Privacy Policy

Blackbirds Micro Bakery Limited (“us”, “we”, or “our”) operates the www.blackbirdsmicrobakery.com website (the “Service”).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from www.blackbirdsmicrobakery.com

Definitions

Service

Service is the www.blackbirdsmicrobakery.com website 

Personal Data

Personal Data means data about a living individual who can be identified from that data (or from that and other information either in our possession or likely to come into our possession).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies

Cookies are small pieces of data stored on your device (computer or mobile device).

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

We may use the services of various Service Providers in order to process your data more effectively.

Data Subject (or User)

Data Subject is any living individual who is using our Service and is the subject of Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personal identifiable information may include, but is not limited to:

  • Email address

  • First name and last name

  • Phone number

  • Address, postcode, city

 

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amounts of data that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.

 

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.

  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

  • Security Cookies. We use Security Cookies for security purposes.

 
Usage Data

We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you browse our store, the website receives your computer’s internet protocol (IP) address in order to provide it with information that helps it learn about your browser and operating system.

Use of Data

Blackbirds Micro Bakery Limited uses the collected data for various purposes:

  • To fulfil an order for goods or services

  • To provide and maintain our Service

  • To notify you about changes to our Service

  • To allow you to participate in interactive features of our Service when you choose to do so

  • To provide customer support

  • To gather analysis or valuable information so that we can improve our Service

  • To monitor the usage of our Service

  • To detect, prevent and address technical issues

  • To provide you with news, special offers, and general information about other goods, services, and events that we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

 
Use of Data for Automated Decision-Making
  • Our payment processor,  Wix Payments/Stripe may use our customers’ personal data for automated risk and fraud scoring.

  • The GDPR requires us to disclose when we (or our service providers) use information in connection with automated decision-making. Our payment processors use our customers’ personal information to block certain transactions that appear to be fraudulent through automated decision-making. 

 

Financial Data

  • We do not currently take payments directly via our website, but link customers to our online store (https://openfoodnetwork.org.uk/blackbirds-micro-bakery/shop) on Open Food Network or to Etsy.com online marketplace. Once orders are placed and payments are made for goods or services, we receive personal data (as explained above) to allow us to fulfil the order but do not have access to any personal financial data.

  • Open Food Network confirms that it uses SSL encryption (2048 bit RSA) everywhere to keep your shopping and payment information private. Their servers do not store your credit card details and payments are processed by PCI-compliant services, provided by Stripe. Stripe’s Privacy Policy can be viewed at https://stripe.com/en-gb/privacy

  • See Etsy.com’s Privacy Policy at https://www.etsy.com/uk/legal/privacy/?ref=lis

  • If preferred, customers can arrange to pay for goods and services by transferring money directly to us via online banking, with this method we do not receive details of your bank accounts or personal financial data.

Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)
  • If you are from the European Economic Area (EEA), Blackbirds Micro Bakery Limited’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

  • We may process your Personal Data because:

  • We need to make a contract with you

  • You have given us permission to do so

  • The processing is in our legitimate interests and it is not overridden by your rights

  • To comply with the law

 
Service Providers
  • We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services, or to assist us in analysing how our Service is used.

  • These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

 

Access to data collected by Third Party Service Providers

  • Our website https://www.blackbirdsmicrobakery.com is managed using software from the third-party service provider Wix (www.wix.com)

  • From our website, there are links to our shop which is hosted on the Open Food Network. They provide us with an online e-commerce platform that allows us to sell our products and services to you and process your data if you buy through the platform. The payment provider, Stripe, processes credit/debit card data when you buy through our store.

  • From our website, there are links to Etsy.com, the online marketplace. You can buy a selection of our products through Etsy on its website.

  • Payments for any goods that are available directly from our website are processed by Wix payments/Stripe 

Booking Platforms for Courses and Events
  • We use the following booking platforms for Courses and Events:  

  • Eventbrite https://www.eventbrite.co.uk

  • Bread Angels http://www.breadangels.com

  • These are Data Processors on behalf of Blackbirds Micro Bakery Limited, we are the Data Controller. We have access to data submitted to and stored on their websites through our dashboard with each service. Their privacy policies (including data requests) can be found on each of their individual websites.

