PRIVACY POLICY Robert Andrew Ltd (“We”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting this website you are accepting and consenting to the practices described in this policy. Legislation The General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) provide rights to individuals regarding the collection, storage and use of their personal data. This Privacy Policy has been updated to take account of any requirements under the privacy laws including the requirements of the Privacy and Electronic Communications Regulations 2003 updated 2004 and 2011 (PECR). Who is the Data Controller? Robert Andrew Limited of 90 Brixton Hill, London, England, SW2 1QN Data Controller contact details Tel: 0161 560 1806 Email: dataprotection@lowcarbsourdough.co.uk Responsible person Agnieszka Bronowicka New rights under the General Data Protection Regulation You have some additional rights under the GDPR. Access: Data Subject Access Request. You have the right to access the personal information we may hold about you. On receipt of such a request we will endeavour to respond to you as soon as possible, but at least within one calendar month. You must provide us with 2 forms of personal identity to ensure that we only disclose to you information which is relevant to you personally. Rectification: You have the right to request that we amend any personal information that may be incorrect or require updating. Erasure: You have the right to request that we delete any personal information pertaining to you. Any questions about these rights may be sent to dataprotection@lowcarbsourdough.co.uk Data Portability: Under GDPR there is a new right to data portability, primarily designed to make it easier for individuals to switch between service providers. This is unlikely to be relevant to your relationship with Us. The right to restrict or suspend processing: Individuals have a right to ‘block’ or suppress processing of personal data. If you decide to do this, we will continue to store the data, but not further process it until we have agreed a solution to the issue you have raised. Data breach reporting: You have the right to be informed of a data breach if there is material damage which might affect you. What is personal data? Personal data means any information which relates to a living individual who can be identified either directly or indirectly by reference to an identifier such as their name, email address and other personal details. Information we collect from you We will collect and process the following data about you: Information you give us. This is information about you that you give us by filling in forms on this site (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, participate in social media functions on our site, enter a contest, promotion or survey, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number. Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, any information collected by external platforms such as Google Analytics. information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), contents you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number. Cookies Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie policy. How we use your personal data We use information held about you in the following ways: Information you give to us. We will use this information: to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us; to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous activities on our site. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this; to notify you about changes to our service; to ensure that content from our site is presented in the most effective manner for you and for your computer. Information we collect about you. We will use this information: to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; to improve our site to ensure that content is presented in the most effective manner for you and for your computer; to allow you to participate in interactive features of our service, when you choose to do so; as part of our efforts to keep our site safe and secure; to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them. Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Purposes for which we will use your personal data We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below. Purposes for which we will use your personal data We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below. Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest To register you as a new User (a) Identity (b) Contact Performance of a contract with you To manage our relationship with you which will include (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey (a) Identity (b) Contact (c) Profile (d) Marketing and Communications (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) To enable you to partake in a prize draw, competition or complete a survey (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity (b) Contact (c) Technical (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical (b) Usage Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) Disclosure of personal data You agree that we have the right to share your personal information with: Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. Selected third parties including: analytics and search engine providers that assist us in the improvement and optimisation of our site; credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you. We will disclose your personal information to third parties: In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets. If Robert Andrew Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Data security All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Children’s privacy We do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register for the Service. The Service and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us. Your rights We will not use your personal data for marketing purposes. We will only use your personal data to inform you of new contests and to enhance your experience of using our website. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at dataprotection@lowcarbsourdough.co.uk or by opting-out or by unsubscribing. You can also at any time request that your account and personal data be permanently deleted. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. Data retention We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. Changes to our privacy policy Any material changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. Contact Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to dataprotection@lowcarbsourdough.co.uk