Loading...


This Privacy Policy explains how Pluckley Bread Station collects, stores, and uses personal information when you use or interact with our website, https://www.pluckleybreadstation.co.uk (the website), and when we obtain information about you through other means. This Privacy Policy is effective from 29 March 2023.

Contents
• Summary
• Our details
• Information we collect when you visit our website
• Information we collect when you contact us
• Information we collect when you interact with our website
• Information we collect when you place an order
• Information collected or obtained from third parties
• Our use of automated decision-making and profiling
• Disclosure and additional uses of your information
• How long we retain your information
• How we secure your information
• Transfers of your information outside the European Economic Area
• Your rights in relation to your information
• Your right to object to the processing of your information for certain purposes
• Sensitive personal information
• Changes to our Privacy Policy
• Children’s Privacy

Summary
This section provides an overview of how we collect, store, and use personal information. It is intended as a high-level summary and does not include all details. It should be read alongside the relevant sections of this Privacy Policy.
Data controller: Pluckley Bread Station
How we collect or obtain information about you
We collect personal information in the following ways:


• When you provide it to us, including when you contact us, subscribe to our newsletter, or place an order through our website.
• Through your use of our website, including the use of cookies and similar technologies.
• On occasion, from third parties.
Information we collect
The personal information we may collect includes your name, email address, phone number, company name, IP address, and information obtained through cookies. This may also include details about your computer or device, such as browser and device type, and information about how you use our website. Usage information may include pages viewed, the time and date of access, links clicked, and your general geographic location based on your IP address.
How we use your information
We use your personal information for administrative and business purposes. This includes contacting you, processing orders placed through our website, improving our business operations and website, meeting contractual obligations, promoting our goods and services, analysing website usage, and exercising our legal rights and meeting legal obligations.
Disclosure of your information to third parties
We disclose personal information to third parties only where this is necessary to operate our business. This may include sharing information with service providers, fulfilling contracts entered into with you, complying with legal requirements, or enforcing our legal rights.
Sale of personal information
We do not sell your personal information to third parties, except where this forms part of a business sale, purchase, or similar corporate transaction.
Use of automated decision-making and profiling
We use profiling through web analytics to understand how our website is used. We do not use automated decision-making. Further information is provided in the section titled Use of automated decision-making and profiling.
How long we retain your information
We retain personal information only for as long as necessary. Retention periods take account of legal obligations, such as record-keeping for tax purposes, the legal basis on which we process information, and other factors set out in the section titled How long we retain your information. Specific retention periods for certain categories of information are detailed in that section.


How we secure your information
We apply appropriate technical and organisational measures to protect personal information. These include storing information on secure servers, encrypting data transfers using Secure Sockets Layer (SSL) technology, and restricting access to information to those who need it for legitimate business purposes.
Use of cookies and similar technologies
We use cookies and similar technologies, including essential, functional, and analytical cookies. Further details are available in our cookies policy at:
https://www.pluckleybreadstation.co.uk/cookies-policy
Transfers of your information outside the European Economic Area
In certain circumstances, we transfer personal information outside the European Economic Area, including to the United States of America. Where such transfers occur, we ensure appropriate safeguards are in place to protect your information.
Your rights in relation to your information
You have the right to:
• Access your personal information and receive information about how it is used
• Request correction or completion of inaccurate or incomplete information
• Request deletion of your information
• Restrict the use of your information
• Receive your information in a portable format
• Object to the processing of your information
• Withdraw consent where processing is based on consent
• Not be subject to significant decisions based solely on automated processing, including profiling
• Lodge a complaint with a supervisory authority

