This policy sets out how we seek to protect personal data and ensure that our staff understand the rules governing their use of the personal data to which they have access during their work. This policy requires staff to ensure that the Data Protection Officer (DPO) be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
Our website, www.bringmelunch.org.uk is operated by Bring Me Lunch Limited (“BML”) (‘us’) which is the Data Controller for the purposes of the General Data Protection Regulation (“GDPR”) . You may contact us at the following address:
Bring Me Lunch Ltd is classified as a data controller. We must maintain our appropriate registration with the Information Commissioners Office in order to continue lawfully controlling data.
We are registered with the Information Commissioners Office. (no. Z1624177)
Bring Me Lunch Ltd shall comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation. We will make every effort possible in everything we do to comply with these principles. The Principles are:
Principle 1: Lawfulness, Fairness and Transparency
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. This means, Bring Me Lunch Ltd must tell the data subject what processing will occur (transparency), the processing must match the description given to the data subject (fairness), and it must be for one of the purposes specified in the applicable data protection regulation (lawfulness).
Principle 2: Purpose Limitation
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means Bring Me Lunch Ltd must specify exactly what the personal data collected will be used for and limit the processing of that personal data to only what is necessary to meet the specified purpose.
Principle 3: Data Minimisation
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This means Bring Me Lunch Ltd must not store any personal data beyond what is strictly required.
Principle 4: Accuracy
Personal data shall be accurate and, kept up to date. This means Bring Me Lunch Ltd must have in place processes for identifying and addressing out-of-date, incorrect and redundant personal data.
Principle 5: Storage Limitation
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. This means Bring Me Lunch Ltd must, wherever possible, store personal data in a way that limits or prevents identification of the data subject.
Principle 6: Integrity & Confidentiality
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage. Bring Me Lunch Ltd must use appropriate technical and organisational measures to ensure the integrity and confidentiality of personal data is maintained always.
Principle 7: Accountability
The Data Controller shall be responsible for and be able to demonstrate compliance. This means Bring Me Lunch Ltd must demonstrate that the six data protection principles (outlined above) are met for all personal data for which it is responsible.
We must process personal data fairly and lawfully in accordance with individuals’ rights under the first Principle. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.
The information which you provide to us may also be shared with our associated companies, agents and our suppliers who may also contact you from time to time by e-mail or telephone with information, products or services which may be of interest to you.
Cookies are small amounts of information which we store on your computer. Unless you have told us you object, our system will issue cookies to your computer when you log on to our website. Cookies make it easier for you to log on to and use our website during future visits. They also allow us to monitor website traffic and to personalise the content of the site for you. You may set up your computer to reject cookies but if you do that, you may not be able to use some features on our website. If you do not wish to receive cookies in the future, please let us know.
Transfer of Information
We will not transfer any information that we hold on you to anyone outside the European Economic Area.
As a data controller, if you request the rectification, erasure or restriction of your data, we will also communicate this to any third party who your data has been disclosed to.
In exercising any of your rights, we will act within one month. However, should the request be complex we can extend this by a further two months. We will inform you of this in this event. We will need to confirm your identity before completing any action on your behalf and reserve the right to not complete action until we are satisfied that you are making the request. If we cannot complete your request, we will inform you within one month and explain why.
If you wish to amend any inaccurate data that we hold, please notify us specifically by telephone, post or email, or during the provision of our services. We will make the amendment as soon as possible. If any data held is incomplete, you can complete this at any time. We may require this to be completed to allow us to provide our services (e.g. if we do not have your full address).
Retaining and anonymising personal data
We keep your personal information for either 3 years from the date of your last booking or interaction or, if longer, for any period for which we are required to keep personal information to comply with our legal and regulatory requirements. After this time has passed we anonymise all data so that it is no longer personally identifiable.
Bring Me Lunch recognises that its customers are increasingly concerned about how companies protect personal information from misuse and abuse and about privacy in general. Bring Me Lunch is constantly reviewing and enhancing its technical, physical and managerial procedures and rules to protect your personal data from unauthorised access, accidental loss and/or destruction. We use industry standard secure sockets layer (SSL) technology, for example, to encrypt sensitive information such as your credit card and other financial information.
Changes to this Policy
If there are any significant changes, we make these clear either through the website or through another means of contact such as email.
Updated on 24/05/2018
Bring Me Lunch Ltd