Blossom & Grain Artisan Provisions

Your Privacy Matters to Us

At Blossom & Grain Provisions, your trust is paramount. This Privacy Policy details how we collect, use, and protect your personal information, ensuring full compliance with UK data protection regulations, including the UK GDPR.

Stylized padlock icon over a subtle background of digital data streams, symbolizing robust data security and privacy commitment.
Our unwavering commitment to safeguarding your personal data.

Our dedication to data protection underpins every interaction you have with Blossom & Grain. From browsing our artisan bakery offerings to booking bespoke catering, we handle your information with the utmost care and transparency. This policy applies to all services and data collected through our website, in-store interactions, and direct communications.

For any privacy-related queries or to exercise your data rights, please do not hesitate to contact us. You can reach our dedicated team at info@blossomandgrain.co.uk or by phone at 01892 700432. This policy is effective from 25th October 2023 and will be updated as necessary, with notifications posted directly on this page.

Under UK data protection laws, you possess significant rights regarding your personal data, including the right to access, rectify, or erase your information. We are here to support you in exercising these rights.

Information We Collect and How We Use It

We collect only the information necessary to provide you with exceptional service and to improve your Blossom & Grain experience.

Types of Information Collected:

  • Contact Data: Name, email address, phone number, delivery address (for orders, catering, hampers).
  • Order & Transaction Data: Details of purchases, payment methods (though we do not store full payment card details), order history, dietary preferences.
  • Workshop & Event Data: Attendance records, specific requirements for culinary workshops or events.
  • Website Usage Data: IP address, browser type, pages visited, time spent on site (collected via anonymized analytics tools to improve user experience).
  • Communication Data: Records of your correspondence with us via email, phone, or social media.

How We Use Your Information (Legal Basis):

  • Contractual Necessity: To process and fulfil your orders (bakery, deli, catering, hampers), manage workshop bookings, and provide customer support.
  • Legitimate Interests: To improve our services, customize your experience, conduct internal analytics, prevent fraud, and ensure network security. We balance these interests with your rights.
  • Legal Obligation: To comply with legal requirements, regulatory obligations, or court orders.
  • Consent: For sending marketing communications, where explicit consent is obtained (e.g., newsletter sign-ups). You can withdraw this consent at any time via the 'unsubscribe' link in our emails or by contacting us.

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, transaction data is kept for seven years after the transaction for tax and accounting purposes. Marketing preferences are retained until you opt-out.

How We Protect Your Information

Abstract depiction of secure digital data streams flowing into a fortified server, representing robust cybersecurity measures.
Layers of security safeguarding your valuable data.

The security of your personal data is a cornerstone of our operations. We have implemented a comprehensive suite of technical and organisational measures designed to protect your information from accidental loss, unauthorised access, alteration, disclosure, or destruction.

  • Encryption: All sensitive data transmitted through our website is encrypted using SSL/TLS technology, ensuring secure communication between your browser and our servers.
  • Access Controls: Access to your personal data is strictly limited to authorised personnel who require it to perform their job functions. All staff receive regular training on data protection best practices and our privacy policies.
  • Regular Audits & Updates: Our systems undergo regular security audits, vulnerability assessments, and software updates to protect against evolving threats.
  • Incident Response: We have robust incident response procedures in place to detect, assess, and respond to any potential data breaches swiftly and effectively, notifying affected individuals and regulatory bodies as required by law.

Your Rights and Data Control Options

Under UK GDPR, you have significant rights regarding your personal data. We are committed to making it easy for you to exercise these rights.

Right to Access

You have the right to request a copy of the personal information we hold about you.

Request Data Access
Right to Rectification

You can request that we correct any inaccurate or incomplete data we hold about you.

Rectify Your Data
Right to Erasure (Right to be Forgotten)

In certain circumstances, you can ask us to delete your personal data.

Request Data Erasure
Marketing Preferences & Opt-out

You have full control over your marketing communications. You can adjust your preferences or opt-out at any time.

Use the 'unsubscribe' link in our newsletters or contact us directly.

Complaints

If you have concerns about our data handling, please contact us. You also have the right to lodge a complaint with the ICO.

Visit ICO Website (External Link)

Information Sharing and Third Parties

We only share your data with trusted third parties when it is necessary to provide our services, comply with the law, or protect our rights.

  • Service Providers: We work with carefully selected third-party service providers who assist us in operating our business. These include payment processors (e.g., Stripe, PayPal), delivery services for hampers and catering (e.g., local couriers), and IT support providers. They only process your personal data on our instructions and are bound by strict data protection agreements.
  • Analytics & Advertising Partners: We use anonymized data with analytics tools (like Google Analytics, with IP anonymization enabled) to understand website usage. We do not share personally identifiable information with advertising partners for their direct marketing purposes without your explicit consent.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
  • International Data Transfers: If we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by utilising specific safeguards such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO).
Interconnected abstract network of glowing lines and nodes, with a central protective shield, symbolizing secure and limited data sharing with trusted partners.
Secure and responsible sharing with trusted partners.

Should you have any further questions regarding our data sharing practices, please contact us at info@blossomandgrain.co.uk.