Privacy Policy

Charlotte’s Sourdough values your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use, and protect your personal data when you use our website and services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We collect and process the following types of personal data:

  • Identity Data: Includes your name, title, and other identifiers.
  • Contact Data: Includes your billing and delivery address, email address, and phone number.
  • Transaction Data: Includes details of the payments you make and the orders you place with us.
  • Technical Data: Includes your IP address, browser type, operating system, and other technical details collected through cookies for website performance and security.
  • Communication Data: Includes any messages or feedback you send to us, such as customer service inquiries or complaints.

We only collect the data that is necessary to fulfill the purposes stated in this notice.

2. How We Use Your Data

We use your personal data for the following purposes:

  1. Processing Orders: To manage your orders, including processing payments, delivering products, and handling returns or exchanges.
  2. Customer Support: To respond to your questions, comments, or complaints and provide support during your experience with us.
  3. Legal Compliance: To fulfill any legal obligations, such as financial record-keeping or tax compliance.
  4. Marketing and Communications: If you have opted in, we may use your data to send promotional emails or newsletters. We will always provide an option to unsubscribe from marketing communications.

3. Legal Basis for Processing Your Data

We process your personal data on the following legal bases:

  • Contractual Necessity: We process your data to fulfill our contractual obligations, such as processing orders, making deliveries, and handling returns.
  • Legitimate Interests: We may use your data to improve our website, services, and customer experience, as well as ensure website security and fraud prevention.
  • Legal Obligation: We may need to process your data to comply with legal or regulatory obligations (such as maintaining financial records for tax purposes).
  • Consent: For marketing communications, we will request your explicit consent before sending promotional content (e.g., email newsletters). You can withdraw consent at any time.

4. Data Sharing

We may share your personal data with the following third parties to fulfill the purposes described in this Privacy Notice:

  • Payment Processors: To securely process payments made through our website.
  • Delivery Partners: To ensure your orders are delivered to the correct address.
  • Legal and Regulatory Authorities: If required to comply with legal obligations or regulations (e.g., in response to a court order or regulatory investigation).

We will never sell your personal data to third parties.

5. International Transfers

We do not transfer your personal data outside the UK or the European Economic Area (EEA). If such transfers are necessary in the future (e.g., if we engage with third-party service providers outside the EEA), we will ensure that adequate safeguards are in place to protect your data, such as Standard Contractual Clauses (SCCs) or other legal mechanisms in line with GDPR requirements.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice or as required by law. For example:

  • Financial records related to transactions (e.g., invoices, payments) will be retained for 6 years to comply with tax and accounting laws.
  • Customer service data, such as queries and complaints, will be retained for as long as necessary to resolve your inquiry.

Once the data is no longer needed, we will securely delete or anonymize it.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access: You can request a copy of your personal data that we hold.
  • Correction: You can ask us to update or correct any inaccurate or incomplete data.
  • Erasure: You can request the deletion of your personal data, subject to certain legal exceptions.
  • Restriction of Processing: You can ask us to restrict or stop processing your personal data in certain circumstances.
  • Objection to Processing: You can object to the processing of your data based on legitimate interests or for direct marketing purposes.
  • Data Portability: You can request your personal data in a structured, commonly used format, and transfer it to another data controller.
  • Withdraw Consent: If we are processing your data based on your consent, you can withdraw it at any time, without affecting the lawfulness of processing before your withdrawal.

To exercise these rights, please contact us at: charlotte@charlottessourdough.co.uk

If you believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO)https://ico.org.uk/

8. Cookies

Our website uses cookies to improve functionality, enhance user experience, and analyze site traffic. For more information on how we use cookies, please see our [Cookie Policy].

9. Contact Us

If you have any questions or concerns about how we handle your personal data, or if you wish to exercise your rights, please contact us at: