General Data Protection Regulation

 

  • Hey Little Cupcake is committed to protecting personal data and ensuring compliance with GDPR and related legislation. All staff and volunteers will receive training to understand data protection principles and their responsibilities in safeguarding information.

  • Collected lawfully, processed fairly, stored securely, and used only for legitimate purposes related to the delivery of workshops, bakery operations, training, and communications.

  • Shared with unauthorised third parties, used for purposes beyond those communicated, or retained longer than necessary.

  • We implement robust security measures, maintain accurate records, and ensure data is only accessed by authorised personnel. All staff and volunteers are trained in GDPR compliance and secure data handling.

  • Email Addresses/telephone number to confirm order and contact a customer >Written down on an order form > filed away in a Diary > Taken to the kitchen to process order > File order form for a maximum of a month > Shredded at via Shredit.

    Bank Card details to take payment over the phone >Written down on an order form to take payment once a phone call has ended > order form filed for a maximum of a month > Shredded at via Shredit.

    Staff Sort code and Account numbers to process payroll > Processed all on-line using Citation, Atlas. Secure and can be deleted by user at any time.

    Staff Personal Information for Accountant > National insurance, bank details to be held by CCM Accountants.

    Website Traffic Information >Volume of people visited > What pages they clicked on > What area they're from.

    Include storing participant details for workshop bookings, communication, billing, staff and volunteer records, and tracking training and workshop outcomes.

  • All staff and volunteers complete mandatory induction and annual refresher training covering GDPR principles, secure data handling, responding to requests, and reporting concerns.

  • All individuals providing personal data are informed about how it will be used and their rights through clear privacy notices at the point of collection.

  • Any suspected or actual data breach must be reported immediately to the Designated Data Protection Lead. Breaches are investigated, mitigated, and reported to the Information Commissioner’s Office (ICO) where required.

  • Employers and management at Hey Little Cupcake have access to the ICO guidance and reporting system for reference: ico.org.uk, ICO Registration Number: ZC075761

 
Make it