Sensitive personal information
We do not knowingly or intentionally collect sensitive personal information. You should not submit sensitive personal information to us. Further information is provided in the section titled Sensitive personal information.
Our details
The data controller for this website is Pluckley Bread Station, with a registered address at South House, Lambden Road, Pluckley, Ashford, Kent, TN27 0RB.
You can contact the data controller by post at the above address or by email at store@pluckleybreadstation.co.uk.
If you have any questions about this Privacy Policy, please contact the data controller.
Information we collect when you visit our website
We collect and use information from website visitors in line with this section and the section titled Disclosure and additional uses of your information.
Web server log information
Our website is hosted on a third-party server. When you access the website, the server automatically records certain information, including your IP address, pages accessed, information requested, the date and time of your visit, the source of your access (such as a referring website or link), and details of your browser and operating system.
Our server is located in the United Kingdom.
Use of website server log information for IT security
Our hosting provider collects and stores server log information to maintain network and information security and to protect the website from compromise. This includes monitoring log files to identify and prevent unauthorised access, malicious code distribution, denial-of-service attacks, and other cyber security threats by detecting unusual or suspicious activity.
Unless we are investigating suspected or potential criminal activity, neither we nor our hosting provider attempt to identify individuals using information collected through server logs.

Legal basis for processing
Compliance with a legal obligation
We are required to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk involved in processing personal information. Recording website access through server log files forms part of these measures, in accordance with Article 6(1)(c) of the General Data Protection Regulation.
Legitimate interests
We also process this information on the basis of our legitimate interests, under Article 6(1)(f) of the General Data Protection Regulation, to ensure the security and integrity of our network and systems.
Cookies and similar technologies
Cookies are data files sent from a website to a browser to record information about users for a range of purposes.
We use cookies on our website, including essential, functional, and analytical cookies. Further information on how cookies are used is available in our cookies policy at:
https://www.pluckleybreadstation.co.uk/cookies-policy
You can reject some or all cookies by adjusting your browser settings. This may affect the functionality of the website. Further guidance on managing cookies is available at www.allaboutcookies.org or within our cookies policy.

Information we collect when you contact us
We collect and use information from individuals who contact us in line with this section and the section titled Disclosure and additional uses of your information.
Email
When you contact us by email using the address provided on our website, we collect your email address and any other information you choose to include in your message. This may include your name, telephone number, and information contained within your email signature.

Legal basis for processing
We process this information on the basis of our legitimate interests, under Article 6(1)(f) of the General Data Protection Regulation, to respond to enquiries and maintain records of correspondence.
Where your message relates to the provision of goods or services, or to steps taken at your request before entering into a contract, we process your information where necessary to perform a contract or take steps to enter into a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation.
Transfer and storage of email communications
We use a third-party email provider to store email correspondence. Emails may be transferred and stored outside the European Economic Area. Where this occurs, appropriate safeguards are applied to protect your information.
Further details are provided in the section titled Transfers of your information outside the European Economic Area.
Contact form
When you contact us using the website contact form, we collect your name, email address, phone number, and company name. We also collect any other information you provide, including optional details such as your areas of interest or how you found us.
If mandatory fields are not completed, the contact form cannot be submitted and your enquiry will not be received. If optional information is not provided, we may be unable to respond with specific details relevant to your enquiry.
Legal basis for processing enquiries and correspondence
We process personal information relating to enquiries and correspondence on the following legal bases.
Legitimate interests
We process personal information in order to respond to enquiries and messages we receive and to maintain appropriate records of correspondence. This processing is carried out in accordance with Article 6(1)(f) of the General Data Protection Regulation.


Performance of a contract
Where an enquiry relates to the provision of goods or services, or to steps taken at your request prior to entering into a contract, we process personal information where necessary to perform a contract or to take steps to enter into a contract. This processing is carried out in accordance with Article 6(1)(b) of the General Data Protection Regulation.
Transfer and storage of enquiry information
Messages submitted via our contact form are stored within the United Kingdom.

