Privacy Policy

Last updated: [Insert Date]

1. Introduction

This Privacy Policy explains how Golden Harvest Catering ("we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our catering services, visit our website, communicate with us, or otherwise interact with us in England.

We are committed to safeguarding your privacy and handling your personal data in a lawful, fair, and transparent manner, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws in England.

By using our services or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Golden Harvest Catering is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal information.

If you have any questions about this Privacy Policy or our data protection practices, you can contact us using the contact details provided on our official website or in our service documentation.

3. Personal Data We Collect

We may collect and process the following categories of personal data, depending on how you interact with us:

3.1. Identification and Contact Details

• Full name
• Postal address and delivery address
• Email address
• Telephone number or mobile number

3.2. Booking and Service Information

• Event details (date, time, venue, type of event)
• Number of guests
• Menu preferences and dietary requirements
• Special requests and instructions
• Communication history related to bookings and enquiries

3.3. Payment and Transaction Data

• Payment method (e.g. bank transfer, card payment, invoicing details)
• Partial payment details as required to process payments (we do not store full card numbers where payments are processed via approved payment providers)
• Billing address
• Records of transactions and invoices

3.4. Technical and Usage Data (where applicable)

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on our website
• Referring websites or links
• Cookies and similar tracking technologies (see Section 10)

3.5. Marketing and Communication Preferences

• Your preferences regarding receiving marketing communications from us
• Records of your consent to marketing

3.6. Special Category Data (Dietary and Health-Related Information) In the context of catering services, we may collect information about dietary requirements, allergies, or other health-related details that you voluntarily provide in connection with an event. This information is treated as special category data and is only processed where necessary to protect your vital interests or with your explicit consent.

4. How We Collect Your Data

We collect personal data in several ways, including:

• Directly from you: when you contact us by phone, email, through our website, social media channels, or in person; when you request a quotation; when you book our services; or when you subscribe to our mailing list.
• From third parties: such as event planners, venues, corporate clients, or partners who provide your details to us in order for us to deliver catering services.
• Automatically: when you visit our website, we may automatically collect technical and usage data through cookies and similar technologies.

5. Legal Bases for Processing

We will only process your personal data where we have a lawful basis to do so, which may include:

• Performance of a contract: to take steps at your request before entering into a contract, and to perform our obligations under a catering or service agreement with you.
• Legal obligation: to comply with applicable laws and regulations, such as tax and accounting requirements.
• Legitimate interests: to manage and develop our business, improve our services, secure our systems, and communicate with you about our services, provided that your rights and interests do not override these interests.
• Consent: in situations where we rely on your explicit consent, such as for certain types of marketing communications or processing certain special category data (e.g. detailed health-related dietary information where required).

You may withdraw your consent at any time where we rely on consent as the lawful basis, without affecting the lawfulness of processing before such withdrawal.

6. How We Use Your Personal Data

We may use your personal data for the following purposes:

• To respond to enquiries and provide quotations for our catering services.
• To register and manage bookings, including planning menus, logistics, and staffing.
• To deliver catering services at events and functions.
• To manage payments, invoicing, and accounting.
• To communicate with you about your booking, including order confirmations, changes, and follow-up.
• To handle feedback, queries, and complaints.
• To manage our relationship with you, including customer support and after-service communication.
• To send you marketing communications (where permitted by law and in line with your preferences).
• To improve our website, services, and customer experience.
• To ensure the security of our systems, prevent fraud, and maintain business records.
• To comply with legal obligations and respond to lawful requests from public authorities.

7. Sharing and Disclosure of Personal Data

We may share your personal data with:

• Service providers and suppliers who assist us in delivering our services, such as payment processors, IT and hosting providers, email and communication platforms, and logistics partners. These parties act as processors and are bound by contractual obligations to protect your data.
• Event partners, venues, or organisers where necessary to fulfil your booking and instructions (for example, coordinating access times, layout, and safety considerations).
• Professional advisers, including accountants, auditors, or legal advisers, where necessary for business operations or legal compliance.
• Public authorities, regulators, or law enforcement where we are legally required to do so, or where necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

We do not sell or rent your personal data to third parties.

