POD Chocolate Experiences is the controller, and responsible for your personal data and adheres to the GDPR guidelines (Guide to the General Data Protection Regulation). POD Chocolate Experiences respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we collect and process your personal data through your use of our website, including any data you may provide through this website when you purchase a product or service or contact us via the ‘Contact’ form or if you contact us directly.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This website may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and applications and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statement of every website you visit. We have listed details of third-party websites and applications further down in this privacy notice.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified.
When you contact us, either via the ‘Contact’ form on our website or directly, we may collect, use and store the following kinds of data about you: first name, last name, email address and telephone numbers (“contact details”).
As well as the above, if you then commission an order with us, we may collect, use and store the following kinds of additional data about you: billing address, delivery address; bank account details (only for refunds to you) and payment card details, details about payments from you, purchases or orders made by you; and any feedback.
We may also collect, use and store information about your preferences in receiving marketing information. We do not collect any special categories of personal data.
How is your personal data collected?
We use different methods to collect data from and about you including through direct interactions where you may give us your contact details (e.g. at one of our fairs, events or exhibitions) by filling in forms or corresponding with us in person, post, phone, email, social media or using our ‘Contact’ form on our website.
We may also receive personal data about you from PayPal, iZettle® and Square who process payments for our products on our behalf. This may include details about payments from you, purchases or orders made by you, billing address, delivery address.
How we use your personal data and the purpose for doing so
We will only use your personal data when the law allows us to. Most commonly, we will use and process your personal data to perform the contract we are about to enter into or have entered into with you. This will usually be to:
- process your commission order with us;
- contact you regarding your order;
- deliver your order;
- manage payment and fees for your order; and/or
- enable you to partake in a prize draw or competition.
We will let you know if there is any reason why we would need to change the purposes for processing your data.
Marketing and opting out
We may also use and process your email address to let you know about any upcoming Experiences and new products. We will only do so where you have opted in. If you wish to opt-out, simply click unsubscribe on your most recent email from us, or contact firstname.lastname@example.org.
Disclosures of your personal data
We may have to share or receive your personal data with or from the parties set out below:
We also have links to our Instagram page. We encourage you to read their terms and conditions and privacy statements before visiting this site.
Data security and breaches
Access to your personal data is strictly limited to those people who have a business to need to know it, and only for the purposes set out above. We do not transfer your personal data outside the European Economic Area. If for any reason there is a suspected personal data breach, will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you need any further information on our retention policies, please feel free to contact us.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include: the right to request access to your personal data; request correction of your personal data; request erasure of your personal data; object to processing of your personal data; request restriction of processing your personal data; request transfer of your personal data; and right to withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact Sophia Winslade at email@example.com
This version was last updated on 22 May 2020.