Privacy policy

1. About this Privacy Policy

This Privacy Policy explains how EAT LEBO LIMITED, company number 12457700, registered office 80 Victoria Road, Ruislip, England, HA4 0AL (“EAT LEBÖ”, “we”, “us” or “our”), collects, uses and protects personal data through www.eatlebo.co (the “Website”).

For general Website activity, EAT LEBO LIMITED acts as the data controller. Where your enquiry, booking, catering request, franchise application or order relates to a specific branch, delivery partner or service provider, that entity may also process your information for the relevant purpose.

If you have any privacy questions or want to exercise your rights, please contact us at eatlebo@gmail.com.

2. The personal data we collect

Depending on how you use the Website, we may collect and process the following categories of personal data:

  • identity data, such as your name;
  • contact data, such as your email address, telephone number and address;
  • account data, such as login details or records associated with a customer account;
  • transaction data, such as order details, payment status, delivery or collection details and communications relating to a purchase or enquiry;
  • enquiry and application data, such as information you provide through our contact, catering, blogger, media or franchise forms;
  • marketing data, such as your email marketing preferences and records of whether you opted in or unsubscribed;
  • technical and usage data, such as IP address, browser type, device information, cookie identifiers, pages viewed, approximate location derived from IP, and how you interact with the Website; and
  • any other information you choose to send to us voluntarily.

Please do not send sensitive personal data through the Website unless it is genuinely necessary. If you choose to tell us about allergies, health information or other sensitive matters, we will only use that information where permitted by law and only for the limited purpose for which you provided it.

3. How we collect your personal data

We collect personal data:

  • directly from you when you fill in forms, subscribe to marketing, create an account, place an order, submit an enquiry or contact us;
  • automatically when you use the Website through cookies and similar technologies;
  • from service providers who help us operate the Website, process payments, manage marketing, analyse traffic or deliver orders; and
  • occasionally from publicly available sources or social media where relevant to a legitimate enquiry, media request or collaboration.

4. How we use your personal data and our lawful bases

We use personal data only where we have a lawful basis to do so under UK data protection law. The main purposes and lawful bases are as follows:

  • to operate, maintain and secure the Website, and to diagnose technical issues, on the basis of our legitimate interests in running and protecting our business;
  • to respond to enquiries, requests and complaints, on the basis of our legitimate interests and, where applicable, to take steps at your request before entering into a contract;
  • to process and fulfil direct Website orders, payments, collections, deliveries, refunds and related customer service, on the basis that processing is necessary for the performance of a contract;
  • to administer customer accounts and order records, on the basis of contract and our legitimate interests in efficient customer service;
  • to manage catering requests, franchise applications, blogger collaborations, press enquiries and similar commercial discussions, on the basis of our legitimate interests and, where appropriate, to take steps prior to entering into a contract;
  • to send marketing communications by email or SMS where you have consented, or where we are otherwise permitted to do so under applicable marketing rules;
  • to maintain internal records, financial records and tax records, and to comply with legal, regulatory, food safety, licensing and accounting obligations, on the basis of legal obligation; and
  • to establish, exercise or defend legal claims, and to prevent fraud or misuse of the Website, on the basis of our legitimate interests and, where relevant, legal obligation.

5. Marketing

If you sign up to receive offers, updates or discounts, we may send you marketing communications by email, SMS or other electronic means where permitted by law.

You can opt out of marketing at any time by using the unsubscribe link in the message, replying STOP where available, changing your account preferences, or contacting us using the details above.

Opting out of marketing will not stop us sending service messages that are necessary for an order, booking, transaction or account administration.

6. Cookies and similar technologies

We use cookies and similar technologies to make the Website work, remember preferences, understand how visitors use the Website, improve performance, and support marketing activity.

Some cookies are strictly necessary and do not require consent. Other cookies, including analytics and advertising cookies, should only be used where the law requires and you have given consent through our cookie banner or settings tool.

You can also control cookies through your browser settings. Disabling certain cookies may affect Website functionality.

7. Sharing your personal data

We may share personal data with trusted third parties where reasonably necessary, including:

  • Website hosting, ecommerce and customer account providers, including Shopify and related Shopify services where used;
  • payment processors and payment gateway providers;
  • delivery, fulfilment and courier providers;
  • email, SMS and customer relationship management platforms;
  • analytics, advertising and cookie technology providers;
  • IT support, security, professional advisers, insurers and auditors;
  • regulators, law enforcement, local authorities or other third parties where required by law or for the protection of our business, customers or staff; and
  • group companies, branch operators or commercial partners where needed to deal with your enquiry or perform a contract.

We do not sell your personal data.

8. International transfers

Some of our service providers may process personal data outside the UK. Where this happens, we will take appropriate steps to ensure that personal data remains protected in accordance with UK data protection law, including by relying on adequacy regulations or appropriate contractual safeguards where required.

9. How long we keep your personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, food safety, dispute resolution and reporting requirements.

By way of general guidance:

  • contact form and general enquiry data is usually kept for as long as needed to deal with the enquiry and for a reasonable follow-up period;
  • direct order and transaction records are retained for as long as necessary for contract administration and legal or tax record-keeping;
  • franchise, media, blogger and commercial enquiry records may be kept for longer where ongoing discussions continue or where we need a record of our communications; and
  • marketing records are retained until you withdraw consent, unsubscribe, or we otherwise determine that the record is no longer needed.

10. Your rights

Subject to applicable law, you may have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of your personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing based on legitimate interests, including direct marketing;
  • request transfer of certain personal data to you or another provider where the right to data portability applies; and
  • withdraw consent at any time where we rely on consent, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us using the details in this Policy. We may need to verify your identity before responding.

11. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. However, no system is completely secure, and you submit information to the internet at your own risk.

12. Third-party sites and services

The Website may link to third-party sites, including Uber Eats, Deliveroo, Just Eat, social media platforms and other external services. This Privacy Policy does not apply to those third-party services, and you should read their own privacy notices before providing personal data to them.

13. Children

The Website is not directed at children. We do not knowingly collect personal data from children through the Website without appropriate authority. If you believe a child has provided personal data to us inappropriately, please contact us so that we can investigate.

14. Complaints

If you have concerns about how we handle personal data, please contact us first so that we have an opportunity to address them.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

15. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version published on the Website will apply from the date of posting.