Tawn Talk Bakery logo

Legal

Privacy Policy

Last updated: May 13, 2026. This policy describes how Town Talk Bakery collects, uses, discloses, and protects personal information.

1) Scope and Legal Framework

This policy applies to personal information collected by Town Talk Bakery through this website and related customer communications. Our practices are designed around applicable Canadian private-sector privacy obligations, including the Personal Information Protection and Electronic Documents Act and, where applicable, provincial privacy laws such as the Quebec Act respecting the protection of personal information in the private sector.

This policy is provided in clear and simple language and is intended to support transparency at the point of collection and throughout the customer relationship.

2) Organization and Privacy Contact

Organization: Town Talk Bakery, 206C Queen St S, Mississauga, ON L5M 1L3, Canada.

Designated privacy contact: Privacy Officer, Town Talk Bakery.

Email: [email protected] Phone: +1 (905) 821-1166

3) Notice at Collection

When we collect personal information, we provide or make available information about:

  • the purposes of collection, use, and disclosure,
  • the means of collection,
  • your rights of access, correction, and withdrawal of consent where applicable,
  • third-party service provider categories involved in delivering requested services, and
  • the possibility of processing outside your province, including outside Quebec, where applicable.

4) What We Collect

We collect only information that is reasonably necessary for identified purposes. The categories below reflect current application behavior.

  • Contact form data: full name, email address, phone number, message content, anti-spam verification values, and technical anti-abuse signals such as source IP address and user agent.
  • Order and checkout data: full name, phone, email, delivery address details, province, postal code, order items, payment method selection (cash or card on delivery), optional notes, anti-spam verification values, source IP address, and user agent.
  • Website analytics data, only when optional analytics is accepted: visited path, derived daily visitor key (hash), source IP address, and user agent.
  • Essential technical identifiers: browser storage entries for cart and consent state, plus security and admin session cookies for authorized administration.

5) Purposes of Processing

  • Receive, validate, and respond to customer inquiries and catering requests.
  • Accept and manage customer orders, calculate totals and taxes, and send transactional confirmations.
  • Detect bots, spam, abuse, and fraud attempts, and maintain service integrity.
  • Operate core website features such as cart persistence and consent preferences.
  • Measure website performance and usage trends when optional analytics is enabled.
  • Meet bookkeeping, audit, tax, and legal compliance requirements.

6) Cookies and Similar Technologies

We use essential browser storage for core operations and optional analytics storage only after your choice permits it. For full details and preference controls, see the Cookie Policy.

7) Consent Model and Your Choices

  • Essential technologies are used to deliver requested core functionality and security.
  • Optional analytics are disabled by default until you actively accept them.
  • You may change cookie choices later through the Cookie Policy preference controls.
  • You may withdraw consent for non-essential uses, subject to legal or contractual restrictions and technical feasibility.

8) Disclosures and Service Providers

We do not sell personal information. We may disclose personal information to:

  • hosting and infrastructure providers needed to operate this website,
  • email delivery or SMTP providers to deliver order-related transactional emails,
  • professional advisors and auditors where required for legal compliance, and
  • public authorities where required or authorized by law.

Service providers are expected to process information only for authorized purposes and with appropriate safeguards.

9) Cross-Border Handling

Depending on infrastructure and service provider arrangements, personal information may be processed outside your province and may be subject to lawful access under the laws of those jurisdictions. We assess and apply reasonable safeguards proportionate to sensitivity.

10) Retention and Disposal

We retain personal information only as long as necessary for identified purposes, legal obligations, dispute management, and operational continuity. Retention periods may vary by record type and legal requirements.

  • Contact request records: retained for customer service follow-up and business records management.
  • Order records: retained for order support, accounting, and tax compliance obligations.
  • Visit analytics records: retained for website performance analysis and reporting.

When information is no longer required, we aim to securely delete, de-identify, or otherwise dispose of it appropriately.

11) Security Safeguards

  • Server-side validation and anti-automation controls on contact and order submissions.
  • Access controls for administrative features with session-based authentication.
  • Reasonable technical and organizational measures based on data sensitivity and context.

No method of transmission or storage is absolutely secure. If a confidentiality incident presents a real risk of significant harm, we will follow applicable notification obligations.

12) Children and Youth

This website is intended for a general audience and is not directed at young children. If we learn that personal information was provided by someone unable to provide meaningful consent, we will take appropriate corrective steps.

13) Access, Correction, and Privacy Requests

You may request access to personal information we hold about you, ask for correction of inaccuracies, or request information about use and disclosure history where applicable.

Use our Privacy Requests page or contact the Privacy Officer by email.

We aim to respond diligently and within applicable legal timelines, including recognized request timelines under Canadian private-sector privacy law frameworks.

14) Complaints and Regulator Contacts

If you are not satisfied with our privacy response, you may contact the Office of the Privacy Commissioner of Canada or, where applicable, the Commission d acces a l information du Quebec.

15) Policy Changes

We may update this policy from time to time to reflect legal, operational, or technical changes. Material updates will be posted on this page with a revised Last updated date.

16) Reference Framework

Key public guidance and legal texts used to shape this policy include:

Privacy Choices

We use essential cookies to run this website and optional analytics to improve it. You can accept all cookies or continue with essential only. See our Privacy Policy and Cookie Policy.

Essential OnlyAccept All