The European General Data Protection Regulation’s (GDPR) focus is the protection, collection and management of personal data (i.e. data about individuals) and it applies to all businesses who hold or otherwise process personal data of people in EU Member States.
This privacy notice sets out how we intend to use your personal information.
We are a catering company, based at the Lansbury Business Estate, 102 Lower Guildford Road, Woking, Surrey, GU21 2EP, UK. Your information will be held by Avala Catering Ltd. You can contact us on 01483 859180 or on firstname.lastname@example.org.
This privacy notice applies to the personal data that we collect and use. It is to let you know how we promise to look after your personal information. This includes what you tell us about yourself and what we learn by having you as a customer. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
Data protection law says that we are allowed to use your personal information only if we have a proper reason to do so. This includes sharing it outside The Lunch People Ltd. We must have one or more of these lawful bases to process your data
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not be unfairly go against what is right and best for you.
The company must make reasonable use of your data, i.e. use your data in ways that they would reasonably expect and which have a minimal privacy impact or where there is a compelling justification for the processing.
Examples of your personal data may include your name, company name, telephone number, postal address, email address, dietary requirements, payment card details or information on how you use our website and social media or how you interact with us or your feedback.
In the course of providing services to you, we may collect information (i.e. dietary requirements) that could reveal your racial or ethnic origin, physical or mental health or religious beliefs. Such information is considered “sensitive personal data” under data protection laws.
We only collect this information when it is necessary so that we can provide you with the product and service you have chosen.
If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us. Please be aware that in such circumstances you will not be entitled to cancel or obtain a refund of any price you have paid.
Here is a list of the ways we may use your personal information and which reasons we rely on to do so.
Data you give us such as:
We may share your data with the following organisations when there is a proper reason to do so:
We may need to share your personal information with other organisations to provide you with the service you have chosen:
We will keep your information for as long as you are our customer.
When you asked for a quote but didn’t book with us, we will only keep your details until the day of your event, after which we will destroy your personal data.
After you stop being a customer, we may keep your information for up to 7 years for one of these reasons:
You have the right to question any information we have about you that you think is wrong or incorrect. Please contact us if you would like to do so.
We may need to collect personal information by law or under the terms of a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide our products or services. It could mean that we cancel a product or service you have with us.
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using it if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’ and ‘right to be forgotten’.
This may not be possible as there may be legal, contractual or other official reasons why we need to keep your data but please contact us if you would like to do so.
You have a right to request access to the personal data that we hold about you. You can access your personal information by writing to us.
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Furthermore, when you make a credit card payment to us, the company that we use complies with the Payment Card Industry’s Data Security Standards (PCI DSS). This means that we adhere to high security standards and can therefore accept or process credit card information securely in accordance with these standards.
We will not send your personal information outside the EEA unless you have instructed us to do so or it is our legal duty.
Please contact us if you would like to do so. You also have the right to complain to the Information Commissioner’s Office.
Updated – January 2020