Additionally, we may collect data automatically when you use our Site, such as traffic data, location information, and usage logs, which help us improve our services.

4. How We Use Your Information

We use your personal information for the following purposes:

• To process and fulfil your orders or requests.
• To send marketing communications, if you have opted in.
• To improve our Site and services, including troubleshooting and enhancing user experience.
• To comply with legal obligations.

5. How and Where We Store Your Information

We store your personal data on secure servers. Your data may be transferred to, and stored at, locations outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. By submitting your information, you consent to this transfer and processing.

While we use secure methods to protect your information, the transmission of data over the internet is never completely secure. While we strive to protect your personal data, any transmission is at your own risk. Once we receive your data, we use strict procedures and security features to protect it from unauthorized access.

6. How Long We Keep Your Information

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements. When determining retention periods, we consider factors such as the nature and sensitivity of the data, the potential risks associated with unauthorized use or disclosure, and applicable legal requirements. In some cases, we may anonymize your data for research or statistical purposes, which we may use indefinitely.

7. Disclosure of Your Information

We may disclose your personal information:

• With your consent: If you have given us consent to share your information with third parties, we may do so for specific purposes (e.g., sending communications).
• For business operations: We may share your information with third parties who help us with administrative functions such as warehousing, delivery, marketing, payment processing, or customer support.

In case of a sale or acquisition: If we sell or buy business assets, your personal data may be disclosed to potential

• buyers or sellers. If The Hummingbird Bakery is acquired by a third party, your personal data may be transferred as part of the assets.
• To comply with legal obligations: We may disclose your personal data to comply with a legal obligation, enforce our Terms of Use, or protect the rights, property, and safety of our business, customers, or others. This may include sharing information with other organizations for fraud prevention and credit risk reduction.

We require all third-party service providers to treat your personal data securely and in accordance with the law. They may only process your data for specific purposes as instructed by us.

8. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. Access to your data is restricted to employees and contractors who need it to perform their job functions, and they are subject to confidentiality obligations.

In the event of a suspected data breach, we have procedures in place to investigate and, if necessary, notify you and any relevant authorities as required by law.

9. Cookies

We use cookies on our Site to enhance user experience, track website usage, and serve targeted advertising. By using our Site, you agree to our use of cookies as outlined in our Cookies Policy.

10. Links to Other Websites

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We have no control over these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party websites you visit.

11. Interactive Areas of Our Site (Blog, Social Media, etc.)

Please be aware that any information you share on public forums, such as blogs or social media (e.g., Facebook, Twitter), is accessible to others and may be collected by them. We are not responsible for any privacy breaches, damage to your reputation, or unwelcome communications resulting from information you disclose on these platforms.

For your safety, we advise that you do not post personal information in these areas.

12. Your Rights

Under the GDPR, you have certain rights regarding the personal data we hold about you. These include:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can ask us to correct or update any inaccurate or incomplete data.
• Erasure: You can request the deletion of your personal data, where there is no good reason for us to continue processing it.

• Objection: You can object to the processing of your data if we are relying on legitimate interests or for direct marketing purposes.
• Restriction: You can ask us to restrict the processing of your data in certain circumstances (e.g., if you dispute the accuracy of the data or if the processing is unlawful).
• Data Portability: You can request a copy of your data in a machine-readable format to transfer to another service provider.

If you wish to exercise any of these rights, please contact us at info@cakeinhouse.com.

13. Updates to This Policy

We may update this Policy from time to time to reflect changes in laws, regulations, or our practices. Any updates will be posted on this page, and if the changes are significant, we will notify you by email. We encourage you to review this Policy regularly to stay informed about how we protect your data.

14. Contact Us

If you have any questions or concerns about how we handle your personal data, please contact us at:

• Email: info@cakeinhouse.com
• Phone: 7459 274576
• Address:Studio 217, Oxgate House, Oxgate Lane, London NW2 7FS