Any personal information provided to or gathered by Cheddar Chocolate Company is controlled by Dean Martin Sweet t/a Cheddar Chocolate Company, whose principal place of business is at Unit 2 Winchester Farm, Draycott Road, Cheddar, Somerset BS27 3RP (“we”, “us”, “our”).
We are committed to protecting and maintaining your privacy; this Privacy Notice describes how Cheddar Chocolate Company collects, processes and stores personal data, to include via our website: cheddarchocolate.com, other sites and other online platforms. All personally-identifiable information provided to or gathered by us, including through our website, will be treated as confidential and we will not abuse this trust by providing all or any part of your information to others unless you have consented to this, where this is in our legitimate interests or to meet a legal obligation, further outlined below. Your information will never be sold, licensed, loaned or otherwise distributed to any other organisation unless we are required to do so by applicable law. Subject to any overriding obligation to which we are subject, you have the right to object to the processing of your personal information, by a simple request that we stop such processing.
Collection of your Personal Information
We may collect personal information in various ways, including in e-mail or written correspondence with you or to which we are copied, via third party services, through our website or directly from you at meetings or events. You have a choice whether to provide any information to us, except where this is necessary to fulfil any contract – such as in relation to the provision of our services (albeit recognising that such a decision may mean that we are unable to provide our services as you expect), or where we are required to do so by applicable law or a Government agency or law enforcement.
We assess and document our processing activities on an ongoing basis and update our records, accordingly; our approach seeks to ensure good data governance and compliance with our data protection obligations.
We maintain records of consent, where we rely on active consent for the processing of personal data, and will ensure processing is limited or ceases where such consent is withdrawn.
Why we Process your Personal Information
Our use of your personal information will at all times be in accordance with applicable data protection laws; we rely on the following grounds justifying our processing of personal data:
- Consent – explicit consent for us to do so.
- A Contract or Legal Obligation – to fulfil our obligations under an existing contract or other legal obligation, in certain circumstances our right to process this information will override your right to object to us doing so.
- Legitimate Interests – we may judge that we have legitimate grounds to process your personal information in certain ways and where that is the case, we will balance our own interests against your own or the relevant individual whose data is being processed, to ensure that the rights and interests of those individuals who interact with us are protected.
Where information is obtained through or as a result of your use of our Site, we use this information for the following purposes:
- To understand and appreciate your needs and requirements as a user of our site or our services generally;
- To keep in contact with you;
- For internal record keeping;
- To provide relevant information about our services or those that we may offer from time to time;
- To improve our products and services;
- For analysis in relation to the technical specification and user experience of our site, for the purposes of developing and improving our site and the services that we provide; and
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
Managing Your Preferences, including for Marketing
In addition, we may process your information for marketing purposes (including offers, promotions and updates in relation to our services, that we believe may be of interest to you) that relate to similar goods or services, either where you are or have been a user of our services or have made an enquiry about them previously or where you have given your explicit consent.
You have the right to manage your preferences in relation to the kinds of information that we collect and the manner in which your information is processed – you can update these preferences at any time through our site; you can also withdraw your consent, either as a whole or in relation to particular kinds of information or delivery methods. We encourage our users and clients to exercise these preferences so that they only receive the information that they wish from us and so that our use of their information is consistent with their own expectations.
You may ask us to erase information that we hold about you, except where there is some other reason requiring us to maintain the information, such as for insurance purposes, for example. We monitor and will also delete information and data that we hold, where we reasonably consider this no longer to be required.
If you have accepted the relevant cookies, we may collect, store and process non-personal information about you automatically as a result of your use of this site, such as the type of internet or mobile browser that you are using to gain access and any website from which you linked to us, but you cannot be identified from this information. We will only use such non-personal information to help provide an effective and more relevant website offering.
Under GDPR (which, in this Privacy Notice, means EU Data Protection Regulation 2016/679 and laws implementing or supplementing GDPR as the data protection or privacy laws of any other country), the nature of the processing that we undertake does not require us to appoint a formal Data Protection Officer (DPO); however, we may maintain equivalent standards and the nominated representative for the purposes of compliance with our data protection obligations is our Managing Director.
Technical and Organisational Measures and Security
The protection of our clients’ personal information is important to us and therefore we have and maintain appropriate technical and organisational measures to achieve these aims. These seek to protect personal information that we process from and against unauthorised or unlawful use, or accidental loss, damage or destruction and we review these measures, on a regular basis to ensure that they are appropriate.
These include encrypted access to our systems, only accessible by our personnel, utilising secure and regularly-updated passwords and access to and processing of information though our site, using secure HTTPS. We do not however process any bank or card details through our site; instead using an established third party provider to take payments online.
In relation to data security, you accept the risk that data transmitted to us through this site via electronic means may be intercepted before reaching us or may be accessed by unauthorised third parties, or exploited unlawfully. We do not assume any responsibility for guarding against the acts of third parties and shall not be liable for any direct, indirect or consequential losses or damages incurred or suffered as a result.
Sharing your Personal Information
We will never share your personal information with others for commercial gain or in ways that you would not reasonably expect of us.
