1. Introduction
This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or place an order through our online form. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using this website, you agree to the terms of this Privacy Policy.
2. Data Controller and Contact Information
The Data Controller responsible for this website is:
M. Shames
Shako Mako Café
1 St Andrews St
Norwich NR2 1AD
United Kingdom
For any privacy-related questions, please contact:
E-mail: privacy@shako-mako-norwich.co.uk
The technical operator of the website is:
Florian Martens (Data Processor, responsible for website administration).
3. Hosting
This website is hosted by Hostinger on servers located in the United Kingdom. All data collected through the website is processed within the UK.
4. Data Collected
4.1 When visiting the website
When you access our website, the following data may be automatically collected and stored in server log files:
- IP address
- Date and time of access
- Browser type and version
- Operating system
- Referring website
We use Cloudflare Turnstile to protect our forms from spam and misuse. This may involve verification data being processed by Cloudflare.
4.2 Cake order form
If you use our order form, we collect the following data:
- Name
- Telephone number
- E-mail address
- Desired cake, size, and pick-up date
- Optional notes
This information is required to process and confirm your order. The submitted data is sent to our business e-mail account hosted by Google Mail and is also stored temporarily in the WordPress database for up to 30 days before being automatically deleted.
4.3 Google Maps
Our website includes an embedded Google Maps feature to show the café’s location. Google may collect data about your interaction with the map. Please see Google’s Privacy Policy for more details: https://policies.google.com/privacy
4.4 Instagram feed
We display an Instagram feed through a local plugin. No direct connection to Instagram’s servers is established when browsing our website. However, if you click on an Instagram link, you will be redirected to Instagram, which is subject to its own privacy policy.
5. Legal Basis for Processing
We process your personal data on the following legal bases:
- Performance of a contract (Art. 6(1)(b) UK GDPR): for processing cake orders and communicating with you.
- Legitimate interests (Art. 6(1)(f) UK GDPR): to ensure the proper functioning, security, and improvement of our website, including spam prevention through Cloudflare.
- Consent (Art. 6(1)(a) UK GDPR): if you choose to interact with the embedded Google Maps.
6. Use of Cookies
Our website uses only essential cookies required for operation. Additional cookies may be set by Google Maps when you interact with the embedded map.
7. Data Recipients and Transfers
Your personal data may be shared with the following recipients:
- The Data Controller and authorised staff of the café
- The Data Processor (technical operator of the website)
- Hostinger (website hosting, UK-based servers)
- Google (for Gmail and Maps, which may involve international data transfers with appropriate safeguards)
- Cloudflare (for Turnstile spam protection, which may involve international transfers with safeguards)
8. Storage Duration
- Order form data: Stored in the WordPress database for 30 days and in Google Mail for as long as necessary to fulfil your order and meet legal obligations.
- Server logs: Typically retained for a short period (up to a few weeks) to ensure website security.
- Cookies: Session-based or according to Google’s own retention policies.
9. External Links
Our website may contain links to external websites. We are not responsible for the privacy practices or the content of external sites. Please review the privacy policies of those providers when you visit their websites.
10. Your Rights
Under the UK GDPR, you have the following rights:
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to object to processing
- Right to data portability
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk/
11. Security Measures
We use appropriate technical and organisational measures to protect your personal data, including secure hosting, restricted access, and spam protection mechanisms.
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements or our data processing practices. The current version is always available on our website.
Last updated: 7th September 2025