FRESHLY BAKED GOODNESS EVERY DAY WITH HOMEMADE ARTISAN BREADS
+64 9 248 3762 Order Now
Abstract office background

ROTECTION

This Data Protection Policy explains comprehensively how we collect, process, store, and protect personal data from users who interact with our platform. Our services are strictly informational, and we do not sell, rent, or otherwise exploit personal data for commercial purposes. We are committed to full transparency, privacy protection, and compliance with applicable data protection laws and regulations. This policy details the types of data collected, purposes of processing, storage and retention policies, security measures, user rights, data sharing, cookies, third-party links, risk management, compliance monitoring, and updates to the policy.

1. Collection of Personal Data

Personal data is collected when users voluntarily provide it through forms, subscriptions, inquiries, surveys, or other interactions with our informational services. This may include names, email addresses, phone numbers, and other contact information necessary for delivering relevant content. Additionally, we collect technical and behavioral data automatically via cookies, analytics, and other tracking technologies. Such data includes IP addresses, browser type, operating system, device identifiers, referring URLs, pages visited, time spent on the platform, and user interactions. Automatic data collection enables us to analyze usage, monitor performance, and improve content and user experience. We do not collect sensitive data unless explicitly provided by the user for specific purposes.

2. Purpose of Data Processing

Personal data is processed solely to provide and enhance our informational services. Key purposes include:

  • Responding to user inquiries and providing requested informational content;
  • Sending newsletters, updates, or notifications to users who have consented;
  • Analyzing user behavior to improve website functionality, content relevance, and accessibility;
  • Ensuring the security of the platform and preventing unauthorized access or misuse;
  • Complying with legal and regulatory obligations;
  • Conducting internal research and analysis to improve service quality;
  • Monitoring technical performance, identifying errors, and implementing continuous improvements.

Personal data is never used for marketing, advertising, or commercial purposes outside of providing informational services.

3. Legal Basis for Processing

Our processing activities are based on one or more lawful grounds, including:

  • Consent: Users voluntarily provide their data for specific purposes, such as subscriptions and inquiries;
  • Legitimate Interests: Processing is necessary to provide, maintain, and enhance informational services, improve user experience, and ensure platform security;
  • Legal Obligation: Processing is required to comply with applicable laws, regulations, or contractual requirements.

Users may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. Sharing and Disclosure of Personal Data

Personal data is not sold, rented, or traded. It may be shared only with trusted third-party service providers who support the provision, maintenance, or enhancement of our informational services, including hosting, analytics, IT support, and communication service providers. These providers are contractually obligated to use personal data solely for the specified purposes and to maintain robust security measures. Personal data may also be disclosed when legally required, to protect our rights or property, prevent fraud, or ensure the safety of users or the platform. Any disclosure is limited to what is necessary for the intended purpose.

5. Data Retention and Storage

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this policy or comply with legal obligations. Data no longer required is securely deleted, anonymized, or otherwise rendered inaccessible. Retention policies are regularly reviewed to ensure compliance with legal and regulatory requirements. All data is stored on secure, encrypted servers with strict access control to prevent unauthorized access, loss, or misuse.

6. Data Security Measures

We employ extensive technical and organizational measures to protect personal data against unauthorized access, alteration, loss, or disclosure. Security measures include encryption of data in transit and at rest, secure server infrastructure, firewalls, intrusion detection systems, regular monitoring, access control policies, and employee training in data protection. Systems are regularly tested and audited for vulnerabilities. While we strive for maximum security, no electronic transmission or storage system can be guaranteed entirely secure.

7. User Rights

Users have rights under applicable data protection laws, including:

  • Right of access: To obtain confirmation and a copy of the personal data we hold;
  • Right to rectification: To correct or update inaccurate or incomplete data;
  • Right to erasure: To request deletion of personal data that is no longer necessary;
  • Right to restrict processing: To limit the use of personal data in certain circumstances;
  • Right to object: To object to processing based on legitimate interests;
  • Right to data portability: To receive personal data in a structured, commonly used, machine-readable format;
  • Right to withdraw consent: Where processing is based on consent, at any time.

Users can exercise these rights by contacting us using the information below. Requests are handled promptly and in accordance with applicable laws.

8. Cookies and Tracking Technologies

Our platform uses cookies and similar technologies to monitor usage, enhance performance, optimize content delivery, and remember user preferences. Cookies enable us to improve navigation, analyze trends, and ensure smooth user experience. Users can manage or disable cookies through browser settings; however, some platform features may be limited if cookies are disabled.

9. External Links and Third-Party Services

Our informational services may include links to external websites. We are not responsible for the privacy practices or content of these third-party sites. Users are encouraged to review the privacy policies of any external websites before submitting personal data.

10. Risk Management and Compliance

We continuously assess risks related to personal data protection and implement measures to mitigate those risks. This includes regular internal audits, compliance checks, incident response planning, and staff training. In case of a data breach, we take immediate action to contain the incident, notify affected users and regulatory authorities as required, and implement corrective measures to prevent recurrence. Our approach ensures data is processed in accordance with applicable laws, regulations, and organizational policies.

11. Policy Updates

This Data Protection Policy may be updated periodically to reflect changes in legal requirements, technological developments, or internal practices. Updates will be published on this page with a new version number and effective date. Users are encouraged to review the policy regularly to remain informed about how personal data is collected, used, and protected. Continued use of the platform constitutes acceptance of any updates to this policy.