Unless we have your explicit consent otherwise, we will only share your personal information where this is necessary to fulfil our contract with you or where we have a legal obligation to do so. You appreciate that in order to provide you with our services or to sell you our products, it may be necessary or more efficient for us to engage other businesses that provide complementary services, allowing us to fulfil your needs or where such other services are necessary for us to operate our business; examples, without limiting this description, may include IT and website backups, hosting providers, HR advice and consultancy, payroll and bookkeeping services, software and program providers, banking and financial provider and equipment suppliers.
In addition, we may process your information where we are required or permitted to do so under applicable law, where required to do so by any Government agency or law enforcement, where it is necessary in connection with the sale or potential sale of our business or where we conclude that we have and can show one or more legitimate interests for doing so.
If you are unhappy with the way in which we handle your information or any response from us, you may seek further guidance or file a complaint with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: 03031231113 (local rate); 01625 545745.
Linking to Other Sites
To add value to visitors’ experiences when using our site, we may provide links to other websites or resources for you to access at your sole discretion, but you agree that we shall not be responsible or liable to you in respect of the availability or content of, or consequences of you linking to, any such external site and you should review the privacy notices of those sites before proceeding; although we welcome links to this site, we shall be entitled to demand that such links are broken if we consider the content or nature of the linking site to be unsuitable or unprofessional, as we see fit.
Service Providers and Third Parties
We may on occasion have the need to transfer your data to suppliers located outside of the European Economic Area (EEA), including in the USA. We will only do so where the legal regimes of those territories outside of the EEA offer an equivalent standard of data protection to our own.
Where it is necessary to provide information to external service providers or partners in relation to services that they provide to us, in order to operate our business or to provide you with the services requested, we have adopted approved model data protection clauses in our arrangements with them, to ensure they meet the same high standards required in relation to the processing of your personal information under applicable data protection laws.
How long we Store Personal Data
We maintain the data that we collect in providing our services to clients, for certain periods of time that we have determined; after which such data will generally be erased or securely destroyed.
Your Rights and how to Exercise Them
You may request a copy of the information that we hold about you (known as a Subject Access Request). In addition, under the GDPR, you may exercise the following rights:
- A right of access to the information that we hold about you – as above.
- A right to have your information corrected if it is inaccurate or incomplete.
- A right to have information removed or deleted from our records and systems.
- A right to block us from processing your personal data or to limit the way(s) in which we can use it.
- A right of portability; to request that we move your personal information to someone else, in a machine- readable form.
Please contact us via a simple request, where you wish to exercise any of your above rights or if you wish to file a complaint about our collection, processing or use of your personal information.
Right to Object to Processing
Whatever justification we rely on, under GDPR you have a right to object to our processing of your personal information, unless we have a separate legal or regulatory obligation to do so, in which case our processing will only be limited to the extent to which we need to process your information. However, except for this, you may confirm your objection to the extent and kinds of processing being undertaken, by sending us a simple request, updating your preferences.
Disclosure of your Information
We only transmit data to third parties in very limited circumstances and never for the purposes of marketing or to ‘sell’ the data we hold. Certain information may be available to essential organisations upon whom we rely to run our business; our contractual terms with those third parties provide the assurances under Article 28 of GDPR that they will abide by the requirements of GDPR in processing data, to the extent that we require, on our behalf.
We will never sell, transfer or disclose personal data for commercial gain or for any purpose outside of that strictly necessary to run our business and provide our services.
Your Preferences about our use of your Personal Information
If we send you any information by way of marketing, this will be based on our having previously sold to you or responded to an enquiry for similar goods or services; all communications of this nature will include a simple means of unsubscribing. You may wish to update your preferences concerning what you receive and in what format that takes; to let us know about your preferences, to include if you wish to change them, please visit the relevant area of this Site or otherwise send us a simple request confirming those changes and we will update your preferences to reflect your wishes immediately.
Should you no longer wish to be contacted by us, please either confirm this in a simple request or by updating your preferences.
Retaining Personal Information
We will only keep your personal information for such period as we deem necessary to fulfil the purpose(s) for which it has been collected or in relation to legal obligations to which we are subject. We monitor and regularly delete information and data that we hold, where we reasonably consider this to be no longer required for any legitimate purpose.
Where we are able to fulfil a request to delete and erase your personal information, we will fulfil that request, unless there is some other obligation to which we are subject requiring us to retain your data, in which case we will retain it only for so long as is necessary to meet that other legal obligation.
Your Information and Keeping it Up-to-Date
You have the right to request details of the information that we hold about you. Should you wish to be provided with these details, please contact us with a simple request.
We wish to keep any information that we hold about you accurate and up to date and therefore please contact us if the information we hold about you needs updating.
If you have any questions or concerns regarding your privacy, or if you experience difficulties in accessing or viewing any site(s) operated by us, please contact us.
We value your feedback in relation to our online presence and therefore welcome any comments or feedback which you may have.
Changes to this Privacy Notice
We may change or modify this Privacy Notice at any time and we recommend that you check the latest version of this notice each time that you access the Site. The date of the most recent update will appear below. Any significant changes to this notice may be confirmed through direct communication with you, where we consider that such changes should specifically be brought to your attention.
This Privacy Notice was last updated on 18 May 2018.
We had a fantastic time on our visit to the factory last week and I’ve been telling all my teacher friends that Cheddar Chocolate Company will be the best school visit they’re ever organised. See you again in 2015!Donna Hodgson, St Margaret’s Primary School