When using Good Lookin Cookin’s services, you are trusting us with your personal information. We appreciate that by entrusting us with this information you expect certain assurances from ourselves. We understand this is an immense responsibility and as such we will work hard to protect your information and ensure we are always transparent and honest about our practices.
Information provided in this policy will outline how Good Lookin Cookin collects and processes your personal data through your provision of data when purchasing our products and using our services. This policy will ensure you are fully aware of how and why we are using your data.
Good Lookin Cookin is the “controller” for your personal data under the applicable legislation and is therefore responsible for ensuring your data is protected and is processed and stored in accordance with the new legislation provided by the general data protection regulation (GDPR).
Please directly queries you may have to the following address:
DPO: Nikki Dawson
Company: Good Lookin Cookin Limited
Email Address: firstname.lastname@example.org
Postal Address: Good Lookin Cookin, Unit 17, Lincoln Enterprise Park, Lincoln LN5 9FP
Should you wish to make a complaint you have the right to inform the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ioc.org.uk) of any concerns you may have regarding our practices.
This policy will come into effect on 25 May 2018. To ensure we always have accurate personal data, please ensure you regularly update your information on the website.
The information provided to ourselves upon registration of your account will not be transmitted to any other parties unless we need to do so to fulfil our obligations to yourselves for which we will always provide transparency and ensure you are informed, we have your prior consent to do so or where we have a statutory/legal obligation to do so.
What is personal data?
Personal data is defined as any information relating to an individual who can be directly or indirectly identified from the provision of such information. It does not include anonymous data, whereby that identity has been removed.
Data Good Lookin Cookin collect
To enable us to provide full access to our services via the website we may collect, use and store personal data provided to use upon registration and any time thereafter. This data will include identification data, user profile data, technical data, usage data, transaction data and communications data.
Identification data- This is the data provided to ourselves upon registration which includes, first name last name, username, email address, billing address, contact numbers (home telephone, mobile) and your child’s first name, last name, school, class and year group.
User Profile data– This includes your username and password (please note we will never access your account password or information held within your account without seeking your consent first) and your order history.
Technical data- This includes your IP address, account registration, login data, browser type and version, location operating systems and platforms.
Usage data- This includes information about how you use our website: we use Google Analytics to collect login information and details of visitor behaviour patterns. We use this facility to monitor the volume of visitors to various parts of our website and identify usage on the website during specific time periods. This enables us to adapt our services and ensure we are meeting user’s needs. This information is only processed in a way which does not identify anyone- we do not allow Google to make any attempt to identify visitors to our website.
Transaction data- This includes data about payments to and from you when acquiring our services. We can access payment information about when and how the transaction was made, we can't however access any bank details including card number, security number and account information- sort code/account number. All payment information is provided to the website by the user upon completion of an order, no information is retained by the website or by our servers. Good Lookin Cookin has no access to this information via individual accounts or via alternative means – payment information specifically card details aren’t saved on the website.
Communications data- This includes email communication and text alerts. This service will be used to communicate new menu information and weekly ordering deadlines. At present we don’t use email or text services to communicate marketing information or any information related to third-parties. Should this change in the future we will seek express consent to provide you with such information.
Please note: we do not collect any special categories of personal data (including details about your race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions or trade union membership) nor do we have any intention to in the future. We also don't collect any information pertaining to criminal convictions and/or offences.
We will only collect information in circumstances where that type of information will be deemed relevant and beneficial to our services. You'll be advised at the time of seeking such information and be provided with an explanation as to why such information is needed, however you are within your rights to deny us access to such information.
If you fail to provide personal data (not including specific categories of personal data, for which expressive consent will be sort).
In circumstances where we need to collect personal data by law or to enable you to fully access services and you fail to provide the data when requested, we may not be able to offer a full range of services and subsequently provide you with the products required. In this situation we may have to decline access to products or services you wish to enter into or obtain from us, should this be the case you will be notified.
