Privacy Policy - Anavrin Kitchen

📋 Immigration & Data Collection Notice

Welcome to Anavrin Kitchen ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you place orders for our gourmet samosas through our website or delivery services.

This policy complies with:

UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
International data protection standards
Food Standards Agency regulations

🎫 Passenger Information We Collect

Personal Information for Orders & Delivery:

📝 Name

Purpose: Order identification, delivery confirmation, customer service

Legal Basis: Contract performance (Art. 6(1)(b) UK GDPR)

📞 Phone Number

Purpose: WhatsApp order confirmation, delivery coordination, urgent contact

Legal Basis: Contract performance (Art. 6(1)(b) UK GDPR)

📧 Email Address (Optional)

Purpose: Order receipts, promotional updates (with consent), customer support

Legal Basis: Consent (Art. 6(1)(a) UK GDPR) for marketing; Contract performance for receipts

Additional Information:

Delivery Address: For accurate food delivery (postcode determines hot/frozen delivery zone)
Order History: To improve service and handle customer preferences
Allergen Information: To ensure food safety and compliance with UK FSA regulations
Payment Information: Processed securely through third-party providers

🛬 How We Process Your Journey Data

Primary Uses (Contract Performance):

Processing and fulfilling your samosa orders
Coordinating delivery times and locations
Providing customer service and support
Ensuring food safety and allergen compliance
WhatsApp order confirmations and updates

Secondary Uses (With Your Consent):

Sending promotional offers and new menu updates
Customer satisfaction surveys
Loyalty program communications

Legal Compliance Uses:

Meeting UK food safety regulations
Tax and accounting requirements
Responding to legal requests

🌍 International Flight Routes (Data Transfers)

Your personal data is primarily processed within the United Kingdom. However, some data may be transferred internationally in the following circumstances:

🛫 WhatsApp Communications

WhatsApp (Meta) may process data internationally. We rely on:

Meta's UK GDPR compliance measures
Standard Contractual Clauses (SCCs)
Adequacy decisions where applicable

☁️ Cloud Storage Services

We use reputable cloud providers with:

Appropriate safeguards under Chapter V UK GDPR
Data processing agreements
Security certifications (ISO 27001, SOC 2)

📅 Passport Validity Period (Data Retention)

Order Information

7 years (UK tax law requirement)

Customer Contact Details

3 years after last order

Marketing Preferences

Until consent withdrawn

Allergen Information

2 years (food safety compliance)

Note: We review and delete personal data in accordance with our retention schedule and legal obligations.

⚖️ Your Passenger Rights (Under UK GDPR)

🔍 Right to Access

Request a copy of your personal data

✏️ Right to Rectification

Correct inaccurate or incomplete data

🗑️ Right to Erasure

Request deletion of your data (subject to legal obligations)

⏸️ Right to Restrict Processing

Limit how we use your data

📦 Right to Data Portability

Receive your data in a structured format

❌ Right to Object

Object to processing for marketing purposes

To exercise your rights, contact us at: anavrin1108@gmail.com

Response time: Within 30 days (as required by UK GDPR)

🔒 Security Checkpoint Measures

We implement appropriate technical and organizational measures to protect your personal data:

🛡️ Technical Safeguards

SSL/TLS encryption for data transmission
Secure cloud storage with encryption at rest
Regular security updates and monitoring
Access controls and authentication

👥 Organizational Measures

Staff privacy training
Limited access on a need-to-know basis
Data breach response procedures
Regular privacy impact assessments

🤝 Partner Airlines (Third-Party Services)

We may share your personal data with trusted partners for order fulfillment:

WhatsApp Business (Meta)

For order confirmations and customer communication

Payment Processors

For secure payment processing (when implemented)

Delivery Services

For frozen courier deliveries outside CB23 area

Email Service Providers

For order receipts and marketing communications (with consent)

All third parties are required to:

Process data only for specified purposes
Implement appropriate security measures
Comply with UK GDPR requirements
Have valid legal basis for processing

📞 Ground Crew Contact (Privacy Queries)

Data Protection Officer:

Email: anavrin1108@gmail.com

Address: Anavrin Kitchen, Cambourne, Cambridge , UK

🏛️ Regulatory Authority:

If you're not satisfied with our response, you can lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk

📄 Policy Updates & Route Changes

We may update this Privacy Policy from time to time to reflect:

Changes in our services
Legal or regulatory requirements
Best practice improvements

We will notify you of significant changes by:

Posting the updated policy on our website
Email notification (if you've provided consent)
WhatsApp message for active customers

Last Updated: November 22, 2025

Version: 1.0

Next Review Date: November 22, 2026

🛂 Privacy Policy