Crust Crumb has developed this policy to demonstrate our commitment to combine the finest quality services with the highest level of integrity in dealing with our clients, suppliers, associates and staff. The policy explains how we collect store and use information about individuals and organisations. It will be continuously assessed against new technologies, business practices and the changing needs of everyone we deal with.
We ask that you read this policy carefully as it contains important information about what to expect when we collect information about you and how that may be used.
This policy applies to information we collect about:
- people who do business with us/register for our services;
- people who enquire about our services;
- job applicants; and
- visitors to our website.
1. Who is collecting your data?
Data is collected by Crust & Crumb Bakery Ltd (Co. No. [NI608062]) of 37 Main Street, Derrylin, Co Fermanagh, BT929JZ.
2. The information we collect about you
When you do business with us, register for our services or enter into a contract with us we may collect the following personal information from you, where the information is relevant to the matter we are dealing with:
Postal address, email address and telephone numbers;
Date of birth;
Family, lifestyle and social circumstances;
Financial details and national insurance number; and
Business activities of the person whose details we are processing.
We may also collect information that is referred to as being in a ‘special category’. This could include:
Physical or mental health details;
Racial or ethnic origin
Religious beliefs or other beliefs of a similar nature
Occasionally we may receive information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide services.
2.2 Via our website
If you visit our website, we may collect the following information: technical information, including the Internet protocol address used to connect your computer to the internet, browser type and version, time zone, browser plug-in types and versions, operating system and platform, information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including date and time), items you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, social networks used to browse to our pages and any phone number used to call us.
2.3 Special categories of data
We recognise two specific categories of personal data that deserve different levels of protection:
Personally-Identifiable Information includes, for example, e-mail addresses, billing information, employment status and ‘click stream’ data that tracks visitor activity on a Web site or online service.
A subset of that category, Sensitive Data, deserves additional safeguards. Sensitive Data includes, by way of example, Clients’ confidential data, individuals’ home telephone numbers, Bank Account, Income Tax and National Insurance numbers, interview notes, CVs, etc. If your relationship with us includes providing us with Sensitive Data, we will protect that information with extra care. We will not distribute Sensitive Data outside of our business, unless one of the three separate bases to lawfully do so (see clause 3 below) applies, and will give you the chance to opt out of sharing this information within our own organisation.
We collect Personally-Identifiable Information and Sensitive Data only when there is a legitimate business need to do so.
3. Why is your data collected by us?
We mainly rely on three separate bases to lawfully process your information. Firstly, we may need to process your information in certain ways to provide our goods or services to you. This processing is necessary to perform the contract between us. Secondly, where you have given us consent to use your information in certain ways, we will rely on your consent. Thirdly, in certain cases we may process your information where necessary to further our legitimate interests, where those legitimate interests are not overridden by your rights or interests.
Occasionally we may rely on other legal bases to process your information such as to protect a user’s vital interests (such as where there is a risk of imminent harm) or to comply with a legal obligation. We may also collect data in order to run credit or fraud checks, prevent and detect crime or meet our legal and regulatory obligations.
In certain cases you may indicate to us your preferences regarding the frequency, subject matter and/or format of communications. Please contact us for further information.
4. Who will we share your information with?
We may share relevant data with our representatives or with debt collection agencies if that is necessary. In certain cases you may indicate to us your preferences regarding disclosure to third parties. Please contact us for further information.
5. How long will your information be kept?
We will hold your data for as long as it is required to fulfil our contract with you. After that, it will be held for a period of six years. If you provide us with express consent to hold your data, we will retain it for as long as we consider you might be interested in our goods or services, or until you withdraw consent.
6. Marketing information
We may wish to provide you with information about other services or products we think may be of interest to you, where that is in your interests. In that case, we will seek your consent. If you agree to us providing you with marketing information then, as indicated above, you can always opt out at a later date.
We will never sell personal data, including mailing lists, on to a third party.
7. How do we protect your information?
We put in place appropriate security procedures and technical and organisational measures to safeguard your personal information. This may include, in certain cases, encryption of data and use of passwords. We will use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the internet.
8. Access to your information and updating and correcting your information
8.1 You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please send an email to HR@crust-crumb.com or send a letter to HR of Crust & Crumb Bakery, 37 Main Street, Derrylin, Co Fermanagh.
8.2 We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email address, name or payment details, please let us know the correct details by sending an email to HR@crust-crumb.com or by sending a letter to HR of Crust & Crumb Bakery, 37 Main Street, Derrylin, Co Fermanagh.
. You may ask us, or we may ask you, to correct information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate.
8.4 Crust Crumb will continue to oversee implementation of and compliance with this policy and will adapt it to reflect changes in technology and the expectations of everyone we deal with.
8.5 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Details are available at www.ico.org.uk.
9. Sale of business
If our business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
10. Links to other websites