Protecting Your Privacy
We, CAKE (we, us, our), are committed to protecting the privacy of our users. To this end, we believe that you have the right to know what information we collect about you, how the information is used, and how you can access or change any of this information.
We are CAKE Software, Inc., a corporation incorporated under the laws of Delaware, USA, located at 900 Glenneyre St. Suite 900C Laguna Beach, CA 92651, USA.
You can contact us as follows:
FAO: Robert Gissubel, Manager, Revenue Operations & Compliance
Address: 900 Glenneyre St. Suite 900C Laguna Beach, CA 92651, USA
Phone: 949-548-2253 x223
Our EU representative’s contact details are:
FAO: Ben Cockburn, Data Protection Manager
Address: CAKE Marketing UK Ltd., 33 Foley Street, Fitzrovia, W1W 7TL, London, UK
Phone: [+44 (0) 207-082-8210]
If you prefer, you can of course always contact us using our US contact details set out above.
What Information Is Collected?
Information that you provide to us
We collect personal data from voluntary user registrations, requests for information, surveys, mailing lists subscriptions, job applications, contact forms and emails. We may also collect personal data that you provide to us when you purchase a product or service from us, or contact or otherwise correspond with us.
The information you provide to us might include your identity and contact data (name, address, email address, and phone number). If you are creating an account you may also provide a password. If you are purchasing a service from us you will also need to provide your payment details. If you are submitting a job application you may also provide your CV, additional information about your academic and work history, references, and any other such similar or related information as may be supplied.
Information that we collect about you
We may collect any information contained in any correspondence between us. For example, if you contact us using a form on our site or by email, telephone, Skype, or otherwise, we may keep a record of that correspondence.
We may also collect certain technical and usage information when you visit our website (getcake.com) about which pages you visit, how long you visit certain pages, and how you arrived at our website among other things. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), browser type, referral source, length of visit to the website, number of page views, the search queries you make on the website, and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies.
We may also collect certain Information when you access our mobile application. This may include user ID, email address, crash data, IP address and information of user agent of the device making the web request to us.
For more information on exactly what information is obtained, please read the section titled “What Are Cookies?” below or contact us at privacy@getCAKE.com.
Information that we receive from third parties
In certain circumstances, we will receive information about you from third parties. For example:
- if you are a job applicant we may contact your current and former employers and/or references to provide information about you;
- we may use third-party providers to obtain or verify your contact information. For example, we may use third-party databases or websites (such as LinkedIn, io) and other publicly available sources to confirm your contact details; and
- we might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
Why Do You Collect Information?
We collect and use your information for the purposes listed below either on the basis of:
- performance of your contract with us and the provision of our services to you;
- your consent (where we request it);
- where we need to comply with a legal or regulatory obligation; or
- our legitimate interests (see below for more details).
We may use your information for the following purposes:
- access to our website: to improve your user experience through the customization of content and layouts of various pages, (including sharing your information with our website hosts and developers, our digital consultant, designer and website manager) (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
- access to our mobile application: to improve our mobile application quality by collecting crash log information; using Firebase Crashlytics;
- registration of your account: when you sign up on our website or mobile application to use our services, we will use the details provided on your account registration form (on the basis of performing our contract with you);
- relationship management and marketing: to respond to your requests for information and keep you informed about new features and services that we offer along with any content that we provide through our newsletters, provided that we have the requisite permission to do so (either on the basis of your consent where we have requested it, or, alternatively, our legitimate interests to provide you with marketing communications where we may lawfully do so) and provided that you have not asked us to not contact you;
- processing and facilitation of transactions: we will use your information to process transactions and payments, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);
- suggestions and recommendations: share your information with reputable organizations who may contact you with special offers of possible interest (where we have your consent to do so or, alternatively, on the basis of our legitimate interests to operate a business) and provided that you have not asked us to not to share your data in this way;
- user and customer support: to provide customer service and support (on the basis of our contract with you), deal with inquiries or complaints about the website and share your information with our third-party service providers as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our website users);
- recruitment: to process any job applications you submit to us (on the basis of your consent where we have requested it, or, alternatively, our legitimate interests to consider job applications, or where we otherwise have a legal obligation to process certain information about our job applicants);
- prize draws, competitions and surveys: to enable you to take part in prize draws, competitions and surveys (on the basis of performing our contract with you and our legitimate interest in studying how our website and services are used, to develop them and grow our business);
- fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we otherwise have a legal obligation to do so);
- compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees, and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we otherwise have a legal obligation to do so); and
- research and analytics: to carry out aggregated and anonymized research about general engagement with our website and the use of our services and products (on the basis of our legitimate interest in providing the right kinds of products and services to our website users, and improving our website, products and services). Please read the section titled “Analytical Data” below for more information.
Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
- personalizing, enhancing, modifying or otherwise improving the services, products and/or communications that we provide to you, such as sending you marketing and serving you with advertising that is relevant and likely to be of interest to you;
- managing payments, fees, and charges and collecting and recovering money owed to us;
- detecting and preventing fraud and operating a safe and lawful business;
- maintaining and improving security and optimization of our network, sites and services;
- confirming information that you provide to us in a CV or job application, by reference to past employers and/or publicly available employment or business profiles; and
- making suggestions and recommendations to you about products or services that may be of interest to you.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you and your rights before we process your personal data for our legitimate interests. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent, or a legal obligation we have). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us using the contact details set out in the ‘About us’ section.
If you have any concerns about our processing please refer to details set out in the section “What Rights Do I Have?” below.
As we outline in the section “What Rights Do I Have?” below, from 25 May 2018 you will have the right to object to our using your information for our legitimate interests. However, please keep in mind that your objection to this sort of processing may affect our ability to carry out the tasks that we have set out above.
