Privacy Policy
Purpose of Notice
- At TOAST we’re committed to protecting and respecting your privacy. We aim to be transparent in how we look after your personal data. This notice explains when and why we collect personal information about the people who visit our website, or who request information or enquire about a product from us. This notice explains how we use the data, the conditions under which we may disclose it to others and how we keep it secure.
- Our privacy practices are in line with requirements set out in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
- In order to provide you with the best products and experiences, our services are constantly evolving. We may change this notice from time to time so please check this page to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this policy.
- Any questions regarding this notice and our privacy practices should be sent by email to: dataprivacy@toa.st
Scope of Notice – Who are we and who does this apply to:
- This notice is an information piece for those who interact with any part of our organisation. The policies explained in this notice apply to all external data subjects. For employees or those who want to join our business, there is a separate privacy notice. You can request this from us by emailing dataprivacy@toa.st.
- Our services are not directed to children under the age of 18 and we do not knowingly collect personal information from children. If you are under the age of 18, please stop using our services.
- Any information that you provide to us is controlled by TOAST (Mail Order) Limited, registered in England and Wales, under Company Number 03399254, with its registered office at 3rd Floor Matrix House Matrix Business Park, Swansea Enterprise Park, Swansea, Wales, SA6 8RE, referred to as "we", "us" or "our" in this Privacy Policy.
- For EU residents, in accordance with article 27 of the GDPR, TOAST has appointed the following EU representative; Heartland A/S, Inge Lehmanns Gade 2, 8000 Aarhus, Denmark. Email: privacy.heartland@heartland.co
- If you have any questions about how we collect, store or use personal data that we hold about you, please contact us at TOAST, 3rd Floor, Matrix Beta, Matrix Business Park, Swansea, SA6 8RE, or at dataprivacy@toa.st
How do we obtain information from you?
- 3.1. We obtain information about you when you use our website, buy from us, or contact us in any way (email, social media, calls, mail). We primarily collect your data when you buy from us, contact us about products and services, or if you register to receive our email newsletter or order our printed book.
- Other examples of when we collect data are when you:
- use the Site (including collecting data on your browsing habits);
- register for, or use any in-store services;
- register for, or create an account with us;
- search for, purchase and/or return products to us;
- request an e-receipt from us;
- communicate with us by telephone, email or otherwise;
- sign up for our newsletters or to receive other marketing communications from us;
- participate in any discussion board or other social media function on or linked to the Site;
- enter any prize draw, or participate in any promotion organised by us (such as if you refer a friend); or
- complete any survey that we send you, for example if we ask for feedback.
What type of data do we process?
- We take a variety of different data sets for a number of reasons. We detail how we use the data later. Here we explain what type of data we collect.
- Some of the data you may choose to give us includes:
- personal details such as your name, gender, date of birth, address, email and telephone number;
- information you provide us when accessing our services using your social media account;
- account login and password details;
- financial and payment information;
- details relating to your transaction history with us;
- details of your shopping and product preferences; and
- photographs submitted digitally by you for display on the Site.
- Some of the data we may collect from you due to your interaction with our site includes:
- technical Information: such as your time zone setting, the Internet Protocol (IP) address used to connect your computer to the Internet, your computer or mobile device and connection information such as your browser type and version and your operating system and platform.
- information about your visit and traffic pattern: such as the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), frequency, duration and usage of in-Store services, products you viewed and searched for; page response times, download errors, length of visits to certain pages, page interaction information, basket contents and methods used to browse away from the page; and
- email addresses and phone numbers used to contact our customer service number.
- We may also collect information from third parties, or combine your information with information lawfully obtained from third parties such as technical, payment and delivery service providers, advertising networks, social media platforms, analytics service providers and search information providers.
- We also collect non-personal information or may anonymise personal information in order to make it non-personal. Non-personal information is information that does not allow a specific individual to be identified.
Cookies
- Like many other websites, the TOAST website uses cookies. A "cookie" is a small data file stored by your web browser on your computer's hard drive. It allows us to recognise your computer (but not specifically who is using it) upon entering our site by associating the identification numbers in the cookie with other customer information you have provided to us. That customer information is stored on secured databases.
- We use cookies to keep track of what you have in your basket and to remember you when you return to our site. It also tells us which website you came to us from. You can disable cookies on your computer by changing the preferences or options menus in your browser. However, it is possible that some parts of our Site will not operate correctly if you disable cookies.
- Cookies helps us to improve our website and deliver a better more personalised service.
- Please refer to our Cookie Policy for full details of precisely who, how, when and why we use Cookies.
How do we use your data?
- We use personal information about you in connection with the following purposes:
- The information we collect enables us to:
- Fulfil your requests and manage your accounts with us – for example so that we can:
- process orders, deliver products and services, process payments and carry out any other obligations arising from any contracts entered into between you and us;
- provide you with customer service functions such as following up on abandoned shopping carts, or to see if there was a problem with your use of the Site;
- notify you about changes to our Site, or services; and
- maintain and update your Account with us.
