GDPR Compliance Statement

Catermatch Soultions is committed to protecting the privacy and personal data of its users in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This GDPR Compliance Statement outlines our approach to data protection and the measures we have implemented to ensure compliance.

1) Lawful Basis for Processing Personal Data:

We process personal data based on one or more of the lawful bases outlined in Article 6 of the GDPR, including:

  1. The data subject has given consent to the processing of their personal data for one or more specific purposes
  2. Processing is necessary for the performance of a contract to which the data subject is party to or in order to take steps at the request of the data subject prior to entering into a contract
  3. Processing is necessary for compliance with a legal obligation to which we are subject
  4. Processing is necessary to protect the vital interests of the data subject or of another natural person
  5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  6. Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child

2) Data Protection Principles:

We adhere to the principles relating to the processing of personal data as set out in Article 5 of the GDPR. Personal data shall be:

  1. Processed lawfully, fairly, and in a transparent manner
  2. Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. Adequate, relevant, and limited wo what is necessary in relation to the purposes for which it is processed
  4. Accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

3) Rights of Data Subjects:

We respect the rights of data subjects as provided for in the GDPR, including:

  1. The right to be informed about the collection and use of their personal data
  2. The right of access to their personal data
  3. The right to rectification of inaccurate or incomplete personal data
  4. The right to erasure of their personal data (right to be forgotten)
  5. The right to restrict the processing of their personal data
  6. The right to data portability, allowing them to obtain and reuse their personal data for their own purposes across different services
  7. The right to object to processing of their personal data in certain circumstances
  8. Rights in relation to automated decision making and profiling

4) Data Security Measures:

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  1. Encryption of personal data
  2. Access controls and restricted access to personal data
  3. Regular monitoring and testing of the security measures
  4. Training for employees on data protection and security practices
  5. Procedures for handling data breaches and notifying supervisory authorities and data subjects where required

5) International Data Transfers:

We may transfer personal data outside the European Economic Area (EEA) where necessary for the purposes outlined in this statement. Such transfers will be made in compliance with the requirements of the GDPR, including the use of appropriate safeguards such as standard contractual clauses or binding corporate rules.

6) Data Protection Officer:

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with data protection laws and regulations. The DPO can be contacted at rob.walmsley@catermatch.co.uk.

7) Contact Information:

If you have any questions, concerns, or requests regarding our GDPR compliance or the processing of your personal data, please contact us at sidra@catermatch.co.uk.

8) Updates to the statement:

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. Updates will be published on our website, and we encourage you to review this statement periodically.

By using our services, you acknowledge that you have read and understood this GDPR Compliance Statement and agree to the processing of your personal data in accordance with its terms.