GDPR Privacy Policy

Effective Date: TBA

1. Introduction

General Billimoria’s Canteen (“GBC”, “we”, “our”, “us”) is committed to protecting the personal data of our customers in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains:

  • What personal data we collect
  • Why we collect it
  • How we use it
  • Who we share it with
  • How long we keep it
  • Your rights under GDPR

This policy applies to all customers who use our website, mobile app, or order food through GBC.

2. Who We Are (Data Controller)

General Billimoria’s Canteen
Address: 9 Berners Place, London, United Kingdom, W1T 3AD
Email: hello@gbcanteen.com

We act as the data controller for the personal data described in this policy.

3. Personal Data We Collect

We collect personal data directly from customers during account creation, order placement, and general use of our platform.

3.1 Basic Personal Data

  • Full name
  • Phone number
  • Email address
  • Delivery address and location
  • Account login credentials
  • Order history and transaction details

3.2 Special Category Data (Allergens)

Customers may provide allergen information when placing an order. This is processed only with explicit consent and is used solely to fulfil the order safely.

3.3 Technical and Usage Data

  • IP address
  • Device type, OS, browser
  • Pages visited, features used
  • App crash logs

3.4 Marketing and Advertising Data

Collected through advertising platforms:

  • Google Tag Manager
  • Google Analytics
  • Google Ads Manager
  • Meta Ads Manager
  • TikTok Ads Manager

4. How We Use Personal Data (Purposes)

  • To deliver and manage customer orders
  • Customer support
  • Personalisation & service improvement
  • Marketing (with consent)
  • Fraud detection & security
  • Legal, tax and regulatory compliance

5. Lawful Bases for Processing

5.1 Contract

To process orders, create accounts and provide services customers request.

5.2 Consent

For marketing, cookies and allergen data.

5.3 Legitimate Interests

Security, fraud prevention and analytics.

5.4 Legal Obligation

Tax and regulatory requirements.

6. Third-Party Platforms & Data Processors

GBC uses several platforms to operate the service.

A) Third-Party Data Processors

These companies process data on GBC’s behalf.

6.1 Urban Piper

Order routing, menus, and restaurant communication.

6.2 Atlas

Delivery ops, tracking, driver assignment.

6.3 Meraki

Cloud hosting and secure storage.

B) Independent Data Controllers (Ads)

  • Google Tag Manager
  • Google Analytics
  • Meta Ads Manager
  • TikTok Ads Manager

7. Cookies and Tracking

We use cookies for functionality and analytics. Non-essential cookies require consent through the cookie banner.

8. Data Storage and Transfers

All customer data is stored in the UK/EEA. We do not transfer data outside these regions.

9. Data Retention

  • Account info — as long as account is active
  • Order/transaction history — 6 years
  • Marketing data — until consent withdrawn
  • Allergen info — deleted after order

10. Security Measures

  • Encryption
  • Firewalls & monitoring
  • Access controls
  • Secure servers
  • Regular audits

11. Customer GDPR Rights

  • Access
  • Rectification
  • Erasure
  • Restrict processing
  • Object to marketing
  • Data portability
  • Withdraw consent

Contact: hello@gbcanteen.com

12. Complaints

Customers may contact the ICO: www.ico.org.uk or 0303 123 1113.

13. Updates to This Policy

Updates will be published here with a new effective date. Continued use of the platform constitutes acceptance.