- Tailoring our communication with you and profiling – for example so that we can:
- with your consent, keep you informed about products or services that are similar to those that you have already purchased or enquired about, or that might be of particular interest to you;
- with your consent, provide you with information that might be of particular interest to you (such as upcoming events), or contact you about surveys and user groups. Participation in surveys is entirely voluntary and you are under no obligation to take up an invitation from us to participate;
- analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
- offer you the opportunity to take part in prize draws. Entry to prize draws is entirely voluntary, and you are under no obligation to take up an invitation from us to enter; and
- measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which may be based on your activity on our website(s) or the those of third parties'.
- Otherwise enhance your interaction and experience with us – for example so that we can:
- administer our Site including for internal operations, trouble shooting, testing, research, statistical and survey purposes;
- improve and optimise our Site and our in-store customer experience and develop new services;
- analyse how you and others use our Site and our stores;
- customise your experience when using our Site or other services;
- measure the effectiveness of any advertising we serve and to fulfil our contractual obligations;
- deliver relevant advertising to you;
- prevent fraudulent transactions or other illegal activities; and
- keep our business records.
- Any of these functions may be carried out by us or appointed third parties who must process any personal information in accordance with this Privacy Notice. Who can access your information is more particularly described within the Who We Share Information With section of this policy.
Who we share information with:
- We will not sell or rent your personal information to any third party without your express consent unless we are required or permitted to do so by law.
- In order to ensure that we offer the best service and can carry out the functions more particularly described within the How We Use Information section above, it may be necessary for us to share the information we collect (which may include your personal data) with carefully selected and trusted business partners, suppliers and sub-contractors for the fulfilment of any contract we enter into with them and with you.
- When we use third party providers, we use only the information necessary to deliver the service and we are required to have a contract in place that requires them to keep your information secure.
- For example, we may share:
- your name, delivery address, email and phone number with our partner courier companies in case they need to contact you in relation to a delivery;
- your identity, billing address and payment card information with our payment processors so that payment for an order can be collected;
- your identity and payment card information with our payment processors to conduct PCI 3DS security checks, so that they can check your card is not being used without consent;
- your transaction history information with business partners who facilitate discount schemes you have registered with;
- technical and other service providers who help us provide and deliver the Site and our in-store experiences;
- analytics and search engine providers that assist us in the improvement and optimisation of the Site and our services;
- business partners and service providers who assist us in carrying out customer relationship management services (such as monitoring and responding to customer orders and queries) and analysing the results of customer surveys and requests for feedback;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; and
- members of our corporate group (which means our holding company and its subsidiaries).
- Those of our partners who need to access personal information to perform their business services may not use the data for other purposes.
- Where we share financial details, these will always be entered on a secured page and transferred using SSL, a cryptographic protocol designed to provide communication security over the Internet.
- In the event that we sell or buy any business or assets, it may become necessary to disclose your personal data to the prospective seller or buyer of such transactions. Your information may also be transferred to another company in the event of sale of the whole or part of our business to a third party.
- In certain circumstances we may be obliged to disclose personal information relating to you to third parties, for example, in order to conform to any requirements of law or to comply with any legal process, to prevent and detect fraud and to protect and defend our rights and property.
- To see who we share data with, see Table 001 below.
More about how we communicate with you:
- We send two types of emails: customer service emails required to maintain the Site and our services, and newsletters or other marketing communications containing information about product, news, special offers and information that might be of interest to you.
- In line with data protection laws we may process your personal data for marketing purposes, which can involve legitimate interest or consent. The Data Protection Act 2018 (DPA 2018) allows us to use the information you have provided when placing an order to send marketing communications to provide you with an enhanced customer experience. Where you have opted in to receive marketing communications from us, we will process your personal data to provide you with marketing communications in line with the preferences you have provided.
- While customer service emails are necessary to help you benefit from our services, you may choose not to receive marketing communications when you set up your Account. You may also choose not to receive marketing communications at any time, by clicking the « unsubscribe » link in any marketing communications or by modifying your subscription preferences in your Account.
- By signing up for our newsletters or to receive other marketing communications from us, you accept that your personal data may be used for such purposes. You consent to receive such marketing communications from us using any contact method which you have provided us with such as by post, email and telephone.
- You may also receive marketing communications containing information and special offers from third parties by post only if you have consented to receiving such communications.
What are your rights and how can you control the data we hold on you?
- You can change your marketing preferences at any time by updating your account online, following the unsubscribe link in our emails, or by emailing dataprivacy@toa.st
- The Right to Object: In some instances, you may have the right to ask us to stop processing your data. This will be the case where we process your data because we have a legitimate interest in doing so (such as where we contact you to follow up on a complaint you made). This right does not always apply but you are always able to raise an objection to our processing and we will do our best to comply, where we are legally able to.
- The Right to Erasure (The right to be forgotten):
- In a similar way to how you can object to our processing your data, you have the right in some instances to have us destroy all the data we hold on you.
