We are committed to safeguarding the privacy of French Made website visitors and our customers. Data protection is of high priority for us at French Made. We like our data safe and we do our bit to keep yours safe too!
We gather, request and process your personal data as necessary to run our business (we need to know who you are and how to contact you), sell you our products (cakes), and provide services (cake design, delivery, set up and styling), and marketing campaigns to you (like customised promo ads)
a) Personal data
Personal data means any information that can be used on its own or with other information to identify, contact, or locate a single person (data subject), or to identify an individual in context.
b) Data subject
Data subject is any identified or identifiable person, whose personal data is processed by the controller responsible for the processing (e.g. you).
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,dissemination or otherwise making available, alignment or combination,restriction, erasure or destruction.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a person, in particular to analyse or predict aspects concerning that person's demographic, preferences, interests, reliability, behaviour, location or movements etc.
(e.g. we may like to see how many women vs men visit our website and in what location)
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable person. (e.g. use of initials or first names only in relation to data storage)
Processor is a person, public authority, agency or other body, which processes personal data on behalf of the controller.
Recipient is a person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
h) Third party
Third party is a person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
10 Barnes court, Durham avenue, Woodford IG8 7NJ
a) In this policy, ‘” controller”, “we”, “us” and “our”refer to French Made
3. Collection of general data and processing information
We may collect your personal data via your use of our
b) contact form
c) comment function on website blog
d) booking form and questionnaires
e) direct enquiries via email client, social media channels and telephone calls.
f) payment and invoicing systems
a) The website
French Made website is created through site builder Wix.com
b) Contact form
The data subject has the possibility to contact French Made through the website. A number of personal data are transmitted to the controller and personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes. The enquiry form is linked to controller’s client 123 form builderwho are GDPR compliant where personal data entered in the enquiry/contact form are received. A copy of this data is sent to French Made’s email address hosted in G Suite(GDPR compliant).
The legal basis for this processing is consent, as the data entered is used to provide information about our availability and services.
The controller may transfer data to one or more processors (e.g. a parcel service to send sample boxes ) that also use personal data for an internal purpose, to fulfil contracted services. If you do not end up getting into a contract with French Made we will delete your details 6-12 months from the enquiry. We keep your details in case of changes and possibility of booking our services at later date.
c) Comments function in the blog on the website
French Made offers users the possibility to leave individual comments on individual blog articles on a blog, which is on the website of the controller. If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user's (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defence of the data controller.
d) Booking form and questionnaires
We may process your personal data that is provided through an agreement (contract) to use our services (“service data”). The service data may include your name, contact telephone number and email address and optionally your social media user names. The service data may be processed for the purposes of providing our services, maintaining back-ups of our databases and communicating with you.
We may share some of your personal data with French Made’ associates (e.g. Freelancers we occasional employ) to fulfil contractual work.
The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process information that you provide for publication on our website or social media (“publication data”). The publication data may be processed for the purposes of enabling such publication and marketing our website and services. The legal basis for this processing is consent.
e) Direct enquiries via email client, social media channels and telephone calls.
French Made will process data gathered through direct enquiries manually via email. The control of data privacy of social media channels where the data subject opts to use to share their personal information lies within each of the channels and data subject is referred to relevant policies.
f) Payment and Invoicing systems
We may process information relating to transactions, including purchases of goods and services, that you enter into with us (“transaction data”). The transaction data may include your contact details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions for fiscal purposes. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
We do not collect or store any credit card or bank account details. Bank Transfers or PayPal (secure money transfer services) are connected to pay for our goods
4. Legal and Insurance
We may process any of your personal data identified in this policy Section 3. where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. International transfers of your personal data
Your personal data may be transferred to countries outside the European Economic Area (EEA) in these instances:
a) The hosting facilities for our website are managed by Wix.com
b) Online gallery image storage via Wix.com
c) You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use or misuse of such personal data by others.
6. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage. Client data may be stored for up to 6 years for fiscal purposes.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
7. Information security
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures to guard against unauthorised access to systems where we store personal data. Our client management system, email client, image galleries, newsletter agent and other systems we may use to store and process data are GDPR compliant and require security passwords to access. Our computers and smartphone that are used to log in to relevant systems are password, PIN or fingerprint protected.
8. Retention and deletion of personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
a) Invoices, transaction data, contact and contract details will be retained for a maximum period of 6 years (statute of limitations) following final delivery of services
b) Planning information, event details and customer notes will be kept for a minimum of one year and a maximum of two years
c) We may also retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We will notify you of significant changes to this policy by email or through newsletter.
10. Your rights
We have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
a) the right to access;
b) the right to rectification;
c) the right to erasure;
d) the right to restrict processing;
e) the right to object to processing;
f) the right to data portability;
g) the right to complain to a supervisory authority; and
h) the right to withdraw consent.
a) You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the right sand freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can request your personal data by contacting us.
b) You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing to have any incomplete personal data about you completed.
c) In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
d) In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
e) You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes including profiling for direct marketing purposes. If you make such an objection, we will cease to process your personal data for this purpose.
f) You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
g) If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
h) To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us.
11. Managing cookies
Most browsers allow you to refuse to accept, change settings of cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.
Blocking all cookies will have a negative impact upon the usability of many websites.
12. Data protection provisions about the application and use of Facebook
On this website, the controller has integrated components of Facebook (comment and sharing function).
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook.
13. Data protection provisions about the application and use of Google+
On this website, the controller has integrated the Google+ button as a component (comment and sharing function).
Further information and the data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/. More references from Google about the Google+ 1 button may be obtained under https://developers.google.com/+/web/buttons-policy.
14. Data protection provisions about the application and use of Instagram
On this website, the controller has integrated components of the service Instagram (sharing button).
15. Data protection provisions about the application and use of Pinterest
On this website, the controller has integrated components of Pinterest Inc (sharing button, PIN IT feature).
The data protection guideline published by Pinterest, which is available under https://about.pinterest.com/privacy-policy, provides information on the collection, processing and use of personal data by Pinterest.
16. Data protection provisions about the application and use of Twitter
On this website, the controller has integrated components of Twitter(sharing button).
The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.
17. Data protection provisions about the application and use of YouTube
On this website, the controller has integrated components of YouTube.
YouTube's data protection provisions, available a thttps://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
18. Existence of automated decision-making
As a responsible company, we do not use automatic decision-making.
As the controller, French Made has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed.
You can contact us:
· By post, to the postal address given above.
· Using our website contact form.
· By email: firstname.lastname@example.org