Privacy Policy

We collect several different types of information for various purposes to provide and improve our Service to you.

​

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personal identifiable information may include, but is not limited to:

• Email address

• First name and last name

• Phone number

• Address, postcode, city

 

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amounts of data that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.

 

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

​

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.

• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

• Security Cookies. We use Security Cookies for security purposes.

 

Usage Data

We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you browse our store, the website receives your computer’s internet protocol (IP) address in order to provide it with information that helps it learn about your browser and operating system.

​

Use of Data

Blackbirds Micro Bakery Limited uses the collected data for various purposes:

• To fulfil an order for goods or services

• To provide and maintain our Service

• To notify you about changes to our Service

• To allow you to participate in interactive features of our Service when you choose to do so

• To provide customer support

• To gather analysis or valuable information so that we can improve our Service

• To monitor the usage of our Service

• To detect, prevent and address technical issues

• To provide you with news, special offers, and general information about other goods, services, and events that we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

 

Use of Data for Automated Decision-Making

• Our payment processor,  Wix Payments/Stripe may use our customers’ personal data for automated risk and fraud scoring.

• The GDPR requires us to disclose when we (or our service providers) use information in connection with automated decision-making. Our payment processors use our customers’ personal information to block certain transactions that appear to be fraudulent through automated decision-making. 

 

Financial Data

• We do not currently take payments directly via our website, but link customers to our online store (https://openfoodnetwork.org.uk/blackbirds-micro-bakery/shop) on Open Food Network or to Etsy.com online marketplace. Once orders are placed and payments are made for goods or services, we receive personal data (as explained above) to allow us to fulfil the order but do not have access to any personal financial data.

• Open Food Network confirms that it uses SSL encryption (2048 bit RSA) everywhere to keep your shopping and payment information private. Their servers do not store your credit card details and payments are processed by PCI-compliant services, provided by Stripe. Stripe’s Privacy Policy can be viewed at https://stripe.com/en-gb/privacy

• See Etsy.com’s Privacy Policy at https://www.etsy.com/uk/legal/privacy/?ref=lis

• If preferred, customers can arrange to pay for goods and services by transferring money directly to us via online banking, with this method we do not receive details of your bank accounts or personal financial data.

​​

Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

• If you are from the European Economic Area (EEA), Blackbirds Micro Bakery Limited’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

• We may process your Personal Data because:

• We need to make a contract with you

• You have given us permission to do so

• The processing is in our legitimate interests and it is not overridden by your rights

• To comply with the law

 

Service Providers

• We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services, or to assist us in analysing how our Service is used.

• These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

 

Access to data collected by Third Party Service Providers​

• Our website https://www.blackbirdsmicrobakery.com is managed using software from the third-party service provider Wix (www.wix.com)

• From our website, there are links to our shop which is hosted on the Open Food Network. They provide us with an online e-commerce platform that allows us to sell our products and services to you and process your data if you buy through the platform. The payment provider, Stripe, processes credit/debit card data when you buy through our store.

• From our website, there are links to Etsy.com, the online marketplace. You can buy a selection of our products through Etsy on its website.

• Payments for any goods that are available directly from our website are processed by Wix payments/Stripe 

​​

Booking Platforms for Courses and Events

• We use the following booking platforms for Courses and Events:  

• Eventbrite https://www.eventbrite.co.uk

• Bread Angels http://www.breadangels.com

• These are Data Processors on behalf of Blackbirds Micro Bakery Limited, we are the Data Controller. We have access to data submitted to and stored on their websites through our dashboard with each service. Their privacy policies (including data requests) can be found on each of their individual websites.

• How we collect and store information from Third Party Service Providers

• Data entered onto our website via a contact form, orders placed via Open Food Network or Etsy or bookings made via a booking platform generate an email to nest@blackbirdsmicrobakery.com which we respond to and store in Google Mail as a record of our conversation, order, or delivery of service.

• Our website is backed up regularly and every 12 months we delete the website contact form database.

• Subscribers: when someone subscribes to our blog, their details, as supplied, are stored within our Google Drive and we can view this data via our dashboard. Each new blog published generates an email sent to the subscriber that has both ‘unsubscribe’ and ‘manage subscription’ links at the bottom of the email.

• Invoice/Accounting data is stored by a specialist accountancy software provider.

• In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

• However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

• For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

• In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

• As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

• Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

​​

Storage of Personal Data for customers purchasing Goods & Services

Blackbirds Micro Bakery Limited may sell at markets and run courses and events which are open to the public to book places on from time to time.

​​

Information is stored and protected in the following ways:

​

Market Customers

• Customers may access our services via the following ways:

• By attending our stalls, in which case we may not have any of their personal data. Card payments are processed by PCI-compliant third-party providers Stripe or Sum Up

• Through arrangement via Facebook, in which case we can only access personal data that customers have on their Facebook profiles or that they subsequently give us via Facebook Messenger. We do not store this information and our Facebook accounts are password protected.

• Through emails, which are stored in our password protected Google Mail account

• Course & Event Guests (customers)

• When booking a place, either via a booking platform or directly by email, personal data is stored as a record of bookings and contact details are retained to communicate with course guests.

• Course details and guest's information are stored on email and in a diary appointment, both are stored on Google Drive/Mail and are password protected. They can only be accessed by the business owners and are accessible on iPhone, iPad, and laptop.

• Periodically, after the course has taken place, names and email addresses are added to a spreadsheet, securely stored on Google Drive, as a record of participants.

• Use of Personal Data from Customers

​​

Emails:

• We predominantly use personal data to contact customers and course participants by email.

• We receive an initial email, either direct from the customer or via a third-party Service Provider, see above. We keep all emails as a record of our conversation, order or service provided.

• We email directly from nest@blackbirdsmicrobakery.com

• We send general newsletters using MailChimp https://mailchimp.com their privacy policy can be found here: https://mailchimp.com/legal/privacy

• Using data from course bookings:

• We receive an email of your details when you book into a course, either directly or via a third-party service provider, we can also access your booking via our account with the booking platform, allowing us to contact you directly regarding your booking, we do not pass this data on to anyone else.

• We use your data to send emails regarding your course, for example, Confirmation of Booking, Reminder of your course this week, Thank you for coming.

​

Retention of Data

• Blackbirds Microbakery Limited will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

• We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

​​

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United Kingdom and process it here.

 

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. Blackbirds Micro Bakery Limited will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.​