We use several different methods to collect your data:
Direct Interaction- You may provide us with your personal data via the website or direct communication with ourselves through email, telephone, post or otherwise. Information may include but is not limited to your identity and contact information. Personal data is provided to ourselves when you:
-Register on the website.
-Enter a competition.
-Provide us with feedback.
-Apply for our products or services.
Communication via schools – The schools may provide us with information regarding specific pupils in relation to pupil premium and free school meal requests, in these circumstances we become the ‘data processor’. Please be advised this information is only provided within the legitimate interests of the Company to enable us to allow you access to certain facilities on the website. Your information is only accessed by the Companies DPO, as such this information isn’t communicated to third-parties and is treated as strictly confidential.
Good Lookin Cookin collects and uses personal information for the following purposes:
-We only use personal information within the parameters of the law and when we permitted to do so.
-When it is necessary for our legitimate interests to do so and your fundamental rights do not override those legitimate interests.
-When we are required by law to comply with a legal, statutory or regulatory obligation.
-When we have received express consent to use your data for a specific purpose outlined within that express consent.
We would like to reiterate that Good Lookin Cookin do not rely on consent as a legal basis for collecting and processing your personal data, the information collected via our website and other direct means is only obtained for the legitimate interests of the Company. The personal data provided ensures you can fully access our services and as such facilitates the use of our website. We only acquire the minimum amount of data required to enable you to use our services.
We will use your personal data for the purposes for which we have collected it, specifically to allow access to our services and products. In such circumstances where we consider that we need to use your data for another reason and that reason is compatible with the original purpose, you will be provided with notification and an explanation of the further data usage.
Disclosure of your information
Disclosure of your personal data may be on occasions necessary for the purposes detailed in Section 3 – How we use your personal data.
Personal data may be shared with the following parties:
-Schools – this is directly related to legitimate interests of the Company and the school. We communicate your child’s meal orders to the school on a weekly basis to ensure we are honouring our commitment to yourselves and therefore fulfilling our obligations to provide you with specific products and services. We may also liaise with the schools to obtain specific information should we receive a request or enquiry from yourselves regarding our services or your child. You will be informed should this be the case.
-Professional advisers, including but not limited to lawyers, auditors and insurers who may require the information for consultancy, legal, insurance and accounting services.
-HMRC, regulators and other authorises based solely in the United Kingdom for reporting purposes and monitoring of our activities.
-Service providers acting as processors – these include website and system administration services, for whom we necessitate specific services to ensure we can process transactions and provide additional assistance when required.
To remain transparent, we will always ensure you are notified of any personal data disclosed to the previously mentioned parties, should you not already be aware. In doing so, we will ensure you are aware of the information disclosed and to whom it has been communicated to. Should we communicate personal data to third parties we ensure they respect and keep secure the information provided, whilst also treating it in accordance with the Data Protection requirements and the law. Third parties aren’t allowed to use your personal data for their own interests and must comply with our specific instructions, only using the information provided in accordance with our explicit purposes.
Data Retention period
How long will we retain your personal data?
Your personal data will only be retained for as long as necessary to enable us to satisfy the purposes for which we originally collected it: these may include any legal or accounting requirements.
To determine the data retention period for keeping your personal data it is important for us to first assess the quantity and sensitivity of such data, the disclosure of your data, the risk of harm any unauthorised use of your personal data might incur and the legal parameters for keeping your personal data, and finally the purposes for which we process your personal data and whether we can potentially achieve these objectives via other means.
At present the information provided to use via the website is retained for the length of your child’s enrolment at the supplied school, once this period has ended your account will be deleted from our system. We will only keep information which is required for us to meet our responsibilities towards our legal and accounting obligations, for which we must comply.
