In this policy
1. Who we are
Hot N Nice Delicacies ("we", "us", "our") is a home-kitchen meal delivery service operating from Middlesbrough, North Yorkshire, United Kingdom. We are the data controller for the personal information described in this policy.
Our registered contact for data protection matters is:
- Email: hotnnicedelicacies@gmail.com
- Phone: +44 7776 320068
- Post: Hot N Nice Delicacies, Middlesbrough, UK
2. What data we collect
We collect the minimum we need to run the kitchen. Specifically:
2.1 When you place an order
- Contact details — your name, phone number, email address
- Delivery address — street, flat, city, postcode
- Order contents — items, variants, add-ons, special instructions
- Payment data — handled by Stripe (we never see your card number). We store the last four digits and card brand for reconciliation
2.2 When you create an account
- Your email address, password (stored hashed — never in plain text), display name
- Saved addresses (you choose what to save)
- Order history (linked from orders above)
2.3 Technical data (everyone)
- IP address (abuse prevention, never sold or shared for advertising)
- Browser type, device type, referring page
- Strictly necessary cookies — see our Cookie Notice
2.4 What we do not collect
- We do not collect financial data beyond what Stripe handles
- We do not use third-party analytics or advertising trackers at this time
- We do not track customers across other websites
3. Why & how we use your data
UK GDPR requires us to have a lawful basis for each processing activity. Ours are:
| What we do with it | Lawful basis |
|---|---|
| Fulfil and deliver your order | Contract (Article 6(1)(b)) |
| Send transactional emails (confirmation, status, receipt) | Contract |
| Maintain your account, saved addresses, order history | Contract |
| Take payment via Stripe | Contract |
| Comply with tax, accounting, and food-safety law | Legal obligation (Article 6(1)(c)) |
| Prevent fraud and abuse, protect the site | Legitimate interest (Article 6(1)(f)) |
| Communicate about your order via phone, WhatsApp, or email | Contract / legitimate interest |
We do not use your data for marketing without your explicit opt-in. We don't sell, rent, or trade your data to anyone.
4. Who we share with
We use a small number of trusted third-party processors. Each is contractually bound to handle your data per UK GDPR.
| Processor | What they do | Where |
|---|---|---|
| Stripe Payments UK Ltd | Process card payments | UK / EU |
| Supabase Inc | Database, file storage, authentication | EU (region: London) |
| Vercel Inc | Website hosting | UK / EU edge |
| Resend Inc | Send order-related emails | EU |
| Our delivery driver(s) | Receive name, phone, address to deliver your order | UK |
We may also share data when legally compelled — e.g., a court order, tax inspection, or regulatory request from the Food Standards Agency, HMRC, or the ICO.
5. How long we keep it
- Order records (incl. customer name on the order): 6 years from the order date — required by HMRC for tax records
- Invoices: 6 years (same)
- Account data (email, password, addresses): until you ask us to delete it, or 2 years after your last order, whichever comes first
- Marketing preferences: until you opt out
- Server logs: 30 days
- Stripe payment records: retained by Stripe per their policy (typically 7 years)
6. Your rights
Under UK GDPR you have the following rights — exercise any of them by emailing hotnnicedelicacies@gmail.com. We'll respond within one calendar month.
- Right to be informed — this policy is that
- Right of access — request a copy of your personal data we hold
- Right to rectification — correct anything inaccurate
- Right to erasure ("right to be forgotten") — delete your account and personal data; tax-record requirements may mean some order data is retained but anonymised
- Right to restrict processing — pause our use of your data
- Right to data portability — request your data in a machine-readable format (we provide CSV or JSON)
- Right to object — to processing based on legitimate interest
- Rights related to automated decision-making — we don't make automated decisions about you
If you're not satisfied with our response, you can complain to the Information Commissioner's Office (ICO):
- Web: ico.org.uk
- Helpline: 0303 123 1113
7. Cookies
We use a small number of cookies that are strictly necessary for the site to work (e.g., to keep your shopping cart together, to remember you're signed in). We don't use advertising or cross-site tracking cookies. Full details in our Cookie Notice.
8. Children's data
This site isn't aimed at children under 16. We don't knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we'll delete it.
9. International transfers
Our infrastructure is hosted in the UK and EU. Some processors (notably Stripe and Vercel) may transfer data to the US under UK International Data Transfer Agreements or EU Standard Contractual Clauses, which provide an adequate level of protection. Stripe is certified under the EU-US Data Privacy Framework.
10. Changes to this policy
If we make material changes we'll email account holders at least 14 days before they take effect. The "Last updated" date at the top always reflects the current version.
11. Contact
For privacy questions, data subject access requests, or any other concerns:
- Email: hotnnicedelicacies@gmail.com
- Phone: +44 7776 320068
- Post: Hot N Nice Delicacies, Middlesbrough, UK
This document is a template prepared for the rebuild of hotnnicedelicacies.com and should be reviewed by a qualified solicitor in England & Wales before publication. Specific operational details (retention periods, sub-processor list, registered address) should be verified against actual practice.