Aunt Sandras Chocolate Workshop

Our Privacy Policy aims to provide you with information on how we collect, use and store your

personal information.

Who we are?

Aunt Sandras is the trading name of Aunt Sandras Chocolate Workshop. For the purposes of

Data Protection Aunt Sandras Chocolate Workshop is the ‘controller’ of the information you provide to us. Our head office is located at 60 Castlereagh Road, Belfast, BT5 5FP.

What personal data do we collect?

Information you provide to us when you:

  • complete a form on our Website;
  • complete a survey;
  • correspond with us by phone, e-mail, or in writing;
  • report a problem;
  • sign up to receive our communications;
  • create an account with us;
  • enter into a contract with us to receive products and/or services,

Information we collect about you

The information we may collect from you includes:

  • Contact information (such as name, postal address, private and or business email address,

and telephone/mobile number)

  • Business information (such as job title, department and name of organisation, company

registration number and vat number)

  • Content you provide (current provider billing and contract details, business/personal

proofs, date of birth)

  • Billing Information (such as Credit Card, Billing Address, Banking Details)
  • Ammonise Cookies (such as pages visited, time on page, exit page, connection type). Please

see our cookie policy for more information.

Our landline phone calls are recorded for training and monitoring purposes and our recordings are

usually held for a period of six months.

We operate a CCTV system at Aunt Sandras Chocolate Workshop office premises for the detection and prevention of crime. It operates continuously and recordings are held for one month.

We may also take photographs at our events to use for general marketing and publicity.

How do we use your personal data

Contract delivery: we may use your personal date to fulfil your contract, or take steps linked to a

contract.

  • to provide the products and/or services to you;
  • to communicate with you in relation to the provision of the contracted products and

services;

  • to provide you with administrative support such as account creation, security, and

responding to issues and taking payments.

Legitimate Interests: where this is necessary for purposes which are in our, or third party

legitimate interest

  • Required by law to respond to request by government or law enforcement authorities, or

for the prevention of crime or fraud.

  • Advise customers of service delivery issues and provide advice against telephony fraud

prevention.

  • Suppression Lists
  • Direct Marketing -providing you with newsletters, surveys, information about our awards

and events, offers, and promotions, related to products and services which may be of

interest to you;

  • Performing analytics on sales/marketing data, determining the effectiveness of

promotional campaigns.

We may contact you by e-mail, phone, fax or mail, unless you have opted for us not to do so.

You have the right to opt out of the processing of your personal data on the basis of legitimate

interests and direct marketing, as set out below, under the heading Your rights.

Who do we share your personal data with?

We may share your personal data with trusted third parties including:

  • service providers contracted to us in connection with provision of the products and services
  • analytics and search engine providers that assist us in the improvement and optimisation of

our Website.

  • legal and other professional advisers, consultants, and professional experts;

We will ensure there is a contract in place with the categories of recipients listed above which

include obligations in relation to the confidentiality, security, and lawful processing of any personal

data shared with them.

Where a third party recipient is located outside the European Economic Area, we will ensure that

the transfer of personal data will be protected by appropriate safeguards, namely the use of

standard data protection clauses adopted or approved by the European Commission where the data

protection authority does not believe that the third country has adequate data protection laws.

We will share personal data with law enforcement or other authorities if required by applicable

law.

We take all reasonable steps to ensure that our staff protect your personal data and are aware of

their information security obligations. We limit access to your personal data to those who have a

genuine business need to know it.

How long we will keep your personal data?

The time frame we keep information varies according to what it is used for. Unless there is a

specific legal requirement for us to keep information, we will retain your information for as long as

it is relevant and useful for the purpose for which it was collected.

Where do we store your personal data and how is it protected?

We take reasonable steps to protect your personal data from loss or destruction. We also have

procedures in place to deal with any suspected data security breach. We will notify you and any

applicable body of a suspected data security breach where we are legally required to do so.

Unfortunately we cannot guarantee the security of transmitting information via the internet or our

company website, and therefore have no responsibility or liability for the security of personal

information transmitted.

Your Rights

Right to Access

You have the right to request a copy of the personal data that we hold by contacting us at the

email or postal address given below.

To help us to process your request you will need to provide the following information:

  • Account Number(s)
  • Telephone Number(s)
  • Address; and
  • Date and time (if requesting a call recording)

We will respond within 30 days of request. Please note that there are exceptions to this right. We

may be unable to make all information available to you if, for example, making the information

available to you would reveal personal data about another person, if we are legally prevented from

disclosing such information, or if your request is manifestly unfounded or excessive.

Right to rectification

We aim to keep your personal data accurate and complete. We encourage you to contact us using

the contact details provided below to let us know if any of your personal data is not accurate or

changes, so that we can keep your personal data up-to-date.

Right to erasure

You have the right to request the deletion of your personal data where, for example, the personal

data is no longer necessary for the purposes for which it’s collected, where you withdraw your

consent to processing, where there is no overriding legitimate interest for us to continue to process

your personal data, or your personal data has been unlawfully processed. If you would like to

request that your personal data is erased, please contact us using the contact details provided

below.

Right to restrict processing

In certain circumstances, you have the right to request that we restrict the further processing of

your personal data. This right arises where, for example, you have contested the accuracy of the

personal data we hold about you and we are verifying the information, you have objected to

processing based on legitimate interests and we are considering whether there are any overriding

legitimate interests, or the processing is unlawful and you elect that processing is restricted rather

than deleted. Please contact us using the contact details provided below.

Right to data portability

In certain circumstances, you have the right to request that some of your personal data is provided

to you, or to another data controller, in a commonly used, machine-readable format. This right

arises where you have provided your personal data to us, the processing is based on consent or the

performance of a contract, and processing is carried out by automated means. If you would like to

request that your personal data is ported to you, please contact us using the contact details

provided below.

Right to object

In certain circumstances, you have the right to object to the processing of your personal data

where, for example, your personal data is being processed on the basis of legitimate interests and

there is no overriding legitimate interest for us to continue to process your personal data, or if your

data is being processed for direct marketing purposes. If you would like to object to the processing

of your personal data, please contact us using the contact details provided below.

Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with

your request due to an exception we will explain this to you in our response.

Complaints

If you believe that your data protection rights may have been breached, and we have been unable

to resolve your concern, you may lodge a complaint with the applicable supervisory authority or to

seek a remedy via the ICO (www.ico.org.uk)

If your complaint is not about data protection, please see our general complaints policy.

Contact

If you have any queries about the Policy, or about exercising your rights including updating your

marketing preferences, please contact:

Data Control

Aunt Sandras Chocolate Workshop

60 Castlereagh Road

Belfast

BT5 5FP

hello@auntsandras.com

We may change this policy without prior notice by updating this document. You should check this page regularly to view the latest version.

Privacy Policy Version 1 Issue 3rd May 2018