Removing your personal data
Should you wish for your data to be removed before the cessation of your child’s enrolment at the supplied school, you may request your account be removed our systems. This will not necessarily oblige us to remove all personal data, as detailed above and within ‘Lawful purposes’ some information may be retained to enable us to comply with our legal and accounting obligations. However, any information provided to us about your child will permanently be removed from our systems.
We may use your personal data for statistical and research purposes, so long as the information used can’t be associated or traced back to you. In such instants we are able to use your data indefinitely without notifying you.
By law we are required to keep basic customer information, including Identification, Transaction and Financial Data for 7 years after you finish requiring our services. This is for tax purposes and to enable us to defend ourselves should any contractual claims be brought against us in relation to transaction which may be disputed.
Data security - Where we store your personal information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our website.
We also limit access to your personal data strictly to employees who have completed relevant GDPR training and third parties who have a need to know that data in other to meet an obligation to yourselves, such as complete transactions for which we are both concerned. Personal data will only be processed in accordance with our instructions and subject to a duty of confidentiality.
Sensitive and personal data exchange between the website and its Users happens over an SSL secured communication channel and is encrypted and protected with digital signatures.
We have implemented procedures to ensure that personal data provided by yourselves is protected using encryptions, however should a data breach occur we have a specific protocol to follow to ensure beaches are dealt with immediately. Data breaches will be dealt with in accordance with the applicable data protection legislation and with the utmost urgency. You will be notified of any suspected breaches related to your personal data immediately after a breach and the applicable regulatory organisations (usually the ICO) will also be informed where we are legally required to do so within the time specified (72hrs) and in a format stipulated by the appropriate regulator.
Individual rights: Your rights under data protection laws with regards to your personal data.
Right of Access – This affords you the right to request a copy of the personal data we hold about you and check it is being lawfully processed.
Right of Rectification - If information is incomplete or inaccurate, you as the data subject have the right to have personal information rectified.
Right to Erasure- You as the data subject have the right to be forgotten. This will usually be actioned when the removal of personal data is required as you believe we have no legitimate interests for the continued processing of your personal data.
Data erasure may also occur in the following circumstances:
However, we may not always be obliged to fully comply should the follow condition be met:
Right to Restrict Processing - Under the DPA, data subjects have the right to block or supress the processing of personal data and this remains under the GDPR. This right enables you to ask us to suspend the processing of your personal data in the following circumstances:
- You have concerns about the data accuracy,
- You believe the data obtained is unlawful,
- You require us to hold the information beyond the intended retainment period, whereby you might need to defend legal claims,
- You have objected to us holding your data – however, we may need to establish whether we have any legitimate reasons for keeping it,
Right to Data Portability - This is where a data subject is to able to obtain and use their own personal data for their own purposes. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
Requesting your personal data
Should you wish to access your personal data, we will provide this to you in a structured and logically format. Please be aware this right only applies to data which has been collected via automated interactions, where you have provided consent for us to obtain your personal data and where we used the information to performance a contract with you.
Please note, this information request is subject to any legal and accounting obligations we might have to retain copies of your data.
Withdrawable of consent
You may withdraw your consent for us to process your data at any time, however this may affect your ability to use our products and services. This will not affect the lawfulness of any processing carried out before the withdrawal of your consent.
Should you wish to exercise any of your rights, please contact us.
We will not charge you a fee to access your personal data or exercise any of your other rights detailed above. However, should your request be unfounded, or unduly excessive and repetitive, we may charge a reasonable fee.
For security purposes we may request specific information about your identity to ensure you have the right to access your personal data. This is to ensure your personal information isn’t disclosed unnecessarily and to an incorrect recipient.
By law we must respond to all legitimate requests within one month of recipient. Should your personal data request take longer than the legally required time limit, we will acknowledge your request and subsequently keep you informed and updated of our progress. This will only occur in circumstances where the request is complex in nature or you have made an extensive amount of requests regarding your personal data.
Cookies are little data files used to store information in peoples' web browsers.
Good Lookin Cookin
Lincoln Enterprise Park