Privacy Policy

LAST REVISED: MAY 12, 2026

1. INTRODUCTION AND SCOPE

THE YUMMY SPUDDY COMPANY LIMITED ("the Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, and share personal data about you in the context of our food delivery operations, corporate portals, and marketing activities in the United Kingdom.

We operate as a Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered office is located at 47 Albany Villas, Hove, BN3 2RT. This policy applies to all users of our website, mobile applications, and recipients of our premium delivery services.

2. THE DATA WE COLLECT

We categorize the personal data we collect as follows:

  • Identity Data: Full name, professional title, and date of birth (for age verification where applicable).
  • Contact Data: Delivery addresses (residential and commercial), billing addresses, email addresses, and verified telephone numbers.
  • Financial Data: While we utilize PCI-DSS compliant third-party processors for payment execution, we maintain records of transaction history and partial card identifiers for reconciliation.
  • Technical Data: IP addresses, browser fingerprints, operating system data, and geolocation data utilized for delivery optimization.
  • Usage Data: Detailed analytics regarding how you interact with our menus, blog insights, and service tiers.
  • Marketing Data: Preferences for receiving corporate insights and exclusive offers.

3. LEGAL BASES FOR PROCESSING

Under Article 6 of the UK GDPR, we process your data based on:

  1. Contractual Necessity: To fulfill our obligation to prepare and deliver your meal.
  2. Legal Obligation: To maintain accurate financial records for HMRC and comply with food safety tracking regulations.
  3. Legitimate Interests: To optimize our delivery routes, improve our culinary offerings, and ensure the security of our IT infrastructure.
  4. Consent: Where you have explicitly opted-in to receive our marketing communications.

4. DATA RETENTION AND ARCHIVAL

We do not store personal data longer than is necessary for the purposes for which it was collected. Financial transaction data is retained for seven (7) years to satisfy UK tax laws. Delivery-specific geolocation data is pseudonymized after 90 days. You may request the deletion of your account at any time, subject to our statutory retention requirements.

5. INTERNATIONAL TRANSFERS

While our primary servers are located within the UK, certain third-party cloud processors may store data in the EEA or the US. We ensure all such transfers are protected by Standard Contractual Clauses (SCCs) or the UK Addendum, ensuring an "adequate level of protection" as defined by the Information Commissioner’s Office (ICO).

6. YOUR STATUTORY RIGHTS

You possess the following rights under UK law: The right to be informed; The right of access (Subject Access Request); The right to rectification; The right to erasure ("Right to be Forgotten"); The right to restrict processing; The right to data portability; and the right to object to automated decision-making. To exercise these rights, contact our Data Protection Officer at dpo@outbackwealth.sbs.