Privacy Policy

This privacy policy is for www.buffysbakery.com and applies between you, the user of this website and Buffy (Bindiya Ganesh), the owner and provider of this website. Buffy’s Bakery LTD takes the privacy of your information very seriously. This privacy applies to our use of any and all data collected by us or provided by you in relation to your use of our website.

In this policy, "we", "us" and "our" refer to Buffy’s Bakery LTD. Please read this privacy policy carefully.

This website and its owner take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience.

Buffy’s Bakery LTD may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website.

By submitting personal data to us, you agree to us using your personal data as follows.

(1) How we process your personal information

Your personal information that we’ll process in connection with all our services, if relevant, includes:

(a) Personal and contact details, such as title, full name, email address, date of birth, contact details, address and contact details history
(b) Records of your contact with us such as via phone or email, or if you get in touch with us online using our contact form or social media platforms
(c) Products and services you have purchased from us, as well as have been interested in and have held and the associated payment methods used
(d) Marketing to you and analysing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analysing data to help target offers to you that we think are of interest or relevance to you.

We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

Any information we collect about you will come either from yourself, any person who may have referred you to us, or from our advertising or social media platforms.

(2) How we may use your personal data

We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:

(a) Assessing an enquiry for a product or service, including considering whether or not to offer you the product or service
(b) Managing any aspect of the product or service
(c) To improve the operation of our business
(d) For management and auditing of our business operations including accounting
(e) To keep records of our communications with you
(f) For market research and analysis and developing statistics
(g) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and services. We may send marketing to you by social media and digital channels (for example, using Instagram Custom Audiences).
(h) To comply with legal and regulatory obligations, requirements and guidance

(3) Legal grounds

We rely on the following legal bases to use your personal data:
1. Where it is needed to provide you with our products or services, such as:

(a) Assessing an enquiry for a product or service you hold with us, including considering whether or not to offer you the product or service
(b) Managing products and services you have purchased from us
(c) All stages and activities relevant to managing the product or service including enquiry, administration and management of accounts

2. Where it is in our legitimate interests to do so, such as:

(a) Managing our products and services relating to that and updating your records
(b) For management and audit of our business operations including accounting
(c) To keep records of our communications with you
(d) For market research and analysis and developing statistics
(e) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and services. We may send marketing to you by social media and digital channels (for example, using Instagram Custom Audiences)
(g) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations

3. To comply with our legal obligations
4. With your consent or explicit consent for some direct marketing communications

(4) Sharing your data

We may share information with the following third parties for the purposes listed above:

(a) Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme
(b) Any other businesses that are needed in order to fulfil our services or products, such as suppliers or outsourcing companies

(5) Storing your data

We may store your data manually or electronically. Any data stored electronically will be stored securely on cloud storage, as well as our own hard drives and data storage systems.

By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

(6) Data retention

We process and store your personal data for as long as required by the purpose they have been collected for.

(a) Unless a longer retention period is required or permitted by law, we will only hold your data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the data is deleted.
(b) Even if we delete your data, it may persist on backup or archival media for legal, tax or regulatory purposes.

Once the retention period expires, personal data will be deleted and some of your rights (i.e. the right to access, the right to erasure, the right to rectification and the right to data portability) cannot be enforced after expiration of the retention period. You may find specific information regarding your rights within section 9 of this Privacy Policy.

(7) Third party disclosure

We do not sell, trade, or otherwise transfer to outside parties your personal information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential.

(a) All professional service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
(b) We may share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our site terms of use or to protect the rights, property or safety of our site, our users, and others.

Where your data is shared with third parties, we will seek to share the minimum amount necessary.

Analytics and other third-party tools

We use third-party tools to monitor and analyse the use of our websites, we use Google Analytics to track and analyse web traffic to our Site, more details can be found in section 13.

(8) Links to other websites

This website may from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extent to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.

(9) Your rights

In this Section 9, we have listed the rights that you have under data protection law.
Your principal rights under data protection law are:

(a) the right to access - you can ask for copies of your personal data;
(b) the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
(c) the right to erasure - you can ask us to erase your personal data;
(d) the right to restrict processing - you can ask us to restrict the processing of your personal data;
(e) the right to object to processing - you can object to the processing of your personal data;
(f) the right to data portability - you can ask that we transfer your personal data to another organisation or to you;
(g) the right to complain to a supervisory authority - you can complain about our processing of your personal data; and
(h) the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk
You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests.

Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR law. If we do hold information about you we will:

(a) Give you a description of it;
(b) Tell you why we are holding it;
(c) Tell you who it could be disclosed to; and
(d) Let you have a copy of the information in an intelligible form.

You can contact us or make an SAR by going to the CONTACT section of our website to exercise these rights or using the contact details below.
These requests can be exercised free of charge and will be addressed by us as soon as possible and always within 30 days.

(10) Contact us

Buffy’s Bakery LTD is private limited company owned by Buffy (Bindiya Ganesh), business number 12759675. The registered office address is: 30 Fairway Avenue, Kingsbury, London, England, NW9 0EJ. Email correspondence should be sent to info@buffysbakery.com or via the Contact form.

(11) Security

Our website is built on the website building platform, Squarespace, which uses various security measures, which you can view here.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.

In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user contacts us via the contact form to maintain the safety of your personal information.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our websites and any transmission is at your own risk.

(12) About cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.

(13) Cookie usage

1. We use analytics cookies for the following purposes:

We use Squarespace Analytics and Google Analytics to monitor and analyse our website traffic. Google Analytics gathers information about the use of our website by means of cookies. Google uses the data collected to track and monitor the use of our websites. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page here. This integration of Google Analytics anonymises your IP address.

2. Managing cookies

Most browsers allow you to refuse or accept cookies and to delete cookies (e.g. Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Internet Explorer). The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting on the website of the browser of choice.