Bun in the Oven is fully compliant with the General Data Protection Regulations (GDPR). We process personal client data to facilitate the booking and running of our classes. We do not share any data we hold with third parties.
Data Storage and Protection
Your data is stored on our own hardware. All our internal systems are password protected and user access is restricted.
We collect only the data you submit on our website: booking forms and email addresses if you subscribe to the mailing list. This information is then stored on our hard drive and also password protected on our Shopify Site.
The website statistics gathered by our web hosting company records server requests only, for example. the IP address and date of visit. This is similar to every other server on the web.
Our booking forms storage
Our client data is stored on a hard drive. Data we collect from you for the purposes of booking our classes:
- Your name
- Your address
- Telephone numbers
- Email address
- Your child/children's Due Date
- Medical history for your yourself (if applicable)
Our mailing lists compiled from our client lists.
Our mailing lists are stored in our hard drive and password protected within ChimpMail. Data stored in these applications contains the following information only:
- First name
- Last name
- Email Address
We keep the number of communications we send to a minimum, and will only send you information related to the following:
- Booking confirmations and reminders
- Relevant Class Information or updates
- Bun in the Oven Newsletters
- Offers and promotions
Our lawful basis for processing your data
For existing customers who are attending classes, we store, retain and use your data in order to provide the services agreed in your contract with us.
For new customers, when you first communicate with us our first e mail response requires a reply with an opt in confirmation before we can send you further communications.
For past customers, we may from time to time, send you communications about our products and services which we believe you have a legitimate interest in receiving. You can opt-out of these communications at any time.
Protecting your data
Any internal data we hold is stored on our own hardware. All our internal systems are password protected and user access is restricted.
We do not hold your data any longer than is necessary to provide you with our services or to comply with applicable law. Whilst we do not place a specific timeframe on the retention of our personal data, we periodically review our records and remove, edit, archive or delete data we deem surplus to requirements. Bun in the Oven is also required, by law, to retain financial information relating to our business practices for up to 7 years.
In accordance with the GDPR you have the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- Rights in relation to automated decision making and profiling (at present Aqua4baby have no automated systems)
We will not use any personal information obtained via this website, our booking forms, registers or mailing lists for any purpose other than that stated when the information is gathered. We adhere to the terms of the GDPR and the security and value of any information you supply us is taken very seriously. We will not share your information with any third party unless required to do so by legal requirement.
As of the GDPR May 2018