  • How we collect and store information from Third Party Service Providers

  • Data entered onto our website via a contact form, orders placed via Open Food Network or Etsy or bookings made via a booking platform generate an email to nest@blackbirdsmicrobakery.com which we respond to and store in Google Mail as a record of our conversation, order, or delivery of service.

  • Our website is backed up regularly and every 12 months we delete the website contact form database.

  • Subscribers: when someone subscribes to our blog, their details, as supplied, are stored within our Google Drive and we can view this data via our dashboard. Each new blog published generates an email sent to the subscriber that has both ‘unsubscribe’ and ‘manage subscription’ links at the bottom of the email.

  • Invoice/Accounting data is stored by a specialist accountancy software provider.

  • In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

  • However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

  • For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

  • In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

  • As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

  • Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Storage of Personal Data for customers purchasing Goods & Services

Blackbirds Micro Bakery Limited may sell at markets and run courses and events which are open to the public to book places on from time to time.

Information is stored and protected in the following ways:

Market Customers

  • Customers may access our services via the following ways:

  • By attending our stalls, in which case we may not have any of their personal data. Card payments are processed by PCI-compliant third-party providers Stripe or Sum Up

  • Through arrangement via Facebook, in which case we can only access personal data that customers have on their Facebook profiles or that they subsequently give us via Facebook Messenger. We do not store this information and our Facebook accounts are password protected.

  • Through emails, which are stored in our password protected Google Mail account

  • Course & Event Guests (customers)

  • When booking a place, either via a booking platform or directly by email, personal data is stored as a record of bookings and contact details are retained to communicate with course guests.

  • Course details and guest's information are stored on email and in a diary appointment, both are stored on Google Drive/Mail and are password protected. They can only be accessed by the business owners and are accessible on iPhone, iPad, and laptop.

  • Periodically, after the course has taken place, names and email addresses are added to a spreadsheet, securely stored on Google Drive, as a record of participants.

  • Use of Personal Data from Customers

Emails:

  • We predominantly use personal data to contact customers and course participants by email.

  • We receive an initial email, either direct from the customer or via a third-party Service Provider, see above. We keep all emails as a record of our conversation, order or service provided.

  • We email directly from nest@blackbirdsmicrobakery.com

  • We send general newsletters using MailChimp https://mailchimp.com their privacy policy can be found here: https://mailchimp.com/legal/privacy

  • Using data from course bookings:

  • We receive an email of your details when you book into a course, either directly or via a third-party service provider, we can also access your booking via our account with the booking platform, allowing us to contact you directly regarding your booking, we do not pass this data on to anyone else.

  • We use your data to send emails regarding your course, for example, Confirmation of Booking, Reminder of your course this week, Thank you for coming.

Retention of Data
  • Blackbirds Microbakery Limited will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

  • We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United Kingdom and process it here.

 

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. Blackbirds Micro Bakery Limited will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.​

Disclosure of Data

Disclosure for Law Enforcement

Under certain circumstances, We may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

We may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation

  • To protect and defend the rights or property of Blackbirds Micro Bakery Limited

  • To prevent or investigate possible wrongdoing in connection with the Service

  • To protect the personal safety of users of the Service or the public

  • To protect against legal liability

Security of Data
  • The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Data Protection Rights Under General Data Protection Regulation (GDPR)
  • If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

  • If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

  • In certain circumstances, you have the following data protection rights:

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

  • The right to object. You have the right to object to our processing of your Personal Data.

  • The right of restriction. You have the right to request that we restrict the processing of your personal information.

  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.

  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

  • Please note that we may ask you to verify your identity before responding to such requests.

  • You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children's Privacy

Whilst we organise courses and activities for children, it is always through an arrangement with their parents, guardians or school. We do not contact anyone under the age of 18 directly. 

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. This policy was last updated on 1 January 2022. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If our business is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: nest@blackbirdsmicrobakery.com

By visiting this page on our website: https://www.blackbirdsmicrobakery.com