Privacy Policy
At Parkway Bakery & Tavern (“we,” “us,” or “our”), accessible at parkwaybakery.com, your privacy is paramount. We are committed to protecting the personal information of our users and ensuring transparency in how data is collected, used, stored, and shared. This Privacy Policy outlines our practices related to the processing of personal data in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
We value your trust and are dedicated to handling your personal data with integrity, confidentiality, and compliance. Whether you are ordering from our website, signing up for our email list, or engaging with us through support channels, we implement rigorous safeguards to protect your personally identifiable information (PII).
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and others who access or use parkwaybakery.com (the “Site”). For the purposes of applicable data protection laws, Parkway Bakery & Tavern is the data controller responsible for the collection and use of your personal information as described herein.
3. Categories of Data Processed
We collect and process several categories of personal data, including:
– Usage Data: Information about your interactions with our Site such as browser type, operating system, IP address, language settings, time zone, referring URLs, pages visited, and session duration.
– Account Data: Personally identifiable information you provide when creating an account or placing an order, including your full name, email address, delivery and billing address, and phone number.
– Profile Data: Information related to your user profile, such as order history, product preferences, and account activity.
– Communication Data: Records of your interactions with us via support emails, contact forms, chat sessions, or social media, including any feedback or complaints.
– Technical Data: Device identifiers, system configurations, browser plug-in types, and platform details that enable functionality and security.
– Transaction Data: Information needed to complete purchases, such as payment card details, order confirmation, shipping tracking, and delivery status.
– Preference Data: Marketing preferences, opt-in/opt-out status, product interest categories, and communication choices.
We do not knowingly collect sensitive personal information unless expressly required for a specific legal purpose and with your prior consent.
4. Legal Bases for Processing
We rely on lawful grounds under GDPR and other applicable laws for processing your personal data, including:
– Contractual necessity: to fulfill your orders and provide services you request;
– Legitimate interests: to operate and improve the Site, prevent fraud, and ensure security;
– Consent: for email marketing and non-essential cookies, where legally required;
– Legal obligations: to comply with relevant laws, regulations, or court orders.
5. Your Rights
You may exercise the following data protection rights, subject to local legal limitations:
– Right of Access: Obtain confirmation of whether your personal data is being processed and access to a copy.
– Right to Rectification: Request correction of inaccurate or incomplete personal information.
– Right to Erasure: Request deletion of personal data, subject to certain limitations.
– Right to Restriction: Ask us to suspend processing of specific data.
– Right to Data Portability: Request transfer of your data to you or another provider in a structured, commonly used format.
– Right to Object: Object to data processing based on legitimate interests or direct marketing.
– Right to Withdraw Consent: Withdraw any previously given consent at any time.
To exercise any of these rights or for more information, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational security measures to protect personal data, including:
– Encryption of data in transit and at rest;
– Role-based access controls and authentication procedures;
– Routine data backups and secure storage platforms;
– Staff training on data privacy and security protocols;
– Regular audits and incident response procedures.
7. International Transfers
If your data is transferred outside of your jurisdiction, we ensure that adequate safeguards are in place in accordance with GDPR, such as the use of Standard Contractual Clauses (SCC) or other approved mechanisms. We take all necessary measures to ensure your data remains protected wherever it is processed.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, subject to applicable legal and regulatory requirements.
– Account and profile data: retained while account is active and up to 5 years post-closure.
– Transaction and payment data: retained for up to 7 years for tax and audit compliance.
– Communication records: retained for up to 2 years.
– Cookie and analytics data: typically stored for no longer than 26 months.
Anonymized or aggregated data that does not identify individuals may be retained indefinitely for historical, analytical, or business research purposes.
9. Cookie Policy
Our Site uses cookies and similar technologies to enhance user experience, analyze website traffic, and support marketing efforts. Cookie types include:
– Essential Cookies: Required for site functionality, including session management and access controls.
– Functional Cookies: Enable personalization and remembered preferences.
– Performance Cookies: Collect aggregate data on usage to improve performance.
– Analytics Cookies: Provided by partners such as Google Analytics to monitor traffic and behavior patterns.
10. Cookie Management and Regulatory Compliance
You can manage cookie preferences via our Cookie Banner or through your browser settings. Under EU and California laws, users must be provided with clear options to accept or reject non-essential cookies.
Users located in jurisdictions with applicable regulations (such as GDPR and CCPA) will be presented with consent mechanisms accordingly. Certain cookies may only be set with your explicit consent.
11. Children’s Privacy
The services on parkwaybakery.com are not intended for children under the age of 13. We do not knowingly collect or solicit personal data from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will promptly delete such information.
12. Policy Updates
We may update this Privacy Policy to reflect changes to our practices or applicable regulations. Users will be notified of material updates through prominent notices on the Site or via email (if applicable). Continued use of the Site after the changes constitutes acceptance of the updated policy.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Privacy Team at:
Parkway Bakery & Tavern remains fully committed to ensuring the highest levels of privacy and data protection. For any concerns about your information or to assert your rights, we welcome you to reach out to us directly.