At The Bakery, we are committed to maintaining the trust and confidence of visitors to our site, our much-loved members of our networks, and those with whom we actively explore collaboration opportunities. In particular, we want you to know that The Bakery is not in the business of selling, renting or trading email lists with other companies and businesses for any purpose.
To really press home our commitment to keeping everything completely transparent we’ve whipped together lots of detailed info on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. Grab a cuppa, take a seat, and let’s get this GDPRty started!
What data we collect
As part of the registration process for our newsletters, we collect both personally identifiable information (your name and email address) and non-identifiable information (your company name) from you. We use that information to send you our newsletter (surprising, we know).
We don’t rent or trade emails lists with other organisations and businesses.
Data collected for the purpose of sending our newsletter is held on Jumplead’s servers, along with our own internal CRM, both of which are held on AWS servers located in the European Union. We hold this data until you choose to unsubscribe, either through the links on the newsletter itself or by messaging one of the team directly.
We also use make of other third-party providers’ advertising technologies (Google, Facebook, Reddit, Quora, LinkedIn) to track the effectiveness of our advertising campaigns.
This involves gathering statistics around who has clicked-through on our ads using industry standard technologies to help us monitor and improve our marketing efforts. You can disable the use of such tracking technologies by using a cookie-less browser such as Google Chrome’s incognito or by setting your browser settings to ‘do not track’.
When we actively work with individuals on projects, we collect and store both personally identifiable information (primarily an individual’s name and email address, and often mobile/landline numbers and business addresses) and non-identifiable information (company name, interaction history, etc.). We store this personally identifiable data in our own internal CRM, held on AWS servers located in the European Union, for 6 years following the conclusion of the programme, or until the owner requests its removal (as long as removing it does not conflict with the legitimate or contractual interests of any other party).
Conducting Consumer Research
On certain projects, we may be required to carry out primary consumer research to better understand the consumer problem and/or need we are solving. In addition to the responses to the specific interview/survey questions we will also collect some personal information about you such as name, email address, gender and other information pertinent to the research we are conducting.
Any responses given to the interview questions and/or on the survey responses will be anonymised and used to inform product/proposition development. This may involve sharing the anonymised responses with the client and client stakeholders we are conducting the research on behalf of.
We will never sell or share your personally identifiable information with any third parties.
Applying to work for us
At The Bakery, we receive a lot of interest from talented people wanting to work for us. If you apply via our website or by email, we will collect and store personally identifiable information such as your name, email address and phone number from your application, as well as your employment history, referee details etc. from your CV. We store this personally identifiable data in our own internal CRM, held on AWS servers located in the European Union, for the
duration of any application and employment by the company and for 1 year thereafter, or until the owner requests its removal. But you said there are no roles available right now – why do you want to hold on to my
information? Sometimes we might not have an active vacancy that fits an applicant’s background, but this doesn’t mean one won’t come up in the future as we continue to grow.
We are always on the hunt for talented people to grow our team so when we do have great applications for roles we might have coming up in future, we like to take note of these so we can reach out should an opportunity arise. If you would prefer we didn’t hold on to your information though that’s absolutely fine – just send us a quick email at firstname.lastname@example.org to let us know and we will remove your info from our system.
Lawful Basis for Processing
As of May 25th 2018, the requirements for having an individual’s consent to their personal information will change. Anyone signing up to our newsletter following this date will be covered under the basis of consent, but for those of you lovely people already receiving our newsletter, even though you may have already given your consent on our website, or orally, this may need updating to be considered consent under the GDPR. So that there isn’t a cliff-edge on May 25th for those who haven’t actively updated their
consent (either refreshed or withdrawn), we will continue to send our newsletters to those already subscribed under the basis of legitimate interest. We are satisfied our data meets the balancing test set out in ICO guidance, that is:
Those already subscribed to our newsletter would expect to be sent subsequent newsletters on the same basis.
The potential nuisance factor of unwanted newsletters is limited by a clear unsubscribe link on every message (though we truly hope they are never a nuisance).
We’re all friends here and our newsletters are a very effective way for us to engage with our much-loved networks, and for those in our networks to stay up-to-date with the opportunities we’re working on. We hope they can bring real value to those subscribed in a true win-win fashion.
For the data we handle during our active programmes, we do this under the basis of carrying out a contract, either with our clients, or with those companies/individuals with whom we are under agreement.
Here we lay out the instances where, and with whom, we share personally identifiable information with third parties. The only other instance when we might share your information is when required to do so by law (or to save your life, we got you).
Our Corporate Clients
During the course of programmes with our corporate clients, they may request contact details for some of the individuals involved in those programmes, so they can pick up and continue conversations. We will inform you and make the appropriate introductions in that situation.
Guanxi & Envoy
At The Bakery, each team member has their own networks and connections with amazing individuals around the world and so, while we don’t rent, sell or trade your personal information to anyone, we are working with the lovely lads at Guanxi (trading name of Cross Validation Limited) and the incredible team at Envoy (trading name of Envoy AG) to process our email and LinkedIn data to help us navigate our combined networks as a team.
This only applies to individuals with whom we are in direct back-and-forth email
communication, or with LinkedIn connections (excluding purely personal connections). The only personally identifiable information shared with Guanxi and Envoy are names, email addresses and phone numbers (if present in your address-book). All data shared with Guanxi is held on AWS servers in either the European Union or the United States, inside the AWS security infrastructure, while that shared with Envoy is held on Rackspace servers in the UK. These projects are a work in progress, but if you’d rather not have your data used in
this way, please email the team. Guanxi’s address: Pioneer House, Vision Park, Histon, Cambridge, Cambridgeshire, United Kingdom, CB24 9NL
Envoy’s address: Moserstrasse 48, 8200 Schaffhausen, Switzerland
In the event of a breach where we find your personally identifiable information may have been compromised we will inform both you and the Information Commissioner’s Office within 72 hours of detecting the breach. Control over your personal information Under the GDPR, coming into effect May 25th 2018, your rights are as follows. You can read more about your rights in detail here;
The right to be informed – to be in the know.
The right of access – to know what we know.
The right to rectification – to correct what we have.
The right to erasure – to remove your data.
The right to restrict processing – to stop anything being done with your data.
The right to data portability – to move your data elsewhere.
The right to object – to… object.
The right not to be subject to automated decision-making including profiling – we don’t
automate decision-making so all good here.
If you have a request with regards to your personal information, please email Anthony
You also have the right to complain to the ICO if you feel there is a problem with the way we
are handling your data.
To sum all of this up, we care about your data and making sure we are only handling what
we need, when we need, responsibly. It’s yours after all, not ours, and we should all treat
others’ stuff with respect. As with anything else, we’re always happy to have a chat about
any of this, or any concerns/suggestions you may have. If you have any questions, let us
know at email@example.com, and one of the team will get back pronto.
In the meantime, best wishes, much love, and keep being amazing!
Anti–Slavery and Human Trafficking Policy
The Bakery Worldwide Group is committed to ensuring that Modern Slavery in all its forms,
does not exist within its own business or from within its supply chain. Please click here to
view our full Anti-Slavery and Human Trafficking Policy.