Privacy Policy - Data Protection (GDPR)

This policy sets out how we seek to protect personal data and ensure that our staff understand the rules governing their use of the personal data to which they have access during their work. This policy requires staff to ensure that the Data Protection Officer (DPO) be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.

Our website, www.bringmelunch.org.uk is operated by Bring Me Lunch Limited (“BML”) (‘us’) which is the Data Controller for the purposes of the General Data Protection Regulation (“GDPR”) . You may contact us at the following address:

Hampi
Salem
Long Buckby
Northamptonshire
NN6 7QD

Bring Me Lunch Ltd is classified as a data controller. We must maintain our appropriate registration with the Information Commissioners Office in order to continue lawfully controlling data.

We are registered with the Information Commissioners Office. (no. Z1624177)

Bring Me Lunch Ltd shall comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation. We will make every effort possible in everything we do to comply with these principles. The Principles are:

Principle 1: Lawfulness, Fairness and Transparency

Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. This means, Bring Me Lunch Ltd must tell the data subject what processing will occur (transparency), the processing must match the description given to the data subject (fairness), and it must be for one of the purposes specified in the applicable data protection regulation (lawfulness).

Principle 2: Purpose Limitation

Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means Bring Me Lunch Ltd must specify exactly what the personal data collected will be used for and limit the processing of that personal data to only what is necessary to meet the specified purpose.

Principle 3: Data Minimisation

Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This means Bring Me Lunch Ltd must not store any personal data beyond what is strictly required.

Principle 4: Accuracy

Personal data shall be accurate and, kept up to date. This means Bring Me Lunch Ltd must have in place processes for identifying and addressing out-of-date, incorrect and redundant personal data.

Principle 5: Storage Limitation

Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. This means Bring Me Lunch Ltd must, wherever possible, store personal data in a way that limits or prevents identification of the data subject.

Principle 6: Integrity & Confidentiality

Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage. Bring Me Lunch Ltd must use appropriate technical and organisational measures to ensure the integrity and confidentiality of personal data is maintained always.

Principle 7: Accountability

The Data Controller shall be responsible for and be able to demonstrate compliance. This means Bring Me Lunch Ltd must demonstrate that the six data protection principles (outlined above) are met for all personal data for which it is responsible.

We must process personal data fairly and lawfully in accordance with individuals’ rights under the first Principle. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.

Data Collection

By visiting, ordering goods or services on our website, you consent to the collection, use and transfer of your information under the terms of this policy. The information you provide to us during your use of our site will be used by us to supply you with goods and services under the terms of use of our website. We may also collect information about your buying behaviour to contact you from time to time by e-mail or telephone with details of carefully selected products or special offers which may be of interest to you.

Third Parties

The information which you provide to us may also be shared with our associated companies, agents and our suppliers who may also contact you from time to time by e-mail or telephone with information, products or services which may be of interest to you.

Use of Cookies

Cookies are small amounts of information which we store on your computer. Unless you have told us you object, our system will issue cookies to your computer when you log on to our website. Cookies make it easier for you to log on to and use our website during future visits. They also allow us to monitor website traffic and to personalise the content of the site for you. You may set up your computer to reject cookies but if you do that, you may not be able to use some features on our website. If you do not wish to receive cookies in the future, please let us know.

Transfer of Information

We will not transfer any information that we hold on you to anyone outside the European Economic Area.

Rectification

As a data controller, if you request the rectification, erasure or restriction of your data, we will also communicate this to any third party who your data has been disclosed to.

In exercising any of your rights, we will act within one month. However, should the request be complex we can extend this by a further two months. We will inform you of this in this event. We will need to confirm your identity before completing any action on your behalf and reserve the right to not complete action until we are satisfied that you are making the request. If we cannot complete your request, we will inform you within one month and explain why.

If you wish to amend any inaccurate data that we hold, please notify us specifically by telephone, post or email, or during the provision of our services. We will make the amendment as soon as possible. If any data held is incomplete, you can complete this at any time. We may require this to be completed to allow us to provide our services (e.g. if we do not have your full address).

Retaining and anonymising personal data

We keep your personal information for either 3 years from the date of your last booking or interaction or, if longer, for any period for which we are required to keep personal information to comply with our legal and regulatory requirements. After this time has passed we anonymise all data so that it is no longer personally identifiable.

Information Security

Bring Me Lunch recognises that its customers are increasingly concerned about how companies protect personal information from misuse and abuse and about privacy in general. Bring Me Lunch is constantly reviewing and enhancing its technical, physical and managerial procedures and rules to protect your personal data from unauthorised access, accidental loss and/or destruction. We use industry standard secure sockets layer (SSL) technology, for example, to encrypt sensitive information such as your credit card and other financial information.

Changes to this Policy

We may occasionally make changes to this page and our Privacy Policy to reflect changes in how we are processing your data.

If there are any significant changes, we make these clear either through the website or through another means of contact such as email.

Updated on 24/05/2018

Bring Me Lunch Ltd