(Because we are used to keeping secrets secret).
Privacy & Cookies
Internet Privacy and Cookies Policy
Grasmere Gingerbread®, The Gingerbread Shop, Church Cottage, Grasmere, Cumbria LA22 9SW, UK. Tel: (015394) 35428.
Information That We Collect
In running and maintaining our website we may collect and process the following data about you:
- Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data;
- Information provided voluntarily by you. For example, when you register for information or make a purchase;
- Information that you provide when you communicate with us by any means;
- We may also collect personal information from our outside events, talks and in The Grasmere Gingerbread Shop;
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever.
You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at AboutCookies.org.
We do not use any cookies for marketing purposes.
- Essential cookies
These cookies are always enabled as they make sure essential features, like the shopping basket, work as they should.
Essential cookies allow us to:
- Ensure the site works properly so it’s easy to shop.
- Make sure the correct items are kept in your basket.
- Select the right version of our website for your computer, whether it’s a PC, ipad, mobile phone or other device.
These cookies do not gather personal information or remember where you’ve been on the internet. If your browser is set to refuse these cookies, our site may not work correctly.
|_gat, _gid, _ga||Allows our site to respond correctly as you search, browse and purchase. Without it the site will not work. Also makes sure that you can correctly browse the mobile and desktop versions of our site from your computer and mobile devices.|
Grasmere Gingerbread analytics cookies allow us to:
- Raise the standard of our service by understanding how our customers use our site.
- Help identify any errors so we can fix them.
- Gather information which helps us continually improve our website and marketing communications.
|_utma, _utmb, _utmc, _utmz||These cookies are used by an analytics engine to measure performance and site usage.|
What is the legal basis we rely upon when collecting personal data
The law about data protection sets out a number of different reasons relating to how a company may collect and use your personal data. These are:
Consent: in specific situations we will ask you for your consent to use your personal data. You can withdraw this consent at any time (e.g. email marketing);
Contractual obligations: e.g. when you place an order on our website and we need your information to actually send you the product (how else could we do this?!);
Legal compliance: e.g. paying VAT, tax, fraud prevention;
Legitimate interest: in some situations we require your data to pursue our legitimate interest (in a way you might reasonably expect us to do to efficiently run our business). However, this does not impact upon your rights and freedoms (see section on your rights). A couple of examples spring to mind – we may use your purchasing data to send you a special offer or even use collective shopping history to identify a particular retail trend. We may also keep your address to send you information by post or relating to customer service issues.
Storing Your Personal Data
In operating our website, it may become necessary to transfer data that we collect from you to locations outside of the European Union/EEA ( for example in the USA) for processing and storing. By providing your personal data to us, you agree to this transfer, storing and processing. We do our utmost to ensure that all reasonable steps are taken to make sure that your data is stored securely. Where relevant entering into standard EU contractual clauses in accordance with Article 46.2 of GDPR with the party outside the EEA receiving the personal information
All sensitive information (such as credit-card numbers) is only transmitted via Secure Socket Layer (SSL) technology, which means that you cannot inadvertently place an order through an unsecured connection. All sensitive information is stored in an encrypted format behind firewalls.
Details of our SSL Certification can be found by clicking here.
We adhere to Payment Card Industry standards and certification can be found by clicking here.
Disclosing Your Information
- If we sell any or all our business to the buyer.
- Where we are legally required by law to disclose your personal information.
- To further fraud protection and reduce the risk of fraud.
Please click here to view the Candidate Privacy Notice.
Third Party Links
Security of email correspondence
Email is not a secure and confidential means of communication. Therefore, please do not use the contact us form on our website to send us confidential information, such as your credit card details. Although we use advanced security measures to protect your information we cannot absolutely guarantee the security of your information provided over the Internet and cannot be responsible for any loss, misuse and alteration.
Right to Access to Information (also known as a Subject Access Request)
In accordance with the General Data Protection Regulation and the Data Protection Act 2018 this gives you the right to access any personal information that we hold relating to you. To do this simply send us an email to firstname.lastname@example.org or telephone us on (015394) 35428.
Please do not hesitate to contact us regarding any matter relating to this Privacy and Cookies Policy via email at email@example.com
Additional Information for this policy
Your Data Protection Rights Explained
Grasmere Gingerbread® is loved for its friendly, down-to-earth style and we hate modern-day acronyms and jargon! But even we have to write some things down formally so here goes! Under the GDPR and the forthcoming new Data Protection Act you – our valued customers and visitors – have a number of legal rights concerning our use of your personal information
The Right to correct or amend your details. (Rectification)
If we have made a mistake or have out of date information about you, please, please, please get in touch and we will put it right straight away! We really will!
The Right to Object to Processing
This allows you to object to direct marketing (which can be a pain in the neck) but for other types of processing we may need to continue to use this to meet other legal obligations (which we need to satisfy). However, if you are at all worried then please, please, please get in touch and we will immediately discuss with you how to allay your concerns. Rest assured, we will talk in plain English, or plain Cumbrian.
The Right To be Forgotten
In today’s hectic inter-connected world sometimes it’s nice to fantasise about losing yourself – to wander through an unfamiliar town or street unnoticed and unknown. Similarly, in certain circumstances, you have the right to have your personal data erased. This right only applies in certain situations and is not an absolute right. However, where we can we will, of course, delete this information. However, we may need to continue to use your personal information for us to comply with other legal obligations (life is complex!).
The Right to Restrict Processing
It’s good to be in charge. So you have the right to restrict us from using your personal data for direct marketing purposes.
Automated Decision-Making including profiling
We do not carry out automated-decision making or profiling in relation to your personal data that would cause a legal or similar effect to you.
How to complain or raise concerns
Firstly, please, please, please call us directly so that we put right any outstanding issues or answer any concerns that you may have. If you are not fully happy with our response regarding your data protection rights – and we would be incredibly disappointed if you weren’t – then you have the right to contact the Information Commissioner (ICO).
The Information Commission is the UK authority which regulates and enforces data protection laws in the UK.
The Information Commission can be found at;
www.ico.org.uk or telephone 0303 123 113
Information Commissioner’s Office
How long do we keep your personal information?
We only keep your personal information for as long as is necessary for the purposes for which it is processed* for example it is a legal obligation to keep financial data for 6 years.
*Grasmere Gingerbread® was founded in 1854 and our traditional approach and unique history means we keep many customers for nearly ever (some people have been with us for decades). Grasmere Gingerbread® has rung the changes in their lives – everything from engagements and weddings, to anniversaries and new babies – and they ask us to keep them informed about everything we do! Similarly, after introducing Grasmere Gingerbread® wedding favours a few years ago, brides especially love to keep in touch, sometimes to relive their special day in conversations over the phone.
However, if you don’t want us to keep you informed of our activities then, please contact us and we will gladly remove you from our databases.
Joanne and Andrew Hunter