PRIVACY POLICY
This policy explains how Le Coq Royal collects, uses, shares, and protects personal data across our culinary and hospitality services, including private chef hire, teaching and training, assessing (EPA/IQA), consultancy, and future membership offerings. We operate under UK GDPR and the Data Protection Act 2018 as the data controller.
Who are we?
Business name: Le Coq Royal
Contact email: rebeccangoran9@aol.com
Contact number: +44 7809 144622
Jurisdiction: United Kingdom (UK GDPR; Data Protection Act 2018)
Services covered: Private chef hire, hospitality teaching/training, assessment (EPA/IQA), curriculum/resource development, consultancy, menu engineering, memberships/subscriptions.
What data might we collect?
Identity and contact: Names, emails, telephone numbers, home addresses (e.g., private chef bookings).
Transactional: Payment details, booking information, event details, dietary requirements.
Accounts and access: User account credentials, roles, training/membership access history.
Communications: Enquiries, customer support messages, feedback and reviews.
Assessment records: Assessor decisions, verification notes, portfolios, standardisation materials (as applicable).
Media: Event/class images or testimonials (with consent).
Cookies and analytics: Functional session cookies (login, account access), Squarespace Analytics, Google Analytics.
Special category data: Dietary information that may reveal health or religious beliefs (processed with additional safeguards).
We practice data minimisation and collect only what is necessary to deliver our services.
How and why do we use your data?
Deliver services (Contract):
Create and manage bookings, provide private chef services, teaching/training, assessment (EPA/IQA), accounts and access to resources.Payments and fraud prevention (Contract/Legitimate interests):
Process payments, verify transactions, prevent misuse.Service improvement (Legitimate interests):
Request feedback, analyse anonymised/aggregated usage to improve offerings.Compliance (Legal obligation):
Retain financial records for auditing; cooperate with regulatory requirements and awarding body standards.Marketing and newsletters (Consent):
Send updates where you have opted in; you can withdraw consent at any time.Cookies beyond necessary (Consent):
Use non-essential cookies only with your consent via the cookie banner.Special category dietary data (Explicit consent):
Use strictly to meet safety and meal requirements and protect vital interests where appropriate.
Who might we share your data with?
Payment processors: Squarespace (and similar), which may act as independent controllers for transactions.
Hosting and email providers: Platforms such as AOL/Gmail for communication and storage.
Analytics providers: Google Analytics and Squarespace Analytics.
Awarding bodies and regulators: Where required for assessment, compliance, or legal obligations.
Suppliers and logistics: Ingredient/item delivery partners for catering bookings.
Roles and safeguards:
Processors: Third parties processing data on our instructions under written data processing agreements.
Independent controllers: Some providers (e.g., payment processors) determine purposes of certain processing.
International transfers: If data is transferred outside the UK (e.g., US-based services), we use appropriate safeguards such as the UK IDTA or EU SCCs with the UK Addendum, or rely on adequacy decisions.
How do we keep your data safe?
Access controls: Restricted, role-based access for authorised staff only.
Protections: Passwords, native end-to-end encryption (where available), two-factor authentication.
Training and reviews: Staff awareness, periodic security reviews.
Breach handling: We assess incidents promptly and, where required, notify affected individuals and the Information Commissioner’s Office (ICO) within statutory timeframes.
How long do we keep your data?
Financial records: 6 years + current year to meet UK legal obligations.
Service-related records: Until service completion + 1 year (e.g., bookings, correspondence).
Account data: Retained while the account remains active or until deletion is requested (subject to legal obligations).
Assessment/EQA/IQA records: In line with awarding body or regulatory requirements.
Enquiries/applications (unsuccessful): Up to 12 months if relevant to service improvement or future engagement.
Children’s dietary notes: Only for the duration needed to fulfil the booking safely, then securely deleted.
What are your rights?
Your rights:
Access: Obtain a copy of your data.
Rectification: Correct inaccurate information.
Erasure: Request deletion (subject to legal obligations).
Restriction: Limit processing in certain circumstances.
Objection: Object to processing based on legitimate interests.
Portability: Receive your data in a usable format.
Withdraw consent: Stop marketing or non-essential cookies at any time.
How to exercise rights:
Email: [placeholder email]. We aim to respond within one month.Complaints:
If you are unhappy with our handling of your data, you can complain to the Information Commissioner’s Office (ICO).
What cookies/trackers do we use?
Essential cookies: Required for login and account functionality.
Analytics: Squarespace and Google Analytics help us understand site performance and usage.
No personalised ads: Our site is ad-free; we do not use advertising cookies.
Consent management: A cookie banner allows you to accept or reject non-essential cookies; you can also manage cookies via your browser settings.
Do we store children’s data?
Audience: Our site is intended for users aged 18+.
Parental disclosures: Parents/guardians may share children’s information solely to meet safety and dietary needs for bookings. We process this with parental consent, do not create accounts for children, do not use their data for marketing, and retain it only as necessary for the booking.
Changes
Policy updates: We may update this policy to reflect changes in law, technology, or services. We will post the revised date and highlight material changes on the website.