The Raw Chocolate Pie Company (“We”) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act (the Act) and GDPR, the data controller is The Raw Chocolate Pie Company of Chycoggan Studio, Trencrom, Lelant Downs, Cornwall, TR27 6NU, United Kingdom.
Information you provide to us
When using the the forms on our site, whilst emailing us or over the phone you will typically provide us with the following information:
- Name & billing address
- Delivery address
- Email address
- Email marketing preferences
- Card summary information, eg last 4 digits, type and expiry, which our payment processor may provide to us
Information we may passively collect
We may collect your IP address and browser user agent string ( eg “Chrome” ) when you submit forms on the site, this is used for anti-fraud purposes and to identify and block abusive users of the site ( anti-abuse, eg form spam ).
Information we may pass on to third parties
When you pay online, we need to supply your billing address to the payment processing company ( we use a service called Stripe, as well as PayPal ), as your bank requires it for anti-fraud checks during processing as part of their address verification system ( to prove that we know your correct address ). The processing company stores the details of the transaction which includes your name and address and summary card details ( brand, last 4 digits, expiry date ) as well as optionally a “continuous authority token” if you have opted to remember your card. If you subscribe to our mailing list/s we will need to pass on your name and email to our mailing list service provider ( we use a service called MailChimp ). They use those details to deliver our email as well as track delivery failures so we can prune no longer functional addresses from our list.
Information third parties may collect
We use a traffic analysis service called Google Analytics, they report aggregate stats about site usage to us, so we do not have the ability to inspect the activity of single “session”, only for instance the number of views a page has had throughout the day with numbers by hour, they may also collect your ip address and browser information to populate network and browser level stats.
Where and how your information is stored
The information you provide to us is stored in the United Kingdom and as such within the European Economic Area (EEA). If you have subscribed to our newsletter your name and email address may be stored in the USA ( at present, but potentially elsewhere ) via our mailing service provider MailChimp. If you pay online, data held by our chosen payment processors Stripe & PayPal may be transferred to or stored outside of the EEA by them or their upstream providers as well as your bank.
Our site as well as that of all of our chosen service providers use SSL/TLS enforced/encrypted connections to protect your information during transit over the Internet. At the time of writing we maintain PCI scan compliance despite not needing to.
On our servers your personal details are partially encrypted ( the high resolution components of your address, telephone numbers and email address ) using currently deemed secure methods ( primarily AES 256 with both site and account level keying ).
Your password, if provided is not stored in a recoverable format, a representation of it is stored hashed using a high workload key derivation function, which includes site and per-account level salting, the method we use is currently ( at the time of writing, mid 2018 ) deemed secure for password storage by current industry standards.
What do we use your information for?
We use your information for processing your orders and sending you orders related as well as requested material, such as emails and possibly letters. If you have subscribed to our special offers or news mailing, your name and email will be used to send you occasional special offers or product news. Any information we may collect passively as indicated in the section/s above are used to maintain a smooth operation of the site and to track errors as well as performance.
Cookie in use by this site: SID_RCP15, ANYA_RCP15 and sessFallback.
You may disable cookies by following the instructions for your chosen web browser, however the site will cease to fully function correctly for you.
Your access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. All of the information that you have provided to us is also visible to you within your online account if you created one during registration.
Right to be forgotten
If you wish to have us remove any information that we may have related to you, you may request that we remove that information from our systems where possible. Please note that if you have made financial transactions with us we are required to keep detailed records of those and will not be able to remove information related to those. We can remove your email address, telephone numbers along with anything that may be used for email or online marketing purposes upon request.