Privacy Policy

Last updated: 17 April 2026

At Terry Bakes (“we”, “us”, “our”), we are committed to protecting your privacy and handling your personal data in a fair, lawful and transparent way. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have when you use www.terrybakes.com, create an account, place an order, contact us, or sign up to hear from us. UK privacy notices should explain the purposes of processing, retention, sharing, lawful bases and individuals’ rights.

1. Who We Are

Terry Bakes is a trading name of Terry Pegler & Nikita Pegler.
Address:

14 Cardinal Close
Norwich
Norfolk
NR9 5EW

Email: info@terrybakes.com

For the purposes of UK data protection law, we are the data controller of the personal data described in this policy.

2. The Information We Collect

We may collect and use the following personal information, depending on how you use our website:

  • your name
  • billing address
  • delivery address
  • email address
  • telephone number
  • account login details if you create a customer account
  • order details and purchase history
  • communications you send to us
  • technical information such as IP address, browser type, device type and operating system
  • website usage information collected through cookies and similar technologies
  • marketing preferences

If you choose to create an account on our WooCommerce store, we may store your account details, saved addresses and order history so you can log in more easily, view past orders and manage your account. WooCommerce’s account and privacy settings are specifically designed to manage customer account creation, privacy notices and retention controls.

3. How We Collect Your Information

We collect personal information when you:

  • visit and browse our website
  • create a customer account
  • place an order as a guest or logged-in customer
  • enter your delivery and billing details at checkout
  • contact us by email, contact form or social media
  • sign up to receive marketing emails
  • interact with cookies, analytics tools or spam-prevention tools on our site

The ICO’s ecommerce guidance uses these same broad categories for online retail: direct interactions, account creation, purchases, enquiries, and automated technologies such as cookies.

4. How We Use Your Information

We use your personal information to:

  • process and fulfil your orders
  • take payment and manage transactions
  • arrange delivery of your baked goods
  • provide customer service and respond to enquiries
  • create and manage your website account
  • keep records of orders, payments and business transactions
  • improve our website, products and services
  • measure website usage and performance
  • detect and prevent spam, fraud and misuse of the website
  • send marketing emails where permitted by law
  • comply with legal and regulatory obligations

5. Our Lawful Bases for Processing

We rely on one or more of the following lawful bases under UK data protection law:

Contract – where we need to process your data to take your order, manage your account, take payment, deliver goods, or provide customer support linked to your purchase.

Legal obligation – where we need to keep records for tax, accounting, consumer law or other legal compliance purposes. UK privacy notices should explain when data is used to meet legal obligations.

Legitimate interests – where it is necessary for the legitimate interests of running and improving our business, including record keeping, fraud prevention, securing the website and dealing with routine customer communications, provided your rights do not override those interests.

Consent – where consent is required, such as for certain non-essential cookies, analytics tools or marketing emails. If PECR requires consent, the ICO says consent should also be the lawful basis under UK GDPR for that processing.

6. WooCommerce Accounts and Checkout

Our website uses WooCommerce to provide online shopping and customer account functionality. If you create an account, we may store your name, email address, saved billing and delivery addresses, and order history so that you can log in, check previous purchases and speed up future checkout. If you place an order as a guest, we will still collect the information necessary to process and deliver that order.

WooCommerce also includes privacy and retention settings that allow website owners to manage customer accounts, personal data retention and related privacy controls.

7. Payments and PayPal

We accept payments through third-party payment providers, including PayPal. When you choose PayPal, your payment information is processed by PayPal in accordance with PayPal’s own privacy statement. We do not generally need to store your full payment card details on our own website.

PayPal states in its UK privacy statement that it uses personal data when you use PayPal services, and it provides its own privacy information and controls directly to users.

8. Google Analytics

We use Google Analytics to help us understand how visitors use our website, such as which pages are visited, how people move around the site, and how the site performs. Google states that Analytics uses cookies and identifiers to measure user interaction, and that site owners should inform users about the information being stored and give them the opportunity to grant or deny consent where required. Google also provides an opt-out browser add-on for users who do not want their site activity to be available to Google Analytics.

