Privacy policy & GDPR statement

Rye & Roses will always store your personal details securely. We’ll use your details to provide the service that you have requested and communicate with you in the way(s) that you have actively agreed to. Your data will never be used for analysis purposes, and only to help us provide the best service possible and to contact you about a service we already provide. We will never pass your details on to anyone else without your explicit consent. You are free to ask us to delete any of your personal data that we may hold at any time, by emailing

Contact details

Rye & Roses, Bryntirion, Penegoes, Machynlleth, SY20 8NW
Tel:  07811 178272

What data we collect from you

We collect information that you provide us, such as your name, address, telephone number (landline or mobile) and email address when processing your enquiries, delivering services you have ordered from us, or are working with us on, and providing business related transactional communications (e.g. Invoices). We may also use Google Analytics cookies to collect information about how visitors use our website. The cookies collect information in an anonymous form, so we don’t know who is using our site. Personal data is collected from either our enquiry form, or via direct communication.

We collect no other data from third party services.


We will use your telephone number and / or email address to contact you for informational communications.

  • We will use your telephone number and / or email address to provide information requested by you on our products and services.

  • We may use your email address to send you direct marketing regarding the products and services we offer, but only if you have opted in to receive communications from us.

  • We do not store credit / debit card details on our systems.


We will process personal data where this is necessary to provide support for products or services you have already acquired from us, such as bread orders or training courses, specifically where:

  • the data subject (you) has given consent to the processing of his or her personal data for one or more specific purposes;

  • processing is necessary for the performance of a contract to which the data subject (you) is party or in order to take steps at the request of the data subject prior to entering into a contract;


We comply with current Data Protection Laws, and will not share your stored data without your consent.
You are under no legal requirement to provide your personal data and you are not required to provide personal data to us. However, your failure to do so may affect our ability to provide the products or services you request – for instance, letting you know about important issues, such as problems in delivering your order. We will not be liable for compensation if we are not able to contact you.

Data Subject Rights

Under the GDPR you, as the data subject, have the following rights:

  • You have the right to ask us for a copy of the data we hold about you.

  • You have the right to ask us to correct any data we hold about you.

  • You have the right to ask us to delete the data we hold about you.

  • You have the right to ask us to stop processing your data.

  • You have the right to ask us to provide you with your data in a common, machine readable format.

  • You have the right to restrict the processing of your data to specific purposes.

  • You have the right to withdraw your consent at any time.

  • You have the right to make a complaint to the Information Commissioner’s Office. See

We will not charge you for a copy of the data we hold about you and will respond to requests within 30 days. If any of the information we have is wrong, let us know and we’ll correct it.

Sharing your data

We will never sell your personal data to another organisation.
We may disclose your personal data if required by law or to enforce our legal right.
We may disclose your data to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR).

How long we hold your data

We will keep your information for as long as you are a service user or client of Rye and Roses. We will hold any personal data for a maximum of 6 years before gaining further consent, unless instructed differently by you. This is in compliance with HMRC for invoice and tax purposes (see We will review our criteria for determining our retention period as required.

How we secure your data


We will collect, process and store your data safely and securely, using secure encryption technology when/where data is held or transmitted online. Client personal data is stored securely on our own private computers with password protected access.