Contact by phone
When you contact us by phone, we collect your phone number and any information you provide during the call.
Legal basis for processing
We process this information on the basis of our legitimate interests, in order to respond to enquiries and retain records of correspondence, in accordance with Article 6(1)(f) of the General Data Protection Regulation.
Where a call relates to the provision of goods or services, or to steps taken at your request prior to entering into a contract, we also process personal information where necessary to perform a contract or to take steps to enter into a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation.
Transfer and storage of phone call information
Information relating to your call, including your phone number and the date and time of the call, is processed by our third-party telephone service provider and stored within the United Kingdom.

Contact by post
When you contact us by post, we collect any personal information contained within the correspondence you send to us.
Legal basis for processing
We process this information on the basis of our legitimate interests, in order to respond to enquiries and maintain records of correspondence, in accordance with Article 6(1)(f) of the General Data Protection Regulation.
Transfer and storage of postal correspondence
Postal correspondence is stored within the United Kingdom.


Information we collect when you interact with our website
We collect and use personal information from individuals who interact with specific features of our website in line with this section and the section titled Disclosure and additional uses of your information.
E-newsletter
When you sign up to receive our e-newsletter by providing consent through our enquiry form, we collect your name, email address, phone number, and company name.
Legal basis for processing
We process this information on the basis of your consent, in accordance with Article 6(1)(a) of the General Data Protection Regulation. You provide consent by actively opting in to receive our e-newsletter.
Transfer and storage of e-newsletter information
Information submitted when subscribing to our e-newsletter is stored within the United Kingdom.

Information we collect when you place an order
We collect and use personal information from individuals who place orders through our website in line with this section and the section titled Disclosure and additional uses of your information.
Information collected when you place an order
When you place an order for goods or services, we collect your name, email address, billing address, and phone number.
If this information is not provided, we will be unable to process your order or enter into a contract with you.
Legal basis for processing
We process order-related information on the following legal bases:
• Performance of a contract
We process personal information where necessary to identify the contracting party and to fulfil our contractual obligations, including issuing order confirmations and receipts, in accordance with Article 6(1)(b) of the General Data Protection Regulation.
• Compliance with a legal obligation
Where applicable, we process personal information to meet legal requirements, including issuing VAT invoices and maintaining accounting records, in accordance with Article 6(1)(c) of the General Data Protection Regulation.
• Legitimate interests
We process your phone number on the basis of our legitimate interests to contact you efficiently in relation to your order or account, in accordance with Article 6(1)(f) of the General Data Protection Regulation.
Transfer and storage of order information
Personal information submitted when placing an order is stored on our servers within the United Kingdom.

Processing your payment
Once an order has been placed, payment must be made for the goods or services ordered. We accept payment by cash in person, bank transfer, or through third-party payment processors.
Payment information is collected, processed, and stored by the payment method or third-party payment processor you select, in line with their own privacy policies.
Transfer and storage of payment information
All payment information is retained within the United Kingdom.
Legal basis for processing
We process payment-related information where necessary to perform a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation, in order to fulfil your contractual obligation to pay for the goods or services ordered.
Information collected or obtained from third parties
This section explains how we obtain personal information about you from third parties.
Information received from third parties
We do not generally receive personal information about you from third parties. Where this does occur, it is most likely to be from businesses or clients we work with who recommend our services to you. These third parties may operate in any industry, sector, or location.
In some cases, third parties with whom we have had no prior relationship may also provide us with personal information about you.
The information received typically includes your name and contact details, along with any additional information the third party chooses to provide.
Legal basis for processing information received from third parties
We process information obtained from third parties on one or more of the following legal bases:
• Performance of a contract
Where a third party provides your details so that we can offer services to you, we process this information to take steps at your request to enter into a contract or to perform a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation.
• Consent
Where you have asked a third party to share your information with us for purposes not linked to the performance of a contract, we process your information on the basis of your consent, in accordance with Article 6(1)(a) of the General Data Protection Regulation.
• Legitimate interests
In limited circumstances, we may process information shared by a third party without your consent where we have a legitimate interest in doing so, in accordance with Article 6(1)(f) of the General Data Protection Regulation.
This may include situations where we are performing obligations under a sub-contract with a third party, or where information has been shared in connection with an actual or suspected infringement of our legal rights.
Information received in error
Where we receive personal information about you from a third party in error, or where no lawful basis exists for processing that information, we will delete it.

