Who we are

Privacy Policy

Last Updated: 10 December 2025

Welcome to The Naughty Cook — where indulgence is taken seriously, and so is your privacy.

This privacy policy explains what personal data we collect, how we use it, why we need it, and your rights under UK GDPR.

If anything feels unclear, just email us — we believe policies should be as digestible as desserts.

1. Who We Are

The Naughty Cook
Website: www.thenaughtycook.co.uk Contact Email: hello@thenaughtycook.co.uk

We are a UK home-based baking business supplying handmade brownies, crumbles and gifting products.

We are the data controller responsible for your personal information.

2. What Data We Collect

We collect only what we need to bake, deliver and support you. This may include:

When you order:

  • Name

  • Delivery address

  • Billing address

  • Email address

  • Phone number (if provided)

  • Order details & preferences

  • Payment method (processed securely by PayPal — we never see your full card details)

When you browse our site:

  • IP address

  • Device type

  • Cookies (for cart function & analytics)

  • Pages visited

  • Time spent on page

  • Basket contents (required for cart/session functionality)

When you join The Crumble Club:

  • Email address

  • Reward activity

  • Purchase history

  • Loyalty status

If you contact us:

  • Any info you provide voluntarily (e.g., custom order requests or flavour messages)

We do not collect sensitive categories of data (health, ethnicity, etc.).

3. How We Use Your Data (The sensible bit)

We process your data for:

✔ fulfilling orders (yes, we literally need your address)
✔ managing deliveries and customer support
✔ loyalty reward tracking (The Crumble Club)
✔ order confirmation, updates and aftercare
✔ sending service emails (shipping notifications etc.)
✔ fraud prevention and payment security
✔ website performance improvements

With your consent, we may also send:

✔ newsletters
✔ launch announcements
✔ Crumble Club offers
✔ baking updates or brand promotions

You can opt out anytime — we won’t sulk.

4. Legal Bases (GDPR bits)

Under data protection law, we rely on the following legal grounds:

  • Contract — to fulfil your order / provide a service

  • Consent — for marketing emails

  • Legitimate Interest — improving customer experience, detecting fraud, loyalty reward tracking

  • Legal Obligation — tax, accounting and regulatory compliance

5. Who We Share Data With

We share only what is necessary with:

  • Payment processors (PayPal)

  • Email delivery services (for order confirmations & updates)

  • Couriers/postal services (delivery details only)

  • Website hosting or analytics tools

All partners process data securely and compliantly.

We do not sell, swap or monetise your personal data.

6. How Long We Keep Your Data

Different data has different retention:

  • Order records: 6 years (required by UK tax law)

  • Customer accounts: active until you request deletion

  • Marketing consent data: until you unsubscribe

  • Loyalty/reward history: retained until account closure

You can ask us to delete your information at any time (unless we are legally required to keep it).

7. Your Rights

Under UK GDPR, you have the right to:

✨ Access your data
✨ Correct inaccurate data
✨ Request deletion
✨ Restrict processing
✨ Withdraw consent (unsubscribe)
✨ Object to marketing
✨ Data portability

Just email hello@thenaughtycook.co.uk we’ll help, no fuss.

8. Cookies & Tracking Technologies

We use cookies to:

  • keep items in your basket

  • remember your login

  • analyse website performance

  • support checkout/payment security

You can control cookies through your browser settings — disabling essential cookies may affect shopping functionality.

9. Email Delivery & Authentication

We use authenticated sending technologies (SPF, DKIM & DMARC) to ensure reliable delivery of transactional and marketing emails.

This reduces spam risk and protects you from fraudulent spoofing.

10. Payment Security

We do not process or store credit card information ourselves.

All payments are handled securely by PayPal, which comply with PCI-DSS regulations.

11. Children’s Data

Our site is not intended for children under 16.

We do not knowingly collect data from children, and will delete it if identified.

12. Data Storage Location

Your data may be stored or processed in the UK or EU depending on hosting services used.
Any external processors we use operate under GDPR-compliant terms.

13. Changes To This Policy

Policies shouldn’t be static — we may update this page occasionally.
When we do, we’ll update the date at the top.

14. Contact Us

If you have any questions, want your data deleted, or fancy a chat about brownies:

📩 hello@thenaughtycook.co.uk

We take both privacy and pudding very seriously.