Tiffins Indian is committed to respecting the privacy rights of all visitors to our Website.
This Privacy Policy covers the use of the Website and the services provided by Tiffins Indian trading as Tiffins Indian ("Tiffins Indian", "we", "us" or "our". Tiffins Indian is incorporated with company registration number and having its registered address at 86 Haydon Place, Guildford, Gu1 4lr. This Privacy Policy provides details of the way in which we process personal data in line with our obligations under the General Data Protection Regulation (No. 2016/679) ("GDPR"), the Data Protection Act 2018 and any other laws which apply to us in relation to the processing of personal data (collectively referred to as "Data Protection Laws"). In this Privacy Policy, "controller", "personal data" and "process" (and its derivatives) have the meanings given to those terms in Data Protection Laws.
Personal data generally means information that can be used to individually identify a person, and processing generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. We are the controller of your personal data processed in connection with the Website.
The purpose of this Privacy Policy is to explain our data processing activities, including how and why we process personal data. In addition, this Privacy Policy outlines our duties and responsibilities regarding the protection of such personal data. The manner in which we process personal data will evolve over time and we will update this Policy from time to time to reflect changing practices.
Personal Data We Collect
We collect personal data about you when you provide it directly to us, when third parties provide us with personal data about you, or when personal data about you is automatically collected in connection with your use of our Website. We do not disclose your personal data to third parties, except as outlined in this Privacy Policy.
In running and maintaining our Website, we may collect and process the following information:
Personal Data Collected Directly From You
We receive personal data directly from you when you provide it to us through placing a food order, including, but not limited to:
- name;
- email address;
- mailing address;
- telephone number;
- username; and
- payment details.
You may also include details in your food order that indicate your health information or religious beliefs.
Personal Data Collected We Automatically Collect
Some personal data is automatically collected when you use the Website, such as:
- IP address;
- device identifiers;
- browser information; and
- cookie data (as explained in the Cookie Policy).
How We Use Personal Data
We process personal data to operate, improve, understand and personalise our services e.g. we use personal data to:
- complete orders including delivery or collection of food;
- personalise content based on your preferences
- contact you about our offers, subject to your marketing preferences;
- communicate with you;
- protect against or deter fraudulent, illegal or harmful actions;
- respond to user inquiries;
- provide support and assistance;
- comply with our legal or contractual obligations;
- enforce our terms and conditions; and
- resolve disputes.
Lawful Basis for Processing
Purpose of Processing | Lawful Basis under GDPR |
---|---|
Administration purposes | Such processing is necessary for the performance of a contract between us and you, where necessary for the purpose of complying with our legal obligations and where you have consented to providing certain information in relation to your food order preferences at the time of purchase. |
Training, quality monitoring or evaluating the services we provide | Such processing is necessary for the legitimate interests pursued by us in monitoring and improving our Website's services and their usage and ensuring that our users use the Website in accordance with our terms and conditions and policies. |
Website services, including for troubleshooting, data analysis, and survey purposes | We have a legitimate interest in operating and maintaining the Website and for related purposes including improving our services. |
Statistical information that cannot be related back to individuals to help us improve the services we offer | We have a legitimate interest in having access to certain analytics to ensure the products and services we provide are adequate. |
Enforcing and Defending Our Rights | We have a legitimate interest in ensuring that our services and the Website are used in accordance with our terms and conditions of use and policies. Where necessary for the purpose of complying with our legal obligations.Where necessary for the purpose of establishing, exercising or defending a legal claim, a prospective legal claim, legal proceedings or prospective legal proceedings. |
We will not use your personal data for marketing purposes without your consent. If you wish to stop receiving marketing communications from us, you can opt out at any time by clicking the "opt-out" link at the bottom of any marketing communication from us or by contacting us at the e-mail provided on our website.
Individual Data Subject Rights
Data Protection Laws provide certain rights in favour of data subjects (the "Data Subject Rights").
Data Subject Rights include the right of a data subject to:
- receive detailed information on the processing (as per transparency obligations on controllers) which we have provided through this Privacy Policy;
- access personal data;
- rectify or erase personal data (i.e. right to be forgotten);
- restrict processing;
- data portability;
- object to processing; and
- object to automated decision making (including profiling).
These Data Subject Rights will be exercisable by you subject to limitations as provided for under Data Protection Laws.
You may make a request to us to exercise any Data Subject Right by contacting the e-mail address provided on our website. Your request will be dealt with in accordance with Data Protection Laws.
How we Share Data with our Partners
We do not share any personally identifying data with third parties and will not disclose your personal data to any other party except as set out in this policy.
We and Flipdish, our online ordering partner, are joint controllers of your personal data processed in connection with food orders placed through the Flipdish Platform on the Website. If you have queries regarding how your personal data is processed by Flipdish or wish to address your rights, please contact Flipdish.
Flipdish acts as a processor in assisting us with managing users' consent to our marketing communications. Flipdish also acts as a processor when it assists us to manage our analytics.
We may be required to disclose personal data in some scenarios e.g. when you violate our terms and conditions or other policies. We may disclose such personal data, at our sole discretion, if we believe it necessary or appropriate in connection with investigation of fraud, IP infringement, piracy, or other unlawful activity. This may require disclosure of your name, address, phone number, email or company name.
We may engage other companies and people to perform tasks on our behalf (i.e. processors) and may need to share your information with them to provide you with our services.
In some cases, we may buy or sell its assets which may involve the transfer of customer information. We will transfer such information if we are acquired by or merged with another company. In this event, we will notify you by email.
Without limiting the above, in an effort to respect your privacy and our ability to keep the community free from bad actors, we will not otherwise disclose your personal data to law enforcement, other government officials, or other third parties without a court order, law enforcement request, legal process, or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to protect our rights or the rights of third parties, prevent physical harm or financial loss, or to report suspected illegal activity.
Data Retention
We will keep personal data only for as long as the retention of such personal data is deemed necessary for the purposes for which that personal data are processed (as described in this Privacy Policy) unless we are required to retain your personal data for a longer period (e.g. in the event of legal proceedings or investigations).
Third Party Links
On occasion we include links to third parties on the Website. Where we provide a link it does not mean that we have any control over the linked website or its privacy policy or that we endorse, or approve that website's policy towards visitor privacy. You should review the linked website's privacy policy before sending them any personal data.
Service-related Announcements and Changes
Any changes to this Privacy Policy in the future will be posted to the Website and, where appropriate, through email notification.
Contacting Us
For further information about this Privacy Policy or the processing of your personal data by or on our behalf, please contact us by using the contact details provided on our website.
While you may make a complaint in respect of our compliance with Data Protection Laws to the Data Protection Commission, we ask that you contact us in the first instance to give us the opportunity to address your concerns.
This Policy was last updated on September 2020.