Privacy Policy

1. Introduction

Ukrainian Foods London ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at foodua.uk and use our services.

We are a food delivery business operating in London, United Kingdom. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website, you acknowledge this policy. Processing of orders and enquiries is based on contract and legitimate interests where applicable; optional analytics (Google Analytics) runs only if you consent via our cookie banner. If you do not agree, please do not use our website.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

• Place an Order: Name, email address, phone number, delivery address (including postcode), delivery preferences (delivery or pickup), and order details (items, quantities, special instructions)
• Contact Us: Name, email address, phone number (optional), and message content when you submit our contact form
• Apply Promocodes: Promocode information is temporarily stored to calculate discounts
• Admin Access: If you are an administrator, we collect login credentials (username and encrypted password hash) for authentication purposes

2.2 Information Automatically Collected

When you visit our website, we automatically collect certain technical information:

• Device Information: IP address, browser type and version, operating system, device type
• Usage / Analytics (with consent only): If you accept analytics cookies, Google Analytics may collect pages visited, approximate location, device data, and similar metrics. See our Cookie Policy.
• Local Storage Data: Shopping cart contents, language preferences, applied promocodes (see our Cookie Policy for details)

2.3 Information from Third Parties

We may receive information from:

• Payment Processors: Transaction details (we do not store full payment card information)
• Email Service Providers: Delivery status and bounce notifications

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Order Processing and Fulfillment

• Process and fulfill your food orders
• Calculate order totals, discounts, and delivery fees
• Generate invoices and order confirmations
• Communicate with you about your orders (order confirmations, delivery updates, issues)
• Manage customer accounts and order history

3.2 Customer Service

• Respond to your inquiries and requests submitted through our contact form
• Provide customer support and resolve issues
• Send administrative messages (order updates, policy changes)

3.3 Business Operations

• Maintain a customer database for order management and analytics
• Track order history, total orders, and spending per customer
• Website analytics (if you consent to analytics cookies): traffic and usability via Google Analytics
• Prevent fraud and ensure security
• Comply with legal obligations (tax records, food safety regulations)

3.4 Marketing (With Your Consent)

We do not currently send marketing emails or newsletters. If we introduce marketing communications in the future, we will obtain your explicit consent and provide an easy opt-out mechanism.

3.5 Legal Compliance

• Comply with UK GDPR and data protection laws
• Respond to legal requests and court orders
• Protect our rights and prevent illegal activities
• Maintain records as required by food safety and business regulations

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal bases:

• Contract Performance: Processing necessary to fulfill your order and provide our services
• Legitimate Interests: Customer database management, fraud prevention, website security (we balance our interests against your privacy rights)
• Legal Obligation: Compliance with tax, food safety, and business regulations
• Consent: Google Analytics and similar non-essential cookies (via cookie preferences)

5. Data Storage and Security

5.1 Data Storage

Your personal data is stored:

• On Our Servers: Order information, customer database, contact form submissions are stored securely on our servers located in the United Kingdom
• On Your Device: Shopping cart data, language preferences, and session information are stored locally in your browser (see Cookie Policy)
• Email Systems: Order confirmations and communications may be stored in our email system (e.g. Gmail) for record-keeping purposes
• Telegram: Order and contact notifications are sent to our staff via Telegram Messenger (Telegram FZ-LLC); message content is processed on Telegram's infrastructure, which may be outside the UK

5.2 Data Retention

We retain your personal data for the following periods:

• Order Information: 7 years (for tax and accounting purposes as required by UK law)
• Customer Database: Up to 7 years after your last order or contact, or until you request erasure (whichever is sooner), except where we must keep records for tax or legal reasons
• Contact Form Submissions: Until resolved, then archived or deleted based on business needs
• Admin Logs: 90 days for security and audit purposes

You can request deletion of your data at any time (see "Your Rights" below).

5.3 Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data transmitted over the internet is encrypted using HTTPS/TLS (SSL)
• Password Security: Admin passwords are hashed using bcrypt (industry-standard encryption)
• Access Controls: Limited access to personal data on a need-to-know basis with role-based permissions
• Secure Servers: Our servers are protected by firewalls, intrusion detection systems, and regular security updates
• Regular Backups: Data is regularly backed up to prevent loss
• Security Monitoring: We monitor our systems for unauthorized access and security breaches
• Data Minimization: We only collect and store data that is necessary for our business operations

Important Disclaimer: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information. You acknowledge that you provide your personal information at your own risk.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, notify affected individuals without undue delay.

