PRIVACY POLICY

We understand how important your personal data is. This privacy policy will help you understand what data we collect, why we collect it, and how we look after your data when you visit our website. These rights are protected by law, so please read this policy carefully. 

1. IMPORTANT INFORMATION AND WHO WE ARE

Who are Carr’s? How can you contact us?

Carr’s Flour Mills Limited (company number 00480341) (“Carr’s”, “we”, “us”, or “our”) are the data ‘controller’, meaning we are responsible and must look after your personal data. 

If you have any questions about this privacy policy or how we protect your data, please contact us using the following contact details:

Full name of legal entity: Carr’s Flour Mills Limited

Email address: carrs@carrsflour.co.uk

Postal address: Victoria Mills, London Road, Wellingborough, Northamptonshire, NN8 2DT

Telephone number: 01592 267191 

Purpose of this privacy policy

This privacy policy aims to give you information on how Carr’s collects and uses your personal data when you use our websites, including any data you may provide when you sign up to our newsletter or purchase a product from our web shop.

We may collect your personal information in some of the following ways:

• When you visit the website at https://carrsflour.co.uk/
• When you order an item from the web shop at https://shop.carrsflour.co.uk/
• When you register to receive marketing newsletters
• When you contact Carr’s Flour via telephone, email, letter or through our social media channels
• When you enter any prize draws or competitions run by Carr’s Flour
•  Any of our other services 

whether interacting with us, purchasing our products and/or using our services.  

By using our websites, you consent to the collection and use of the information you provide to us, as outlined in this Privacy Policy.

Our websites are not intended for children, and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy is additional to other notices and privacy policies and so does not override them.

Changes to the privacy policy and your duty to inform us of changes.

We keep our privacy policy under regular review. This version was last updated in November 2023. Older versions can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes.

2. HOW WE COLLECT AND USE YOUR DATA

What is personal data?

Personal data means any information that may be used to identify you, such as your name, title, phone number, email address, or postal address. It is information where you as an individual can be identified. It does not include data where your identity has been removed. 

How do we collect it, and what is it used for? 

We may collect and use your personal data through different methods including through:

• Information you give us. We shall collect your personal data when you use our services or buy our products. examples of this is where you register an account with us on our websites; when you purchase products and/or services from us; submit one of our online forms, complete a competition, survey or provide feedback; sign up to our newsletter; or request marketing to be sent to you. 

When you do any of the above, we may ask for personal data such as: 

• your name, address (such as delivery address) and contact information, including email address and telephone number and company details.
• your account details, such as username and login details.
• information to check and verify your identity, e.g. date of birth.
• your gender if you choose to give this to us.
• your billing information, such as your bank account, transaction and payment card or other payment method information.
• details of any information, feedback, or other matters you give to us by phone, email, post or via social media.

• When browsing our website. In general, you can browse any of Carr’s websites without giving us personal information. We use several products to analyse traffic to our website in order to understand our visitors’ needs and to continually improve our website for them, such as Google Analytics (although these do not form part of your personal data). 

If you have concerns about this, please contact us, or review Google’s privacy policy at: https://www.google.com/policies/privacy/.  

There are some services on our websites that require you to be registered. For example, to receive our newsletter or purchase products from our online store. As part of the registration process, we collect your personal data. We use this information to send you newsletters if you’ve opted-in to receive them, and to fulfil orders from our shop. We will never sell, rent or trade email lists with other companies and businesses for marketing purposes. 

Examples of the types of personal data we collect when you interact with our website(s) include: 

• location data if you choose to give this to us.

• your activities on, and use of, our websites.

• your IP address.

• marketing and communications data, which includes your preferences in receiving marketing from us and your communication preferences.

• information about the products and/or services we provide to you.

• computer and connection information such as browser type and version.

• information about how you use our website and technology systems.

• Through third parties or publicly available sources. We may receive personal data about you from trusted third parties such as advertisers, to ensure our advertising is relevant and successful. 
• Social media. We use social media such as Facebook (Meta) and other similar platforms such as Instagram or Tik Tok to interact with our customers. When this happens, you will have a direct relationship with these platforms and agree to their terms of use. We only have information that you have agreed for us to access through these platforms. If you have any questions about our social media activity, please contact us at carrs@carrsflour.co.uk.  

The personal data we collect and use, as outlined above is not exhaustive, and may be stored and transferred to third parties in accordance with this privacy policy. 

Links to third party websites

Our websites may contain links to information on other websites, for example, a guest blog post may link to the guest blogger’s website, social media, or other sites we link to (such as advertising). On websites we do not control, we cannot be responsible for the protection and privacy of any information that you provide while visiting those sites. Those sites are not governed by this Privacy Policy, and if you have questions about how a site uses your information, you’ll need to check that site’s privacy notice.

