the personal data we hold seriously.  Policies and procedures are in place to safeguard it from loss, misuse and improper disclosure.

We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies.  We do not allow our third-party service providers to use your personal information for their own purposes.  We only permit them to process your personal information for specified purposes and in accordance with our instructions.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory or reporting requirements. To determine the appropriate retention period for personal data, we consider:
‍
- the purposes for which we process the data; and
- If you have opted out of receiving future publications from us, your contact details will remain on our opt-out list to prevent you from receiving any further publications from us.

We assume responsibility for keeping an accurate record of personal data once you have submitted the information.  Please inform us of any changes to your information.

You are entitled to:
‍
- Request access to your personal data.
- Request the correction or erasure of your personal data.
- Object to the processing of your personal data.
- Request a restriction of processing of your personal data.
- Request the transfer of your personal data to you or to a third party.
- Withdraw consent at any time, where we are relying on consent to process your personal data.
‍
To exercise any of the above rights please contact our Data Protection Lead.

We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Our website uses cookies. For more information please see our cookie policy.

We are not responsible for the privacy policies of third party websites or social media platforms to which links may be provided via our website. You should check the privacy policy of the relevant third party before providing any information.

You may wish to participate in the various social media platforms hosted by us. However, we do not accept any responsibility for any personal information that you share on such platforms that is subsequently used, misused or otherwise appropriated by another user.

If you are concerned about an alleged breach of privacy law or any other regulation by us please contact our Data Protection Lead who will ensure that your complaint is investigated.

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.