Privacy Notice – B Bagel
Introduction
B Bagel Ltd (“B Bagel”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, and protect your personal data, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant privacy laws.
It is important for you to read this privacy policy so that you are fully aware of how and why we are using your personal information.
Please note, our website is not intended for children, and we do not knowingly collect data relating to children.
1. Who We Are
B Bagel is the data controller and responsible for your personal data. If you have any questions about this privacy policy or any of our privacy practices,
please contact us:
Full Company Name: B Bagel Ltd (Company number: 9511482)
Postal address: 136-138 Camden High Street, NW1 0LU
Email address: office@bbagel.co.uk
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy obligations; we encourage you to read the privacy policy of every website you visit.
2. What Personal Data We Collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Where we need to collect personal information by law, or in order to provide you with a service (under a contract that we have with you), and you fail to provide that personal information when requested, we may not be able to provide you with our services. In this case, we may have to cancel such service, but we will notify you if this is the case at the time.
We collect and process the following types of personal data depending on your interaction with us:
When using our website or app:
- Name
- Email address
- Phone number
- Home/delivery address
- Payment details (processed securely by third-party providers – we do not store card details)
- App usage data and preferences
- Device and browser information (IP address, cookies)
When applying for a job:
- CV, work history, qualifications
- Right-to-work documentation
- Interview notes and recruitment decisions
When making a purchase or visiting our stores:
- Transaction history
- Order details
- Loyalty scheme interactions (if applicable)
We may also collect, use and share Aggregated Data such as statistical or demographic data (for example, to calculate the percentage of users accessing a specific website feature). Aggregated Data could be obtained from your personal data but is not considered personal data under the data protection laws as it will not directly or indirectly reveal your identity.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data), nor do we collect any information about criminal convictions and offences.
3. How We Collect Your Data
We collect personal data:
- Directly from you when you fill in forms, contact us, apply for a job, or sign up for our app or newsletter.
- Automatically as you interact with our website or app (through cookies, server logs, or analytics tools).
- From third parties, such as recruitment agencies, payroll providers, delivery partners, or payment platforms.
4. Legal Bases for Processing Personal Data
We will only use your personal information when we are legally allowed to do so; this is called a “lawful (or legal) basis”.
Generally, we do not rely on consent as a legal basis for processing your personal information although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We rely on the following lawful bases:
a. Contractual necessity – to perform our obligations to you:
- To process purchases and deliveries
- To respond to customer service requests
- To manage employment or recruitment processes
b. Legal obligation – to comply with UK laws:
- Employment, tax, and health and safety obligations
- Regulatory requirements in relation to food safety or health records
c. Legitimate interests – when processing is necessary for our business purposes (without unduly affecting your rights), including:
- Activity: managing our relationship with you; asking you to leave a review or take a survey; contacting you with regards to updates or informative communications related to our services; dealing with your requests; using data analytics to improve our website, products/services, marketing, customer relationships and experiences; and making suggestions and recommendations to you about services that may be of interest to you. Legitimate Interest: to keep our records updated and to study how customers use our services, particular in order to develop our services and grow our business.
- Activity: administering and protecting our business, our app and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Legitimate Interest: for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.
- Activity: Legitimate Interest: to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
- Activity: register you as a new customer and deliver our services to you including dealing with payment and invoice recovery. Legitimate Interest: to recover debts due to us.
Our legitimate interests include:
- Improving our website, products, and services
- Preventing fraud and ensuring security
- Managing customer relationships and business operations
- Monitoring recruitment effectiveness
d. Consent – as above, we generally do not rely on consent in order to process your personal information. However where it is necessary, we will obtain your explicit consent before collecting or using that personal information.
We will only use your personal information for the reasons we collected it unless we reasonably need to use it for another reason which is compatible with the original purpose. If you wish to get an explanation as to how the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. MARKETING
We want to provide you with choices when we are using your personal data for any marketing or advertising purposes, as such, we have the following processes in place:
- We may use your personal information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
- You will receive marketing communications from us if you have requested information, or purchased goods from us, and you have not opted out of receiving that marketing.
- We will get your express consent before we share your personal data with any third party for marketing purposes.
- You can ask us or third parties to stop sending you marketing messages at any time by contacting us.
- Where you opt-out of receiving marketing messages, this opt-out will not apply to the personal information we collect, use, and store as a result of a purchase, customer service experience or any other transactions.
6. Sharing Your Data with Third Parties
We share personal data only when necessary and only with trusted third parties, including:
- Payment processors (e.g., Stripe, Square)
- Delivery and logistics partners (e.g., Uber Eats, Deliveroo, courier services)
- Email and SMS marketing providers (e.g., Mailchimp, Twilio)
- IT and web support providers
- Recruitment platforms and HR systems
- Payroll and accounting providers
- Legal and professional advisors
All providers are required to handle your data securely and in compliance with UK data protection law.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to use the information for specified purposes and in accordance with our instructions (for example, to delivery our products to you).
7. International Data Transfers
If personal data is transferred outside the UK (e.g. through a cloud provider), we ensure appropriate safeguards are in place, including either:
- Only transferring your personal information to countries that have been deemed to provide an adequate level of protection for personal information.
- Where the country is not deemed to have an adequate level of protection , we will use Standard Contractual Clauses approved by EU Commission, or International Data Transfer Agreements approved by the UK Information Commissioner, to ensure that your personal information has the same protection as it would have in the UK (or EU).
8. security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. How Long We Keep Your Personal Information
We keep personal information only as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To decide the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
For example, by law we will need to keep the following information:
- Customer data: up to 7 years for accounting/legal purposes
- Job applicant data: 12 months (unless hired)
- Employee data: for the duration of employment + 6 years
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
8. Your Rights
Under UK data protection law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Erase your data (in certain cases)
- Restrict or object to certain types of processing
- Withdraw consent at any time (where processing is based on consent)
- Data portability – to request your data be transferred to another provider
- Lodge a complaint with a supervisory authority
To exercise your rights, please contact us at the details set out in this policy.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9. Your Right to Complain
If you are unhappy with how we handle your personal data, you have the right to complain to the UK Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Phone: 0303 123 1113
We encourage you to contact us first, so we can try to resolve the issue directly.
10. Changes to This Privacy Notice
We may update this privacy notice occasionally. The latest version will always be posted on our website and available through our app.
Last updated: 08/06/2025