PRIVACY POLICY
1. Introduction
At Lunch Lady Catering (“we,” “us,” “our”), accessible at lunchladycatering.com, we are committed to safeguarding the privacy and protecting the personal data of all visitors, customers, users, and individuals who interact with our website and services. Your privacy is of paramount importance to us, and we are dedicated to ensuring that your personal information is collected, used, stored, and disclosed responsibly, transparently, and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
This Privacy Policy outlines our practices concerning the collection, processing, use, and protection of your data, and your rights regarding such data.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all users of the website lunchladycatering.com and associated services. This policy governs the processing of personal data collected through our website, online ordering system, and related communication systems.
Lunch Lady Catering acts as the data controller for the purposes of GDPR and a “business” as defined under the CCPA, determining the purposes and means of the processing of your personal data in accordance with this Policy.
3. Categories of Data Processed
We may collect and process various categories of personal data, as detailed below:
a) Usage Data:
This includes data about how and when you use our website, such as IP addresses, browser types, referral source, length of visits, pages viewed, and navigation paths.
b) Account Data:
When you create an account or place an order, we may collect your name, email address, telephone number, physical address, and other identifiers necessary for account setup and service provision.
c) Profile Data:
Includes preferences, user behaviors on the website, order history, saved delivery addresses, and historical engagement with our offerings.
d) Communication Data:
All data provided when reaching out through customer service or support channels, including messages, contact history, and any communication records associated with inquiries, requests, or feedback.
e) Technical Data:
We gather device information including browser type and version, operating system and platform, IP address, time zone setting, device identifiers, and system configuration data.
f) Transaction Data:
This comprises payment details (excluding full payment card numbers), billing and delivery information, and data related to orders made through the website.
g) Preference Data:
Includes marketing preferences such as communications consent, subscription opt-ins, and interests in specific products or services.
4. Legal Bases for Processing
We process your personal data based on one or more of the following legal grounds:
– Contractual Necessity: Data required to fulfill a contract with you, such as processing and delivering orders.
– Legitimate Interests: Processing for our legitimate business purposes, provided these do not override your rights and freedoms (e.g., website analytics, fraud detection, customer support).
– Consent: When required by law, we will obtain your explicit consent before processing your data for marketing or collecting certain cookies.
– Legal Obligation: To comply with applicable legal obligations, including record-keeping, taxation, and responding to lawful requests by public authorities.
5. Your Rights
As a data subject under the GDPR and CCPA, you have the following rights with respect to your personal data:
– Right to Access: You may obtain confirmation and a copy of personal data we hold about you.
– Right to Rectification: You may request the correction of inaccurate or incomplete data.
– Right to Erasure: You may request the deletion of your data, subject to legal and contractual limitations.
– Right to Restrict Processing: You may request that we limit processing of your personal data in certain cases.
– Right to Data Portability: You may request your data in a machine-readable format for transmission to another service provider.
– Right to Object: You may object to processing based on our legitimate interests or direct marketing.
– Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights under the CCPA.
– Right to Opt-Out of Sale of Data: You may instruct us not to “sell” your personal information (as defined under the CCPA), though we do not engage in such practices.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We employ robust organizational, administrative, and technical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
– Data encryption in transit and at rest.
– Role-based access controls and authentication protocols.
– Secure physical and digital infrastructure.
– Regular system auditing and data backups.
– Staff training on privacy, data handling, and cybersecurity.
However, no method of transmission over the Internet, or method of electronic storage, is fully secure. While we strive to use industry best practices, we cannot guarantee absolute security.
7. International Transfers
Where we transfer your personal data outside of the European Economic Area (EEA) or your local jurisdiction, we ensure an adequate level of protection is applied, including the use of:
– Standard Contractual Clauses approved by the European Commission.
– Transfers to jurisdictions recognized as providing adequate protection by relevant data protection authorities.
– Additional safeguards and risk assessments for specific cross-border transfers.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Usage, Technical, and Analytic Data: up to 12 months post-collection.
– Account and Profile Data: retained while your account remains active, and up to 3 years thereafter for legal and audit purposes.
– Transaction and Communication Data: up to 7 years in compliance with financial and tax regulation.
– Preference Data: retained until consent is withdrawn or data is updated.
When data is no longer required, it is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience, analyze traffic, support functionality, and provide personalized services. These include:
– Essential Cookies: Required for core site functionality such as login and order placement.
– Functional Cookies: Enable optional features like remembering login preferences or delivery locations.
– Analytics Cookies: Collect aggregated data on user behavior to help us improve the website.
– Performance & Marketing Cookies: Help us measure advertising effectiveness and tailor marketing content.
10. Cookie Management and Compliance
Upon visiting lunchladycatering.com, you will be presented with a cookie banner allowing you to consent to non-essential cookies, in accordance with GDPR requirements. You can manage or withdraw your cookie preferences at any time via our Cookie Settings Panel or through browser settings.
California residents can opt-out of certain tracking and analytics tools that may qualify as a “sale” under CCPA by managing cookies or submitting a formal request through our contact email.
11. Children’s Privacy
Lunch Lady Catering does not knowingly collect personal data from children under the age of 13. If we become aware that a child under 13 has submitted information, we will take immediate steps to delete such data. Parents or guardians with concerns are encouraged to contact us directly at [email protected].
12. Policy Updates
We reserve the right to amend this Privacy Policy as needed, to reflect changes in the law, our practices, or the services we offer. When material updates are made, we will notify users via prominent notice on lunchladycatering.com or through email correspondence, as applicable.
Users are encouraged to review this Privacy Policy periodically to stay informed about how we handle personal data.
13. Contact Us
If you have questions, comments, or concerns regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
We are committed to complying with all applicable privacy and data protection laws. Your trust is important to us, and we invite you to reach out at any time with questions or concerns about your privacy.