8. International Transfers

Where we use service providers or systems that are located outside the United Kingdom, your personal data may be transferred to and processed in other countries.

In such cases, we will ensure that appropriate safeguards are in place in accordance with UK data protection law, for example:

• Using countries that have been deemed to provide an adequate level of data protection; or
• Implementing standard contractual clauses or equivalent legal mechanisms to ensure your data is protected.

You may contact us for more information about international transfers and the safeguards in place.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to:

• Provide our catering services and manage our relationship with you;
• Comply with legal, accounting, and reporting obligations;
• Resolve disputes and enforce our agreements.

Retention periods may vary depending on the type of data and applicable legal requirements, but typically:

• Booking and transaction records are kept for at least the period required by tax and accounting laws in England.
• Marketing-related data is retained until you unsubscribe or object, or until we determine it is no longer necessary for the purpose for which it was collected.

When personal data is no longer needed, we will securely delete or anonymise it.

10. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to enhance your browsing experience, analyse site traffic, and understand user behaviour.

Cookies are small text files placed on your device that help us recognise you and remember your preferences. They may be:

• Strictly necessary cookies: required for the basic operation of our website.
• Performance/analytics cookies: used to understand how visitors use our website and to improve it.
• Functionality cookies: used to remember your preferences and improve your experience.
• Marketing or advertising cookies: used to deliver relevant advertisements and measure their effectiveness (if applicable).

Where required by law, we will obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings or our cookie banner (if available). Disabling certain cookies may affect the functionality of our website.

11. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures may include:

• Access controls and authentication procedures
• Secure storage and encryption where appropriate
• Regular system monitoring, backups, and maintenance
• Staff training and internal policies on data protection

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

12. Your Rights Under Data Protection Law

Under the UK GDPR and related legislation, you have certain rights in relation to your personal data, subject to conditions and exemptions. These may include:

• Right of access: to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data.
• Right to rectification: to have inaccurate or incomplete personal data corrected.
• Right to erasure: to request the deletion of your personal data in certain circumstances (also known as the "right to be forgotten").
• Right to restriction of processing: to request that we limit the processing of your personal data in certain situations.
• Right to data portability: to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
• Right to object: to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
• Rights relating to automated decision-making: we do not typically use your personal data for automated decision-making with legal or similarly significant effects. If we do so in the future, we will inform you and explain your rights.

To exercise any of these rights, please contact us using the details on our website. We may need to verify your identity before responding. We aim to respond to all valid requests within one month, or within any extended period permitted by law.

13. Marketing Communications

We may use your contact details to send you information about our catering services, promotions, events, and related offerings that we think may be of interest to you.

We will only send you electronic direct marketing (such as email newsletters) where we have your consent or where we are otherwise permitted by law (for example, in the context of an existing customer relationship), and you have not opted out.

You may opt out of receiving marketing communications at any time by:

• Using the unsubscribe link in our emails; or
• Contacting us directly via the contact details provided on our website.

Even if you opt out of marketing, we may still send you non-marketing communications related to your bookings or our ongoing business relationship with you.

14. Third-Party Websites

Our website or communications may contain links to third-party websites, social media platforms, or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site.

We have no control over and are not responsible for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

15. Children’s Privacy

Our services are generally not directed to children, and we do not knowingly collect personal data from children under 13 years of age without appropriate parental or guardian consent.

If you believe that a child has provided us with personal data without proper consent, please contact us and we will take steps to delete such data as required by law.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

We will post the updated version on our website and indicate the "Last updated" date at the top of this document. We encourage you to review this Privacy Policy periodically to stay informed about how we process your personal data.

17. Contact and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us using the contact details provided on our website or in your service documentation.

You also have the right to lodge a complaint with the UK’s data protection authority:

Information Commissioner's Office (ICO) Website: https://ico.org.uk/ Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance where possible.