Sensitive data

We do not knowingly collect special categories of data (also known as sensitive personal data).  If we were to do so, we would do so on the basis that it was necessary for reasons of substantial public interest, to establish, exercise or defend any legal claims, or in some cases, with explicit consent. In any case, we would carry out the processing in accordance with applicable laws.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

3. HOW AND WHY WE USE YOUR PERSONAL DATA

Under data protection laws, we can only use your personal data for specific purposes. We may collect, process, and disclose your personal data for the following reasons:

• Creating and managing your account with us, which may include conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us. 
• Providing products to you including providing information to third party providers e.g.: financial services or delivery providers.
• Managing any payments including collecting and recovering any money owed to us.
• To meet our internal and external audit requirements, including our information security obligations.
• Updating and enhancing customer records. 
• Customising our website and its content to your particular preferences based on a record of your selected preferences or on your use of the website.
• Statistical analysis to help us understand our customer base.
• Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended.
• Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business.
• Communications with you not related to marketing, including about changes to our terms or policies or changes to the products or other important notices.
• Asking you to leave a review on your experience of our website or products you have purchased from us.
• Protecting the security of systems and data used to provide the services.

Where reasonably practical, we will ask for your consent to process your personal data. Where you have provided consent, you have the right to withdraw it at any time. However, it is not practical to ask for your consent for certain types of data we may collect about you. 

When processing your personal data we need a lawful reason to do so. We rely on: 

• our performance of the contract as a reason to process your data. This may be where we create and manage your account, provide your details to delivery or financial services, or manage and/or recover payments from you.  

• our legal or regulatory obligations. We may do this where we have to identify you and verify your identity or to help prevent and detect fraud against you or us. 
• a legitimate interest. A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us. For example, we have legitimate interest in using your personal data for marketing purposes. This means we do not need your consent to send you marketing information about exclusive offers, promotions, and new products that we think may be of interest to you. 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason (where it is the same as the original purpose). If we need to use your personal data for an unrelated purpose, we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing

You can subscribe to our newsletters and marketing materials though our websites and other channels so we can send you newsletters and marketing materials (either by email, text message, telephone, or post). Marketing will include entering competitions and promotions through or subscribing to receive information from us through other channels.

We may also send you updates on our products including exclusive offers, promotions, and new products that we think may be of interest to you. You have the right to opt out of receiving marketing communications at any time by clicking the unsubscribe link at the bottom of any of our newsletter emails or by emailing carrs@carrsflour.co.uk. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

Third-party marketing

We will always treat your personal data with the utmost respect and never sell it with other organisations for marketing purposes.

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time at carrs@carrsflour.co.uk .

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see:  https://carrsflour.co.uk/privacy-policy/

4. DISCLOSURES OF YOUR PERSONAL DATA

To provide our services to you, we may share your personal data with:

• any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries.
• third-party service providers who provide IT, sales, logistics, marketing, and system administration services.
• our external auditors and/or professional advisers, in which case the third-party recipient of the information will be bound by confidentiality obligations.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets or acquire or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We may remove any information which could lead to you being identified by your Data and share with selected third parties in accordance with this Privacy Policy.

In rare cases we may disclose your personal information:

• if we are under a duty to disclose or share your personal data to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements.
• to protect the rights, property, or safety of Carr’s, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

1. how we store and keep your data secure

Your personal data is stored on secure UK based servers. There may be certain instances where we transfer your personal data outside the UK. Whenever we transfer your personal data out of the UK, we will make sure the same level of protection is provided by ensuring we will only transfer your personal data to countries that provide an adequate level of protection for personal data. 

We care about your personal data and want to prevent it from being accidentally lost, used, or accessed in an unauthorised way. We limit other parties’ employees from access to your personal data unless absolutely necessary. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

You have the right to ask us for more information about our safeguards. Please contact us if you would like to receive further details. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to Carr’s; any transmission is at your own risk. 

5. DATA RETENTION

How long will you use my personal data for?

We will only retain your personal information for as long as is necessary to fulfil the purposes we collect it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  this means we may retain all personal data for up to seven years from collection.

We consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

In some circumstances you can ask us to delete your data: see your legal rights below for further information.

In some circumstances we may remove any information which could lead to you being identified from your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

6. YOUR LEGAL RIGHTS

You have certain rights in law regarding your personal data. These include the rights to:

• request a copy of the personal data we hold about you. 
• request that we supply you (or a nominated third party) with an electronic copy of the personal data that you have provided us with. 
• inform us of a correction to your personal data.
• exercise your right to restrict our use of your personal data. 
• exercise your right to erase your personal data; or 
• object to particular ways in which we are using your personal data (such as automated decision making, or profiling (for example to help us decide what products and services would suit you best); or
• understand the basis of international transfers of your personal data by us. 

Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. Where processing is carried out based upon your consent, you have the right to withdraw that consent. 

Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g., because we have legitimate grounds for not doing so or where the right does not apply to the particular personal data, we hold on you.

You should note that if you exercise certain of these rights, we may be unable to continue to provide some or all of our products or services to you (for example where the personal data is required by us to comply with a statutory requirement or is necessary in order for us to perform our contract with you).

We ask that you contact us to update or correct your personal data if it changes or if the personal information, we hold about you is inaccurate.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How to complain 

If you are not happy with how we have looked after your data, you can contact the UK Regulator; the Information Commissioner’s Office (ICO) (found at www.ico.org.uk). If you do have issues or concerns, please contact us first so we can help. 

If you remain unhappy with how we have processed your data, you can contact the ICO on the below information:

The ICO’s address:    
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113