Privacy Policy

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.

This privacy notice applies to personal information processed by or on behalf of Stoats Porridge Bars Ltd.

Changes to this privacy notice

We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – www.eatstoats.com

Stoats Porridge Bars Ltd and our Data Protection Officer

We’re Stoats Porridge Bars Ltd, 36 Dryden Road, Loanhead EH20 9LZ. We are a data controller of your personal data.

We have a dedicated data protection officer (“DPO”). You can contact the DPO using the details below or by writing to the above address, marking it for the attention of the DPO.

What kinds of personal information about you do we process?

We may collect the following information in connection with all of our products, if relevant:

  • name
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers

For the exhaustive list of cookies we collect see the List of cookies we collect section below. 

We request that you do not send us sensitive Personal Information (Social security numbers, information related to racial or ethnical origin, political opinions, religious or other beliefs, health, biometric or genetic characteristics, criminal background or trade union membership).

What is the source of your personal information?

We’ll collect personal information directly from you from the following sources; on completion of registration forms, competition entry, newsletter subscriptions and purchases of our products.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests.
  • In addition to the eNewsletter, from time to time, we may also use your email address to contact you for market research purposes, in the form of an online survey.
  • We may use the information you have provided to customise the website according to your interests.
  • For market research and analysis and developing statistics

What are the legal grounds for our processing of your personal information (including when we share it with others)?

We rely on the following legal bases to use your personal data:

  1. Where it is needed to provide you with our products,
  2. Where it is in our legitimate interests to do so, such as:

i) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We may send marketing to you by SMS, email, phone, post and social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match.

When do we share your personal information with other organisations?

We don’t share your data with anyone except for other organisations and businesses who provide services to us such server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions.

How and when can you withdraw your consent?

Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.

What should you do if your personal information changes?

You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.

Do you have to provide your personal information to us?

We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

For how long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
  • Retention periods in line with legal and regulatory requirements or guidance.

What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.

  • The right to be informed about the processing of your personal information
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • The right to object to processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your personal information (“data portability”)
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.

Your right to object

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the details below to exercise these rights.

What are your marketing preferences and what do they mean?

We may use your home address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.

Security

We are committed to ensuring that your information is secure. Our website is certified as PCI DSS Compliant which ensures unbeatable security & protection of sensitive customer information including debit / credit card details. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at hello@eatstoats.co.uk

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. 

You may request details of personal information which we hold about you under the Data Protection Act 2018. If you would like a copy of the information held on you please write to Stoats Edinburgh Bakery, 36 Dryden Road, Edinburgh, Scotland, EH20 9LZ.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

List of cookies we collect

The table below lists the cookies we collect and what information they store.

Cookie name Cookie Description
Session Stores shopping basket/user account data as a user browses the website.
_ga Analytics cookie used to distinguish users and expires after 2 years.
_gid Analytics cookie used to distinguish users and expires after 24 hours.