Privacy Policy & Data Protection

The Apiary Cake & Coffee House privacy policy

This privacy statement tells you what to expect when we process your personal information. It is important for you to read
this statement in full to understand how we use your data and your rights in relation to your data.
The Apiary needs to process personal data in order to deliver our services to you:

  • To allow users to receive our emails
  • To allow The Apiary cardholders to receive information

We are committed to treating your information securely, with respect and in line with data protection law.
We keep this privacy statement under regular review and we will place all updates on the website as soon as it is
practicable.
For further information you can contact us as follows:
The Apiary Cake & Coffee House
3 Thoroughfare
Harleston
IP20 9AH
01379 852211

For independent advice about data protection issues, you can contact the Information Commissioner:
Information Commissioner
Wycliffe House, Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
Email: casework@ico.org.uk
Website: www.ico.org.uk

What Information do we collect and how is it used?
We will only collect personal information when we need it. The type of information we need from you will relate purely to
contact information allowing us to communicate with you. When we ask you for information, we will make it clear why we
need it.
10 May 2018
Written by: Mark, Sarah
We only collect personal information when you subscribe to our email marketing.
To receive our emails from us:
we will need your name and email address.
we need your consent to be added to the email mailing list.
we will use this information to provide you with periodic emails.
We only collect personal information when you sign up for The Apiary card.
To receive information for cardholders from us:
we will need your name and email address.
we need your consent to be added to the email mailing list.
we will use this information to provide you with periodic emails

How will we protect information collected about you?
We will apply appropriate technical and organisational measures to ensure your personal information is secure. For
example, we have systems in place to ensure that access to personal information is restricted to authorised individuals on a
strictly need-to-know basis.
When we need to share personal data with our contractors and third party suppliers, our relationships are governed by our
contracts with them which include strict data sharing and confidentiality protocols.
We will not discuss your personal information with anyone other than you, unless you have given us prior written
authorisation to do so or where we have received a clear verbal instruction from you (as a one-off circumstance).

Who will we share your information with?
We never share personal information with any other organisation for third-party marketing purposes.
Sometimes we will need to share personal information we hold about you with other organisations that we work with or who
provide services on our behalf, for example an email processing company distributing our newsletters. When sharing
information we will comply with all aspects of current data protection law. All our data sharing relationships are governed by
contracts which include strict data sharing and confidentiality protocols.
We may also share information when required by law, for example, where ordered by the Court or to protect an individual
from immediate harm.

What are your rights in relation to your data?
We are committed to upholding your rights in respect of your personal data.
The right to be informed
Through the provision of this and other privacy notices on the website, we will be open and transparent about how and why
we use your personal information.
The right of access
You have a right to ask us what personal information we hold about you and to request a copy of your information. This is
known as a ‘subject access request’ (SAR).
SARs need to be made in writing and we ask that your written request is accompanied by proof of your address and identity.
If you are seeking to obtain specific information (e.g. about a particular matter or from a particular time period), it helps if
you clarify the details of what you would like to receive in your written request.
If someone is requesting information on your behalf they will need written confirmation from you to evidence your consent
for us to release this and proof of ID (both yours and theirs).
We have 30 calendar days within which to provide you with the information you’ve asked for (although we will try to provide
this to you as promptly as possible).
The right to rectification
You can ask us to rectify your personal data if it is inaccurate or incomplete. Please help us to keep our records accurate by
keeping us informed if your details change.
The right to erasure
The right to erasure is also known as ‘the right to be forgotten’. In some circumstances, you can ask us to delete or remove
personal data where there is no compelling reason for its continued processing. This is not an absolute right, and we will
need to consider the circumstances of any such request and balance this against our need to continue processing the data.
Our response will also be guided by the provisions of our retention schedule.

How long will you keep my data?
We only hold records during the period of our relationship and for a set period afterwards to allow us to meet our legal
obligations, including resolving any follow up issues between us.
For our email marketing list, our systems automatically remove email addresses that are unresponsive or exhibit delivery
problems. In addition, users are always able to unsubscribe from the lists using the links provided in the email itself,
unsubscribed users are deleted immediately from our list.
Please contact us if you would like any more information.