Free Refund Policy Generator for Restaurant / Food — UK GDPR Compliant

🇬🇧 Key UK GDPR Requirements

Following Brexit, the UK retained its own version of GDPR (UK GDPR), supplemented by the Data Protection Act 2018. The UK GDPR is closely aligned with EU GDPR but enforced by the ICO (Information Commissioner's Office). UK GDPR fines can reach £17.5 million or 4% of global turnover. Organizations serving both UK and EU residents must comply with both frameworks.

• Same core principles as EU GDPR: lawfulness, fairness, transparency, purpose limitation
• UK-specific lawful bases for processing must be documented
• ICO registration required for most data controllers (annual fee applies)
• PECR (Privacy and Electronic Communications Regulations) governs cookies and e-marketing
• International data transfers require UK adequacy decisions or UK-specific SCCs
• Data breaches must be reported to the ICO within 72 hours

Restaurant / Food — Specific Considerations

Food businesses with online ordering, delivery apps, or loyalty programs collect customer contact information, order history, location data, and payment details. Allergy information is particularly sensitive — treating it as health data means it may require heightened protection under GDPR and other regulations.

Data typically collected by Restaurant / Food businesses: name, delivery address, phone number, payment details, order history, dietary preferences and allergy information

• Allergy and dietary data as sensitive data
• Third-party delivery platform data sharing (DoorDash, Uber Eats)
• Loyalty program data and expiry
• Location tracking for delivery
• Marketing preferences and opt-out