Privacy Policy

1. Information We Collect

We collect various types of information when you interact with Penny & Thyme Bakehouse, including:

• Personal Identifiable Information (PII): This includes your name, email address, phone number, and postal address when you place an order, make a reservation, subscribe to our newsletter, or contact us directly.
• Transactional Data: Details about products and services you have purchased from us, payment information (though we do not store full credit card details on our servers, relying on secure payment gateways), and order history.
• Technical Data: Information about how you access and use our website, such as your IP address, browser type, operating system, and pages viewed. This helps us improve our website and services.
• Communication Data: Records of communications you have with us, including emails and customer service interactions.

We collect this information through direct interactions (e.g., when you fill out forms), automated technologies (e.g., cookies), and third-party sources (e.g., social media if you interact with us there).

2. How We Use Your Information

We use the information we collect for various purposes, including:

• To Provide Services: Fulfilling orders, managing reservations, processing payments, and providing customer support.
• To Improve Our Offerings: Analyzing website usage, gathering feedback, and developing new products and services to enhance your experience.
• For Marketing & Communication: Sending newsletters, promotions, and updates if you have opted in. You can opt out at any time.
• For Security & Legal Compliance: Protecting our business and customers from fraud, complying with legal obligations, and enforcing our terms and conditions.

We only use your personal data when the law allows us to. Most commonly, we will use your personal data where we need to perform the contract we are about to enter into or have entered into with you, or where it is necessary for our legitimate interests (and your interests and fundamental rights do not override those interests).

3. Sharing Your Information

We do not sell, trade, or otherwise transfer your Personal Identifiable Information to outside parties except in the following circumstances:

• Service Providers: We may share data with trusted third-party service providers who assist us in operating our website, conducting our business, or serving you (e.g., payment processors, delivery services, IT support), provided that these parties agree to keep this information confidential.
• Legal Requirements: We may disclose your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as part of the transaction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

4. Data Security

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. These measures include:

• Encryption: Sensitive information (like payment data) is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers' database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
• Access Control: We restrict access to personal data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
• Regular Audits: We regularly review our security practices to ensure they are up-to-date and effective.

While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. No method of transmission over the Internet, or method of electronic storage, is 100% secure.

5. Your Data Protection Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Right to withdraw consent.

If you wish to exercise any of these rights, please contact us at hello@pennyandthyme.co.uk. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

6. Third-Party Links

Our website may contain links to third-party websites. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.