Privacy Policy

Helen's Chocolates understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of all our customers who use our products and services and everyone who visits our website (helenschocolates.co.uk), hitherto referred to as our site.

As such, we will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our site. If you do not accept and agree with this Privacy Policy, you must stop using our site immediately.

Data Protection Officer

For all enquiries relating to your data, please contact our data protection officer:

  • Paul Frain
    Helen's Chocolates
    18 Mill Brow
    Windermere
    Cumbria
    LA23 2LZ
  • Tel: 07706 477 869
  • Email: info@helenschocolates.co.uk

What Does This Notice Cover?

This Privacy Policy explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

It covers data collected by our site, back office processing and via orders on third party websites such as Amazon and eBay.

In the case of Amazon and eBay, we have no control over how they collect, store or use your data beyond that of processing your order and would advise you to check their Privacy Policy before providing any data to them.

What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the GDPR) as 'any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier'.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

To see what personal data we collect and use, please refer to What Personal Data Do You Collect? below.

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact our Data Protection Officer to find out more.
  • The right to access the personal data we hold about you. The section entitled How Can I Access My Personal Data? tells you how to do this.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact our Data Protection Officer if you think we hold any incorrect data.
  • The right to be forgotten, i.e. the right to ask us to delete, anonymise or otherwise dispose of any of your personal data that we have. We only hold your personal data for a limited time, as explained in How Long Will You Keep My Personal Data?, but if you would like us to delete it sooner, please contact our Data Protection Officer with details.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to data portability. Obtaining a copy of your personal data to re-use with another service or organisation.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

Further information about your rights can also be obtained from the Information Commissioner's Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, please contact our Data Protection Officer and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office.

What Personal Data Do You Collect?

We may collect some or all of the following personal data (this may vary according to your relationship with us):

  • Name
  • Gender
  • Business / Organisation / Company Name
  • Job Title / Profession
  • Contact information such as Email Addresses, Telephone, Mobile and Fax Numbers
  • Demographic information such as Address and Post Code
  • Financial information such as Credit / Debit Card Numbers. These are collected for the purposes of payment and processed via a third party payment provider: First Payments. We do not store full Credit / Debit Card Numbers or CVV2 codes.
  • Basket and Purchase History. We retain a copy of your previous orders for data analysis.
  • Login details if you have signed up to an account on our site.
  • Anonymised analytical data including, IP Address, Web Browser (Type and Version), Operating System, a list of URLs starting with a referring site, your activity on our site and the site you exit to.

If place an order via them, your personal data will be obtained from the following third parties:

  • Amazon
  • eBay

How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it.

Your personal data may be used for one of the following purposes:

  • Supplying our products and services to you. Your personal details are required in order for us to enter into a contract with you.
  • Providing and managing your login account on our site.
  • Personalising and tailoring our products and services for you.
  • Communicating with you. This may include responding to emails or calls from you.
  • Supplying you with information by email and post that you have opted-in to. You may unsubscribe or opt-out at any time by contacting our sales office or via links provided.
  • Personalising and tailoring your experience on our site.
  • Market research.
  • Aggregate reporting on sales and company performance.
  • Analysing your use of our site and gathering feedback to enable us to continually improve our site and your user experience.

With your permission and / or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message or post with information, news, and offers on our products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

  • Details connected with orders will be kept for 6 years from the end of the last company financial year they relate to for accounting audit purposes.
  • Quotations will be kept for a maximum of 3 years so that reference may be made to them should a customer wish to discuss them.

How and Where Do You Store or Transfer My Personal Data?

We will only store or transfer your personal data within the UK and European Economic Area (the EEA). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

  • Our systems are subject to penetration tests (currently supplied by Sysnet Global Systems).
  • We are PCI Compliant to ensure the safety of your financial data when placing an order.
  • All collection of personal data via our sites is done using a HTTPS encrypted secure connection.
  • Software is regularly updated with the latest security patches.
  • All operating systems, software packages and networking equipment for components which handle or secure access to data are actively supported by the vendor and / or external IT consultants.
  • Anti-virus and firewall protection software is maintained at all times.

Do You Share My Personal Data?

We may sometimes contract with the following third parties to supply products and / or services to you on our behalf. These may include payment processing, delivery and marketing. In some cases, those third parties may require access to some or all of your personal data that we hold.

  • Courier services including Royal Mail, APC Overnight, and DHL. Other service providers may be used to achieve the most economical delivery option.
  • Payment service providers such as First Payment and Paypal.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party's obligations under the law, as described above in How and Where Do You Store or Transfer My Personal Data?.

We may compile statistics about the use of our site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. Data will only be shared and used within the bounds of the law.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce our business and this may involve the sale and / or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.

How Can I Control My Data?

In addition to your rights under the GDPR (see What Are My Rights?, when you submit personal data via our site, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (the TPS), the Corporate Telephone Preference Service (the CTPS), and the Mailing Preference Service (the MPS). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

Your Right to Withhold Information

You may access certain areas of our sites without providing any data at all. However, to use all features and functions available on our site you will be required to submit or allow for the collection of data as detailed in What Personal Data Do You Collect?.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a Subject Access Request.

Your Subject Access Request should be made in writing and sent to the email or postal address of our Data Protection Officer.

There is not normally any charge for a Subject Access Request. If your request is "manifestly unfounded or excessive" (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your Subject Access Request as soon as possible and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

What Is A Cookie?

A cookie is a small file placed on your computer or device by our site when you visit certain parts of our site and / or when you use certain features of our site.

This is an industry standard way for websites to maintain things like shopping baskets. Our Use Of Cookies below provides a little more information. If you wish to know more, please consult our Cookie Policy.

Our Use Of Cookies

Our site may place and access certain first party cookies on your computer or device. First party cookies are those placed directly by us and are used only by us. We use cookies to facilitate and improve your experience of our site and to provide and improve our products and services. We have carefully chosen these cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.

All cookies used by and on our site are used in accordance with current cookie law, namely the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the GDPR.

Certain features of our site depend on cookies to function. Cookie law deems these cookies to be "strictly necessary". Your consent will not be sought to place these cookies, but it is still important that you are aware of them. You may still block these cookies by changing your internet browser's settings as detailed below in Can I Control Cookies?, but please be aware that our site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.

Our site use analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our site are used. This, in turn, enables us to improve our site and the products and services offered through it. You do not have to allow us to use these cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of our site, it does enable us to continually improve our site, making it a better and more useful experience for you.

Can I Control Cookies?

You can choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser or Google: "Delete Cookies [Your Browser Name e.g. Firefox, Chrome]".

You can choose to delete cookies on your computer or device at any time, however you may lose any information that enables you to access our sites more quickly and efficiently including, but not limited to, login and personalisation settings.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

How Do I Contact You?

To enquire about anything to do with your personal data and data protection, please contact our Data Protection Officer.

Changes To This Privacy Policy

We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

If you are concerned, we recommend that you check this page regularly to keep up-to-date.