This Data Protection Policy outlines how appetiteforangus.com (“we,” “us,” or “our”) processes and protects personal data collected through appetiteforangus.com (the “Site”). We are committed to upholding the principles of data protection, privacy, and security in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
- Introduction
This policy applies to all personal data processed by us and to all employees, contractors, and third parties who process data on our behalf. Our aim is to ensure that all personal data is collected, used, stored, and disclosed in a fair, transparent, and secure manner.
- Principles of Data Protection
We adhere to the following core principles of data protection as outlined in the UK GDPR:
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.
Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data Minimisation: Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Accuracy: Personal data is accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay.
Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality (Security): Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
Accountability: We are responsible for, and able to demonstrate compliance with, the above principles.
- Types of Data Collected and Processed
We collect and process various types of personal data, which may include, but are not limited to:
Identity Data: Names, usernames, titles.
Contact Data: Email addresses, postal addresses, telephone numbers.
Technical Data: IP addresses, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Usage Data: Information about how you use our website, products, and services.
Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
Any other information you voluntarily provide through forms, inquiries, or interactions on our Site.
For more details on the specific types of data collected, please refer to our Privacy Policy.
- Lawful Basis for Processing
We will only process personal data when we have a valid lawful basis to do so. Our lawful bases for processing personal data may include:
Consent: The data subject has given clear consent for us to process their personal data for a specific purpose.
Contract: The processing is necessary for a contract we have with the data subject, or because they have asked us to take specific steps before entering into a contract.
Legal Obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by the data subject’s rights and freedoms. We will always balance our legitimate interests against the individual’s rights.
- Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
Pseudonymisation and encryption of personal data where feasible.
The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
A process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Access controls to limit who can access personal data.
Staff training on data protection and security.
- Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Data Subject Rights
Under the UK GDPR, individuals have the following rights regarding their personal data:
The Right to Be Informed: Individuals have the right to be informed about the collection and use of their personal data.
The Right of Access: Individuals have the right to obtain confirmation that their data is being processed and to access their personal data.
The Right to Rectification: Individuals have the right to have inaccurate personal data rectified or completed if it is incomplete.
The Right to Erasure (the “Right to Be Forgotten”): Individuals have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
The Right to Restrict Processing: Individuals have the right to block or suppress the processing of their personal data in certain circumstances.
The Right to Data Portability: Individuals have the right to obtain and reuse their personal data for their own purposes across different services.
The Right to Object: Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, and direct marketing.
Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
To exercise any of these rights, please contact us using the details provided below.
- International Data Transfers
If we transfer personal data outside the UK or the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect the data, such as standard contractual clauses, adequacy decisions, or other legally recognised transfer mechanisms.
- Data Breach Notification
In the event of a personal data breach, we will take prompt action to assess the risk to individuals and, where appropriate, notify the Information Commissioner’s Office (ICO) and affected data subjects without undue delay, in accordance with our legal obligations.
- Policy Review
This Data Protection Policy will be reviewed regularly and updated as necessary to reflect changes in legislation, technology, or our processing activities.
- Contact Details
For any questions regarding this Data Protection Policy or to exercise your data protection rights, please contact:
info@appetiteforangus.com
- Complaints
If you are not satisfied with our response to a data protection concern or believe we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk