3. Privacy & Cookie Policy

3.1 Introduction

This Privacy & Cookie Policy (“Policy”) explains how Saffron Restaurant Waterloo and Grub Direct (collectively “we,” “us,” or “our”) collect, use, share, and protect your personal data when you use our Service. By accessing or using the Service, you agree to this Policy. If you do not agree, please discontinue use.

3.2 Joint Controllers of Data

• Saffron Restaurant Waterloo and Grub Direct act as joint controllers of the personal data collected through the Service.
• We jointly determine the purposes and means of processing your personal data.

3.3 Data We Collect

Information You Provide

• Account Data: Name, email, phone number, delivery address, payment details, etc., which you provide during account creation or while placing an order.
• Order Information: Items ordered, special instructions, and related transaction details.
• Marketing Preferences: Whether you have opted in or out of receiving marketing communications.

Information Collected Automatically

• Technical Data: IP address, device type, browser type, operating system, and usage data such as pages viewed and links clicked.
• Cookies & Tracking: We use cookies, web beacons, and similar technologies to remember your preferences, enhance user experience, and analyze site traffic.

Information from Third Parties

• Payment Processors: Transaction confirmations (not full card details).
• Delivery Services: Minimal information required for delivery (e.g., name, address).

3.4 How We Use Your Information

• Order Fulfillment: Processing orders, preparing food, and managing deliveries or pickups.
• Account Management: Creating and maintaining your account, verifying identity, and responding to account inquiries.
• Analytics & Service Improvement: Understanding usage patterns to improve the Service, troubleshoot technical issues, and develop new features.
• Marketing & Communications: Sending promotional messages (unless you opt out) and relevant updates about our services or changes to these Terms.
• Legal Obligations & Security: Complying with applicable laws and protecting our interests (e.g., fraud prevention).

3.5 Legal Basis for Processing (UK GDPR / Data Protection Act 2018)

Where required, we rely on one or more of the following legal bases:

• Contractual Necessity: To fulfill orders and provide the Service.
• Consent: For sending promotional emails or using non-essential cookies.
• Legitimate Interests: For improving the Service, detecting fraud, and maintaining security.
• Legal Obligations: To comply with applicable legal or regulatory requirements.

3.6 How We Share Your Data

• Between Saffron Restaurant Waterloo and Grub Direct: As joint controllers, we share relevant user data to operate the Service.
• Service Providers:

• Payment Processors: To process payments securely.
• Delivery Partners: If used, to facilitate deliveries.
• Analytics/Marketing Tools: For analytics or advertising (where permitted by law).

• Legal or Business Transfers: We may disclose data to comply with law or as part of a merger, acquisition, or asset sale, subject to confidentiality requirements.

We do not sell your personal data to third parties for independent marketing.

3.7 Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Policy or as otherwise required by law (e.g., tax or regulatory obligations).

3.8 Your Rights

Depending on your location, you may have rights under data protection law, including:

• Access & Rectification: Request a copy of your data or ask for corrections.
• Erasure: Request deletion of your personal data where legally permissible.
• Objection & Restriction: Object to or request the restriction of certain processing.
• Portability: Receive your data in a machine-readable format where applicable.
• Withdraw Consent: Opt out of marketing or withdraw consent for processing at any time.

To exercise these rights, contact either Saffron Restaurant Waterloo or Grub Direct using the details in Section 3.12.

3.9 Cookies & Similar Technologies

What Are Cookies?

• Small text files stored on your device to save preferences and track how you use our Service.

Types of Cookies We Use

1. Essential Cookies: Required for basic site functionality (e.g., keeping track of items in your cart).
2. Performance Cookies: Help us understand how users navigate the site and improve performance.
3. Functional Cookies: Remember user preferences (e.g., language, region).
4. Targeting/Advertising Cookies: Used to deliver relevant ads (if used).

Managing Cookies

• Most browsers let you refuse or accept cookies. Blocking certain cookies may affect site functionality.

3.10 Data Security

We use reasonable technical and organizational measures to protect your personal data. However, no internet-based service can be 100% secure, and we cannot guarantee absolute security of data transmissions.

3.11 International Data Transfers

If you are located outside the UK, your personal data may be transferred and processed in the UK or other jurisdictions with potentially different data protection laws. We take steps to ensure adequate protection consistent with applicable legal requirements.

3.12 Children’s Privacy

Our Service is not intended for children under 18 without parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact us so we can delete it.

3.13 Updates to This Policy

We may revise this Policy from time to time. The updated version will be posted on our website with a new “Last Updated” date. Your continued use after any changes indicates your acceptance of the revised Policy.

3.14 Contact Us (Privacy & Data Questions)

For privacy-related inquiries, data access requests, or to exercise any data rights, please contact:

Saffron Restaurant Waterloo

• Address: 92 St John’s Rd, Waterloo, Liverpool L22 9QQ
• Phone: 0151 920 8398
• Website:  https://saffronwaterloo.co.uk/

Grub Direct

• Address: 5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN
• Email: [email protected]