Our contact details
C/Jaime Vera 1, Esc B 2 izq
28011 Madrid Spain
The type of personal information we collect
We currently collect and process the following information:
Contact details: name, email address and phone number (in some cases home address)
Personal dates: birthday and special celebrations
Personal dietary information: known allergens
How we get the personal information
By phone or email when you contact us regarding a future order and inquiry about our products and classes
By direct message on social media platforms when you contact us regarding an order or inquiry about our products and classes
By online form when you contact us regarding a future order and inquiry about our products and classes
By online shop when you order and purchase one of our products for pick-up or delivery
By online form when you subscribe to our email list
When you make a purchase through our online store, no matter the payment type, your bank information never comes to us.
Direct bank transfer: we receive a notice with your name and date of transfer only
Bank or Credit card: this is processed through Stripe, our payment gateway. We never receive any personal bank information from them, simply that your payment has been received.
SEPA Direct Debit: this is also processed through Stripe, our payment gateway. We never receive any personal bank information, simply that your payment has been received.
Bizum: this is processed through TPV Virtual payment systems. We will see your name, date of payment, and concept of payment.
How we use the personal information
Most of the personal information we process is provided to us directly by you for one of the following reasons:
To Respond to inquiry regarding a product or class
To confirm the details of and/or deliver an order
To process orders or provide the service you have requested
To keep you informed of offers for special events that you have indicated.
To add you to our email list and send you regular updates and marketing emails
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
Your consent. When you sign up to be on our mailing list, we will ask for your consent to be contacted and added to our database. You are able to remove your consent at any time. You can do this by contacting email@example.com
To fulfill our contract with you. When you place an order, purchase a product, or sign up for a class, we will ask for personal information and any dietary restrictions you may have. We will ask for this information, because we need to fulfill our contract with you.
Our condition for processing your dietary requirements (special category data) is explicit consent.
We have a legitimate interest. If you contact us requesting information regarding products or classes, we will use personal data to respond to this request.
After receiving a product from or participating in a class with TastyCakes, you will have the opportunity to provide feedback and commentary that can serve as testimonials for future marketing and/or sales purposes. If we choose to publish this feedback on our website, in marketing emails, or on social media platforms, we will never include any identifying personal information with this feedback without your prior consent.
Who we share your data with
We may share this information with:
Our service providers, e.g. gestor/accountant and virtual assistant
Employees of TastyCakes
We will only share your information with our trusted service providers when there is a legitimate need to do so. In this case we will only share the minimum information necessary to meet our legitimate business requirement. When doing so, we expect these service providers to treat your personal data securely and for only the purposes intended.
How we store your personal information
We keep all contact information and dates while you are an active client or email subscriber of TastyCakes Madrid, and for two years after. We will then dispose of your information by deleting all information from our computer and CRM databases.
Our “opt-out” list will be maintained for a period of two years, to ensure that you are in fact not receiving emails, then will be permanently deleted.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
You can also complain to the AEPD if you are unhappy with how we have used your data.
The AEPD’s contact information:
Agencia Española de Protección de Datos
C/Jorge Juan 6
Telephone number: +34 91 266 3517