Privacy notice

Privacy Notice is committed to protecting your personal data.

This Privacy Notice, was updated in February, 2019, and may be updated from time to time.



This Privacy Policy applies to the site  It is important that you read this Privacy PoIicy as well as any other privacy, or fair processing notice, which may be provided, from time to time, to make you better aware of the manner in which your personal data is used.


1.            Who are we ?


The Cake Story

Triq il-Kapillan Mifsud St.Venera

Tel: 21498214


2.            Data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

•             Identity Data includes name, username or similar identifier, title, age.

•             Contact Data includes home address, email address and telephone numbers.

•             Transaction Data includes details about the goods you bought from us.

•             Usage Data includes information about how you use our products and services.

•             Marketing and Communications Data includes your preferences in receiving our promotional    content.

Unless duly authorised or required by law, we will never store, or process, any data which is deemed to consist of special categories of data without obtaining your prior written consent.




3.            How do we collect your data?

 Your personal data may be collected through different sources and methods, including:

•             Direct interactions: you may give us your Identity, Contact and other data when you register on www.

•             Publicly available sources including social media, company registries and court or tribunal websites.


4.            How would your personal data be used?

Your personal data will only be processed on the basis of legally permissible grounds and specifically for the following reasons:

•             When we need to comply with a legal or regulatory obligation;

•             Where it is deemed necessary for our legitimate interests (or those of a third party], and after ensuring that your interests and fundamental rights do not override those interests;

•             In order to satisfy our contractual obligations towards you.



The list hereunder provides a description of all the circumstances in which we envisage to use your personal data, as well as  the legal bases that  will  be  relied .upon.   Your personal data may be processed for more than one lawful reason depending on the specific purpose for which your data will be used.

•             Lawful basis for processing of data in terms of the General Data Protection Regulation (Regulation [EU] 2016/679)

•             Registration u as a new customer or subscription to marketing communications. The customer/subsciber’s identity and contact details would be required.


6.            Performance of a contract with you

Processing of purchases would entail the management of payments, fees and charges as well as the collection and recovery of debts by The Cake Story.  Such processes would require the customer to furnish the following details:

(a]           Identity

(b)          Contact

(c)           Billing and Delivery address

(d)          Transaction details.


7.            Management of our relationship would entail:

(a]           Notifying you about changes to our terms or privacy notice;

(b)          Asking you to give us feedback or to participate in market research


8.            To enable you to partake in a prize draw, competition or complete a survey, the following information/details would be requested:

(a]  Identity

(b)   Contact 

 (c]   Profile

(d)   Purchases/Order/s details.


9.            To administer and protect our business and IT systems (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data] we would retain the following detail :

(a] Identity

(b) Contact

The aforementioned information is deemed necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud.


10.          To deliver relevant content and advertisements to you and measure, or understand, the effectiveness of the advertising we serve to you, you will be required to furnish the following detailed information:

(a]   Identity

(b)    Contact

(c]     Profile

(d)    Usage

(e] Marketing and Communications



11.          To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a] Usage

It is necessary for our legitimate interests (to define types of customers for our products and services, to develop our business and to inform our marketing strategy)

In some cases, your data may also be processed by one of our entrusted third-party processors in terms of the current data protection laws, who will assist us in fulfilling our service standards. The law further obliges us to share your data with competent authorities in certain situations as detailed under the relevant laws and regulations.

12.          MARKETING.

You will receive marketing communications from us if you have actively requested this information from us and/or if you have purchased products or services from us and, in each case, you have not opted out of receiving those marketing communications

You may request this information from us at any time by: contacting us in writing at any time.



You can ask us to stop sending you marketing messages at any time by:

•             accessing this site to adjust your marketing preferences;

•             following the opt-out links on any marketing message/s sent to you; or

•             by contacting us at any time.


13.          Disclosures.

We may have to share your personal data with the third parties set out below, acting in the capacity of data processors.

•             IT security;

•             Service providers who help us in ensuring that your data remains secure IT backups;

•             Service providers who assist us in relation to backups for business continuity purposes so that your data is not lost;

•             Administration and Marketing

•             Service providers who provide software and administrative assistance in order to enable us to better organise our internal administrative processes Third party consultants and professional advisers;

•             Experts who assist us in various regulatory compliance matters, including lawyers, auditors and insurers;

•             Payment services providers;

•             Service providers that facilitate payment transactions;

•             Service providers who assist us in relation to marketing;

•             Regulators and other authorities;

•             Public authorities that may require reporting of processing activities in certain circumstance.


14.          Data security.

 Appropriate security measures have been implemented to prevent your personal data from being accidentally lost, altered or disclosed in an unauthorized manner. In addition, access is limited to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data upon receipt of our instructions and they are subject to a duty of confidentiality.

You have a right to be duly informed that if at any stage a breach of personal data occurs, we are bound to notify you and the regulator, within 72 hours from such occurrence. We are bound to provide you with a report explaining what action was taken and how such matter is to be resolved.

15.          Data retention.

 Your personal information will only be retained as long as it is necessitated by  a valid legal reason,  which includes satisfying any legal, accounting or reporting requirements.

In determining the appropriate retention period for personal data, it would be necessary to  consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use, or disclosure, of your personal data, the purposes for which  your personal data is  processed  and whether  those purposes could be achieved through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our Retention Policy which you can request by contacting us.

In some circumstances your personal data may be anonymized (to ensure that it can no longer be associated with you) for research or statistical purposes in which case  this information may be indefinitely used without further notice to you.




16.          Your rights.


As a data subject, you have certain data protection rights at law:


1)   ACCESS: you have the right to access your data and thereby request a copy thereof.

2)  RECTIFICATION: you have the right to rectify incorrect data. If any of the data that we hold about you is incorrect, you may request that we rectify it.

3) ERASURE: you have the right to be forgotten, which enables you to ask us to delete your personal data where there is no good reason for us continuing to process it. On this point, please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Note that we may not be able to provide you with some of our services if we do not hold your personal data.

4)  RESTRICTIONS ON PROCESSING: you have the right to request the restriction of our processing. This can be effected in the following cases:

 (a)  if you want us to establish the data’s accuracy;

(b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if it  is   no longer required  as you need it to establish, exercise or defend legal claims; or

(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Note that we may not be able to provide you with some of our services if you opt to restrict processing.


17.          PORTABILITY: you have the right to data portability. Your data may be requested in a machine-readable format and you may also request that your data is transferred directly to another person or service provider directly.

18.          OBJECTIONS TO PROCESSING: you may object to the processing of your data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object to our  processing of your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.


19.            WITHDRAWAL OF CONSENT: If you have provided consent for the processing of your data you have the right (in certain circumstances] to withdraw that consent, at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.

If you wish to exercise any of the rights set out above, please contact us in writing.

You will not have to pay to access your personal data (or to exercise any of the other rights mentioned above). However, a reasonable fee may be charged if your request results in being clearly unfounded, repetitive or excessive. Alternatively, we may, in such circumstances, refrain from complying with your request.


You may be asked to send over specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights]. This is a security measure.

Efforts will be exerted to respond to all legitimate requests within one month.

21.          COMPLAINTS.

Should you have any reservations about our data protection practices, you may file a complaint with the data protection supervisory authority at the Office for the Information and Data Protection Commissioner, the contact details of which are as follows:



Email: [email protected]

Phone: +356 2328 7100

However, we strive to be receptive to your concerns and would appreciate if you were to  contact us in the first instance should you believe that we have

Privacy Notice is committed to protecting your personal data.

This Privacy Notice, was updated in February, 2019, and may be updated from time to time.