“Personal data” is any data that can be used to identify you directly or indirectly (e.g. your identity data, bank statements, device identifier, location, your political opinion, biometric data, credit card details, browsing activity, IP address).
- Who we are;
- What Personal Data we collect from you and how we collect it;
- What purpose we are processing it for;
- Whether providing us with your Personal Data is mandatory;
- How long we store it for;
- Whether there are other recipients of your personal information;
- Whether we intend to transfer it to another country; and
- Whether we do automated decision-making or profiling.
- We only process the data that is strictly necessary with regard to its purpose;
- You remain in control of your Personal Data; and
- Your data is processed in a transparent, confidential and secure manner.
1 – Who are we and how can you contact us if you have any concern?
We are the “data controller” of your Personal Data, (i.e., the organization that is responsible for ensuring that your Personal Data is processed in compliance with applicable regulations). Our contact details are as follows:
St Pierre Groupe Limited
2nd Floor, Kingston House, Towers Business Park
If you have any concerns, questions or if you would like to exercise any of your rights with respect to your Personal Data, you may contact us at firstname.lastname@example.org.
2 – What data do we collect and how do we collect it?
We collect your Personal Data through a variety of methods: either you provide it to us directly, or we collect it from external sources, or we collect it by using automated means.
2.1 – The data you provide us directly
In short: During our interactions with you, you may be asked to provide us with information that relates to you. For example, we collect this personal information when you subscribe to our newsletter or participate in our competitions.
In detail: The Personal Data that you provide to us directly are the following:
- Names, first names, civility;
- Postal address, e-mail address, telephone number, social media profiles;
- Personal relating to your professional life, family, economic and financial circumstances;
- Information necessary for the delivery or porting of an ordered product; and
- Your participation in our contests or events.
2.2 – The data we collect automatically when you use our services
In short: During each of your visits to our sites and mobile applications, we collect information about your connection and your browsing activity.
3 – For what purposes do we use your data?
In short: We must have a pre-defined objective to collect your Personal Data. These pre-defined objectives include the provision of products or services, or the sending of marketing and communications.
In detail: We process your Personal Data for the following purposes:
3.1 – To provide you with our services
- Management of subscriptions to our newsletters and / or e-mail alerts;
- Customer relations: provision of Customer Service accessible by mail, telephone, e-mail or instant messaging such as chat, for any question or complaints;
- Sending information on the modification or evolution of our services;
- Fraud prevention;
- Management of the exercise of your rights over your Personal Data;
3.2 – To send you marketing and commercial communications:
We use your Personal Data for the following purposes:
- Sending of information relating to our latest activities;
- Detecting potential influencers that our brands can work with;
- Sending of marketing, advertising and promotional offers relating to our products and services by e-mail or on social networks or any other medium;
- Setting up and managing competitions on our website or on social media;
- Collection of customer opinions and posts on our website/blog;
- Management of retailer on on-pack competitions and ambassador programs, management of in-store POS, shows and events and trade, and ambassador programmes.
4 – On what basis do we collect your data?
In short: We must have a valid reason to use your data. One of the reasons we need to collect your Personal Data is that it is necessary for us to perform our contract with you. Another reason is the fact that we have a legitimate interest that justify the processing, or that we have a legal obligation to process the data. In all other cases, we will process your Personal Data because we have your consent.
- For some processing activities, we require your prior consent
You will always be prompted to take a clear, affirmative action so that we can ensure that you agree with the processing of your Personal Data. This action may, for example, take the form of a checkbox, or a link that you can click on.
Before obtaining your consent, we will systematically inform you of the purposes of the processing, and you can choose to consent to certain uses that we will make of your data and to refuse others.
If you have given us your consent, you may always change your mind, and withdraw your consent at any time and easily; all you need to do is to send us an email at the following address email@example.com or click on the “unsubscribe link” at the bottom of our marketing e-mail communications.
If you refuse to give us your consent, or decide to withdraw it, you will not suffer any negative consequences and will be able to continue to use the rest of our service normally. However, some functionality or features may be limited.
If you have given us your consent, and the processing we carry out on your Personal Data changes significantly, we will collect your consent again.
We will ask for your consent for sending you electronic advertising and promotional messages relating to our products and services and to our relevant brand partners, including on social media.
- When we justify our processing operations on the basis of a contract that we have with you
Certain processing of your Personal Data is necessary so that we can perform the service you have asked us to perform. We justify our processing on our contract with you to process all the Personal Data that is necessary to respond to any queries you may have, or to send you your prize if you win one of our competitions.
- Processing operations that are necessary to meet our legitimate interests
Legitimate interest is a set of commercial or business reasons that justify that we process Personal Data about you. Our legitimate interests are to ensure to detect potential influencers that our brands can work with.
