At The Bakery, we are committed to maintaining the trust and confidence of visitors to our site, our much-loved members of our networks, and those with whom we actively explore collaboration opportunities. In particular, we want you to know that The Bakery is not in the business of selling, renting or trading email lists with other companies and businesses for any purpose.
To really press home our commitment to keeping everything completely transparent we’ve whipped together lots of detailed info on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. Grab a cuppa, take a seat, and let’s get this GDPRty started!
What data we collect
As part of the registration process for our newsletters, we collect both personally identifiable information (your name and email address) and non-identifiable information (your company name) from you. We use that information to send you our newsletter (surprising, we know). We don’t rent or trade emails lists with other organisations and businesses.
Data collected for the purpose of sending our newsletter is held on Jumplead’s servers, along with our own internal CRM, both of which are held on AWS servers located in the European Union. We hold this data until you choose to unsubscribe, either through the links on the newsletter itself or by messaging one of the team directly.
When we actively work with individuals on projects, we collect and store both personally identifiable information (primarily an individual’s name and email address, and often mobile/landline numbers and business addresses) and non-identifiable information (company name, interaction history, etc.). We store this personally identifiable data in our own internal CRM, held on AWS servers located in the European Union, for 6 years following the conclusion of the programme, or until the owner requests its removal (as long as removing it does not conflict with the legitimate or contractual interests of any other party).
Lawful Basis for Processing
As of May 25th 2018, the requirements for having an individual’s consent to their personal information will change. Anyone signing up to our newsletter following this date will be covered under the basis of consent, but for those of you lovely people already receiving our newsletter, even though you may have already given your consent on our website, or orally, this may need updating to be considered consent under the GDPR.
So that there isn’t a cliff-edge on May 25th for those who haven’t actively updated their consent (either refreshed or withdrawn), we will continue to send our newsletters to those already subscribed under the basis of legitimate interest. We are satisfied our data meets the balancing test set out in ICO guidance, that is:
- Those already subscribed to our newsletter would expect to be sent subsequent newsletters on the same basis.
- The potential nuisance factor of unwanted newsletters is limited by a clear unsubscribe link on every message (though we truly hope they are never a nuisance).
- We’re all friends here and our newsletters are a very effective way for us to engage with our much-loved networks, and for those in our networks to stay up-to-date with the opportunities we’re working on. We hope they can bring real value to those subscribed in a true win-win fashion.
For the data we handle during our active programmes, we do this under the basis of carrying out a contract, either with our clients, or with those companies/individuals with whom we are under agreement.
Here we lay out the instances where, and with whom, we share personally identifiable information with third parties. The only other instance when we might share your information is when required to do so by law (or to save your life, we got you).
Our Corporate Clients
During the course of programmes with our corporate clients, they may request contact details for some of the individuals involved in those programmes, so they can pick up and continue conversations. We will inform you and make the appropriate introductions in that situation.
Guanxi & Envoy
At The Bakery, each team member has their own networks and connections with amazing individuals around the world and so, while we don’t rent, sell or trade your personal information to anyone, we are working with the lovely lads at Guanxi (trading name of Cross Validation Limited) and the incredible team at Envoy (trading name of Envoy AG) to process our email and LinkedIn data to help us navigate our combined networks as a team.
This only applies to individuals with whom we are in direct back-and-forth email communication, or with LinkedIn connections (excluding purely personal connections). The only personally identifiable information shared with Guanxi and Envoy are names, email addresses and phone numbers (if present in your address-book). All data shared with Guanxi is held on AWS servers in either the European Union or the United States, inside the AWS security infrastructure, while that shared with Envoy is held on Rackspace servers in the UK. These projects are a work in progress, but if you’d rather not have your data used in this way, please email the team.
Guanxi’s address: Pioneer House, Vision Park, Histon, Cambridge, Cambridgeshire, United Kingdom, CB24 9NL
Envoy’s address: Moserstrasse 48, 8200 Schaffhausen, Switzerland
In the event of a breach where we find your personally identifiable information may have been compromised we will inform both you and the Information Commissioner’s Office within 72 hours of detecting the breach.
Control over your personal information
Under the GDPR, coming into effect May 25th 2018, your rights are as follows. You can read more about your rights in detail here;
- The right to be informed – to be in the know.
- The right of access – to know what we know.
- The right to rectification – to correct what we have.
- The right to erasure – to remove your data.
- The right to restrict processing – to stop anything being done with your data.
- The right to data portability – to move your data elsewhere.
- The right to object – to… object.
- The right not to be subject to automated decision-making including profiling – we don’t automate decision-making so all good here.
If you have a request with regards to your personal information, please email Anthony Chase.
You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.
To sum all of this up, we care about your data and making sure we are only handling what we need, when we need, responsibly. It’s yours after all, not ours, and we should all treat others’ stuff with respect. As with anything else, we’re always happy to have a chat about any of this, or any concerns/suggestions you may have. If you have any questions, let us know at email@example.com, and one of the team will get back pronto.
In the meantime, best wishes, much love, and keep being amazing!