We use Analytics information to generate reports and improve the website. We do not use Google Analytics to identify you personally. Please do not submit personal information in website forms or fields where it is not needed.

9. Google reCAPTCHA

We use Google reCAPTCHA on parts of the website, such as forms, account areas or checkout protections, to help detect spam, bots and abusive activity. Google describes reCAPTCHA as a service that protects websites from spam and abuse using advanced risk analysis techniques. Depending on how it is configured, reCAPTCHA may process technical and interaction data and may use cookies or similar technologies.

Where our reCAPTCHA or similar security technologies rely on cookies or comparable technologies, we will explain this through our cookie controls. UK guidance recognises security, fraud prevention and authentication as examples of activities that may fall within the “strictly necessary” exception in some circumstances, but organisations should still provide clear information about them.

10. Cookies and Similar Technologies

Our website uses cookies and similar technologies for essential website functions, account login support, shopping basket and checkout features, security, analytics and user preferences. The ICO says organisations must clearly explain what cookies do and why they are used, and obtain consent for cookies and similar technologies unless an exception applies, such as where they are strictly necessary for the service requested by the user.

Where required, we will ask for your consent before placing non-essential cookies, including analytics cookies. You can manage your cookie preferences through our cookie banner or settings tool.

11. Marketing Emails

If you sign up to our marketing emails, or if we are allowed to contact you under the soft opt-in rules for similar products and services, we may send you updates about new bakes, offers and Terry Bakes news. The ICO says marketing emails to individuals generally require consent unless the soft opt-in applies, and every message must include a clear way to opt out.

You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

12. Sharing Your Information

We may share your personal information where necessary with trusted third parties, including:

  • payment providers such as PayPal
  • website hosting and technical support providers
  • WooCommerce and related ecommerce service providers
  • couriers and delivery providers
  • analytics or security service providers
  • professional advisers such as accountants, insurers or legal advisers where necessary

We only share the information needed for the relevant purpose. ICO retail guidance also distinguishes between different roles, for example payment providers that act as separate controllers and ecommerce platforms or processors used to run the site.

13. International Transfers

Some of our service providers may process personal data outside the UK. Where this happens, we will take appropriate steps to ensure your personal data is protected in line with applicable data protection law.

14. How Long We Keep Your Information

We only keep personal data for as long as reasonably necessary for the purposes for which it was collected, including legal, tax, accounting, complaint handling and fraud prevention purposes. The ICO says privacy notices should include retention periods or, if there is no fixed period, the criteria used to decide how long information will be kept.

As a general guide:

  • order and transaction records may be kept for up to 6 years for tax, accounting and legal purposes
  • customer service enquiries may be kept for up to 24 months after the matter is resolved
  • customer account information may be kept until the account is deleted, unless we need to retain certain records for legal or administrative reasons
  • marketing records may be kept until you unsubscribe or object, and for a reasonable period afterwards to maintain suppression records
  • analytics information is retained in accordance with the settings applied within Google Analytics and our internal review practices

15. Allergy and Dietary Information

Please do not send allergy, medical or other sensitive health information through general website forms unless we specifically ask for it. Health information is treated as special category data under UK GDPR and requires additional protection and an additional condition for processing.

16. Your Rights

Subject to the law, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate data
  • request deletion of your data
  • request restriction of processing
  • object to certain processing
  • request transfer of your data in some cases
  • withdraw consent where processing is based on consent

The ICO says privacy notices should tell people what rights they have and how to complain.

To exercise any of your rights, please contact us using the details at the top of this page.

17. Security

We take appropriate technical and organisational measures to protect personal data and reduce the risk of unauthorised access, misuse, loss or disclosure. However, no online service can ever be completely secure.

18. Complaints

If you have any concerns about how we use your personal information, please contact us first and we will do our best to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data protection rights have been breached. The ICO expects privacy notices to explain that individuals can complain to the regulator.

19. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the revised “Last updated” date.

Shopping Basket
Scroll to Top