Charlotte Flower Chocolates,
The Old Schoolhouse, Acharn, Aberfeldy, PH15 2HS
What we do with your data
We collect a small amount of data from you to enable us to process your orders for chocolate deliveries and services. The type of information we need is:
Your name, contact telephone and/or email, the addressee and postal address for delivery, any dietary/allergy issues (if necessary), the message to be included in the package, the chocolate order itself.
We are committed to protecting this information. The data comes to us in a number of ways – through the online shop, ‘in person’ (by email, phone, face to face and by letter). We do not make this information public and do not share it with anyone else. The data is stored in a number of formats and places, and is managed differently accordingly:
- Online shop: the shop is hosted on the Big Commerce Platform. This is a USA based organisation, and in recognition that it is handling data of EU based businesses and citizens, has committed to compliance with all GDPR regulations required of an organisation of its type https://www.bigcommerce.com/privacy . We are unable to delete information from this platform ourselves, and would need to contact Big Commerce to undertake that. We keep a printed copy of each order (to facilitate planning of production, as well as to record the batch details of chocolates delivered and the date and method of dispatch). We keep these printed records for 12 months, in case of dispute or product recall for any reason, and then destroy them.
- Email: if you have made your order by email, once all details are confirmed we print them as a hard copy (to facilitate planning of production, as well as to record the batch details of chocolates delivered and the date and method of dispatch). We keep these printed records for 12 months, in case of dispute or product recall for any reason; at the end of this time printed records are destroyed and email records deleted.
- Phone, letter, face to face: if you made your order over the phone, by letter or personally with us, the process is similar to that of email. Once all the details are confirmed we produce a paper copy of it with all relevant details. We keep these printed records for 12 months, in case of dispute or product recall for any reason, and then destroy them.
We do not collect or keep any of your financial details. If you paid us through Paypal, they will hold the finance details, and they are governed by the GDPR regulations (https://www.paypal.com/uk/webapps/mpp/ua/privacy-full ). If you are not happy using Paypal, we also take payment through BACs, cheque and cash.
If you would like an invoice, either as an individual or an organisation, we keep a printed copy of that invoice in our Financial Records, for a minimum of 7 years (in compliance with standard accounting practice). The data recorded will be name, address and order details.
Keeping in touch
If you would like to hear from us about new flavours, new products, events that we will be at, there are a number of ways you can do this. We use Facebook, Twitter, Instagram and Blogger platforms to post information about what we are doing. When you sign up to these, you are agreeing to their terms and conditions. We also have a website, and you can subscribe to our e-newsletter. We use MailChimp for the newsletter; this is a USA based organisation, and in recognition that it is handling data of EU based businesses and citizens, has committed to compliance with all GDPR regulations required of an organisation of its type https://mailchimp.com/legal/privacy.
We do not collect personal data from any other sources, nor do we share the data we have with any other individuals or organisations.
If you would like us to delete or amend any of the personal data that we hold on you, we will do so, unless it compromises the reasonable delivery of our business commitments in any way (health and safety, accountancy).
If you are not happy with our response.
If you do not think that we are abiding by our policy or the regulations, we would urge you in the first instance to contact us directly; Charlotte Flower is the person within the organisation who holds the responsibility for Data Protection. If however, this does not resolve the issue to your satisfaction, then the next step would be to contact the ICO.
Clarity of information
Personal data collected over the phone, by letter and face to face (for example in an order book at a market) is covered by the same policy, and this information will be offered at the point of collection.
Changes to the information
We regularly review and, where necessary, update our privacy information.
If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.
We use a number of third party partners in delivering services to you
- Paypal (for taking payment),
- BigCommerce (for the online shop),
- Inspire (host the website),
- MailChimp (for e newsletter), and
- Social media platforms: Facebook, Twitter, Instagram and Blogger
It is possible to turn some of these off if you would wish to, but by doing so it might affect the functionality of the service provided by our Third Party partners. Each of the sites will indicate how to turn off the relevant cookies
Last update: May 2018