Information obtained from public and other sources
In certain circumstances, we obtain personal information about you from publicly accessible sources, both within and outside the European Union. This may include Companies House, business directories, media publications, social media platforms, customer databases, and websites, including your own where applicable.
Legal basis for processing
• Performance of a contract
Where you have entered into, or requested that we enter into, a contract with you, we may obtain information from public sources to understand your business and deliver services to an appropriate standard, in accordance with Article 6(1)(b) of the General Data Protection Regulation.
• Legitimate interests
We may also obtain information from public or private sources where we have a legitimate interest in doing so, such as investigating suspected or actual infringements of our legal rights, in accordance with Article 6(1)(f) of the General Data Protection Regulation.

Our use of profiling and automated decision-making
We do not use profiling in a way that produces legal or similarly significant effects on individuals. We do not use automated decision-making.
Further information on our use of cookies and similar technologies, including the legal basis for their use and how to manage preferences, is available in our cookies policy at:
https://www.pluckleybreadstation.co.uk/cookies-policy
Use of profiling for web analytics
We may use Google Analytics to analyse website usage. This service collects information such as your location, based on your IP address, and your behaviour on the website, based on cookies. We process this information only where you have consented to the use of cookies. This profiling does not produce legal or similarly significant effects on individuals.
Information collected through Google Analytics is anonymised and stored in aggregated form.
Purpose and logic
By analysing usage patterns, device types, and geographic data, we gain insight into visitor preferences. This helps us improve website content, functionality, and marketing activity.
Significance and consequences
Cookies track information about your device and website activity, and your general location is analysed using your IP address. You can accept or reject cookies through your browser settings. Further details are provided in our cookies policy.
Legal basis for processing
We process analytics data on the basis of our legitimate interests, in accordance with Article 6(1)(f) of the General Data Protection Regulation, to understand visitor behaviour and improve the effectiveness of our website.

Disclosure and additional uses of your information
This section explains when we disclose personal information to third parties and the purposes for which this occurs.
Disclosure to service providers
We use third-party service providers to support the operation of our business. These include providers of telephone services, email services, mailing lists, IT support, web development, and website hosting. All service providers are based in the United Kingdom.
Personal information is shared with these providers only where necessary to deliver services you have requested, including website access and order fulfilment.
For security and commercial reasons, we do not publicly list the names of all service providers. Further details can be provided on request where there is a legitimate reason.
Legal basis for disclosure
We disclose information to service providers on the following legal bases:
• Legitimate interests
Where disclosure is required to operate and manage our business effectively, in accordance with Article 6(1)(f) of the General Data Protection Regulation.
• Performance of a contract
Where disclosure is necessary to perform a contract with you or to take steps at your request prior to entering into a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation.
Disclosure of your information to third parties
Accountants
We share personal information with our accountants for tax and accounting purposes. This includes invoices we issue and receive, which are used to complete tax returns and prepare end-of-year accounts. Our accountants are based in the United Kingdom.
Advisors
From time to time, we seek professional advice from advisors, including accountants, financial advisors, legal professionals, and public relations consultants. Personal information is shared only where necessary to enable those advisors to provide appropriate advice. All advisors are based in the United Kingdom.
Business partners
We work with business partners who provide goods or services that complement our own or allow us to deliver services that we could not otherwise provide. Personal information is shared with business partners only where you have requested services they provide, either independently or alongside our own services. Our business partners are based in the United Kingdom.
Independent contractors
We may engage independent contractors to carry out specific functions within our business. Personal information is shared with contractors only where required for them to perform the services for which they have been engaged. All independent contractors are based in the United Kingdom.
Insurers
We share personal information with our insurers where necessary, including in relation to claims, potential claims, or to meet disclosure obligations under insurance contracts. Our insurers are based in the United Kingdom.
Business sales, mergers, or acquisitions
We may share personal information with a prospective or actual purchaser or seller in connection with a business or asset sale, acquisition, merger, or similar transaction, whether actual or proposed.
Legal basis for processing
We process and share information in these circumstances on the basis of our legitimate interests, in accordance with Article 6(1)(f) of the General Data Protection Regulation, to enable such transactions to proceed.

