Introduction
This notice describes how we collect, store, transfer and use personal data. It tells you about your privacy rights and how the law protects you. This notice applies to personal data collected through our website and through social media platforms and online retail platforms. Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.

Data Protection Officer
We have appointed a data protection officer (‘DPO’) who is responsible for ensuring that our privacy policy is followed. If you have any questions about how we process your personal data, including any requests to exercise your legal rights, please contact our DPO on accounts@munchbaits.com

Personal data we process
The information we process about you includes information: you have directly provided to us, that we gather from third party databases and service providers, as a result of monitoring how you use our website or our services. Types of personal data we collect directly; when you use our website, our services or buy from us, [for example, when you create an account on our website,] we ask you to provide personal data. This can be categorised into the following groups: personal identifiers, such as your first and last names, your title and your date of birth, contact information, such as your email address, your telephone number and your postal addresses for billing, delivery and communication, account information, including your username and password, payment information, such as a debit or credit card number and expiry date and bank account details, records of communication between us including messages sent through our website, email messages and telephone conversations, marketing preferences that tell us what types of marketing you would like to receive.

Personal data we collect from your use of our services
By using our website and our services, we process: your username and password and other information used to access our website and our services, information you contribute to our community, including reviews, usage information, including the frequency you use our services, the pages of our website that you visit, whether you receive messages from us and whether you reply to those messages, transaction information that includes the details of the products services you have bought from us and payments made to us for those services, your preferences to receive marketing from us; how you wish to communicate with us; and responses and actions in relation to your use of our services.

Our use of aggregated information
We may aggregate anonymous information such as statistical or demographic data for any purpose. Anonymous information is that which does not identify you as an individual. Aggregated information may be derived from your personal data but is not considered as such in law because it does not reveal your identity. For example, we may aggregate usage information to assess whether a feature of our website is useful. However, if we combine or connect aggregated information with your personal data so that it can identify you in any way, we treat the combined information as personal data, and it will be used in accordance with this privacy notice.

Information we process because we have a contractual obligation with you
When you create an account on our website, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal data. We may use it in order to: verify your identity for security purposes when you use our services, sell products to you, provide you with our services, provide you with suggestions and advice on products, services and how to obtain the most from using our website. We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.

Payment information
Payment information is never taken by us or transferred to us either through our website or otherwise. Our employees never have access to it. At the point of payment, you are transferred to a secure page controlled by reputable payment service providers. That page may be branded to look like a page on our website, but it is not controlled by us.

Direct Debit information
When you agree to set up a Direct Debit arrangement, the information you give to us is passed to our own bank for processing according to our instructions. We [do / do not] keep a copy. We are registered under the direct debit guarantee scheme. This provides for the customer’s bank to refund disputed payments without question, pending further investigation. Direct Debits can only be set up for payments to beneficiaries that are approved originators of direct debits. In order to be approved, these beneficiaries are subjected to careful vetting procedures. Once approved, they are required to give indemnity guarantees through their banks.

Job application and employment
If you send us information in connection with a job application, we may keep it for up to three years in case we decide to contact you at a later date. If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.

Information obtained from third parties
Although we do not disclose your personal data to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal data from third parties whose services we use.

Credit reference
To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.

Use of information we collect through automated systems

Cookies
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit a website that uses them. They allow information gathered on one web page to be stored until it is needed for use at a later date. They are commonly used to provide you with a personalised experience while you browse a website, for example, allowing your preferences to be remembered. They can also provide core functionality such as security, network management, and accessibility; record how you interact with the website so that the owner can understand how to improve the experience of other visitors; and serve you advertisements that are relevant to your browsing history. Some cookies may last for a defined period of time, such as one visit (known as a session), one day or until you close your browser. Others last indefinitely until you delete them. Your web browser should allow you to delete any cookie you choose. It should also allow you to prevent or limit their use. Your web browser may support a plug-in or add-on that helps you manage which cookies you wish to allow to operate. The law requires you to give explicit consent for use of any cookies that are not strictly necessary for the operation of a website. We use cookies in the following ways: to track how you use our website, to record whether you have seen specific messages we display on our website, to keep you signed in to our website , to record your answers to surveys and questionnaires on our site while you complete them, to record the conversation thread during a live chat with our support team

Re-marketing
Re-marketing involves placing a ‘tracking technology’ such as a cookie, a ‘web beacon’ (also known as an ‘action tag’ or a ‘single-pixel GIF’) to track which pages you visit and to serve you relevant adverts for our services when you visit some other website. The benefit of re-marketing technology is that we can provide you with more useful and relevant adverts, and not show you ones repeatedly that you may have already seen. We may use a third-party advertising service to provide us with re-marketing services from time to time. If you have consented to our use of such tracking technologies, you may see advertisements for our products and services on other websites. We do not provide your personal data to advertisers or to third-party re-marketing service providers. However, if you are already a member of a website whose affiliated business provides such services, that affiliated business may learn of your preferences in relation to your use of our website.

Your rights
The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org

Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

Communicating with us
When you contact us, whether by telephone, through our website or by email, we collect the data you have given to us in order to reply with the information you need.

Complaints
If you are not happy with our privacy policy, or if you have any complaint, then you should tell us. When we receive a complaint, we record the information you have given to us on the basis of consent. We use that information to resolve your complaint.

Retention period
Except as otherwise mentioned in this privacy notice, we keep your personal data only for as long as required by us: to provide you with the services you have requested, to comply with other law, including for the period demanded by our tax authorities.

Compliance with the law
Our privacy policy complies with the law in the United Kingdom, specifically with the Data Protection Act 2018 (the ‘Act’) accordingly incorporating the EU General Data Protection Regulation (‘GDPR’) and the Privacy and Electronic Communications Regulations (‘PECR’)