6. Sharing Your Information

We may share your personal information with the following parties:

6.1 Service Providers

• Email Service (Gmail): For sending order confirmations and communications
• Telegram: For sending order notifications to administrators (your data is not shared with Telegram users)
• Hosting Provider (DigitalOcean): For website hosting and data storage
• Domain Registrar (Cloudflare): For domain management and DNS services

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety, or that of our customers
• Prevent fraud or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

6.4 What We Do NOT Do

• We do NOT sell, rent, or trade your personal information to third parties for marketing purposes
• We do NOT share your information with advertisers or marketing companies without your explicit consent
• We do NOT use your information for automated decision-making or profiling that produces legal effects or significantly affects you
• We do NOT use your information for purposes other than those described in this policy without your consent
• We do NOT retain your personal information longer than necessary for the purposes for which it was collected

6.5 Data Processing Agreements

All third-party service providers who process personal data on our behalf are required to:

• Enter into data processing agreements that comply with UK GDPR
• Implement appropriate technical and organizational measures to protect your data
• Use your data only for the purposes we specify
• Not disclose your data to any other third party without our authorization
• Assist us in responding to your data protection rights requests

7. International Data Transfers

Most of your data is stored and processed within the United Kingdom. However, some of our service providers may transfer data outside the UK/EEA:

• Google (Gmail, Google Analytics): May process data in the USA and other locations. Google provides appropriate safeguards under UK GDPR (e.g. UK-approved standard contractual clauses / UK Addendum as described in Google's privacy documentation).
• Telegram: Notifications pass through Telegram's servers; safeguards depend on Telegram's terms and applicable law. We use Telegram only to deliver order/contact alerts to authorised staff.
• Hosting / CDN providers: (e.g. DigitalOcean, Cloudflare) may process data globally subject to contract terms and UK GDPR transfer tools.

We do not rely on the EU-US Privacy Shield (which is no longer valid for UK/EU transfers). Transfers use mechanisms recognised under UK GDPR where required.

7.5 Sub-Processors (Categories)

We use the following categories of processors to run our business and this website. They process personal data only on our instructions:

• Hosting / infrastructure: server and storage (e.g. VPS/cloud in UK or EEA where possible)
• Communications: email (e.g. Gmail), instant messaging for staff alerts (e.g. Telegram)
• Analytics (optional): Google Analytics — only if you consent to analytics cookies
• Fonts / CDN: Google Fonts and similar (technical delivery of assets)

A written list is available on request. If we appoint new material sub-processors, we will update this policy or notify you where required.

7.6 Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Order acceptance and pricing are reviewed by humans as part of normal business operations.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

You can request a copy of all personal data we hold about you, including:

• Order history and details
• Customer database information
• Contact form submissions

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can update your information by:

• Contacting us directly
• Placing a new order with corrected information

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal obligations (e.g., we must retain order records for tax purposes for 7 years).

8.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

8.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent

If processing is based on consent, you can withdraw it at any time.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: londonukranianfood@gmail.com
• Subject Line: "Data Protection Request"

We will respond to your request within one month (may be extended to two months for complex requests). We may ask for identification to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Cookies and Local Storage

Our website uses cookies, local storage, and session storage to enhance your experience. For detailed information about what we store and how we use it, please see our Cookie Policy.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected information from a child without parental consent, we will delete that information promptly.

11. Third-Party Links

Our website may contain links to third-party websites (e.g., social media platforms). We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification (for significant changes affecting your rights)
• Displaying a notice on our website

Your continued use of our website and services after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

13. Data Controller Information

The data controller is DELIVERY OF UKRAINIAN FOODS LTD (Company number 16013295), registered in England and Wales. We trade as Ukrainian Foods London. We determine the purposes and means of processing your personal data under UK GDPR and the Data Protection Act 2018.

Company filings: Companies House.

If you have questions about this policy or our data practices, please contact us:

• Legal entity: DELIVERY OF UKRAINIAN FOODS LTD (16013295)
• Trading name: Ukrainian Foods London
• Registered office: 31 Onslow Gardens, London, E18 1ND, United Kingdom
• Email: londonukranianfood@gmail.com
• Phone: +44 7493 423898
• Food preparation & pickup: 105 Eade Road, N4 1TJ, London, United Kingdom

Data Protection Officer: We are not currently required to appoint a Data Protection Officer (DPO) under UK GDPR, but if you have data protection concerns, please contact us using the information above and include "Data Protection" in your subject line.

15. Complaints

If you are not satisfied with how we have handled your personal data or responded to your data protection rights requests, you have the right to lodge a complaint with the supervisory authority:

• Information Commissioner's Office (ICO)
• Website: https://ico.org.uk
• Phone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

We encourage you to contact us first to resolve any concerns before lodging a complaint with the ICO.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: londonukranianfood@gmail.com
• Phone: +44 7493 423898
• Registered office: 31 Onslow Gardens, London, E18 1ND
• Pickup / kitchen: 105 Eade Road, N4 1TJ, London

For data protection inquiries, please include "Data Protection" or "Privacy Policy" in your subject line to ensure your request is handled promptly.