Privacy policy

Cybake is a software development company based in York, UK, and in Philadelphia, USA. We design cloud-based applications for customers in the baking industry.

BakePlan from our sister company BakePlan Software Ltd is a production planning system for in-store bakeries and food-to-go operations. This privacy policy covers both Cybake Limited and BakePlan Software Limited, collectively known as “Cybake”.

Cybake operates the following websites:

GDPR Principles

The following principles are complied with when processing personal data:

  • Data is processed fairly and lawfully.
  • Data is processed only for specified and lawful purposes.
  • Processed data is adequate, relevant and not excessive.
  • Processed data is accurate and, where necessary, kept up to date.
  • Data is not kept longer than necessary.
  • Data is processed in accordance with an individual’s consent and rights.
  • Data is kept secure.
  • Data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection.

Lawful Basis of Processing Data

The lawful basis of processing of data will always be determined prior to any data being processed. The laws for processing personal data under the GDPR are as follows:

  • Consent – the individual has given their Consent to the processing of their personal data.
  • Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party, or for Cybake to take pre-contractual steps at the request of the individual.
  • Legal Obligation – processing of personal data is necessary for compliance with a legal obligation to which Cybake is subject.
  • Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of Cybake or a Third Party, unless these interests are overridden by the individual’s interest or fundamental rights.
  • Public Task – processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Vital Interests – processing of personal data is necessary to protect the vital interests of the individual or another individual.

Cybake processes personal data under one, or more, of the following Lawful Bases:

  • Consent
  • Contractual
  • Legal Obligation
  • Legitimate Interest

Type of Personal Data Being Processed

The type of personal data being processed may include:

  • Name
  • Address
  • Email Address
  • Job Title
  • Telephone Number
  • Business Name
  • IP Address
  • Demographic information such as postcode

How Personal Data is Collected

Personal data is obtained from one or more of the following:

  • Visits and use of the above BakePlan and Cybake websites, and Company Portals.
  • Use of BakePlan and Cybake’s social media.
  • Use of Google Analytics.
  • Subscribers to Cybake updates.
  • Parties entering into agreements with Cybake.
  • Requests for information about products and services offered by Cybake and/or quotes.
  • Employment enquiries.

Why Personal Data is Collected

Personal data is collected to provide legitimate business services which include:

  • For Marketing purposes.
  • For us to review and reply to your enquiry.
  • To provide an opinion for a service you have requested.
  • To meet our statutory monitoring and reporting responsibilities.
  • To handle and communicate orders, billings and payment, delivery of products and services.
  • To improve Cybake’s services and product offering.

Where indicated, however, some of the information is optional and you can choose not to complete.

How Personal Data is Used

Personal data may be used to:

  • Process a request for further information, to maintain records and to provide pre and after-sales service in relation to Cybake products.
  • Carry out our obligations arising from any contracts entered into by you and us.
  • Carry out security checks (this may involve passing your details to our Identity Verification partners, who will check details we give them against public and private databases – this helps to protect us from credit risk and both you and us from fraudulent transactions).
  • Comply with legal requirements.
  • We may need to pass the information we collect to other companies within our Group for administrative purposes.
  • We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our site and issuing our emails for us.
  • Seek your views or comments on the products and services we provide.
  • Notify you of changes to our products and services.
  • Send you communications which you have requested and that may be of interest to you. These may include information about product updates, newsletters, events, webinars.
  • To inform you of various promotions, goods and services that may be of interest to you. You may be contacted by post, email, telephone, SMS or such other means with carefully selected marketing communications we deem relevant to send to you in the legitimate interests of Cybake as an IT service provider. Each marketing communication sent to you by Cybake will provide you with the option to unsubscribe and manage your data profile and communication preferences from Cybake at any time.
  • Process a job application.
  • Create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.

Where Personal Data is Stored

If a web form is completed on any of the above websites, information is stored on the Company’s CRM system. Previous browsing history on the Cybake websites is available to authorized Cybake employees only to determine your interests in order that Cybake can engage with you more effectively and improve our site. If Cookies are switched-off then your previous browsing history is no longer be available to Cybake.

