Privacy & Data Protection Policy

EFFECTIVE DATE: OCTOBER 24, 2023

FLAVOURAMA LIMITED (Registration No: Registered in England & Wales) operates with full transparency regarding data and legal frameworks. This document serves as our binding commitment to your security and the clarity of our professional relationship.

1. Introduction to UK GDPR Compliance

This Privacy Policy outlines how FLAVOURAMA LIMITED ("we", "us", or "our") collects, uses, and protects your personal data when you interact with our website and logistics services. We are the "Data Controller" for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). Our commitment to your privacy is absolute, and we employ industry-leading security protocols to safeguard all professional and personal information processed through our Aylesbury headquarters.

2. Information We Collect

To provide high-precision food logistics, we must collect specific data categories, including:
• Identity Data: Full names, professional titles, and corporate affiliations.
• Contact Data: Delivery addresses in Aylesbury and the UK, primary email addresses, and verified telephone numbers.
• Financial Data: Bank account and payment card details for transaction processing.
• Technical Data: IP addresses, browser types, and usage patterns on our digital interface.
• Preference Data: Dietary requirements, allergy information, and historical ordering patterns.

3. Legal Basis for Processing

Under UK Law, we process data only when we have a valid legal basis:
(A) Contractual Necessity: To deliver the food and services you have purchased.
(B) Legal Obligation: To comply with UK tax, employment, and health & safety laws.
(C) Legitimate Interests: To improve our logistics algorithms and protect our systems from cyber threats.
(D) Explicit Consent: For marketing communications which you may withdraw at any time.

4. Data Retention and Security

FLAVOURAMA LIMITED utilizes AES-256 encryption for data at rest and TLS 1.3 for data in transit. We retain financial records for the statutory period of 6 years as required by HMRC. Personal contact data is reviewed annually and deleted if the professional relationship is deemed inactive for more than 24 months. We store all data on secure servers located within the United Kingdom to ensure maximum jurisdictional protection.

5. Your Statutory Rights

Under the DPA 2018, you possess the following rights:
• The Right of Access: Request a copy of all data we hold about you.
• The Right to Rectification: Correction of any inaccuracies in your profile.
• The Right to Erasure: "The Right to be Forgotten" in specific circumstances.
• The Right to Restrict Processing: Suspend our use of your data during a dispute.
To exercise these rights, please contact our Data Protection Officer at info@loonieledger.sbs.