Smoke Fire Foods Plymouth — Privacy Policy

1) Who We Are

This website is operated by Smoke Fire Foods ("we", "us", "our"). We are the data controller responsible for your personal data when you use our website, make an enquiry, place a booking, or interact with us at events in the UK.

Contact: info@example.com · +34 123 456 789
Postal: Plymouth, United Kingdom (full address available on request)

2) Scope

This policy explains how we collect, use, disclose, and protect personal data in connection with our website and catering services. It applies to visitors, enquirers, customers, and their guests. Additional terms may apply to event contracts.

3) Personal Data We Collect

Identification & contact: name, email, phone number, company/organisation.
Event details: date, location, guest numbers, menu choices, dietary requirements/allergens, delivery notes.
Communications: enquiries, messages, feedback, testimonials.
Payment details: limited billing data (e.g., last 4 digits, payment status) via our payment processor; we do not store full card details.
Technical data: IP address, device/browser data, pages viewed, and similar analytics/cookie data (see Cookies Policy).
Media: event photos/videos you share with permission for testimonials or social media.

Special category data: We may process dietary information (which can imply health data) to provide catering safely. We will only use this information with appropriate safeguards and on the basis of your explicit consent or another applicable lawful condition.

4) How We Use Your Data & Legal Bases (UK GDPR)

To respond to enquiries and provide quotes — necessary for our legitimate interests (running our business) or to take steps prior to a contract at your request.
To manage bookings and deliver catering services — performance of a contract with you.
To process payments and prevent fraud — performance of a contract and legitimate interests.
To handle dietary requirements safely — your explicit consent and/or reasons of public interest in the area of public health, as applicable.
To send service messages (e.g., booking updates) — performance of a contract.
To send marketing communications (with your consent or where permitted) — consent or legitimate interests (you can opt out at any time).
To improve our website and services — legitimate interests (analytics and service improvement).
To comply with legal obligations — e.g., tax/audit record‑keeping.

5) Where We Get Your Data

Directly from you (forms, email, phone, in person), from your event organiser or venue where relevant, and from cookies/analytics when you visit our site. We may also receive limited information from payment providers after a transaction (e.g., status confirmations).

6) Sharing Your Data

We share personal data only as necessary with trusted third parties that help us operate, including:

Hosting & IT (e.g., website hosting, backups, email).
Payment processing (e.g., Stripe) — we never store full card details.
Email & communications tools (e.g., contact forms, email services).
Event partners (e.g., venues or suppliers) where needed to deliver your booking.
Professional services (e.g., accountants, legal advisors).

If required by law, we may also disclose data to regulators or law enforcement. We do not sell your personal data.

7) International Transfers

Some providers may process data outside the UK/EEA. Where this happens, we ensure appropriate safeguards are in place, such as UK/EU adequacy regulations or standard contractual clauses (SCCs).

8) Data Retention

Enquiry records: up to 12 months after last contact.
Booking/transaction records: up to 7 years for tax and accounting.
Marketing preferences: until you opt out or withdraw consent.
Dietary information: only for as long as necessary for your event, then securely deleted or anonymised.

9) Security

We use appropriate technical and organisational measures to protect personal data. However, no method of transmission over the internet is 100% secure.

10) Cookies & Analytics

We use cookies and similar technologies to operate our site and understand how it is used. Where required, we will ask for your consent. For details (including how to change your choices), see our Cookies Policy.

11) Your Rights

Under UK/EU data protection laws you may have the right to:

Access your personal data and obtain a copy.
Rectify inaccurate or incomplete data.
Erase data (in certain circumstances).
Restrict processing (in certain circumstances).
Object to processing based on legitimate interests or direct marketing.
Data portability — receive your data in a structured, commonly used format.
Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us using the details above. You also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).

12) Children

Our services are not directed to children under 13. If you believe we have collected personal data about a child without appropriate consent, please contact us and we will take steps to delete the information.

13) Links to Other Sites

Our website may contain links to third‑party sites. We are not responsible for their privacy practices. We encourage you to read the privacy notices of every site you visit.

14) Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we may notify you by email (if appropriate).