Privacy Policy

Last updated: March 2026

This Privacy Notice explains how AJ Cakes & Co ('we', 'us', or 'our') collects, uses, stores, and protects your personal information when you use our Services, including:

  • Visiting our website at ajcakes.co.uk
  • Placing orders through our online store for traditional Scottish home baking, tablet, and confectionery
  • Contacting us for enquiries, sales, or customer support
  • Engaging with us in any other related way (marketing, events, etc.)

Questions or concerns?

Reading this Privacy Notice will help you understand your rights. If you do not agree with our practices, please do not use our Services.

For any questions, contact us at: orders@ajcakes.co.uk

SUMMARY OF KEY POINTS

  • What personal information do we collect? We collect information you provide (name, email, phone, delivery address, payment details) and some automatically collected data (IP address, browser info, etc.).
  • Do we process sensitive personal information? No. We do not collect or process sensitive personal information.
  • Do we collect information from third parties? We only receive information from Shopify when you make a purchase.
  • How do we use your information? Mainly to process and deliver your orders, respond to enquiries, improve our service, and comply with legal obligations.
  • Do we share your information? Only with Shopify (for payments & order processing) and trusted delivery partners when necessary. We do not sell your data.
  • How do we keep your information safe? We use reasonable security measures, but no system is 100% secure.
  • What are your rights? You have the right to access, correct, or delete your personal information. You can also withdraw consent where we rely on it.

TABLE OF CONTENTS

  1. What Information Do We Collect?
  2. How Do We Process Your Information?
  3. What Legal Bases Do We Rely On?
  4. When and With Whom Do We Share Your Personal Information?
  5. Do We Use Cookies and Other Tracking Technologies?
  6. How Long Do We Keep Your Information?
  7. How Do We Keep Your Information Safe?
  8. Do We Collect Information from Minors?
  9. What Are Your Privacy Rights?
  10. Controls for Do-Not-Track Features
  11. Do We Make Updates to This Notice?
  12. How Can You Contact Us?

1. WHAT INFORMATION DO WE COLLECT?

Personal Information You Disclose to Us

We collect personal information that you voluntarily provide when you:

  • Place an order on our website
  • Create an account
  • Contact us by email or phone
  • Sign up for newsletters or marketing communications

This may include:

  • Names
  • Phone numbers
  • Email addresses
  • Delivery / billing addresses
  • Order details and preferences

Payment Data

When you make a purchase, we collect the data necessary to process your payment. All payment processing is handled securely by Shopify. We do not store your full credit or debit card details ourselves.

You can view Shopify’s privacy policy here: https://www.shopify.com/legal/privacy

Information Automatically Collected

When you visit our website, we automatically collect certain technical information such as:

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Pages visited and time spent
  • Referring website

This helps us improve our website, analyse usage, and maintain security.

We also use cookies and similar technologies. Please see our Cookie Notice (or our separate Cookie Policy) for full details.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for the following purposes:

  • To process and fulfil your orders (including delivery)
  • To manage your account (if you have one)
  • To respond to your enquiries and provide customer support
  • To send you order updates and important service messages
  • To send marketing communications (only if you have opted in)
  • To improve our website and services
  • To comply with legal and regulatory obligations (tax, accounting, fraud prevention)
  • To protect our legitimate business interests

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

Under UK GDPR we only process your data when we have a valid legal basis. We rely on the following:

  • Performance of a Contract – to process your orders and deliver your baking
  • Legitimate Interests – to improve our services, prevent fraud, and communicate with you about your orders
  • Consent – for marketing emails and non-essential cookies (you can withdraw this at any time)
  • Legal Obligations – to comply with tax, accounting, and other legal requirements

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We only share your information when necessary and with trusted parties:

  • Shopify – for website hosting, order management, and payment processing
  • Delivery / courier partners – to deliver your orders (e.g. Royal Mail, DPD, or local couriers)
  • Professional advisers – accountants or legal advisers when required
  • Legal authorities – if required by law

We do not sell your personal data to third parties for marketing purposes.

In the event of a business sale or merger, your data may be transferred as part of the business assets.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Yes. We use essential cookies to make the website work (shopping cart, checkout, etc.).

We may also use analytics cookies (e.g. Google Analytics) to understand how visitors use our site.

You can manage or block cookies through your browser settings. For more details, please refer to our Cookie Notice.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep your personal information only for as long as necessary for the purposes set out above, or as required by law (for example, we must keep order and tax records for at least 6 years).

Once we no longer need your information, we will delete or anonymise it.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have put in place reasonable technical and organisational measures to protect your personal information (e.g. secure servers, encrypted connections, access controls).

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. DO WE COLLECT INFORMATION FROM MINORS?

Our Services are not directed at children under 18.

If you are under 18, you may only place an order with the permission and supervision of a parent or guardian.

We do not knowingly collect data from minors.

9. WHAT ARE YOUR PRIVACY RIGHTS?

Under UK GDPR you have the following rights:

  • Right to access your personal data
  • Right to rectification (correct inaccurate data)
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent at any time (where we rely on consent)

To exercise any of these rights, please contact us at orders@ajcakes.co.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

https://ico.org.uk/make-a-complaint/

10. CONTROLS FOR DO-NOT-TRACK FEATURES

At present, we do not respond to Do-Not-Track (DNT) signals because no uniform standard has been adopted. If a standard is finalised in the future, we will update this Notice accordingly.

11. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Notice from time to time. The “Last updated” date at the top will be changed accordingly.

We encourage you to review this page periodically.

12. HOW CAN YOU CONTACT US?

AJ Cakes & Co

Data Protection Contact

Email: orders@ajcakes.co.uk

Phone: 07951 196 363