Privacy Policy & Data Sovereignty

Last Updated: May 2026

PREP TO PLATE LTD ("we", "our", "us") is committed to protecting the privacy of our clients and website visitors. This document outlines our rigorous data handling procedures in strict accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Collection Architecture

We collect personal data through various interaction points, including our web portal, mobile applications, and direct communication channels. This includes, but is not limited to: Identity Data (Name, title, DOB), Contact Data (Billing address, delivery address, email), Financial Data (Payment card details handled via PCI-DSS compliant gateways), and Technical Data (IP address, browser type, geolocation for delivery optimization).

2. Legal Basis for Processing

Under Article 6 of the UK GDPR, we process data based on: Contractual Necessity (executing your food delivery), Legal Obligation (tax reporting), and Legitimate Interest (improving our logistics algorithms). We do not sell your data to third-party marketing entities. Ever.

3. Data Retention and Deletion

We retain transaction records for a period of 7 years to satisfy UK HMRC requirements. Technical session data is purged every 90 days. Users have the "Right to be Forgotten" under Article 17, which can be exercised by contacting our Data Protection Officer at info@thecrustritual.sbs.

4. Security Protocols

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 standards. Our servers are located within the UK and EEA to ensure jurisdictional compliance. Access to client data is strictly limited to authorized personnel via multi-factor authentication (MFA).

[Note: This section would continue for 1200 words covering Cookies, Third-party sub-processors, International transfers, and Complaint procedures with the ICO.]