Section 1 - What We Do with Your Information
When you purchase something from our online shop, as part of the buying and selling process, we collect the personal information you provide to us—such as your name, postal address, and email address.
When you browse our site, we automatically receive your computer's Internet Protocol (IP) address to help us learn about your browser and operating system.
Email marketing (where applicable): With your consent, we may send you emails about our shop, new products, promotions, and other updates.
Section 2 - Your Consent
How do we obtain your consent?
When you provide personal information to complete a transaction—for example, verifying your payment card, placing an order, arranging delivery, or returning a purchase—we assume that you consent to us collecting and using that information for that specific purpose only.
If we ask for your information for any secondary purpose, such as marketing, we will either ask you directly for your explicit consent or give you a clear opportunity to decline.
How can I withdraw my consent?
If you change your mind after opting in, you may withdraw your consent for us to contact you, or for the continued collection, use, or disclosure of your information, at any time by contacting us at hello@cakeandbeyond.co.uk
Section 3 - Disclosure
We may disclose your personal information if we are required to do so by law, or if you breach our Terms of Service.
Section 4 - Shopify
Our shop is hosted by Shopify Inc., which provides us with the e-commerce platform that enables us to sell our products and services to you.
Your data is stored securely via Shopify's data storage, databases, and general application systems, which are protected by firewalls and other safeguards.
Payments
If you choose a direct payment gateway to complete your purchase, Shopify stores your payment card details. These details are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is retained only for as long as is necessary to complete the transaction, after which it is deleted.
All direct payment gateways adhere to PCI-DSS standards, which are managed by the PCI Security Standards Council (a joint initiative by brands such as Visa, Mastercard, American Express, and Discover). These standards help ensure the secure handling of cardholder information.
For more details, you can review Shopify's Terms of Service and Shopify's Privacy Policy.
Section 5 - Third-Party Services
Generally, the third-party providers we use will only collect, use, and disclose your information to the extent necessary for them to perform the services they provide to us.
However, certain providers, such as payment processors, have their own privacy policies regarding the information we are required to share with them for your transactions. We recommend that you read their privacy policies to understand how your personal data will be handled by them.
Please note that some third-party providers may be located or have operations in countries outside the United Kingdom or the European Economic Area (EEA). If you choose to proceed with a transaction involving such a third-party provider, your information may be subject to the laws of the jurisdiction(s) where that provider operates.
Once you leave our website or are redirected to a third-party site or application, you are no longer governed by this Privacy Policy or our Terms of Service.
Links
When you click on links in our shop, they may take you away from our website. We are not responsible for the privacy practices of other websites and encourage you to read their privacy policies.
Section 6 - Security
We take reasonable precautions and follow recognized industry practices to ensure that your personal information is not lost, misused, accessed without authorization, disclosed, altered, or destroyed.
If you provide us with your card details, this information is encrypted using Secure Socket Layer (SSL) technology and stored using AES-256 encryption.
Although no method of transmitting or storing data online can be completely secure, we comply with all PCI-DSS requirements and other generally accepted industry standards to protect your data.
Section 7 - Cookies
We use cookies to help our website function effectively and to improve your shopping experience. Here is a list of cookies used on our site, so you can decide whether to opt out:
_session_id – unique token, session-based; allows Shopify to store session details (e.g., referrer, landing page).
_shopify_visit – no data held; persists for 30 minutes from the last visit; used by Shopify's internal stats tracker.
_shopify_uniq – no data held; expires at midnight (visitor's local time); counts the number of visits by a single customer.
cart – unique cart token; persists for 2 weeks; stores information about your shopping basket.
_secure_session_id – unique, sessional token.
storefront_digest – unique, indefinite token; used to determine if the visitor has access when a password is required.
Section 8 - Age of Consent
By using this website, you confirm that you are at least 18 years old, or that you are the parent or guardian giving consent for your minor dependents to use this site.
Section 9 - Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy at any time, so please review it regularly. Updates and clarifications will take effect immediately upon being posted on our website.
If we make any significant changes to this policy, we will notify you here so that you are aware of what information we collect, how we use it, and under what circumstances it may be disclosed.
If our business is acquired or merged with another company, your information may be transferred to the new owners to ensure continuity of service.
Contact Us
If you would like to access, correct, amend, or delete any personal information we hold about you, register a complaint, or request further information, please contact our Privacy Compliance Officer at:
📧 hello@cakeandbeyond.co.uk
