Introduction

This policy outlines how Cafe @ Highgate collects, processes, and safeguards personal data in compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Scope

This policy applies to all employees, contractors, and third parties who process personal data on behalf of Cafe @ Highgate.

Data Collection

We collect personal data necessary for providing our services, processing orders, and maintaining our relationship with customers and suppliers. This may include names, contact details, and payment information.

Purpose of Data Processing

Personal data is processed for purposes such as order fulfillment, customer service, marketing (with consent), and compliance with legal obligations.

Consent

Where required, we will obtain explicit consent from individuals before processing their data. Individuals can withdraw consent at any time.

Data Sharing

We will not share personal data with third parties unless required by law, necessary for our business operations, or with the individual’s consent.

Data Security

We employ robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. Individual Rights Individuals have the right to access, correct, delete, or object to the processing of their personal data as per GDPR and UK law.

Data Retention

We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, accounting, or reporting requirements.

Compliance and Training

All staff will be trained on data protection principles, GDPR, and this policy to ensure compliance.

Review and Updates This policy will be reviewed and updated as necessary to reflect changes in our operations or legal requirements.

Contact

For any inquiries regarding this policy or data protection matters, contact:

[email protected]

07747 999618