The European General Data Protection Regulation’s (GDPR) focus is the protection, collection and management of personal data (i.e. data about individuals) and it applies to all businesses who hold or otherwise process personal data of people in EU Member States.
This privacy notice sets out how we intend to use your personal information.

Our identity
We are a catering company, based at the Lansbury Business Estate, 102 Lower Guildford Road, Woking, Surrey, GU21 2EP, UK. Your information will be held by The Lunch People Ltd. You can contact us on 01483 859180 or on theteam@avalacatering.co.uk.

How we use your personal information
This privacy notice applies to the personal data that we collect and use. It is to let you know how we promise to look after your personal information. This includes what you tell us about yourself and what we learn by having you as a customer. This notice explains how we do this and tells you about your privacy rights and how the law protects you.

Our Privacy Promise
We promise to collect, process, store and share your data safely and securely.
We promise to keep your data safe and private, not to sell your data and only share your data with third parties when there is a proper reason to do so.

How the law protects you
Data protection law says that we are allowed to use your personal information only if we have a proper reason to do so. This includes sharing it outside The Lunch People Ltd. We must have one or more of these lawful bases to process your data

• To fulfil a contract
• When it is our legal duty
• When it is in our legitimate interest
• When you consent to it

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not be unfairly go against what is right and best for you.

The company must make reasonable use of your data, i.e. use your data in ways that they would reasonably expect and which have a minimal privacy impact or where there is a compelling justification for the processing.

Personal Data we collect about you
When using the term “personal data” in our Privacy Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold.
Examples of your personal data may include your name, company name, telephone number, postal address, email address, dietary requirements, payment card details or information on how you use our website and social media or how you interact with us or your feedback.

Sensitive Personal Data
In the course of providing services to you, we may collect information (i.e. dietary requirements) that could reveal your racial or ethnic origin, physical or mental health or religious beliefs. Such information is considered “sensitive personal data” under data protection laws.

We only collect this information when it is necessary so that we can provide you with the product and service you have chosen.

By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Policy.

If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us. Please be aware that in such circumstances you will not be entitled to cancel or obtain a refund of any price you have paid.

What are our reasons to process your personal information
Here is a list of the ways we may use your personal information and which reasons we rely on to do so.

What we use your data for                                                                                       
To manage our relationship with you
To deliver our products and services
To provide advice and guidance about our products
To send you a quote

Our lawful basis
• To fulfil a contract
• Our legitimate interests – keep our records up to date, being efficient about how we fulfil our legal and contractual duties
• Our legal duty

What we use your data for
To develop new ways to meet your needs and grow our business
To develop and carry out marketing activities
To develop and manage our brand, products and services
To manage how we work with other companies that provide services to us and our customers

Our lawful basis
• To fulfil a contract
• Our legitimate interests –working out which products might interest you and telling you about them, developing products and services and what we charge for them
• Our legal duty
• Your consent

What we use your data for   
To manage customers payments
To collect money that is owed to us
To manage risk for us

Our lawful basis
• To fulfil a contract
• Our legitimate interests – keep our records up to date
• Our legal duty

What we use your data for   
To exercise our rights set out in agreements or contracts
To protect our business interests
To comply with our legal obligation

Our lawful basis
• To fulfil a contract
• Our legitimate interests – being efficient about how we fulfil our legal and contractual duties
• Our legal duty

Where we collect your personal information from
Data you give us such as:

• When you order our products or services
• When you send us an email, a letter or an on-line form
• When you talk to us on the phone
• When you use our website or social media
• When you take part in customer surveys, competitions or promotions
• When you make a payment to us
• When you give us your feedback

Who we share your personal information with
We may share your data with the following organisations when there is a proper reason to do so:

• HMRC and other authorities
• Companies you ask us to share your data with
• Companies we work with to provide you our products and services (equipment hire, etc)
• Companies that we introduce to you
• Our sister companies

We may need to share your personal information with other organisations to provide you with the service you have chosen:

• When you make a credit card payment to us, we will share transaction details with companies which help us to provide this service

How long we keep your personal information
We will keep your information for as long as you are our customer.

When you asked for a quote but didn’t book with us, we will only keep your details until the day of your event, after which we will destroy your personal data.

After you stop being a customer, we may keep your information for up to 7 years for one of these reasons:

• To respond to any question or complaint
• To show that we treated you fairly
• To maintain records according to our legal duty

Letting us know if your data is incorrect
You have the right to question any information we have about you that you think is wrong or incorrect. Please contact us if you would like to do so.

If you choose not to give personal information
We may need to collect personal information by law or under the terms of a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide our products or services. It could mean that we cancel a product or service you have with us.

What if you want us to stop using your personal information
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using it if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’ and ‘right to be forgotten’.

This may not be possible as there may be legal, contractual or other official reasons why we need to keep your data but please contact us if you would like to do so.

How to access your data
You have a right to request access to the personal data that we hold about you. You can access your personal information by writing to us.

How secure is your data
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Furthermore, when you make a credit card payment to us, the company that we use complies with the Payment Card Industry’s Data Security Standards (PCI DSS). This means that we adhere to high security standards and can therefore accept or process credit card information securely in accordance with these standards.

Sending data outside of the EEA
We will not send your personal information outside the EEA unless you have instructed us to do so or it is our legal duty.

How to complain
Please contact us if you would like to do so. You also have the right to complain to the Information Commissioner’s Office.

Cookies
In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website, we use cookies. Cookies are small pieces of information stored by your browser on your computer’s hard drive, which enable you to navigate on our website.

To find out more about how we use cookies, please see our Cookie Policy on our website.

Updated – May 2018