Disclosure and use of your information for legal reasons
Prevention and detection of crime
Where we suspect actual or potential criminal activity, including fraud or cybercrime, or where there are threats to public security, we may disclose personal information to appropriate authorities, such as the police. Information is processed for this purpose only where you are involved in or affected by the relevant incident.
Legal basis for processing
Legitimate interests, in accordance with Article 6(1)(f) of the General Data Protection Regulation, for the prevention and detection of crime.
Enforcement of legal rights
We may process and share personal information where necessary to enforce or protect our legal rights. This may include sharing information with debt collection agencies where amounts owed to us remain unpaid. Legal rights may arise under contract or under non-contractual legal frameworks.
Legal basis for processing
Legitimate interests, in accordance with Article 6(1)(f) of the General Data Protection Regulation, for enforcing and protecting our legal rights.
Legal disputes and proceedings
We may process personal information where required in connection with actual or potential disputes, including mediation, arbitration, or court proceedings.
Legal basis for processing
Legitimate interests, in accordance with Article 6(1)(f) of the General Data Protection Regulation, for resolving disputes.
Compliance with legal obligations
We process personal information to comply with legal and regulatory obligations. This may include disclosure in response to court orders or statutory requests.
Legal basis for processing
• Compliance with a legal obligation, in accordance with Article 6(1)(c) of the General Data Protection Regulation, where obligations arise under the laws of England and Wales or form part of UK law.
• Legitimate interests, in accordance with Article 6(1)(f) of the General Data Protection Regulation, where obligations arise under the laws of another country and are not incorporated into UK law.

How long we retain your information
This section explains how long we retain personal information. Specific retention periods are set out where possible. Where this is not feasible, we apply defined criteria to determine appropriate retention periods.
Retention periods
• Correspondence and enquiries
Information relating to enquiries or correspondence is retained for the duration required to respond and resolve the matter, and for one additional year, after which it is deleted.
• E-newsletter
Information used to subscribe to our e-newsletter is retained for as long as you remain subscribed or until the newsletter service is discontinued.
• Order information
Information relating to orders for goods or services is retained for seven years from the date of the order for tax, accounting, and legal purposes.
Criteria for determining retention periods
Where specific retention periods are not defined, we consider:
• the purpose and ongoing use of the information;
• legal or regulatory obligations to retain the information;
• the legal basis for processing, including consent;
• the value of the information;
• recognised industry practices;
• risks, costs, and liabilities associated with retention;
• the ability to keep information accurate and up to date; and
• the nature of our relationship with you.

How we secure your information
We apply appropriate technical and organisational measures to protect personal information against unauthorised or unlawful processing, loss, destruction, or damage. These measures include:
• limiting access to personal information to what is necessary and applying confidentiality controls where appropriate;
• storing information on secure servers;
• verifying the identity of individuals requesting access to information; and
• encrypting information submitted through website forms using Secure Sockets Layer (SSL) technology.



Transmission of information by email
Information transmitted over the internet is not fully secure. Where you choose to submit information by email or through the website, you do so at your own risk. We are not responsible for losses or damages arising from the transmission of information by these means.

