Éponine (Eponine Patisserie Ltd) are committed to maintaining the trust, confidence and safety of our clients and visitors to our website. In this Privacy & Cookies Notice, we want to make it clear as to what personal information we collect, why we do so, and how we keep it secure. We do not collect unnecessary data, and will never sell, share or otherwise distribute email lists or other data with other companies or businesses for marketing purposes.
How we use personal information
Any information we collect is to allow us to provide you with the best service possible, and may be used for any of the following purposes:
- To enable you to use certain features of our website
- To see how you use our website, allowing us to improve it and make it more user friendly
- To process transactions
- To enable us to fulfil your order
- To personalise your experience on our website
- To improve customer service
- To contact you regarding orders
- To send you newsletters, marketing and competitions (according to your preferences)
Why We Need Your Information
We rely on a number of legal bases to collect, use and share your information, where information is needed:
– to fulfil our contractual obligation to you by processing your order, including contacting you about your order and providing customer support;
– to fulfil our legal obligations regarding tax law or court orders related to legal claims;
– as necessary for the purpose of our legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as to provide services and in our legitimate interest to improve our services; or
– where you have provided express consent, which you may revoke at any time, such as by signing up to our mailing list.
Data we may collect
Account Login Cookies
If you have an account on our website, a temporary cookie will be set when you log in to ensure your browser accepts cookies. This cookie contains no personal data and is deleted when you close your browser. Several cookies will also be set which saves your login information and account related choices. Login cookies last 2 days, and settings cookies last up to a year. If you select “remember me”, your login will persist for 2 weeks. If you log out of your account, the login cookies will be removed. These cookies can be deleted locally at any time, which will log you out of your account. Please note that if you disable cookies, you will not be able to use an account on this website.
Personal information is collected during the ordering process. This includes completed orders, incomplete orders (abandoned cart), and any communications regarding an existing or potential order. This data may include full name, billing address, name of recipient, delivery address, email address, telephone number, time and date of order, items purchased, IP address of the device on which an order has been placed, and any personal information such as allergies which you choose to disclose during the ordering process. This data is necessary to process and fulfil your order, and to contact you should any issues or queries arise. Failure to provide complete or accurate information may result in us not being able to process your order. Order information is also required to fulfil our legal obligations and is held for at least 6 years for financial purposes (e.g. tax returns). Some of this information may be shared with courier/shipping services to enable delivery of your order.
Newsletter Mailing List
If you choose to join our email newsletter, the name and email address you submit will be forwarded to MailChimp, a third party email service who maintain our mailing list and send out our newsletter. This information will be held by MailChimp for as long as we continue to use their services for sending our newsletters, or until you request to unsubscribe from our mailing list. MailChimp collect information on email opening, clicks and order history using industry standard technologies to help us monitor and improve our marketing and newsletters, and to ensure you receive the most relevant marketing communications. MailChimp will not use or distribute your information, and you can request to no longer receive these emails by either using the unsubscribe links contained in any of our newsletter emails, or by requesting removal via email to us at firstname.lastname@example.org. When requesting to unsubscribe via email, please use the email account on our mailing list so we can confirm your ownership of the account.
For users that register on our website, we also store the personal information they provide in their user profile. Users can see, edit, or delete their personal information at any time (except they cannot change their username). This information will be held indefinitely, or until the user closes their account.
We use a third party service provided by Google to collect visitor statistics and behaviour patterns, allowing us to see how many people visit each page, and how users browse around our website. This enables us to improve our website to give our visitors the best possible experience. This data is held by Google in accordance with their own Privacy Policies and is processed in a way which does not allow Google or ourselves to identify visitors. Google may use data collected to personalise advertising on its own advertising network. Traffic data collected from this website may be used for Google Adwords advertising, and may include advertising directed at user demographics, interests and behaviour. Users can choose to opt-out of all Google browser cookies by visiting this link:
Transactions on our website are handled by Stripe (credit and debit card payments). If you choose to pay using PayPal, you will be redirected to the PayPal website in order to process payment. We do not store any private payment information (card numbers, bank account details, etc.). This information is handled exclusively by Stripe or PayPal, who have their own Privacy Policies and are PCI DSS compliant payment service providers.
We use social media services such as Facebook, Twitter and Instagram to allow users to view and share content. These services use their own third party cookies and have their own Privacy Policies.
Contact Forms and Emails
When you contact us through our website or a direct email you may be providing us with personal information including your email address, your name, and any other information which you disclose during our correspondence. This information may be maintained in relation to our legitimate interests, providing you with our services, and improving our services. Where there is no legitimate interest in maintaining your information, it will be deleted.
How we keep your information safe
Safety of your personal data is of utmost importance to us. Our website sends data via Secure Socket Layer (SSL) technology, which is encrypted for your protection. Data which we maintain can only be accessed by authorised personnel who are bound by strict privacy practices and are required to keep all information confidential.
Third Party Links
Occasionally, at our discretion, we may include links to third party websites, products or services on our website. These third parties have separate and independent privacy policies, and we are in no way responsible or liable for the content or activities of these linked sites. If you have concerns regarding any link on our website, please contact us by email: email@example.com
Children’s Online Privacy Protection
Protecting children’s privacy is very important to us. We never knowingly collect or maintain information about anyone under 13 years of age, and no part of our website is structured to attract or appeal to children.
Transfer of Data Outside the EU
Where we use third parties that transfer personal data out of the EU, these companies are checked to ensure that they have adequate levels of data protection e.g. they are enrolled in the Privacy Shield Framework (e.g. MailChimp, Stripe, PayPal, Social Networks, Google). This ensures that your data is held securely at all times, and that third parties maintaining this data are in compliance with data protection requirements.
Users have the right to request access to, or deletion of (in some circumstances) any personal data which Éponine maintains about them, and for any inaccurate data to be corrected. You can also object to our processing of some of your information based on our legitimate interests or to receiving marketing messages after providing your express consent to receive them. In such cases, your personal information will be deleted unless there are compelling and legitimate grounds to continue using that information, or if it is needed for legal reasons. Users can contact Éponine to request any of these actions at any time. Please be aware that to ensure data security, users will be required to provide suitable identification before any personal data can be supplied, corrected or deleted. If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
We reserve the right to disclose your personally identifiable information if required by law and/or to protect our rights.
Users acknowledge that the internet is never 100% safe and secure, and that we cannot guarantee the security of any personal data sent via the internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
Your acceptance of this policy
By using this website, you signify your acceptance of this policy and the terms and conditions. If you do not agree to all these terms, please do not use this website. Continued use of this website following any changes to this policy will be deemed your acceptance of these changes.
If you have any questions about this privacy and cookies notice, the data we collect, or any other aspect of this website, please contact us at: firstname.lastname@example.org
Last updated: 30/06/2020