Introduction

This GDPR Policy outlines how Cafe @ Highgate complies with the General Data

Protection Regulation (GDPR), concerning the processing of personal data.

Definitions

1. Personal Data: Any information relating to an identifiable person.

2. Processing: Any operation performed on personal data.

3. Data Subject: The individual whose personal data is being processed.

Data Protection Principles

We adhere to the GDPR principles of lawfulness, fairness, transparency, accuracy, data

minimization, integrity and confidentiality, and accountability.

Lawful Basis for Processing

We ensure a lawful basis for processing personal data, whether it's for contract

performance, legal obligation, legitimate interests, consent, or other lawful bases outlined

in the GDPR.

Data Collection

We collect personal data in a fair and transparent manner, providing data subjects with

information regarding the purpose for which data is collected.

Data Minimization

We collect only the data necessary for the intended purpose and keep data storage to a

minimum.

Consent

Where consent is required for data processing, we ensure it is freely given, informed, and

easily withdrawable.

Data Subject Rights

We respect the rights of data subjects under GDPR, including the right to access,

rectification, erasure, restriction, portability, and objection.

Data Security

We implement appropriate technical and organizational measures to ensure the security

of personal data.

Data Breach Notification

We have procedures in place to detect, report, and investigate personal data breaches in

accordance with GDPR requirements.

Training and Awareness

All staff are trained on GDPR principles, our GDPR Policy, and data protection best

practices.

Review and Audit

We regularly review and audit our data processing activities and update our GDPR policy

as necessary.

Contact

For any inquiries regarding this GDPR policy, contact:

[email protected]

07747 999618