In order to comply with the General Data Protection Regulation (GDPR) that comes into effect across the European Union on May 25th, we at Enjoy Raw Chocolate Limited have adopted this Privacy and Data Protection Policy.
This policy sets out how we ensure that your personal data is processed lawfully and appropriately, in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
We take our data protection duties seriously, because we respect your privacy. We will not sell or otherwise transfer your personal data to third parties for marketing purposes without your explicit consent.
2. About this Policy
We are responsible for ensuring compliance with the Data Protection Requirements and with this policy during our processing of your personal data. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance
Our postal address: Data Protection Officer, Enjoy Raw Chocolate, Unit 106 The Commercial Centre, Picket Piece, Andover SP11 8LS
You also have the right to complain to the Information Commissioner’s Office: www.ico.org.uk
3. What is Personal Data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in the holder’s possession).
Processing is any activity that involves use of personal data. It includes obtaining, recording, holding or transferring data; organising, amending, retrieving, using, disclosing, erasing or destroying it.
4. Data Protection Principles
As your data controller, we will ensure that your personal data is:
Processed by or for us fairly, lawfully and in a transparent manner
Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose
Adequate, relevant and limited to what is necessary for the intended purposes
Accurate and, where necessary, kept up to date
Kept in a form which permits identification for no longer than necessary for the intended purposes
Processed in line with the data subject’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Not transferred to people or organisations situated in countries without adequate protection and without firstly having advised the data subject.
5. Fair and Lawful Processing
The Data Protection Requirements are not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject.
In accordance with the Data Protection Requirements, we will only process personal data where it is required for the following lawful purposes: where the processing is necessary for performing a contract with the data subject, for compliance with a legal obligation, in the legitimate interests of the business, or where the data subject has given their consent.
Where we are relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the Contact Details above.
6. Accurate Data
We will ensure that personal data we hold is accurate and kept up to date. We will take all reasonable steps to amend or destroy inaccurate or out-of-date data.
7. Timely Processing
We will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
8. Processing in line with Data Subject’s Rights
We will process all personal data in line with data subject’s rights. In particular their rights to:
- Confirmation as to whether or not personal data concerning them is being processed
- Request access to any personal data held about them
- Request rectification, erasure or restriction on processing of their personal data
- Lodge a complaint with a supervisory authority
- Data portability
- Object to processing, including for direct marketing
- Not be subject to automated decision making including profiling in certain circumstances.
9. Data Security
We take appropriate and adequate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
Wherever possible, we will store all personal data inside the European Economic Area (EEA). If, at any time, that data is transferred outside the EEA, we will ensure that exactly the same provisions on data security and processing are applied to it.
10. Changes to this Policy
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.