Privacy Policy


We understand the importance of security when using the internet and are committed to protecting and respecting your personal data.


This policy will inform you how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.


Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By visiting this website, you are accepting and consenting to the practices described in this policy.


Terms Used Within This Policy

  • ​"our", "us", or "we" refers to The Biscuit Castle Limited.

  • "you", “your” or "the user" refers to the person[s] using this website.

  • GDPR means the General Data Protection Act.

  • ICO means Information Commissioner's Office.

  • Cookies are small files stored on a user’s computer or device.


Key Principles of GDPR

Our privacy policy complies with the following key principles of the GDPR:

  • Lawfulness, fairness and transparency.

  • Purpose limitation.

  • Data minimisation.

  • Accuracy.

  • Storage limitation.

  • Integrity and confidence.

  • Accountability.


Your Legal Rights

Under certain circumstances, you have rights under the GDPR in relation to your personal data. A brief list can be found below but for more information please visit the ICO’s website.

  • Right of Confirmation

  • Right of Access

  • Right to Rectification

  • Right to Erasure

  • Right of Restriction of Processing

  • Right to Data Portability

  • Right to Object

  • Right to Not Be Subject to Automated Individual Decision-Making, Including Profiling


Should you decide to exercise any of your rights set out below, please contact us via or write to us at The Biscuit Castle Limited, 10 The Worthys, Bradley Stoke, Bristol, BS32 8DQ.


You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.


Information Collected

In general, you may visit the website without telling us who you are or revealing any personally identifiable information about you.


We may collect, use, store and transfer different kinds of personal data provided by you which we have grouped together follows:



Identity Data

First name, last name, username or similar identifier, title and date of birth.

Contact Data

Billing address, delivery address, email address and telephone numbers.

Financial Data

Bank account and payment card details.

Transaction Data

Details about payments to and from you and other details of products and services you have purchased from us.

Technical Data

Internet protocol address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Profile Data

Your username and password, purchases or orders made by you, your interests, preferences, and feedback and survey responses.

Usage Data

Information about how you use the website, products and services.

Marketing and Communications Data

Your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.


Use of Your Information

We will only use your personal data when the law allows us to. Most commonly, we will use the personal information you provide for any of the following purposes:

  • To provide you with our services.

  • To understand the use of our website and make improvements.

  • To respond to specific requests from visitors.

  • To protect the security or integrity of our website when necessary.

  • To send you notices and solicitations regarding website and our businesses.

  • In general, to promote and market products to you.


These solicitations may take the form of mailings or other couriers, telephone calls, e-mail solicitations and other methods of contact.


If you do not want to receive these solicitations from us using your personally identifiable information, please notify us.


At times, we may conduct online surveys to better understand the needs and profiles of our visitors. When we conduct a survey, we will try to let you know how we will use the information at the time we collect the information from you on the Internet.


How we Collect Your Information

Personal data is collected through direct interactions and automated interactions or technologies.


Direct interactions: You may provide data by filling in forms on our website or by communicating with us by post, phone, email or otherwise, including when you:

  • Inquire about or order products or services.

  • Subscribe to our service or publications.

  • Request resources or marketing be sent to you.

  • Enter a competition, prize draw, promotion or survey; or give us feedback.


Automated interactions or technologies:  As you use our website, we may automatically collect technical data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. Please see our cookie policy for further details. ​


Disclosure of Your Information

Unless otherwise disclosed during the collection, personally identifiable information that may be collected in connection with visitors to this website is retained by us. We do not sell, transfer or otherwise disclose this personally identifiable information outside this company, except where disclosure is required by law.


There are some circumstances in which we are required to share your personal data with other organisations or third parties.


These are:

  • Service providers who provide IT and system administration services.

  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.


We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.


We will not share your personal data with any other organisation or third parties unless as set out in this privacy notice or by seeking your prior consent. An exception to this would be where we are required to share your personal data in accordance with law or any regulatory requirement to which we are subject.


We do not transfer your personal data outside the European Economic Area [EEA].


Other Websites

This website may contain links to other websites of third parties. We are not responsible for the content or privacy practices of those other websites. We may revise this privacy policy from time to time. You are responsible for checking this policy when you visit our website to review the current policy. If you do not agree with the policy, you should cease use of the website immediately.


Inedible Cookies

A cookie is a small text document, which often includes an anonymous unique identifier. When you visit a website, that website’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser’s preferences allow it, but [to protect your privacy] your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.


As you browse on our website, the website uses cookies to differentiate you from other users to prevent you from seeing unnecessary advertisements or requiring you to log in more than is necessary for security. Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our website and which parts of the website are most popular. This helps us gather feedback so that we can improve our website and better serve our customers. Cookies do not allow us to gather any personal information about you and we do not generally store any personal information that you provided to us in your cookies.


Please refer to our cookie policy for a list.


Data Security

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.


How Long We Store Personal Data

Your personal data will be kept by us for no longer than is necessary for the purpose we obtained it for including for the purposes of satisfying any legal, accounting, or reporting requirements.


To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


By law we must keep basic information about our customers [including contact, identity, financial and transaction data] for six years after they cease being customers for tax purposes.


You have the right to request that we delete any personal data belonging to you. In some circumstances we may anonymise your personal data [so that it can no longer be associated with you] for research or statistical purposes in which case we may use this information indefinitely without further notice to you.