Privacy Policy

Version 3.1 • Last Updated: May 2024

At KOSHER EATS LIMITED, we view data protection as a matter of integrity. This policy outlines how we handle your digital identity with the same care we handle our ingredients.

1. Data Controller Information

The Data Controller is KOSHER EATS LIMITED, a company registered in England and Wales under Company Number [Insert Number], with its registered office located at 29 Hillview Gardens, London, NW4 2JJ, United Kingdom. For all matters concerning data protection, you may contact our Data Protection Officer (DPO) at info@ottawamarket.sbs.

2. Information We Collect

We collect and process personal data about you when you interact with us through our website, mobile application, and customer service channels. This includes:
• Identity Data: Name, username, or similar identifier.
• Contact Data: Delivery address (specifically within our London NW4 hub and surrounding areas), billing address, email, and telephone numbers.
• Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data: IP address, login data, browser type, and version, time zone setting, and location.
• Dietary/Religious Data: Where you voluntarily provide information regarding specific Kashrut requirements or allergies to enable us to fulfill our service contract.

3. How We Use Your Data (Lawful Basis)

Under the UK GDPR, we rely on the following lawful bases for processing:
(a) Contractual Necessity: To fulfill your order and deliver food to your location.
(b) Legal Obligation: To comply with HMRC tax reporting and food safety traceability laws.
(c) Consent: For marketing communications where you have opted-in.
(d) Legitimate Interests: To improve our logistics algorithms and protect our IT systems from fraud.

4. Data Retention and Security

We implement military-grade AES-256 encryption for all data at rest and TLS 1.3 for data in transit. Your payment information is processed through PCI-DSS Level 1 compliant gateways; we never store your full credit card details on our local servers. Transaction data is retained for seven (7) years to comply with UK statutory financial reporting obligations. Marketing data is retained until you withdraw consent.

5. Your Legal Rights

Under UK data protection law, you have rights including: Your right of access, Your right to rectification, Your right to erasure, Your right to restriction of processing, and Your right to data portability. To exercise these rights, please submit a Subject Access Request (SAR) to our DPO.

6. International Transfers

While we primarily store data within the United Kingdom and the European Economic Area (EEA), some of our technical service providers (e.g., cloud hosting) may be located in countries outside the UK. In such cases, we ensure standard contractual clauses (SCCs) are in place to maintain a level of protection equivalent to the UK GDPR.

For more information, please contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.