Transfers of your information outside the United Kingdom
Personal information may be transferred and stored outside the United Kingdom in certain circumstances.
We may also transfer information outside the United Kingdom where required to comply with legal obligations, such as court orders. Where transfers occur, appropriate safeguards are applied.
Email
Information submitted by email may be transferred outside the United Kingdom and stored on third-party email provider servers.
Google Analytics
Information collected through Google Analytics, including IP addresses and website interaction data, may be transferred to and stored on servers in the United States of America. This country is not subject to an adequacy decision by the United Kingdom Appropriate safeguards are applied in line with applicable data protection requirements. Google’s privacy policy is available at:
https://www.google.com/policies/privacy/

Your rights in relation to your information
Subject to statutory limitations, you have the right to:
• request access to your personal information and details of how it is processed;
• request correction or deletion of your information;
• request restriction of processing;
• receive your information in a structured, commonly used, and machine-readable format and request its transfer to another data controller;
• object to processing for certain purposes; and
• withdraw consent where processing is based on consent.
Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner’s Office (ICO), which can be contacted at:
https://ico.org.uk/global/contact-us/
Further information on your rights in relation to your personal data
The rights outlined above are provided in summary form and are subject to certain legal conditions and limitations. Further guidance on individual rights under data protection law is available on the Information Commissioner’s Office (ICO) website:
• https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
• https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
You may also consult the underlying legislation, including Articles 12 to 22 and Article 34 of the General Data Protection Regulation, which is available at:
http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf

Verifying your identity when you request access to your information
Where you request access to your personal information, we are required by law to take reasonable steps to verify your identity before responding.
These measures are intended to protect your information and reduce the risk of identity fraud, identity theft, or unauthorised access.
How we verify your identity
Where sufficient information is already held on file, we will attempt to verify your identity using that information. If this is not possible, or where the information held is insufficient, we may request original or certified copies of documentation to confirm your identity.
We will confirm the specific documentation required based on the nature of your request and your individual circumstances.

Your right to object to the processing of your information for certain purposes
You have the right to object to the processing of your personal information in certain circumstances. This includes the right to object where we process your information:
• to carry out a task in the public interest or for our legitimate interests, including profiling; and
• for direct marketing purposes, including profiling related to such marketing.
You may exercise this right by writing to Pluckley Bread Station, South House, Lambden Road, Pluckley, Ashford, Kent, TN27 0RB, or by emailing store@pluckleybreadstation.co.uk.
You may also object to the use of your information for direct marketing by:
• clicking the unsubscribe link included in marketing emails and following the on-screen instructions; or
• emailing store@pluckleybreadstation.co.uk with a request to opt out of marketing communications, including the words “OPT OUT”.
Further information on managing objections to cookies and similar technologies is available in the section titled How to accept or reject cookies within our cookies policy:
https://www.pluckleybreadstation.co.uk/cookies-policy

Sensitive personal information
Sensitive personal information includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data used for identification, health information, or information concerning a person’s sex life or sexual orientation.
We do not knowingly or intentionally collect sensitive personal information. You should not submit sensitive personal information to us.
If sensitive personal information is provided to us, whether intentionally or inadvertently, you will be taken to have given explicit consent to our processing of that information under Article 9(2)(a) of the General Data Protection Regulation. In such cases, the information will be processed solely for the purpose of deletion.

Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
Minor changes
Where changes are minor, we will update the effective date at the beginning of the Privacy Policy. The revised policy will apply from that date.
Major changes
Where we make significant changes to this Privacy Policy, or intend to process personal information for a new purpose, we will notify you where possible by email or by posting a notice on our website. We will provide details of the change and any relevant information before the new processing begins.
Where required, we will obtain your consent before using personal information for a purpose different from that for which it was originally collected.

Children’s privacy
This website is not intended for use by individuals under the age of 18. We do not knowingly collect or process personal information relating to children.
In limited circumstances, personal information relating to individuals under 18 may be provided as a result of misrepresentation by a third party. Where this occurs and we are notified, we will take appropriate steps in line with legal requirements, including obtaining parental consent where required.

Vanessa Lang,

Artisan Baker,

Pluckley,

Kent.

PLUCKLEY BREAD STATION