GDPR Compliance

Our Commitment to Data Protection

At Fresh Plates, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page explains how we process your data and outlines your rights under the GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas.

Your Rights Under GDPR

Under the GDPR, you have several rights regarding your personal data:

• Right to be informed - You have the right to be informed about the collection and use of your personal data.
• Right of access - You have the right to access your personal data and information about how we process it.
• Right to rectification - You have the right to have inaccurate personal data rectified or completed if it is incomplete.
• Right to erasure - You have the right to have your personal data erased in certain circumstances.
• Right to restrict processing - You have the right to request the restriction or suppression of your personal data in certain circumstances.
• Right to data portability - You have the right to obtain and reuse your personal data for your own purposes across different services.
• Right to object - You have the right to object to the processing of your personal data in certain circumstances.
• Rights related to automated decision making and profiling - You have rights related to automated individual decision-making and profiling.

How We Comply with GDPR

Lawful Basis for Processing

We process your data only when we have a lawful basis to do so, such as:

• Consent - You have given clear consent for us to process your personal data for a specific purpose.
• Contract - The processing is necessary for a contract we have with you.
• Legal obligation - The processing is necessary for us to comply with the law.
• Legitimate interests - The processing is necessary for our legitimate interests or the legitimate interests of a third party.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• The encryption of personal data
• The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

Data Retention

We keep your personal data for no longer than necessary for the purposes for which it was collected. The length of time we retain your data depends on the type of data and the purpose for which we process it.

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure that your data is protected by appropriate safeguards, including:

• Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission
• Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe

Data Breach Procedures

In the case of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

When the personal data breach is likely to result in a high risk to your rights and freedoms, we will communicate the breach to you without undue delay.

Contact Our Data Protection Officer

If you have any questions about our GDPR compliance or how we handle your personal data, please contact our Data Protection Officer:

Your Right to Lodge a Complaint

If you are not satisfied with our response to your concerns, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO), which can be contacted at: