(updated 10th October 2018)
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
Service is the www.hencorner.com website and hen-corner-micro-bakery.myshopify.com operated by Hen Corner.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small pieces of data stored on your device (computer or mobile device).
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
Data Processors (or Service Providers)
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User)
Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Data
Tracking Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you browse our Shopify store, they (Shopify) receive your computer’s internet protocol (IP) address in order to provide them with information that helps them learn about your browser and operating system.
Use of Data
Hen Corner uses the collected data for various purposes:
- To fulfil an order for goods or services
- To provide and maintain our Service
- To notify you about changes to our Service
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer support
- To gather analysis or valuable information so that we can improve our Service
- To monitor the usage of our Service
- To detect, prevent and address technical issues
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information
Use of Data for Automated Decision-Making
- Shopify, our third party service provider, may use our bakery customers’ personal data for automated risk and fraud scoring.
- The GDPR requires us to disclose when we (or our service providers) use information in connection with automated decision-making. Shopify uses our customers’ personal information to block certain transactions that appear to be fraudulent through automated decision-making.
- We do not take payments directly via our website, but link customers to our online store (Shopify) or booking platform (Eventbrite). Once orders are placed and payments are made for goods or services, we receive personal data (as explained above) to allow us to fulfil the order but do not have access to any personal financial data.
- Shopify confirm that if credit card information is given to make a payment, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, they follow all PCI-DSS requirements and implement additional generally accepted industry standards. For more insight, you may want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
- If preferred, customers can arrange to pay for goods and services by transferring money direct via online banking, with this method we do not receive details of their bank accounts or personal financial data.
- Customers may choose to pay for goods and services, in person, with cash. Again, we do not receive details of their bank accounts or personal financial data.
Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)
Hen Corner may process your Personal Data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it’s not overridden by your rights
- To comply with the law
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Access to data collected by Third Party Service Providers
Hen Corner Website and Online Store
- The Hen Corner website https://www.hencorner.com is managed using software from the third party service provider WordPress https://wordpress.org
- From the Hen Corner website, we link to our online store https://hen-corner-micro-bakery.myshopify.com which is managed using software from the third party service provider Shopify https://www.shopify.com Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Booking Platforms for Courses and Events
We use the following booking platforms for Courses and Events:
- Eventbrite https://www.eventbrite.co.uk
- Edible Experiences https://edibleexperiences.com
- Omlet https://www.omlet.co.uk
- Bread Angels http://www.breadangels.com
These are Data Processors on behalf of Hen Corner, we are the Data Controller. We have access to data submitted to and stored on their websites through our dashboard with each service. Their privacy policies (including data requests) can be found on each of their individual websites.
How we collect and store information from Third Party Service Providers
- Data entered onto our website via a contact form, orders placed via our online store (Shopify) or bookings made via a booking platform generate an email to Life@HenCorner.com which we respond to and store in Google Mail as a record of our conversation, order or delivery of service.
- Our WordPress website is backed up regularly and every 12 months we delete the website contact form data base.
- Blog Subscribers: when someone subscribes to our blog, their details, as supplied, are stored within WordPress and we can view this data via our dashboard. Each new blog published generates an email sent to the subscriber that has both ‘unsubscribe’ and ‘manage subscription’ links at the bottom of the email.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Storage of Personal Data for customers purchasing Goods & Services
Hen Corner opens as a shop for a weekly Micro Bakery, we also run regular courses and events which are open to the public to book places on.
Information is stored and protected in the following ways:
Customers may access the bakery via the following ways:
- By dropping in during opening hours, in which case we may not have any of their personal data.
- Through arrangement via our Facebook Group, in which case we can only access personal data that they have on their Facebook profiles or that they subsequently give us via Facebook Messenger. We do not store this information and our Facebook accounts are password protected.
- Through placing orders via our online store facilitated by Shopify. Personal data collected with online orders are only accessible by the business owner & senior current partners via the Shopify App which is password protected.
Course & Event Guests (customers)
When booking a place, either via a booking platform or directly by email, personal data is stored as a record of bookings and contact details are retained to communicate with course guests.
Course details and guests information are stored on email and in a diary appointment, both are stored on Google Drive and are password protected. They can only be accessed by the business owner and are accessible on iPhone, iPad and laptop.
Periodically, after the course has taken place, names and email addresses are added to a spreadsheet, securely stored on Google Drive, as a record of participants.
Use of Personal Data from Customers, Course Guests and Visitors to Hen Corner
We predominantly use personal data to contact customers, course guests and visitors by email.
- We receive an initial email, either direct from the customer or via a third party Service Provider, see above. We keep all emails as a record of our conversation, order or service provided.
- We email directly from Life@HenCorner.com
Using data from course bookings:
- We receive an email of your details when you book into a course, either directly or via a third party service provider, we can also access your booking via our account with the booking platform, allowing us to contact you directly regarding your booking, we do not pass this data on to anyone else.
- We use your data to send emails regarding your course, for example, Confirmation of Booking, Reminder of your course this week, Thank you for coming.
Retention of Data
Hen Corner will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Transfer of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to United Kingdom and process it there.
Disclosure of Data
Disclosure for Law Enforcement
Under certain circumstances, Hen Corner may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Hen Corner may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Hen Corner
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Hen Corner aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where Hen Corner relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Whilst we do organise events and activities for children, it is always through arrangement with their parents, guardians or school. We do not contact anyone under the age of 18 directly. All children that participate in activities at Hen Corner must be accompanied by a supervising adult.
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
If our business is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.