Privacy Policy
This Privacy Policy explains how Country Roads Catering (“we”, “us”, “our”) collects, uses and protects your personal information when you use our website or contact us about catering services.
Data controller
Country Roads Catering — South Coast, UK
Contact: hello@countryroadscatering.co.uk
What we collect
- Menu request details via
/api/menu-request: your email address and whether you opt in to occasional updates (marketingOptIn). - Enquiries: name, email, phone (if provided), and event information (date, venue, guest count, dietary requirements) when you email or contact us.
- Operational logs: standard web server logs (IP address, user‑agent, URL, timestamp) and error logs for security and debugging.
- Business records: proposals, invoices and correspondence related to bookings.
We do not currently run analytics or advertising trackers, and we do not use non‑essential cookies.
How we use your data
- To respond to enquiries, prepare quotes and tailor menus for your event.
- To send you the requested full menu PDF and, if you opt in, occasional updates about services or seasonal menus.
- To operate, secure and troubleshoot our website and email (e.g., server logs, abuse/attack detection).
- To maintain legal and financial records (e.g., accounting and tax).
Legal bases under UK GDPR
- Contract: responding to enquiries, providing quotes and performing catering services.
- Consent: sending optional updates/marketing when you tick the opt‑in box. You can withdraw consent at any time.
- Legitimate interests: website security, preventing fraud/abuse, improving services, and keeping lightweight operational logs.
Sharing your data
We do not sell your data. We share personal data only when necessary to run our business:
- Hosting & infrastructure: our site is hosted on a UK/EU server we administer (Ubuntu + Nginx). HTTPS is provided by Let’s Encrypt.
- Email delivery: menu requests and enquiries are sent through our server’s Mail Transfer Agent (MTA). Email may transit standard global email infrastructure during delivery.
- Professional advisers: accountants or legal advisers where required by law.
Where third‑party providers are used, we require appropriate data protection safeguards and processing only under our instructions.
Retention
- Menu requests: the notification email we receive is kept for up to 12 months for follow‑up and service quality checks. If you opt in to updates, your email is kept until you unsubscribe or request deletion.
- Enquiry/booking correspondence & records: kept for up to 7 years to meet accounting and tax obligations.
- Server logs: kept for up to 30 days (longer only when investigating security incidents).
Security
- HTTPS/TLS across the site; HSTS and modern security headers enabled.
- Least‑privilege server access, firewalling, and regular OS/web‑server updates.
- Mail delivery via our own server (no web forms sending raw credentials).
No system can be 100% secure, but we use reasonable technical and organisational measures to protect personal data.
Your rights
Under UK GDPR you may have the right to access, correct, delete, or restrict processing of your personal data, and to withdraw consent where processing relies on consent. To exercise your rights, contact hello@countryroadscatering.co.uk.
Cookies & analytics
We do not currently use non‑essential cookies or analytics. If we introduce privacy‑friendly analytics in future, we’ll update this page and, where required, provide controls for consent.
Children
Our services and website are not directed to children. If you believe a child has provided us with personal data, please contact us so we can delete it.
Changes to this policy
We may update this policy from time to time. The latest version will always be available on this page.
Last updated:
Contact
Questions about this policy or your data? Email hello@countryroadscatering.co.uk.