Privacy Policy

 Privacy Policy

Current Version. Last Updated: 24-05-2018

We treat all your personal information with strict confidence (although in certain circumstances we share some of your information with 3rd parties which will be explained in detail). Your data is kept secure by us and we comply with all current GDPR data protection legislation.


Who we are and how to contact us 

Lezah Dunwell

The Dotty Dough Factory

Low Farm


YO22 4QF

 Lawful Basis For Data Control & Processing

The personal data we collect, hold and process about you is based on the premise of both “legitimate Interest” and "contractual obligation". These are the lawful bases on which we collect and process your personal data. 

What Personal Data Do We Collect

When you shop on this Website, you’ll need to input Personal Information such as your name, e-mail address, billing address, delivery address, telephone number, product selections, credit card or other payment information.

We may also collect information about where you are on the internet (eg the URL you came from, IP address, domain types like and .com), your browser type, the country where your computer is located, the pages of our website that were viewed during your visit, and any search terms that you entered on our website. We may collect this information even if you do not register with us.

You should be aware that this site is being monitored and may capture information about your visit that will help us improve the quality of our service.

When you visit this website you will be given the option to receive information from us by email, about products, promotions or special offers which we run periodically.

In the event that you do not wish to be contacted for such purposes, ensure that you don’t tick any email marketing sign up check boxes. We’ll never automatically sign you up to our marketing lists. You may unsubscribe from our marketing list at any time by following the unsubscribe link in any of our emails or via email:

We will not release your Personal Information to any company outside of The Dotty Dough Factory for mailing or marketing purposes .

Be aware that if requested by the police or a government authority investigating suspected illegal activities to provide your Personal Information and /or User Information, we are entitled do so.

Our website contains links to third party websites operating their own terms and conditions and privacy policies. The Dotty Dough Factory is not responsible for the policies of any linked third party sites we advise that you check out the privacy conditions of any other websites you visit.

Cookies are used on the website and stored locally on your own browser.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

What We Use Your Data For

  • Processing your orders.
  • For statistical or survey purposes.
  • Fraud prevention.
  • Direct Marketing.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.


Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to keep our records up to date)

To process and deliver your order including:

Manage payments, fees and charges


(a) Identity

(b) Contact

(c) Transaction

(d) Marketing and Communications

(a)Performance of a contract with you


To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)


Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service ( or Privacy Statement (


Viewing, Changing Or Removing Your Data

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact us at or by mail at
The Dotty Dough Factory
[Re: Privacy Compliance]
Low Farm Whitby GB YO22 4QF

3rd Parties

To allow successful and efficient running of our website we integrate with several third party apps and in some cases may share or allow access to your personal data. We have made the necessary checks to ensure all third parties comply with relevant data protection legislation.

We never allow access to your data to third parties for any marketing purposes or never allow them to contact you unless it’s the Royal Mail or Collect + who may need to contact you when delivering goods that you have ordered from our website.

Examples of 3rd parties who we may share your data within order to process your purchase and deliver marketing emails:

  • Royal Mail
  • Collect Plus  
  • MailChimp
  • PayPal

The Dotty Dough Factory may add and or remove third party integration's at any time to assist with the day to day running of the business and in the process of fulfilling any obligations we have with you as a customer or user of our website. If any updates or changes impact on your rights under GDPR legislation we'll inform you at the point the change is made.

Data Retention

The Dotty Dough Factory will retain your personal data for as long as you maintain an account or as needed to provide you the services we offer. We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce any agreements relating to our services. If you sign up to our mailing list(s) we will retain your data until you unsubscribe or have a period of inactivity.

Your Right To Lodge A Complaint 

You have the right to complain to the data protection supervisory authority and you can do so here: This applies if you feel that we have mishandled your data in any way that was not outlined in this privacy statement.

Policy with Respect to Children

Our website is not directed to individuals under the age of 16, and we request that individuals under 16 not provide Personal Information to us. If we learn that we have collected the Personal Information from a child under 16, we will take steps to delete the information as soon as possible.