Privacy Policy and GDPR

Our objective is complete customer satisfaction

Lick the Spoon takes your privacy very seriously. To ensure your privacy is protected we provide this notice explaining our practices in collecting and using your data. This notice has now been updated for the new General Data Protection Regulations (GDPR).

What This Privacy Policy Covers
This policy covers how Lick the Spoon treats personal information that Lick the Spoon collects and receives, including information related to your past use of Lick the Spoon. Personal information is information about you that is personally identifiable like your name, address, e-mail address and that is not otherwise publicly available.
This policy does not apply to the practices of companies that Lick the Spoon does not own or control, or to people that Lick the Spoon does not employ or manage.

Information Collection and Use

When you Place an order with Lick the Spoon via our website

Lick the Spoon collects personal information (such as your name, e-mail address, gender and postcode) when you order with Lick the Spoon. This information is used solely for the processing, delivery of your order, and internal reporting to meet company legal requirements e.g. we need invoice information to make quarterly VAT returns to HMRC. You will receive emails from us on the status of your order. We may contact you by phone to discuss a query with your order.

Your order information is shared with our courier DPD Local or Royal Mail for delivery purposes only. For large palletised Wholesale orders your information may be shared with The Pallet Network for delivery purposes only.  
Lick the Spoon automatically receives and records information on our server logs from your browser, including your IP address, Lick the Spoon cookie information, and the page you request.

You will receive a follow up order email from us three days after your order is completed checking that all is satisfactory with your order and a request for an optional review. After this we will not contact you with unsolicited emails unless you have explicitly opted in to our newsletter as a separate newsletter sign up.

Newsletter Signup

We have a newsletter for retail customers – that’s the majority of customers visiting our website. We have used a double opt-in signup since 2013. That is to sign up for our newsletter you will need to first intentionally sign up for it, and then acknowledge the sign up via an email before you are opted in. You can unsubscribe at any time via an unsubscribe link in the email.

Contact Form 

If you choose to use the contact form on our website we only use the email and information entered for the purposes of replying to your query. We do not use the email for any other purposes.

Wholesale Customer Application Form

Information entered via our Wholesale customer application form is used to set up your wholesale ordering account on our website. As part of the approval process you will receive emails providing information on how to order wholesale. You may receive further business to business emails from us related to ordering dates, new products, special offers, and wholesale related news. You can unsubscribe from these emails at any time.

Information Sharing and Disclosure
Protection of personal data
Any information you submit will never be sold or passed to third parties or used for any other purpose, unless explicitly mentioned on the pages where the information is retrieved.

Your information is intentionally shared with the following third parties solely for the purposes of order delivery and company legal reporting…

Couriers -The majority of our orders are sent by reputable couriers DPD Local, Royal Mail or for large palletised orders The Pallet Network. The information shared is used for purposes of delivery only.

Accountancy and legal reporting – We have a legal obligation to report to HMRC for taxation purposes. To meet this obligation we retain invoice information as a company legal requirement. It is not used for any other purpose.

Payment Processing

All card transactions are processed by our professional card transaction service provider. We do not hold any credit card details. We cannot see your payment card information. We only have the ability to refund transactions.

While appropriate security measures are in place to ensure the protection of your personal data, Lick the Spoon cannot assure you that personally identifiable information that we collect will never be disclosed in a manner that is inconsistent with this privacy policy. We have enlisted the appropriate physical, electronic and managerial procedures to safeguard and help prevent unauthorised access, maintain data security and correctly use the information we collect online.  Our Cyber Security Policy provides further information on the security measures in place.

We will notify the Information Commissioner’s Office (ICO) within 72 hours of any personal data breach which is likely to result in a risk to the rights and freedoms of individuals. Individuals also need to be informed directly and without undue delay if there is likely to be a high risk to their rights and freedoms as the result of a breach.

E-mail policy
You will only receive e-mail from Lick the Spoon mailing lists that you have subscribed to via a double opt-in.
After ordering you will receive a confirmation e-mail.
After ordering, filling in a contact form or requesting information on the website, you may receive e-mail to confirm reception of your request. This in no way implies subscription to any mailing list whatsoever.

Cookies
Cookies are little pieces of information, stored by the website on your computer. There are two types of cookies: session cookies, which your browser automatically deletes after leaving the site, and permanent cookies, which are not automatically deleted (but you can do that yourself).
We download a session cookie to your browser to allow our shopping cart to function and allow account login.

It is useful for us to understand how visitors flow through our site to improve the user experience. We are working to make the choice to accept these non essential cookies user selectable. Consequently we have disabled Google Analytics which is one such tool and are reviewing the use of statistical tools to ensure GDPR compliance.

No personal data is stored in cookies, unless explicitly accepted by you.

Printed Invoices

We sometimes print order packing notes and invoices to allow pick and pack of your order. All printed invoices are held in our secure locked premises prior to dispatch. We don’t as a policy retain printed invoices as our accountancy is a paperless system..

Where orders are to be sent to the same address as the billing address and are not a gift to a different recipient we include the paper copy of the order invoice sealed inside your parcel.

Where orders are sent as a gift to a different recipient we don’t include the invoice in the order (as this might spoil the surprise). In this instance we shred any paper printed copies via a security shredder before recycling via our approved contracted recyclers. 

Changes to this Privacy Policy
Lick the Spoon may update this policy. We will notify you about significant changes in the way we treat personal information by placing a prominent notice on our site.

Contact information
Lick the Spoon values your opinion. If you have comments or questions about our privacy policy, please contact us.

General Data Protection Regulations (GDPR)

On the 25th May 2018 The GDPR regulations will come in force across the EU.

Details of your rights under GDPR can be found in the web link here

https://www.eugdpr.org/eugdpr.org.html

We believe that we have implemented all measures required to meet GDPR and in terms of newsletter sign up have exceeded the requirements since 2013 by making all newsletter signup a double opt-in.

But if you have any questions regarding the way your data is held by us please contact us.

Data Protection Officer

Whilst we are too small a company to meet the explicit requirements of a Data Protection Officer – Lick the Spoon Director Matthew Short is responsible for data protection.

We have included some of your key rights under GDPR below…

You may also wish to refer to our Cyber Security Policy.

Right to Access
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.

Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.

We have a legal HMRC obligation to retain essential invoice transaction information for seven years.

Data Portability

GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format‘ and have the right to transmit that data to another controller. 

Privacy by Design

Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. More specifically – ‘The controller shall..implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects’. Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.