- We maintain and follow a retention policy and your data will not be held for longer than the defined retention period without good reason and without consulting our internal data privacy experts.
- Nonetheless, should you want us to remove our records of your data prior to the end of our defined retention period, please contact: dataprivacy@toa.st
How can I access and update my information?
- The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: dataprivacy@toa.st
- You have the right to ask for a copy of the non- business personal information TOAST hold about you. This is often called a Subject Access Request. You can do this by contacting: dataprivacy@toa.st
- If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Guardian who will investigate the matter. Email address is: dataprivacy@toa.st
- If you are not satisfied with our response or believe we are processing your personal data, you can complain to the Information Commissioner’s Office (ICO). Information Commissioner’s Office (ICO) contact phone number 0303 123 1113, or email registration@ico.org.uk Website address is https://ico.org.uk/
Keeping your information safe
- When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as bank, credit or debit card details) will always be entered on a secured page and transferred using SSL, a cryptographic protocol designed to provide communication security over the Internet.
- When you are on a secure page, a lock icon will appear on the web browser.
- Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
- Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
- We will hold your data for no longer than we need it for, or if you have advised you wish us to delete it (and we have no legal requirement to keep it), we will delete it per our retention policy. You can request this from us by emailing dataprivacy@toa.st.
Keeping children safe
- We know it is important to protect the privacy of children aged 18 or under. If you are aged 18 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.
- If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible.
- Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at: dataprivacy@toa.st
Links to other websites
- Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access these using links from our website.
- In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
Transferring your information outside of the European Union
- We operate internationally. Generally, we store your data within the United Kingdom (UK) and European Economic Area (EEA). However, we may need to transfer your personal information outside these areas to a country which may not have equivalent protections for your data as your country of residence.
- By way of example, this may happen if any of our servers are from time to time located in a country outside of the UK or EU. Or, for example, where your data is processed by staff operating outside the UK or EEA who work for us or for one of our suppliers.
- If we transfer your data outside of the UK or EEA, we will take steps to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected and comply with all legal requirements.
- If you use our services while you are outside the UK or EU, your information may be transferred outside the UK or EU in order to provide you with those services.
- By submitting your personal data, you’re agreeing to this transfer, storing or processing.
Table of Abbreviations/ Supporting Documents
Abbreviation/Technical Terminology | Long Form/Explanation |
GDPR | General Data Protection Regulation |
ICO | Information Commissioner’s Office |
Third Party Data Processors - Table 001
PROCESSOR NAME | PROCESS |
ALGOLIA | SEARCH |
AMERICAN EXPRESS | PAYMENT PROCESSING |
AZURE | FILE SERVER |
BAZAAR VOICE | PRODUCT REVIEWS |
CALL STREAM | TELECOMS |
CANON | MULTIFUNCTION DEVICES |
CITIPOST | CATALOGUE DISTRIBUTION |
CRITEO | MARKETING |
CRYSTAL REPORTS | SOFTWARE |
DATA 8 | ADDRESS LOOK-UP SERVICE |
DHL | DELIVERY/RETURNS |
EVRI | DELIVERY/RETURNS |
FRESH RELEVANCE | MARKETING |
GLOBAL FREIGHT SOLUTIONS | DELIVERY/RETURNS |
GOOGLE ANALYTICS | MARKETING |
GOOGLE FIREBASE | COMMENTING SYSTEM |
GOOGLE MAPS | STORE ADDRESS INFORMATION |
GOOGLE/MICROSOFT ADS | MARKETING |
INPOST | DELIVERY/RETURNS |
SOCIAL MEDIA | |
KONICA | MULTIFUNCTION PRINTERS |
SOCIAL MEDIA | |
LIVEPERSON | ONLINE HELP |
MANAGED ENGINE | SERVICE DESK AND MDM |
MAPP | MARKETING |
META | SOCIAL MEDIA |
MORE2 | MARKETING |
MS 365 | EMAIL/OFFICE |
NEW MAKERS | DELIVERY/RETURNS |
OAK/EVOLVE SYSTEM | TELECOMS |
ORACLE NETSUITE | ERP |
PATCHWORKS | MIDDLEWARE |
PAYPAL | PAYMENT PROCESSING |
SOCIAL MEDIA | |
PUZZEL | EMAIL MANAGEMENT |
RAKUTEN ADVERTISING | MARKETING |
RETENTION X | MARKETING |
RF-SMART | WMS |
ROYAL MAIL | DELIVERY/RETURNS |
SEARCH LABORATORY | MARKETING |
SHOPIFY/STRIPE | PAYMENT PROCESSING |
BLUEBRIDGE ONE SMARTSHIP | CARRIER INTERGRATION |
SPITFIRE | TELECOMS |
TAYLOR BROTHERS | CATALOGUE |
TRUE FIT | WEBSITE |
SOCIAL MEDIA | |
WE MAKE WEBSITES | WEBSITE |
ZIGZAG | RETURNS |