SF Shicken Foods

Privacy Policy

Effective Date: May 24, 2024 | Jurisdiction: United Kingdom

1. Scope of Policy

This Privacy Policy (“Policy”) sets out the basis on which SHICKEN FOODS LTD (“we”, “us”, “our”) processes personal data. We are committed to transparency and the security of your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information Commissioner’s Office (ICO) Registration

SHICKEN FOODS LTD is registered as a data controller with the ICO. Our processing operations are audited regularly to ensure compliance with the principles of lawfulness, fairness, and transparency.

3. Data Collection: Methodology and Types

We collect and process the following categories of data:

  • Identity & Contact: Full name, billing address, delivery address, email, and telephone number. This is required for contract performance (Art. 6(1)(b) GDPR).
  • Financial Data: We utilize PCI-DSS compliant third-party processors. We do not store raw card numbers on our infrastructure.
  • Technical & Usage: IP address, device telemetry, browser type, and interaction heatmaps. This data helps us optimize platform performance based on Legitimate Interest (Art. 6(1)(f) GDPR).
  • Health & Diet: In cases of specialized meal plans, we may process health data. This is only done with your Explicit Consent (Art. 9(2)(a) GDPR).

4. Purpose of Processing

Your data is processed to: (i) fulfill orders and manage logistics; (ii) verify age for restricted products; (iii) prevent fraudulent transactions; (iv) comply with UK tax laws requiring records for 6+ years; (v) improve our culinary algorithms through anonymized feedback.

5. Data Subject Rights

Under UK GDPR, you possess the following rights:

  • Right of Access: Obtain a copy of your data (DSAR).
  • Right to Rectification: Correction of inaccurate data.
  • Right to Erasure: The "Right to be Forgotten" (subject to legal retention requirements).
  • Right to Data Portability: Transfer your data to another service provider in a machine-readable format.

6. International Transfers

While we prioritize UK-based servers, some third-party services (e.g., cloud analytics) may process data outside the EEA. In such cases, we ensure Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) are in place to guarantee a level of protection equivalent to UK law.

7. Retention Periods

Contact and Identity data used for orders is retained for 7 years post-transaction to comply with HMRC requirements. Technical logs are purged after 24 months. Marketing consent data is kept until you withdraw consent.

8. Contact Our DPO

For any privacy-related inquiries, please contact our Data Protection Officer at info@thecrusthush.sbs.