MacDonners Privacy Policy

Contact Data of the Controller

Identity and the contact data of the Supplier of products and/or services (also referred to in this Privacy Policy as "we", "us", the "Supplier of products and/or services" or the "Controller"):

Identity: MacDonners
Address: 174 Norman Lane, Bradford, West Yorkshire, BD2 2JU
Phone: 01274 641111
Email:
Web: https://www.macdonners.co.uk

Contact Data of the Processor

To present their products for sale and to received orders from you (referred to as "Customer" hereinafter), the Controller uses software application named AlphaManger (referred to as "Application" or "Solution" hereinafter) and such Application is provided to the Controller as a service by the Software-as-a-service provider (referred to as "Provider" or "Processor" hereinafter) whose contact data is given below

Identity: Eat Direct Limited
Address: 263 Manningham Lane, Braford, England, BD8 7EP
Email: admin@eat-direct.co.uk
Web: http://eat-direct.co.uk

What is Personal Data?

Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.

Commitment to data protection

In principle, the Controller will only use your personal data in accordance with the applicable data protection laws, in particular the UK`s Data Protection Act ("DPA"), the General Data Protection Regulation ("GDPR"), and only as described in this privacy policy.

However, the Controller reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, the Controller will inform you again about this further data processing to the extent required by law and obtain your consent.

The next sections explain when and how the Controller process personal data about you when you visit their website.

Purposes of processing and legal basis

The Controller collect, process and uses your personal data for the following purposes:

The processing of your personal data may be based on the following legal grounds:

Your data subject rights

You have a number of rights; these rights are standardised in the GDPR and include:

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal Personal Data about another person, if you ask the Controller to delete information which the Controller are required to have by law, or if the Controller have compelling legitimate interests to keep it.

The Controller will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using services of the Controller if you want the Controller to stop processing your Personal Data.

Please contact the Controller at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

The Controller encourage you to get in touch if you have any concerns with how the Controller collect or use your personal data. You do however also have the right to lodge a complaint directly with the competent supervisory authority. The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). If you believe that the processing of your personal data is not lawful, you can lodge a complaint with a data protection supervisory authority. The Controller would, however, appreciate the chance to deal with your concerns before you approach any Supervisory Authority.

Updating your information

If you believe that the information, the Controller hold about you is inaccurate or that the Controller are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting the Controller or through your user account. For your protection and the protection of all of users of the Controller, the Controller may ask you to provide proof of identity before the Controller can answer the above requests.

Keep in mind, the Controller may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, the Controller may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow the Controller to provide our service to you anymore.

Purposes of use of personal data and legal basis

a) Hosting

The Provider and/or hosting services used by the Provider for the purpose of operating the Application may processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of Customers, interested parties and visitors of Controller's website and Application, on the basis of legitimate interests of the Controller and/or of the Processor in an efficient and secure provision of services presented by the website and the Application in conjunction with the provision of contractual services.

b) Collection of access data and log files

The Controller, the Provider and/or the hosting services used by the Provider collect data on every access to the website and the Application on the basis of legitimate interest of the Controller and/or Provider.The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for error detection, debugging and security reasons (e.g., for the clarification of abuse or fraud) for up to 30 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.

c) Cookies and similar technologies

For the processing of personal data using cookies and similar technologies on the website and the Application, please refer to our Cookie Policy, which is part of this privacy policy. The legal basis for the use of cookies is our legitimate interest or your consent when you agree to the use of analysis and performance cookies, as further explained in our cookie policy.

d) Contacting us

When contacting us, your details are processed for the purpose of handling the request and its processing and may include your Full Name, E-mail address and other contact details, if provided. Your details may be stored in a customer relationship management system or comparable enquiry system. We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply. The legal bases for processing are our legitimate interest and the provision of pre-contractual or contractual measures.

e) Account registration

On our website via the Application, we offer you the opportunity to register by providing personal data and non-personal data, in particular your email address. The data is entered in the registration form is transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to buy our services. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures. You can delete your customer account at any time on our website either by using the delete function in your account or by contacting us.

f) Purchasing our Services

The controller and/or the Provider collect, process, and use the information you provide in the context of your order for the purpose of executing the contract this may include personal data and non- personal data, in particular your name, billing address and e-mail address, as well as information on the type of payment method you have chosen. The Controller and/or the Provider store the information you provide for the period of processing and handling the purchased services. Afterwards, your data will be deleted. Data that the Controller or the Provider are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you.

