BakePlan Software operates the following websites:
The following principles are complied with when processing personal data:
- Data is processed fairly and lawfully.
- Data is processed only for specified and lawful purposes.
- Processed data is adequate, relevant and not excessive.
- Processed data is accurate and, where necessary, kept up to date.
- Data is not kept longer than necessary.
- Data is processed in accordance with an individual’s consent and rights.
- Data is kept secure.
- Data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection.
Lawful basis of processing data
The lawful basis of processing of data will always be determined prior to any data being processed. The laws for processing personal data under the GDPR are as follows:
- Consent – the individual has given their Consent to the processing of their personal data.
- Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party, or for BakePlan to take pre-contractual steps at the request of the individual.
- Legal Obligation – processing of personal data is necessary for compliance with a legal obligation to which BakePlan is subject.
- Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of BakePlan or a Third Party, unless these interests are overridden by the individual’s interest or fundamental rights.
- Public Task – processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Vital Interests – processing of personal data is necessary to protect the vital interests of the individual or another individual.
BakePlan processes personal data under one, or more, of the following Lawful Bases:
- Legal Obligation
- Legitimate Interest
Type of personal data being processed
The type of personal data being processed may include:
- Email Address
- Job Title
- Telephone Number
- Business Name
- IP Address
- Demographic information such as postcode
How personal data is collected
Personal data is obtained from one or more of the following:
- Visits and use of the above BakePlan websites, and Company Portals.
- Use of BakePlan and BakePlan’s social media.
- Use of Google Analytics.
- Subscribers to BakePlan updates.
- Parties entering into agreements with BakePlan.
- Requests for information about products and services offered by BakePlan and/or quotes.
- Employment enquiries.
Why personal data is collected
Personal data is collected to provide legitimate business services which include:
- For marketing purposes.
- For us to review and reply to your enquiry.
- To provide an opinion for a service you have requested.
- To meet our statutory monitoring and reporting responsibilities.
- To handle and communicate orders, billings and payment, delivery of products and services.
- To improve BakePlan’s services and product offering.
Where indicated, however, some of the information is optional and you can choose not to complete.
How personal data is used
Personal data may be used to:
- Process a request for further information, to maintain records and to provide pre and after-sales service in relation to BakePlan products.
- Carry out our obligations arising from any contracts entered into by you and us.
- Carry out security checks (this may involve passing your details to our Identity Verification partners, who will check details we give them against public and private databases – this helps to protect us from credit risk and both you and us from fraudulent transactions).
- Comply with legal requirements.
- We may need to pass the information we collect to other companies within our Group for administrative purposes.
- We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our site and issuing our emails for us.
- Seek your views or comments on the products and services we provide.
- Notify you of changes to our products and services.
- Send you communications which you have requested and that may be of interest to you. These may include information about product updates, newsletters, events, webinars.
- To inform you of various promotions, goods and services that may be of interest to you. You may be contacted by post, email, telephone, SMS or such other means with carefully selected marketing communications we deem relevant to send to you in the legitimate interests of BakePlan as an IT service provider. Each marketing communication sent to you by BakePlan will provide you with the option to unsubscribe and manage your data profile and communication preferences from BakePlan at any time.
- Process a job application.
- Create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
Where personal data is stored
If a web form is completed on any of the above websites, information is stored on the Company’s CRM system. Previous browsing history on the BakePlan websites is available to authorised BakePlan employees only to determine your interests in order that BakePlan can engage with you more effectively and improve our site. If Cookies are switched-off then your previous browsing history is no longer be available to BakePlan.
If you do not wish for us to have your personal information, please do not fill out any of the web forms on these sites.
As part of any services offered via the BakePlan websites, the information you provide may be transferred to countries outside the European Economic Area (EEA) i.e. our servers, or third-party servers that are used to provide BakePlan services, are located in a country outside the EEA. By submitting your personal data, you consent to the transfer, storage and/or processing of your data wherever it be stored. If your data is transferred outside the EEA, steps will be taken to ensure appropriate security measures are in place to ensure your privacy rights continue to be protected as outlined in this Policy.
How long personal data is stored
We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to personal data
Only authorised BakePlan employees are granted access to customer information. This is ensured by the use of strict operational processes and procedures.
Employees are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on the BakePlan security and privacy practices. Employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.
Personal information provided via the Company’s portals is secured using Secure Socket Layer (SSL) server and is encrypted before being transmitted. Secure pages have a lock icon or key on the bottom of web browsers such as Microsoft Internet Explorer, information supplied by you on these webpages is securely stored and can only be accessed for the purposes for which it was provided.
All IT systems are kept in a secure environment with appropriate access control. We carry out internal audits within BakePlan.
Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We will not sell or rent your information to third parties.
Third-Party Service Providers working on our behalf:
We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure.
Third-Party Product Providers we work in association with:
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party including for a merger, acquisition, divestiture, or similar transaction or as part of any business restructuring or reorganisation.
We may also further transfer data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to law enforcement. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply, however, whatever the basis of processing:
- The right to be informed how personal data is processed.
- The right of access to their personal data.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting the Managing Director. You can request that your data is updated and/or deleted at any time, unless BakePlan can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.
You can change your marketing preferences at any time by calling BakePlan or emailing seamus.quinn@BakePlansoftware.co.uk or by clicking on the “Unsubscribe” link at the bottom of any of BakePlan marketing emails.
Links to other websites/from other websites
16 or under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
What does this mean in relation to data on your BakePlan Software systems?
Please note that we do not hold any copies of your data on our servers and are not responsible for data entered into your systems and your data backups; you will need to ensure GDPR compliance within your business. Where we bring back your data in the context of your support contract, we seek your explicit consent and ensure the data is anonymised in the process.
Questions, complaints and subject access requests (SARs)
Any questions or Subject Access Requests (SARs) should be sent to Jane Tyler, MD, firstname.lastname@example.org.
Review of this policy
This policy is regularly reviewed. It was last updated 23/05/18.