Privacy Policy

Privacy Policy

Last updated: 28 March 2026

The Cake Bar is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or place an order with us.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The data controller responsible for your personal data is:

The Cake Bar
Leeds, United Kingdom

If you have any questions about this policy or how we handle your data, please contact us via our Contact page.

2. What Data We Collect

We may collect and process the following personal data:

  • Identity data: your name
  • Contact data: email address, phone number, delivery address
  • Transaction data: details of products you have purchased and payments made
  • Technical data: IP address, browser type, device information, pages visited, and time spent on our website (collected via cookies)
  • Marketing data: your preferences for receiving marketing communications from us
  • Communications data: any messages you send us via email or contact forms

3. How We Collect Your Data

We collect data in the following ways:

  • Directly from you — when you place an order, create an account, contact us, or sign up for marketing
  • Automatically — via cookies and similar technologies when you browse our website
  • Third parties — such as payment processors (e.g. Shopify Payments, PayPal) and social media platforms (e.g. Instagram)

4. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases:

  • To process and fulfil your order — necessary for the performance of a contract
  • To process payments and prevent fraud — necessary for the performance of a contract and our legitimate interests
  • To communicate with you about your order — necessary for the performance of a contract
  • To send you marketing communications (only if you have opted in) — based on your consent
  • To improve our website and services — based on our legitimate interests
  • To comply with legal obligations — such as tax and accounting requirements

5. Cookies

Our website uses cookies to improve your browsing experience and help us understand how visitors use our site. Cookies are small text files stored on your device.

We use the following types of cookies:

  • Essential cookies: required for the website to function (e.g. shopping cart, checkout)
  • Analytics cookies: help us understand how visitors interact with our site
  • Marketing cookies: used to show you relevant adverts on other platforms

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

6. Sharing Your Data

We do not sell your personal data. We may share your data with trusted third parties only where necessary, including:

  • Shopify — our e-commerce platform provider
  • Payment processors — to securely process your payment
  • Delivery couriers — to fulfil and deliver your order
  • Email marketing platforms — if you have opted in to receive marketing from us
  • Legal authorities — where required by law

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Typically:

  • Order and transaction data is retained for 7 years in line with HMRC requirements
  • Marketing data is retained until you withdraw your consent
  • Website analytics data is retained for up to 26 months

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate or incomplete data
  • Right to erasure — you can ask us to delete your data in certain circumstances
  • Right to restrict processing — you can ask us to limit how we use your data
  • Right to data portability — you can request your data in a structured, machine-readable format
  • Right to object — you can object to us processing your data for direct marketing or legitimate interests
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us via our Contact page. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our website is hosted on Shopify, which uses industry-standard SSL encryption for all data transmitted through our site.

10. Third-Party Links

Our website may contain links to third-party websites (such as our Instagram page). We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

11. Children's Privacy

Our website is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please get in touch via our Contact page.

The Cake Bar
Leeds, United Kingdom

You can also contact the Information Commissioner's Office (ICO) if you have concerns about how we handle your data:
ico.org.uk | 0303 123 1113