Introduction

This Privacy Policy outlines important information on how we handle your data and who we are.

Welcome to Savour-It’s Privacy and Data Protection Policy (“Privacy Policy”).

At Savour-It (“we,” “us,” or “our”), we prioritize the protection and confidentiality of your Personal Data in accordance with the United Kingdom General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and all other applicable laws and regulations in the United Kingdom.

This Privacy Policy details how we collect, use, and safeguard your data. It also informs you of your privacy rights, explains how the law protects you, and sets expectations for our employees regarding data handling protocols.

We may collect and use data from various individuals, including:

• Customers and other individuals with whom we interact or may need to contact in the course of our operations.

This Privacy Policy applies to all employees and staff members at Savour It, as well as all Personal Data processed by us.

Who is Your Data Controller

Savour It is the Data Controller responsible for your Personal Data. While we are not currently obligated by the UK GDPR to appoint a Data Protection Officer, any inquiries regarding your data can be directed to us via email at info@savour-it.com.

You have the right to file a complaint with the Information Commissioner’s Office (ICO), the UK regulatory authority for data protection matters (www.ico.org.uk). However, we appreciate the opportunity to address your concerns directly, so please contact us first.

Processing Data on Behalf of a Controller and Processors’ Responsibilities

As your Data Controller, we engage employees and third-party service providers (referred to as “Processors”) to manage your data. Responsibilities may be assigned to individuals or the organisation collectively. The Controller and Processors at Savour It are responsible for:

• Ensuring all data processing complies with a legal basis as set out by the GDPR;
• Requiring confidentiality commitments from anyone authorised to process Personal Data;
• Implementing necessary technical and organisational measures to protect data;
• Obtaining prior authorisation before engaging any additional Processors;
• Assisting the Controller in fulfilling requests from individuals to exercise their data rights;
• Providing access to information needed to demonstrate compliance with GDPR and cooperating with audits;
• Keeping records of all processing activities;
• Cooperating with supervisory authorities as requested;
• Ensuring that anyone with data access under the Processor’s authority only processes data as directed by the Controller; and
• Promptly notifying the Controller of any Personal Data breaches.

Legal Basis for Data Collection

Types of Data / Privacy Policy Scope

“Personal Data” includes any information that can identify an individual, excluding data that has been anonymised. We may collect various types of Personal Data about you, as outlined below:

• Profile/Identity Data: Information such as your name, gender, and date of birth.
• Contact Data: Details like your phone number, address, and email.
• Marketing and Communications Data: Your preferences for receiving marketing and updates from us.
• Billing Data: Payment details, including card information and billing address.
• Transactional Data: Records of payments you have made for our products or services.

We do not collect any Special Categories of Personal Data (such as information about your race, religion, health, or political views) or data on criminal convictions.

Legal Grounds for Collecting Data

Our collection and processing of Personal Data is based on several legal grounds under GDPR:

• Consent: When you explicitly agree to receive communications from us, such as by opting in to newsletters.
• Contractual Obligations: When we need certain information to fulfil our contract with you and deliver our services.
• Legal Compliance: When we must collect and process data to comply with laws, such as for fraud prevention.
• Legitimate Interest: When we process data in ways that are reasonably expected as part of running our business and do not impact your rights and freedoms.

How We Use Your Personal Data

Purposes of Data Use

We will use your Personal Data only as permitted by law. The following table provides an overview of the data we collect and the lawful basis for processing it.

While the examples in the table are illustrative, we may use your data for broader purposes that align with our legal obligations. For further clarification, feel free to contact us.

Marketing and Content Updates

Unless you choose to opt out, we may send you marketing communications and updates. Occasionally, we may suggest services or products that might interest you.

Change of Purpose

We will only use your Personal Data for its original intended purpose, unless we consider it necessary to use it for a related purpose compatible with the original one. Should you need clarification on this compatibility, please reach out.

In cases where we need to use your data for an unrelated purpose, we will inform you and explain the legal basis for doing so.

Please note that we may process your Personal Data without your knowledge or consent when required or permitted by law.

Your Rights and How We Protect Your Data

What Control Do You Have Over Savour-It’s Use Of Your Personal Data?

You can delete your account at any time, which will remove all your data from our systems. Your account information is secured with a password, and you should take steps to protect it by logging off when finished and limiting device access.

How Does Savour-It Protect Your Data?

We are committed to keeping your data secure. Only authorized employees can access your Personal Data, and they are bound by confidentiality agreements. When we use third-party service providers, we retain control of your data and ensure adequate protection.

However, please be aware that no data transmission over the internet is entirely secure. While we strive to protect your data, transmission is at your own risk. Contact us if you believe your data may no longer be secure.

Opting Out of Marketing Promotions

You can opt out of marketing communications at any time by unsubscribing from our mailing list. We will still retain other Personal Data provided during your interactions with us unless you request its removal.

How to Request Your Data and Access It

You may request access to your Personal Data without incurring any fee. We may need to verify your identity before granting access, which is a security measure to prevent unauthorized data access.

Sharing Your Data with Third Parties

Will We Share Your Data With Third Parties?

If Savour-It undergoes a business transition, such as a sale or acquisition, we may transfer your Personal Data as part of the transaction. The acquiring party’s Privacy Policy will govern your data in such cases. Otherwise, your data remains protected by this Privacy Policy.

We may also share data when required by law or to enforce our terms and this Privacy Policy.

Data Retention

We will retain your Personal Data only as long as necessary to fulfil the purposes for which it was collected. In certain cases, we may retain your data longer, such as in the event of a complaint or anticipated litigation.

International Data Transfers

Your data may be stored and processed outside the UK, including in the EU. By using Savour-It, you consent to this international transfer of your data.

Policy Updates and Acceptance

This Privacy Policy is subject to change, and we will update it on our website when necessary. By continuing to use Savour It, you agree to any changes to this Policy.

Interpretation

The terms “including” and other similar phrases mean “including but not limited to.” Email addresses provided within this Policy are solely for the specified purposes, and we reserve the right not to respond to unrelated emails.

Our staff cannot contract on behalf of Savour It, nor can they waive rights or make representations outside this Policy. If any communication contradicts this Policy, the Policy will prevail, except when communicated directly by our legal department.