Privacy Statement

Cake Craft Shop is committed to protecting your privacy. In order to provide our services to customers and to provide a more personalised shopping experience, we need to collect certain information from you. This Privacy Notice explains when and why we collect personal information about you as well as the types of personal data we may collect when you interact with us online or over the phone. It also explains how we’ll look after your data and keep it safe. There's a lot to digest but we want you to be fully informed as to how Cake Craft Shop uses your data.

We hope what's below covers everything, but if you have any questions at all, do please drop us a line at . It’s likely that we’ll need to update this Privacy Notice every now and again to make sure it's accurate. We’ll let you know of any major changes, but the most up-to-date version will always be here for you to check.

Contents of Privacy Notice:
1. Explaining the legal bases we rely on
2. How we collect your personal data
3. The type of personal data we collect
4. How and why we use your personal data
5. Protection of your personal data
6. Length of time we keep your personal data
7. Who we need to share your personal data with and why
8. Your rights over your personal data
9. Cookies
10. Questions


1. Explaining the legal bases we rely on
The GDPR law on data protection sets out several different reasons a company may collect and process your personal data, including:

In specific situations, we can collect and process your data with your consent - e.g. when you tick a box online or sign up at exhibitions to receive email or postal communication from Cake Craft Shop. When collecting your personal data, we’ll always make clear to you what data is necessary in connection with a service.

Contractual obligations
In some instances, we need your personal data to comply with our contractual obligations. For example, if you place an order with us, we need your address details to deliver your order and we also need to pass your details to a courier.

Legal compliance
We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting Cake Craft Shop, we need to pass details to law enforcement.


2. How we collect your personal data
There are several ways in which we may collect information about you:

  • When you create an account with us and use your account to buy products.
  • When you purchase products online via our website or over the phone.
  • When you send us an email or fill in a website contact form.
  • When you enter a competition or prize draw or fill in a survey.
  • When you fill in any forms in store e.g. an accident report form.
  • When you engage with us on social media.
  • When you have given a third-party permission to share information they hold about you with us.
  • When you visit one of our shops which may have CCTV systems that may record your image (they are automatically erased on a weekly basis).


3. The type of personal data we collect
The personal data we may collect includes your name, billing/delivery address, email address, telephone number, notes from conversations we have with you. Please note that when you set up an account with us, your password to log in is encrypted and when you place an order, we do not hold your card details, it is collected by SagePay or PayPal, our third-party payment processors who use secure online capture and processing methods.


4. How and why we use your personal data
When you engage with us, we want to give you the best possible experience. By collecting data about you, it allows us to offer a great and tailored service. We use your data, so we can fulfill our contractual obligations to you but also to offer you products and promotions via newsletters if you have signed up to receive these. The data privacy law allows this as part of our contractual obligations and legitimate business interest in understanding our customers and providing the highest levels of service.
If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide services you’ve asked for.

Here are some ways that we'll use your personal data and why:

  • To process any orders, you make on our website. If we don't collect your personal data during checkout, we won't be able to process and deliver your order and comply with our legal obligations e.g. your details are passed to a courier company so that your order can be delivered. We will keep your details for a reasonable period afterwards in order to fulfill any contractual obligation such as a refund or exchange.
  • Our customer care team need to be able to respond to your queries, complaints or process a refund so we need your contact information to respond. We will keep a record of your information including notes on how we communicated with you and what was discussed. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with remarkable customer service and it helps us improve this service to you.
  • We keep your personal data to maintain, update and safeguard your account and to protect our business and your account from fraud or other illegal activities.
  • When you place an order with us, your card details are collected by our third-party payment processors SagePay or PayPal who use secure online capture and processing methods. This helps to protect you from fraud. We do this based on our contractual and legitimate business interests.
  • In some locations we use CCTV to protect our customers, premises, assets and staff from crime. We do this based on our legitimate business interests (these recordings are automatically erased on a weekly basis)
  • If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activities.
  • With your consent, if you have signed up to our newsletter, we will use your personal data to keep you informed about relevant products and special offers, discounts, promotions, competitions and events by email. As ever, you can always opt out of hearing from us through these channels at any time.
  • To comply with our legal obligations, we will send you communications required by law or which are legally necessary e.g. significant updates to this Privacy Notice, product recall notices and legally required information relating to your orders. These messages are to inform you about changes to the service we provide you and will not include any promotional content and so do not require prior consent when sent by email.
  • If you enter a competition or prize draw run by us we will use your information to contact you in the event of you winning based on your agreement to the terms and conditions of the competition at the time of entry. The personal data relating to your competition entry will be gained via you joining our Facebook group, signing up to our newsletter online or signing up to our newsletters at a show.
  • To comply with our contractual or legal obligations to share data with law enforcement.


5. Protection of your personal data
The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can.

Here are some ways we secure your data:

  • The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can and in line with new legislation as we know it is important to you as well as us.
  • We use encrypted https links between our web server and your browser which means that all data passed between you and us cannot be intercepted.
  • We do not store your card details ourselves, but instead utilise SagePay or PayPal who are PCI compliant payment processing providers for all orders placed online and over the phone.
  • We monitor and check our data security systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.


6. Length of time we keep your personal data
We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised and for example aggregated with other data to be used for business planning and analysis.

For instance, if you placed an order with us, we keep your details for 7 years and after that it is anonymised.


7. Who we need to share your personal data with and why
At times we need to share your personal data with trusted third parties e.g. Cake Craft Shop delivery couriers, IT companies, credit card processing services and so on. We only provide what they need, and they cannot use your data for anything other than the purposes that they have your data for.

We want your customer journey with Cake Craft Shop (from ordering to fulfilment of your order, or to signing up to our mailing list online or at a show) to be as smooth as possible. We use the following companies who will process your personal data as part of their contracts or terms and conditions with us:

Please note the above suppliers are non-exhaustive and may change from time to time, but we will endeavour to keep the list above accurate and as up-to-date as possible.

Sharing your data with third parties for their own purposes:
We will never sell or trade your contact details with any third parties.

There are some instances where we may have to share your information based on our legal obligations, for instance:

  • Fraudulent activity in our shops or online systems
  • If the police/government ask us to disclose information we may be required to share your personal data with them, however we would assess this sort of request very carefully
  • For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies


8. Your rights over your personal data
You have a choice as to whether you receive marketing information from us and you can withdraw your consent from specific communication channels at any time.

How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:

  • Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails
  • Contact our Customer Care team at

Requesting access and making changes to your personal data
You also have the right to access and rectify mistakes in the data we hold about you at any time.

You can also make any changes to your personal information by updating your online account at , or by contacting our Customer Care team on

To keep your information confidential, we will ask you to verify your identity before proceeding with any requests. If there is a third party acting on your behalf, we will check that they have your permission to act.

Legitimate Business Interests
In cases where we are processing your personal data based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.


9. Cookies

Cookies are tiny text files stored on your computer when you visit certain web pages. At we use cookies to remember useful information which allows certain functionality to work, such as shopping baskets or My Account access.

To order products from or to access your My Account, you need to have cookies enabled. If you don’t wish to enable cookies, you’ll still be able to browse the site and use it for research purposes.

Please note that cookies can’t harm your computer. We don’t store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered from them to help improve your experience of our website.

We do not use cookies to target you with third party marketing ads. 


10. Questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any further questions please use our contact form