Privacy Policy & Data Governance

Last Updated: May 2024

FOOD WITH ATTITUDE LTD ("we", "us", "the Company") is committed to protecting the privacy and security of your personal data. This policy outlines our stringent data processing activities in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller Information

The data controller responsible for your personal data is FOOD WITH ATTITUDE LTD, located at 56b Minerva Road, London NW10 6HJ, England. Any inquiries regarding data protection should be directed to our Data Protection Officer at info@bluemountainsfinancial.sbs.

2. Categories of Data Collected

We collect and process the following categories of personal data:

• Identity Data: Name, title, corporate affiliation.
• Contact Data: Billing address, delivery address, email, telephone numbers.
• Technical Data: IP address, login data, browser type and version, time zone setting, and location data.
• Transactional Data: Details about payments and services purchased.
• Nutritional/Preference Data: Dietary requirements or allergies provided for service fulfillment.

3. Legal Basis for Processing

We process your data under the following legal grounds:

• Contractual Necessity: To fulfill our delivery obligations to you.
• Legal Obligation: To comply with UK tax, health and safety, and food standards regulations.
• Legitimate Interests: For the improvement of our logistics network and marketing of similar premium services.
• Consent: Where you have explicitly opted into our newsletter or specific data-sharing initiatives.

4. Data Retention and Security

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Standard retention for financial records is six years. All data is stored on encrypted servers with multi-factor authentication and strict access controls. Our "attitude" toward security is zero-trust.

5. International Transfers

We do not transfer your personal data outside the UK or the European Economic Area (EEA) unless absolutely necessary for service provision, in which case Standard Contractual Clauses (SCCs) are implemented to ensure a high level of data protection.

6. Your Legal Rights

Under the GDPR, you have the right to request access to your data, correction of inaccuracies, erasure of your data ("right to be forgotten"), restriction of processing, and data portability. You also have the right to object to processing based on legitimate interests. To exercise these rights, please contact our DPO.

[Full document truncated for display, continues with 800 more words on sub-processors, breach notification, and jurisdictional specifics...]