Aunt Sandras Chocolate Workshop
Who we are?
Aunt Sandras is the trading name of Aunt Sandras Chocolate Workshop. For the purposes of
Data Protection Aunt Sandras Chocolate Workshop is the ‘controller’ of the information you provide to us. Our head office is located at 60 Castlereagh Road, Belfast, BT5 5FP.
What personal data do we collect?
Information you provide to us when you:
- complete a form on our Website;
- complete a survey;
- correspond with us by phone, e-mail, or in writing;
- report a problem;
- sign up to receive our communications;
- create an account with us;
- enter into a contract with us to receive products and/or services,
Information we collect about you
The information we may collect from you includes:
- Contact information (such as name, postal address, private and or business email address,
and telephone/mobile number)
- Business information (such as job title, department and name of organisation, company
registration number and vat number)
- Content you provide (current provider billing and contract details, business/personal
proofs, date of birth)
- Billing Information (such as Credit Card, Billing Address, Banking Details)
- Ammonise Cookies (such as pages visited, time on page, exit page, connection type). Please
Our landline phone calls are recorded for training and monitoring purposes and our recordings are
usually held for a period of six months.
We operate a CCTV system at Aunt Sandras Chocolate Workshop office premises for the detection and prevention of crime. It operates continuously and recordings are held for one month.
We may also take photographs at our events to use for general marketing and publicity.
How do we use your personal data
Contract delivery: we may use your personal date to fulfil your contract, or take steps linked to a
- to provide the products and/or services to you;
- to communicate with you in relation to the provision of the contracted products and
- to provide you with administrative support such as account creation, security, and
responding to issues and taking payments.
Legitimate Interests: where this is necessary for purposes which are in our, or third party
- Required by law to respond to request by government or law enforcement authorities, or
for the prevention of crime or fraud.
- Advise customers of service delivery issues and provide advice against telephony fraud
- Suppression Lists
- Direct Marketing -providing you with newsletters, surveys, information about our awards
and events, offers, and promotions, related to products and services which may be of
interest to you;
- Performing analytics on sales/marketing data, determining the effectiveness of
We may contact you by e-mail, phone, fax or mail, unless you have opted for us not to do so.
You have the right to opt out of the processing of your personal data on the basis of legitimate
interests and direct marketing, as set out below, under the heading Your rights.
Who do we share your personal data with?
We may share your personal data with trusted third parties including:
- service providers contracted to us in connection with provision of the products and services
- analytics and search engine providers that assist us in the improvement and optimisation of
- legal and other professional advisers, consultants, and professional experts;
We will ensure there is a contract in place with the categories of recipients listed above which
include obligations in relation to the confidentiality, security, and lawful processing of any personal
data shared with them.
Where a third party recipient is located outside the European Economic Area, we will ensure that
the transfer of personal data will be protected by appropriate safeguards, namely the use of
standard data protection clauses adopted or approved by the European Commission where the data
protection authority does not believe that the third country has adequate data protection laws.
We will share personal data with law enforcement or other authorities if required by applicable
We take all reasonable steps to ensure that our staff protect your personal data and are aware of
their information security obligations. We limit access to your personal data to those who have a
genuine business need to know it.
How long we will keep your personal data?
The time frame we keep information varies according to what it is used for. Unless there is a
specific legal requirement for us to keep information, we will retain your information for as long as
it is relevant and useful for the purpose for which it was collected.
Where do we store your personal data and how is it protected?
We take reasonable steps to protect your personal data from loss or destruction. We also have
procedures in place to deal with any suspected data security breach. We will notify you and any
applicable body of a suspected data security breach where we are legally required to do so.
Unfortunately we cannot guarantee the security of transmitting information via the internet or our
company website, and therefore have no responsibility or liability for the security of personal
Right to Access
You have the right to request a copy of the personal data that we hold by contacting us at the
email or postal address given below.
To help us to process your request you will need to provide the following information:
- Account Number(s)
- Telephone Number(s)
- Address; and
- Date and time (if requesting a call recording)
We will respond within 30 days of request. Please note that there are exceptions to this right. We
may be unable to make all information available to you if, for example, making the information
available to you would reveal personal data about another person, if we are legally prevented from
disclosing such information, or if your request is manifestly unfounded or excessive.
Right to rectification
We aim to keep your personal data accurate and complete. We encourage you to contact us using
the contact details provided below to let us know if any of your personal data is not accurate or
changes, so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal
data is no longer necessary for the purposes for which it’s collected, where you withdraw your
consent to processing, where there is no overriding legitimate interest for us to continue to process
your personal data, or your personal data has been unlawfully processed. If you would like to
request that your personal data is erased, please contact us using the contact details provided
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of
your personal data. This right arises where, for example, you have contested the accuracy of the
personal data we hold about you and we are verifying the information, you have objected to
processing based on legitimate interests and we are considering whether there are any overriding
legitimate interests, or the processing is unlawful and you elect that processing is restricted rather
than deleted. Please contact us using the contact details provided below.
Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided
to you, or to another data controller, in a commonly used, machine-readable format. This right
arises where you have provided your personal data to us, the processing is based on consent or the
performance of a contract, and processing is carried out by automated means. If you would like to
request that your personal data is ported to you, please contact us using the contact details
Right to object
In certain circumstances, you have the right to object to the processing of your personal data
where, for example, your personal data is being processed on the basis of legitimate interests and
there is no overriding legitimate interest for us to continue to process your personal data, or if your
data is being processed for direct marketing purposes. If you would like to object to the processing
of your personal data, please contact us using the contact details provided below.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with
your request due to an exception we will explain this to you in our response.
If you believe that your data protection rights may have been breached, and we have been unable
to resolve your concern, you may lodge a complaint with the applicable supervisory authority or to
seek a remedy via the ICO (www.ico.org.uk)
If your complaint is not about data protection, please see our general complaints policy.
If you have any queries about the Policy, or about exercising your rights including updating your
marketing preferences, please contact:
Aunt Sandras Chocolate Workshop
60 Castlereagh Road
We may change this policy without prior notice by updating this document. You should check this page regularly to view the latest version.