GDPR Compliance Policy

1. Introduction

Disheshaven (“we”, “us”, “our”) is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This policy explains what data we collect, why we collect it, how we safeguard it, and your rights regarding that data. By using disheshaven.com, you acknowledge that you have read and understood this policy.

2. What Data We Collect

• Email addresses: When you create an account, subscribe to our newsletter, or place an order, we collect your email address to communicate with you, send order confirmations, and provide customer support.
• Cookies: We use first‑party and third‑party cookies to store session information, remember your preferences, and personalise your experience on the site. Cookies also allow us to gather anonymous usage data.
• Analytics data: Through tools such as Google Analytics and Matomo we collect aggregated data about how visitors navigate the site, which pages are most popular, and technical performance metrics. No personally identifying information is stored by these tools.

All data is processed in compliance with the GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

3. Legal Basis for Processing

• Consent: We rely on your explicit consent when you opt‑in to newsletters, marketing communications, or when you use certain features that require data sharing (e.g., social media logins).
• Legitimate interest: For the purpose of maintaining the security of our services, improving user experience, and ensuring compliance with legal obligations, we process data that is necessary and proportionate to these interests. This includes monitoring for fraudulent activity and analysing traffic patterns to optimise site performance.

If you believe that the legitimate interest basis does not apply to you, you can exercise your right to object (see Section 5).

4. How We Protect Your Data

• SSL/TLS encryption: All data transmitted between your browser and our servers is protected by TLS 1.3 encryption, ensuring that information such as passwords and credit card details remain confidential.
• Secure servers: Our infrastructure is hosted on industry‑standard secure servers with regular security audits, intrusion detection, and automated patch management.
• Limited retention: We retain email addresses for up to two years after the last interaction, unless a longer retention period is required by law. Cookies are automatically deleted after 13 months, and analytics data is stored in aggregated form for a maximum of 12 months.
• Access controls: Only authorised personnel with a legitimate need have access to personal data. All staff undergo data protection training and are required to sign confidentiality agreements.

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with a Bootstrap icon for quick reference.

• Right to Access – You may request a copy of the personal data we hold about you. We will provide you with a summary of the data, the purposes of processing, and the recipients of that data.
• Right to Rectification – If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it.
• Right to Erasure – You may request the deletion of your personal data, provided there is no legal obligation to retain it. This includes removing your email address from our mailing lists.
• Right to Restrict Processing – You can ask us to limit the processing of your data if you contest its accuracy or the legitimacy of its use.
• Right to Data Portability – You may receive your personal data in a structured, commonly used, machine‑readable format, or request that we transmit it directly to another data controller.
• Right to Object – You can object to the processing of your data for direct marketing or based on legitimate interests. If you object, we will cease processing unless we can demonstrate a compelling legitimate interest.
• Right to Withdraw Consent – If you gave us consent to process your data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights outlined above, please contact us via email at [email protected]. In your email, provide:

• Your full name and contact details.
• The specific request you wish to make (e.g., “I wish to exercise my Right to Erasure”).
• Any relevant identifiers (e.g., account ID, email address) that help us locate your data.
• A brief statement confirming that you are the data subject or that you have authority to act on their behalf.

We will respond to your request within thirty (30) days of receipt. If additional time is required—for instance, if we need to verify your identity or consult with third parties—we will inform you of the delay and the reason for the extension.

7. Contact Information

If you have any questions about this policy, your personal data, or wish to lodge a complaint with a supervisory authority, please contact us at:

Disheshaven Data Protection Officer
Email: [email protected]
Address: 12 Culinary Lane, Flavor Town, FT1 2GH, United Kingdom

8. Changes to This Policy

We reserve the right to update this policy from time to time. Any changes will be posted on this page with a new “Last Updated” date. We encourage you to review the policy periodically to stay informed about how we protect your personal data.