Please note when using our services, we become the data controller and the Provider becomes the data processor in accordance with Art. 29 of the GDPR, for further information please refer to our Data Processing Addendum.

g) Payment transactions

We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider (currently Stripe).

h) Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as organisation of our operations, financial accounting, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities. The legal basis for the processing of your personal data is the provision of contractual services.

Storage and retention

Your personal data will be stored by the Controller or the Provider only for as long as is necessary to achieve the purposes for which the data was collected or - if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 10 years). We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.

Transfer of personal data

The Controller or the Provider will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (please also refer to our Data Processing Addendum), you have consented to the disclosure, or the disclosure of data is permitted by relevant legal provisions.

The Provider is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for the Provider pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support the Controller and/or the Provider, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by the Provider process your data exclusively in accordance with our instructions. The Provider remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures, and additional controls by us.

Where we or the Provider need to transfer your data outside the UK or the EEA, we or the Provider will use one of the following safeguards:

Personal data may also be disclosed to third parties if we or the Provider are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Provider's legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).

Automated decision-making

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Eat Direct.

Security and confidentiality

To ensure the security and confidentiality of the personal data we or the Provider collect on the Website and/or the Application, we and the Provider use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal data, we and the Provider take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration, or destruction and to ensure its availability.

Nonetheless, databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we and/or the Provider will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we or the Provider do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we or the Provider must follow in the future, we or the Provider will inform you about that practice in a revised version of this privacy notice.

Do Not Sell

We or the Provider do not sell data to third parties. However, we or the Provider might, making available, transfer, communicate electronically, consumer’s personally identifiable information by the business to a business affiliated inclusive with a third party but not for monetary but for other valuable consideration.

Personal data and children

The services available on our website are aimed at people aged 18 and over. We or the Provider will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal data being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We and the Provider comply with youth protection laws.

Processing of your personal data by the Provider as the processor of the suppliers of products and/or services

The Provider may also process your personal data as the processor of the suppliers of products and/or services, including without limitation for the following purposes, according to those agreed with the suppliers of products and/or services : i) data storage for the suppliers of products and/or services; ii) sending notifications to you regarding the information about confirmation or reject of the order or about the missed orders and about the delivery of your order; iii) sending to you direct marketing communications; iv) collection of the IP addresses in order to be used in case of any litigation and/or fraud regarding the payments; v) sending your data to different recipients and in different (third) countries, recipients that are processing the personal data for compatible, related and correlated purposes with the purpose of executing the contract you have with the suppliers of products and/or services, namely: delivery, printing, pos billing, loyalty, online payment processing, etc.

Any requests and/or demands sent by you towards the Provider for exercising any of your rights may be made in writing, by registered letter that will be sent to the headquarter of the Controller and/or by email at contact email of the Controller/Processor or at the email of the DPO, if such DPO exists, and/or by any other ways of communications mentioned in the legal regulations in force.

Except otherwise required by the mandatory legal regulations in force, the Provider reserves the right to update and change the data processing policy from time to time without specific notice. You agree that it is your exclusive responsibility to check the data processing policy each time you are using the application.

Links to other website

The website and/or the Application may contain links to another website, or use digital services from other parties. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.

Changes

This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes. This Privacy Policy was last updated on Saturday, 12 November 2022.

Who should I contact for more information?

If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us using the contacts given in the beginning of this document.