Privacy Policy for oatcakeday.com

1. Introduction

At oatcakeday.com (“we,” “us,” or “our”), we are firmly committed to safeguarding the personal data and privacy of our users. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you access or interact with our website. We uphold the principles of data minimization, transparency, and user choice, and ensure our practices comply with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all users of oatcakeday.com, including visitors, registered account holders, and customers, regardless of their location. We act as the data controller under the GDPR with respect to the processing of personal data. This means we determine the purpose and means of processing your personal information.

Users based in California are provided with specific rights under the CCPA, and this Policy is intended to address those rights and clarify our data practices accordingly.

3. Categories of Data Processed

We may collect and process the following categories of personal data:

a. Usage Data
Includes data about your interactions with our website, such as IP address, browser type, device identifiers, session timestamps, location data, device language, and browsing behavior patterns.

b. Account Data
Provided when creating an account or placing an order, such as your full name, email address, residential or billing address, and telephone number.

c. Profile Data
Includes your account settings, product preferences, order history, interests, saved items, and other behavioral indicators.

d. Communication Data
Captures your correspondence with us, including support requests, inquiries sent via the site’s contact forms or email, chat transcripts, and communication history.

e. Technical Data
Relates to the technology used to access oatcakeday.com, such as your IP address, operating system, browser settings, time zone, and plug-ins.

f. Transaction Data
Includes order details, billing records, payment method information (limited payment card data where applicable), shipping information, and invoice history.

g. Preference Data
Involves information you choose to provide regarding newsletters, marketing consents, survey responses, and interests in our products and promotions.

4. Legal Bases for Processing

Under GDPR, we rely on the following lawful bases for processing your data:

– Consent: where you have explicitly agreed to the collection and processing of your data (e.g., marketing opt-ins).
– Contractual Necessity: when data is required to fulfill a contract with you, such as processing and delivering orders.
– Legitimate Interests: to operate, improve, and secure our website in a manner that does not override your rights.
– Legal Obligation: to comply with applicable laws and regulatory requirements.

For users subject to CCPA, we do not “sell” your personal data as defined by the statute.

5. Your Rights

If you are a resident of the European Economic Area (EEA) or California, you are entitled to exercise the following rights:

– Right of Access: Obtain confirmation as to whether we process your data and receive access to your personal data.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure: Ask for deletion of data that is no longer necessary or where processing is based on consent.
– Right to Restriction: Limit processing under certain circumstances (e.g., dispute as to accuracy).
– Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it elsewhere.
– Right to Object (GDPR only): Object to processing based on legitimate interests or direct marketing.
– Right to Opt-Out (CCPA): California residents have the right to opt out of data sharing for cross-context behavioral advertising.

To exercise these rights, email us at [email protected]. We will respond in accordance with applicable legal timelines.

6. Security Measures

We deploy robust technical and organizational safeguards to ensure the confidentiality, integrity, and availability of your personal data. These include but are not limited to:

– TLS encryption for data in transit;
– Role-based access control and authentication protocols;
– Regular backups and disaster recovery frameworks;
– Employee training in data protection best practices;
– Anonymization and pseudonymization where appropriate.

7. International Transfers

Where your personal data is transferred outside of the EEA or the UK (including to third-party service providers), we implement safeguards in line with GDPR requirements. These safeguards include the use of Standard Contractual Clauses (SCCs) approved by the European Commission and adherence to regional adequacy regulations. For California residents, we ensure that transfers comply with applicable state-level protections.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations, including financial or transactional records. Specific retention timeframes include:

– Usage and Technical Data: up to 12 months;
– Transaction and Account Data: up to 7 years for accounting and tax compliance;
– Communication and Support Data: up to 3 years;
– Marketing Preference Data: until you withdraw consent or request erasure.

After applicable retention periods, data is securely deleted or anonymized.

9. Cookie Policy

oatcakeday.com uses cookies and similar tracking technologies for the following purposes:

– Essential Cookies: required for site functionality and security;
– Functional Cookies: enhance user experience (e.g., remembering preferences);
– Analytics Cookies: collect aggregated data on usage to improve performance;
– Performance Cookies: monitor uptime and site responsiveness.

Third-party providers may set these cookies to provide insights, marketing metrics, or analytics services. These third parties are subject to their own privacy practices.

10. Cookie Management and Compliance

In compliance with GDPR and CCPA, oatcakeday.com provides a cookie consent banner upon your first visit. You may adjust your cookie preferences at any time using our Cookie Settings tool available on the website footer.

California residents have the right to request more information about third parties using cookies and may opt out of cookie-based data disclosures. Users in the EEA must provide affirmative consent for non-essential cookies.

11. Children’s Privacy

We do not knowingly collect personal data from children under 13. If we become aware that a user under 13 has provided personal information without verified parental consent, we will take steps to delete such information promptly. Parents or legal guardians who believe their child may have provided us personal data may contact us at [email protected].

12. Policy Updates and User Notifications

We reserve the right to amend this Privacy Policy to reflect changes in legal or regulatory obligations or our data practices. When changes occur, we will post an updated version on our website and, where legally required, notify you via email or on-platform communication.

You are advised to review this Privacy Policy regularly to stay informed about our privacy protections.

13. Contact

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:

Email: [email protected]
Website: https://www.oatcakeday.com

We are committed to addressing privacy-related inquiries promptly and transparently, in compliance with applicable data protection laws.

—

This Privacy Policy is intended to demonstrate our ongoing commitment to full compliance with GDPR, CCPA, and other applicable privacy frameworks. For any data protection concerns, please reach out to us at [email protected].