top of page

Privacy Policy

Last Updated: 03 May 2020

1.    Who are we?


Welcome to our Privacy Policy.


This website is owned and operated by That's Eat Marketing, a trading name of Alessandra Pili (a sole trader), referred to in this Privacy Policy as the "us", "our" or "we". We are registered as an online business with Glasgow City Council.


We are the data controller in relation to your personal data.


2.    What information can you find in this Privacy Policy?


We respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you how and why we collect your personal data, how we look after your personal data, and about your privacy rights and how the law protects you. 


This Privacy Policy explains how we collect and process your personal data when you:


  1. visit our website;

  2. purchase goods and services from us;

  3. supply us with goods or services; and

  4. sign up to receive updates and marketing from us.


It is important that you read this Privacy Policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.


3.    What do data we collect about you?


Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).


We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:


  1. Contact data: your name, title, address, telephone/mobile number, and email address; 

  2. Financial data: debit/credit card details;

  3. Transaction data: details and records about payments to and from you, including details of goods and services that you have provided to us, or that you have purchased from us;

  4. Technical data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website;

  5. Usage data: information about how you use our website, products and services; and

  6. Marketing and communications data: your preferences in receiving marketing from us and our third party partners, and your communication preferences.


We obtain this information directly from you when you visit our website, purchase goods or services from us, supply goods or services to us, or subscribe for marketing.


If you fail to provide personal data


Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have purchased (or are attempting to purchase) from us, but we will notify you if this is the case at the time.


4.    What do we use your personal data for?


We have set out below a description of all the ways we plan to use your personal data and which legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.


Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need further details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out below.


Customers and Suppliers


We process the personal data of our customers and suppliers so that we can provide goods and services to our customers, and receive goods and services from our suppliers. This includes collecting and recovering money owed to us.


Type of data:

  1. Contact.

  2. Financial.

  3. Transaction.


Lawful basis for processing, including any legitimate interests pursued:

  1. Performance of our contract with you.

  2. Necessary for our legitimate interest (to recover debts due to us)


Relationship Management


To manage our relationship with you which may include:


  1. Communicating with you;

  2. Notifying you about changes to our Terms and Conditions or Privacy Policy; and

  3. Asking you to leave a review or take a survey.


Type of data:

  1. Contact.

  2. Financial.

  3. Transaction.

  4. Technical.

  5. Usage.


Lawful basis for processing, including any legitimate interests pursued:

  1. Performance of our contract with you.

  2. Necessary to comply with our legal obligations.

  3. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services).




To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).


Type of data:

  1. Contact.

  2. Marketing and Communications.


Lawful basis for processing, including any legitimate interests pursued:

  1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or restructuring exercise);

  2. Necessary to comply with our legal obligations.


Website and Online Advertisement


To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. This includes using analytics to improve our website, products/services, marketing, customer relationships and experiences.


Type of data:

  1. Contact.

  2. Usage.

  3. Technical.

  4. Marketing and Communication.


Lawful basis for processing, including any legitimate interests pursued:


Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).




We may use your contact, technical, usage and marketing and data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).


You may receive marketing communications from us if you have requested information from us, or purchased goods or services from us and you have not opted-out of receiving that marketing. Alternatively, you may receive marketing communications where you have specifically opted-in to receive these (for example, by signing up for updates or newsletters on our website).


You can ask us to stop sending you marketing at any time by clicking "unsubscribe" on any promotional email we send to you, or alternatively by contacting us on the details below.




You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.


5.    Who do we share you information with?


We may disclose your personal data to the following categories of third parties:


  1. our professional advisors (e.g. our accountants and legal advisors);

  2. vendors who will process your personal data on our behalf and under our written instructions to carry out the services they provide to us during the course of our business, such as IT service providers, financial institutions, and cloud-based solutions providers that are used by us in the conduct of its business. We contract with such vendors to ensure that they only process your personal data under our instructions and ensure the security and confidentiality of your personal data by implementing the appropriate technical and organisational measures for such processing;

  3. mail delivery and courier services providers that we use to deliver products to you;

  4. third parties to whom we are required to transfer personal data by law, such as HMRC, law enforcement bodies, governmental and regulatory bodies, the courts and other competent authorities that may request personal data in connection with any inquiry, court order, or other legal or regulatory procedures which we would need to comply with; we may also share personal data to establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims; and

  5. any third party connected with business transfers; we may transfer your personal data to third parties, in connection with a reorganisation, restructuring, merger, acquisition, or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with data protection law.


We may transfer your personal data to controllers or processors located outside of the United Kingdom (UK) or the European Economic Area (EEA). This is primarily to allow us to receive IT services (e.g. cloud storage services, email/webmail services and customer relationship management services) from vendors located in non-UK or non-EEA jurisdictions. However, we will only transfer your personal data to a vendor in a non-UK or non-EEA country where:


  1. where such countries provide for an adequate level of personal data protection, or where the data recipient is certified under an approved transfer mechanism (such as the EU/US Privacy Shield);

  2. where we have in place a valid data transfer agreement with the data recipient (such as the European Commission standard contractual clauses); or

  3. where we are otherwise permitted to make the transfer under data protection law.


Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA.


6.    How do we keep your information safe?


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions.


We will notify you and any applicable regulator of a suspected or actual personal data breach where we are legally required to do so.


7.    How long do we keep your information?


We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.


To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


When we no longer need to use your personal data, we will remove it from our systems and records, and or take steps to anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations we are subject to).


In some circumstances you can ask us to delete your data (please see "Your legal rights" below for further information).


8.    Your legal rights


Under data protection law, you have certain rights in relation to your personal data:


  1. to obtain confirmation from us on whether your personal data is being processed by us;

  2. to request a copy of any of your personal data processed by us;

  3. to ask us (in certain circumstances) to correct, amend, or delete that information where it is inaccurate, is no longer required for the purpose for which it was processed or has been processed in violation of data protection law;

  4. to ask us to restrict the processing of your personal data in certain circumstances;

  5. to receive a copy of your personal data in a structured, commonly used, and machine-readable format, or have that data transferred to a chosen third party in certain situations;

  6. to object to our processing of their personal data where the processing is carried out to achieve our legitimate interests (or those of a third party), our legitimate interests are set out a section 4 above; and

  7. if we rely on your consent as a legal ground for processing your personal data, you have the right to withdraw that consent at any time.

If we determine that access to personal data cannot be provided in any particular instance or another right cannot be complied with, we will provide you with an explanation of why we have made that determination and a contact point for any further inquiries.


If you would like to exercise any of your rights, or you have any questions or complaints about the way in which we have processed your data, please contact us on the details below in the first instance.


If you are still unsatisfied with our response, or the way in which we have processed your data, you also have the right to make a complaint (at any time) to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would however appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


9.    Third-party links


This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.


10.    Contact us


If you have any questions in relation to this Privacy Policy, including any requests to exercise your legal rights, you can contact us by using the "Contact Us" form on our website, or by email to


11.    Changes to this Privacy Policy


We may update this Privacy Policy from time to time as our privacy practices change, or as required by applicable legal or regulatory requirements. Where it is practicable, we will notify you of any significant changes. However, the last update date is given at the start of this Privacy Policy, and we would encourage you to review this Privacy Policy periodically so you remain informed of how we uses your personal data.

bottom of page