If you do not wish for us to have your personal information, please do not fill out any of the web forms on these sites.

As part of any services offered via the Cybake websites, the information you provide may be transferred to countries outside the European Economic Area (EEA) i.e. our servers, or third-party servers that are used to provide Cybake services, are located in a country outside the EEA. By submitting your personal data, you consent to the transfer, storage and/or processing of your data wherever it be stored. If your data is transferred outside the EEA, steps will be taken to ensure appropriate security measures are in place to ensure your privacy rights continue to be protected as outlined in this Policy.

How Long Personal Data is Stored

We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfill our statutory obligations. We will hold personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Who Has Access to Personal Data

Only authorized Cybake employees are granted access to customer information. This is ensured by the use of strict operational processes and procedures.

Employees are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on the Cybake security and privacy practices. Employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.

Personal information provided via the Company’s portals is secured using Secure Socket Layer (SSL) server and is encrypted before being transmitted. Secure pages have a lock icon or key on the bottom of web browsers such as Microsoft Internet Explorer, information supplied by you on these web pages is securely stored and can only be accessed for the purposes for which it was provided.

All IT systems are kept in a secure environment with appropriate access control. We carry out internal audits within Cybake.

Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We will not sell or rent your information to third parties.

Third-Party Service Providers working on our behalf:

We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure.

Third-Party Product Providers we work in association with:

When we work closely with various third-party product providers to bring you a range of quality and reliable products and services designed to meet your needs, should you inquire about or purchase one or more of these products, we will obtain your permission to pass on your details to the relevant third-party product provider to provide you with information and carry out their obligations arising from any contracts you have entered into with them. In some cases, they will be acting as a data controller of your information and, therefore, we advise you to read their Privacy Policy. These third-party product providers will share your information with us which we will use in accordance with this Privacy Policy.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party including for a merger, acquisition, divestiture, or similar transaction or as part of any business restructuring or reorganization.

We may also further transfer data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to law enforcement. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Individuals’ Rights

Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply, however, whatever the basis of processing:

  • The right to be informed how personal data is processed.
  • The right of access to their personal data.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.

The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting the Managing Director. You can request that your data is updated and/or deleted at any time, unless Cybake can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.

You can change your marketing preferences at any time by calling Cybake or emailing seamus.quinn <at>  or by clicking on the “Unsubscribe” link at the bottom of any of our Cybake marketing emails.

Links To Other Websites/From Other Websites

Cybake websites may contain links to other websites run by other organisations. Cybake’s Privacy Policy only applies to Cybake’s websites and you are encouraged to read the Privacy Statements on the third party websites that you visit such as Google. Cybake is not responsible for the Privacy Policies and practices of other websites even if they were accessed via a Cybake website. Equally, if you link to a Cybake website from a third-party site, Cybake  is not responsible for the Privacy Policies and practices of that third-party site.

16 or Under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Questions, Complaints and Subject Access Requests (SARs)

Any questions or Subject Access Requests (SARs) should be sent to Jane Tyler, MD. You have a right to lodge a complaint in the event that you believe that Cybake has not upheld the rights, obligations and responsibilities set out in this Privacy Policy. Please send any complaints to: Jane Tyler, MD, at jane.tyler <at>


A “cookie” is a string of information which assigns you a unique identifier that we store on your computer. Your browser then provides that unique identifier to use each time you submit a query to the Site. We use cookies on the Site to, among other things, keep track of services you have used, record registration information, record your user preferences, keep you logged into the Site, facilitate purchase procedures, and track the pages you visit. Cookies help us understand how the Site is being used and improve your user experience. To understand more about Cookies and how we use them on, please read our Cookie Policy.

Review of this Policy

This policy is regularly reviewed. It was last updated 23/06/2021.

Company profile

BakePlan is brought to you by Cybake Ltd. Based in York, UK, and Philadelphia, USA, we started providing the food industry with ERP-class solutions in 1998.

Since then, we’ve gained a reputation for friendly and reliable support, a deep understanding of large retail operations and logistics, and for our expertise in constantly moving, cutting edge systems and technology.