PRIVACY POLICY

Last updated: April 2026

‍Friary Mill Bakery Ltd (“we”, “us”, or “our”) is committed to protecting and respecting your privacy.  This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with us, including when placing orders through our website.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

‍ ‍

1. Who We Are

‍Friary Mill Bakery Ltd is a company registered in England and Wales.

Registered Office: Friary Mill Bakery Ltd, 8 Oakfield Place, Cattedown, Plymouth, Devon, PL4 0QA.‍ ‍

Primary Authority: Horsham District Council‍ ‍

Company Number: 04618171

VAT Number: 501 3399 76

Email: orders@friarymill.co.uk

Telephone: 01752 255 113

We are the data controller of the personal information collected through our website and business operations.

‍ ‍

2. Information We Collect

We may collect and process the following types of personal data:

a. Information You Provide Directly

When you place an order, contact us, or create an account, we may collect:

  • Full name

  • Business name (for wholesale customers)

  • Billing and delivery address

  • Email address

  • Telephone number

  • Order details (products ordered, quantities, preferences)

  • Any notes or instructions you provide (e.g. delivery instructions, logos or inscriptions for bespoke products)

b. Payment Information

Payments are processed securely by third‑party payment providers and processors:

Stripe: https://stripe.com/gb/privacy

Dojo: https://dojo.tech/legal/privacy

‍We do not store full card details on our systems.

c. Website Usage Information

When you use our website, we may collect:

  • ‍IP address

  • Browser type and version

  • Pages visited and time spent

  • Device information

‍This data helps us improve our website and services.

‍ ‍‍ ‍

3. How We Use Your Information

We use your personal data for the following purposes:

  • ‍To process and fulfil orders placed through our website

  • To communicate with you regarding your order or enquiry

  • To manage deliveries and logistics

  • To maintain internal records and accounts

  • To improve our products, services, and website

  • To comply with legal and regulatory obligations

We only use your data where we have a lawful basis under UK GDPR.

‍‍ ‍

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – where processing is necessary to fulfil an order or agreement with you

  • Legal obligation – for accounting, tax, and regulatory compliance

  • Legitimate interests – to operate our bakery efficiently, improve services, and prevent fraud

  • Consent – where required for marketing communications (you may withdraw consent at any time)

‍ ‍

5. How Information Is Shared Internally

Your personal data is shared strictly on a need‑to‑know basis within Friary Mill Bakery Ltd:

Production Team

  • ‍Order details relevant to baking and preparation (e.g. product type, quantity, special instructions)

  • No unnecessary personal contact details are shared beyond what is required

Driver and Delivery Team

  • ‍Customer or business name

  • Delivery address

  • Contact telephone number (if required for delivery)

  • Delivery instructions

Retail Teams

  • Order details relevant to baking and preparation where the order is being prepared in-store

  • Customer or business name

  • ‍Contact telephone number (if required for delivery)

Office Teams

  • Customer or business name

  • Delivery address

  • Contact telephone number (if required for delivery)

  • Delivery instructions

  • Payment card details (if payment is taken over the phone; phone recording is paused where payment details are taken)

All staff are trained to handle personal data responsibly and in line with data protection requirements.

‍ ‍

6. Sharing Data with Third Parties

We may share limited personal data with trusted third parties where necessary, including:

  • Payment processors

  • Website hosting and IT service providers

  • Accounting and compliance providers

All third parties are required to:

  • Process data securely

  • Only use the data for the agreed purpose

  • Comply with UK GDPR requirements

We do not sell personal data.

‍ ‍

7. Data Retention

We retain personal data only for as long as necessary:

  • Order and accounting records: retained in line with legal and tax requirements

  • Customer contact details: retained while you remain an active customer or subscriber

  • Website data: retained for analytical and security purposes for limited periods

Data is securely deleted or anonymised when no longer required.

‍ ‍

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Secure servers, firewalls and encrypted connections

  • Access controls for staff

  • Regular system updates and security reviews

Despite our efforts, no system is completely secure, but we work to minimise risk.

‍ ‍

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data (where applicable)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO) – ICO website: https://www.ico.org.uk

10. Cookies

Our website uses cookies to ensure it functions correctly and to improve user experience.  For more information, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time.  The latest version will always be available on our website and the “Last updated” date will be amended accordingly.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us