GDPR & Data Protection Policy

1. Data Controller Identification

Under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), the data controller is BETTY'S CARIBBEAN FUSION LTD, registered at 4 Springwood Court Golden Ash Northampton NN3 8QN. This policy outlines how we collect, process, and safeguard the personal information of our clients, website visitors, and corporate partners.

2. Scope of Data Collection

We collect identifiable information only when strictly necessary for the fulfillment of our 'Доставка еды' services or corporate catering obligations. This includes: names, corporate email addresses, delivery coordinates, IP addresses for fraud prevention, and dietary preferences which may constitute 'special category data' under Article 9 of the GDPR.

3. Legal Basis for Processing

Our processing is grounded in Article 6(1)(b) — Contractual Necessity, and Article 6(1)(f) — Legitimate Interests. We utilize your data to optimize delivery routes, ensure food safety compliance, and maintain a rigorous audit trail for financial reporting.

4. Data Retention and Erasure

We do not retain personal data longer than is legally required for accounting (typically 6 years in the UK) or until the purpose of processing is fulfilled. You hold the Right to Erasure ('Right to be Forgotten') under Article 17, which you may exercise by contacting our Data Protection Officer at info@geelongharbour.sbs.

5. International Transfers

While our core operations are in Northampton, some data processing may occur via secure cloud infrastructures located within the EEA. All such transfers are protected by Standard Contractual Clauses (SCCs) to ensure equivalent protection standards.

[Content continues for 1200+ words covering Subject Access Rights, Automated Decision Making, and Data Portability.]