We will use legitimate interest only when we have carried out an assessment on the impact that this processing may have on you, and concluded that the processing does not unduly infringe your rights and freedoms. For example, we do not use this justification if we process sensitive data, or when the processing would be unexpected for you, or if we consider it to be too intrusive.
Summary Table Of The Personnal Data We Collect
|DATA COLLECTED||PURPOSE||LAWFUL BASIS|
|Responding to complaint investigation and to consumer enquiries (including those who have an email, voucher or a letter)||Contract|
|Management of competitions in which you participate, including on social media or on our website.||Contract|
Social media profiles
|Detection of potential influencers||Legitimate interest|
|Management of subscriptions to our newsletters and / or e-mail alerts||Consent|
Phone Number, demographic information and social media profile
|Purpose n°1: Sending of targeted marketing, advertising and promotional messages relating to our products and services and to our relevant brand partners, including on social media
Purpose n°2: management of retailer on on-pack competitions and ambassador programs, management of in-store POS, shows and events and trade, ambassador programmes
|Lawful basis n°1: Consent
Lawful basis n°2: Consent
|Responding to you when you may enquiries through our brand on the Paul Hollywood website||Contract|
5- How long do we keep your data?
In short: We will not retain your Personal Data indefinitely. Our retention periods vary depending on whether we have an ongoing contractual relationship (you are an active user), or whether we have had a contractual relationship with you in the past (you are an inactive user) or whether we never have had such a relationship with you (you are a prospective user).
In detail: When their retention is no longer justified by legal, commercial or customer account management requirements, or if you have made use of a right of modification or erasure, we will delete your Personal Data securely.
We will retain your Personal Data long as it is necessary to meet our legal obligations according to the main retention periods for EU Member State law or Union law, we are subject to. Your Personal Data will be deleted as soon as the purpose for which they were collected is achieved.
6 Who is likely to have access to the data we collect?
6.1 – Disclosure to employees within our organization
In short: We only disclose your Personal Data to a limited number of individuals within our organization.
In detail: The following individuals within our organization may have access to some of your data: Quality & Control, Marketing, Commercial, Administrative & IT Teams.
Access to your data is based on individual and limited access permissions. Staff who can access Personal Data are subject to an obligation of confidentiality and are trained in the protection of privacy.
6.2 Disclosure of Personal Data outside of our organization
In detail: The following may have access to some of your data
- Our processors (organizations that process your Personal Data on our behalf)
These processors have access to your Personal Data for managing your subscription, for web development purposes, to manage and respond to any complaints/queries you may have, for stocking your response to our surveys and to facilitate our marketing and e-commerce operations.
The disclosure of your Personal Data to our processor is made on the basis of signed contracts that are binding and that mention their obligations in terms of data protection, data security and confidentiality.
- Police authorities, judicial or administrative authorities
We may disclose your Personal Data when we are required or authorized by law to cooperate with local, national or international law enforcement or other authorities for the reporting and/or investigation of improper or unlawful activities, or if we need to comply with court orders.
7 – Is your data transferred outside of the United Kingdom or the European Union?
In short: The Personal Data we collect when you use our platforms or as part of our services is transferred to processor partners located in other countries, some of which may have legislation on the protection of Personal Data that is less protective than the UK GDPR.
8 – What are your rights?
8.1 – Your rights under the UK GDPR
In short: You have the right to ask us what data we process about you, and ask us to correct it, erase it, restrict it, and ask us to transfer your Personal Data to another controller in certain circumstances at the following address firstname.lastname@example.org.
In detail: You have the right to access your Personal Data and request that it be rectified, supplemented or updated. You can also request the erasure of your data, to restrict our processing, or object to our processing, provided you can justify a legitimate reason.
You can ask to exercise your right to the portability of your data, that is to say the right to receive the Personal Data that you have provided to us in a structured, commonly used format and the right to transmit this data to another data controller.
You can exercise your rights by contacting us at the following address: email@example.com.
Before responding to your request, we will verify your identity and / or ask you to provide us with more information to respond to your request, if we have any doubts about your identity. We will do our best to respond to your request within one month, unless your request is particularly complex. In such a case, we will inform you of the need to extend this response time by two additional months.
8.2 – Your rights to object to commercial communications
In short: When we use your personal information to contact you for marketing purposes, you can object to these communications at any time.
In detail: In any case, you always have the option to object to the sending of these commercial emails by clicking on the unsubscribe link provided in each e-mail, by going to your online account or by writing to us at the following address firstname.lastname@example.org.
8.3 – Your rights to lodge a complaint
If you think that we are doing something wrong, you can complain to us about it, by contacting our Data Protection Officer. In the event of an unsatisfactory response, you can lodge a complaint at email@example.com.
9. How about children’s privacy?
In short: We do not provide services directly to children and proactively collect their Personal Data