We may use your personal data with non-personal data that we have collected in a manner such that the end-product does not personally identify you or any other user of our site. We may make your personal data non-personally identifiable by either combining it with information about other users (aggregating your personal data with information about other users) or by removing characteristics (such as your name or email address) that make the information personally identifiable. This process is known as anonymizing (or de-personalizing) your information.
Who Do You Share My Information With?
In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may disclose your personal information to:
- companies of the CAKE group based in the US and in the UK;
- third-party service providers we work with to prepare or send any communications to you, or to assist us in connection with any of our administrative or business functions, or in the provision of any of our products or our services to you (including for example, hosting or operating the website and our databases and site analytics); provided that, where required by European data protection laws and/or the Privacy Shields (as defined below), we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection that European data protection laws and/or the Privacy Shield require and limiting their use of the data to the specified services provided on our behalf;
- any prospective seller or buyer of our business or assets, only in the event that we decide to sell or buy any of our business or assets;
- any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law (for example, we may need to disclose certain information to comply with laws, regulations, court orders, subpoenas, search warrants, or other legal reasons in the course of a legal proceeding or in response to a law enforcement agency request); and
- other reputable businesses whose products or services may be of value to you (in the circumstances set out above); provided that, if required by European data protection laws and/or the Privacy Shield (as defined below), we will (i) enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for your personal information that European data protection laws and/or the Privacy Shield require; and (ii) limit their use of your personal information so that it is consistent with any consent you have provided and with the notices you have received.
What Are Cookies?
If you wish to disable cookies, there is a simple procedure in most Internet browsers that allow you to turn off cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). However, note that cookies may be required to use certain features of our website and that of many others.
We may also use third-party advertising companies to serve ads when you visit our website. These companies may use information about your visits to this and other web sites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and become aware of your choice to not have this information used by companies, please contact us at privacy@getCAKE.com.
The names of the cookies used on our website and the purposes for which these cookies are used are set out in the table below:
CAKE as Processor
Children Under 13
We are concerned about the safety of children. Our website is not intended for children. We do not knowingly allow anyone under the age of 13 to provide us with personal data, and we do not knowingly collect or maintain such personal data. If you are under the age of 13, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal data of persons under the age of 13.
We may link to other websites with information gathering practices that differ from our own. Visitors should carefully review privacy policies for all websites they visit as we have no control over information submitted or collected by third parties.
We may also offer contests, sweepstakes, or other promotions from time to time that are sponsored or co-sponsored by third parties. These third parties may obtain personal data that visitors voluntarily submit to participate in the contest, sweepstake or promotion. We have no control over how these third parties use this data; however, we will notify you whenever you fill out a form that will provide them access to such data.
How Is Data Secured?
We use industry-standard encryption technologies for our website and mobile application when transferring and receiving personal data. We also have appropriate security measures to protect against loss, misuse or alteration of information that we collect from you.
We operate a policy of “privacy by design” by looking for opportunities to minimize the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorized access or unlawful use, such as:
- ensuring the physical security of our offices, or other sites;
- ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
- maintaining an internal data protection policy for, and delivering data protection training to, our employees; and
- limiting access to your personal information to those in our company who need to use it in the course of their work.
How Long Is Data Kept For?
We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes (such as for the purposes of exercising our legal rights), or for as long as the law otherwise permits.
We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What Rights Do I Have?
You have certain rights in respect of the information that we hold about you, including:
- the right to ask us not to process your personal data for marketing purposes;
- the right to request access to the information that we hold about you;
- in certain circumstances, the right to object to processing, i.e. to ask us to stop processing information about you; and
- the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/).
From 25 May 2018, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your website user account even when you have requested not to receive marketing communications.
From 25 May 2018, in accordance with new data protection laws which will be in force from that date, you will have certain additional rights in respect of the information that we hold about you, including:
- the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence;
- the right to object to our using your information on the basis of our legitimate interests (refer to the section titled “Why Do You Collect Information?” above to see when we are relying on our legitimate interests); and
- the right to receive a copy of any information we hold about you in connection with the performance of our contract with you or on the basis of your consent (or request that we transfer this to another service provider) in a structured, commonly used, machine-readable format; and
- the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.
Changes and Updates
For Residents of California
For more information please visit our privacy notice for California residents.
Dispute Resolution for Residents of the European Union and Switzerland
Resolution of Privacy Shield Complaints
Special Note to Users Outside of the United States
- only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use certain service providers, by using specific contracts approved by the European Commission which give personal data the same protection it has in Europe (the so-called European Commission’s Standard Contractual Clauses); or
- where we use providers based in the US, we may transfer data to them under the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework, in each case as administered by the US Department of Commerce (the “Privacy Shield”), which requires such recipients to provide similar protection to personal data shared between Europe and the US. For more information on the Privacy Shield and our obligations thereunder, please refer to the section titled “Privacy Shield” below.
You consent to such cross-border transfers of your information. Please contact us using the contact details set out in the ‘About us’ section if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We recognize that the EEA and Switzerland (collectively, the “Privacy Shield Jurisdictions”) have established strict protections regarding the handling of certain personal information that we receive in the US from the Privacy Shield Jurisdictions (“Privacy Shield Data”), including requirements to provide adequate protection for Privacy Shield Data transferred outside of the Privacy Shield Jurisdictions. To provide adequate protection for certain Privacy Shield Data about consumers and suppliers received in the US, we have elected to self-certify to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. We adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
For purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at www.privacyshield.gov. To review our representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at www.privacyshield.gov/list.
Further Questions or Comments