Get Started

Data Collection & Protection Policy

This policy outlines our internal procedures for data handling, compliance and protection.

1. Purpose & Introduction

This policy defines how Platemate‑Info collects, processes, retains, and disposes of personal data, ensuring lawful and transparent practices in line with recognized data protection frameworks (e.g. GDPR, CCPA)

2. Scope & Definitions

Applies to all data handling—electronic or paper—across personal data subjects (users, applicants).

Definitions: Personal Data, Data Subject, Processing, Sensitive Data, Data Controller, Data Processor, DPO—based on standard templates

3. Data Protection Principles

We comply with principles including:

  • Lawfulness, fairness, transparency
  • Purpose limitation & data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

4. Roles & Governance

  • Data Protection Officer (DPO) or designated contact oversees implementation and compliance.
  • Responsibility shares across leadership, IT, HR, and staff for execution and reporting.

5. Data Collection & Use

  • Data is collected only for defined, explicit purposes required for business operations (e.g., user inquiries, support).
  • Consent will be obtained where required, and withdrawn if requested.

6. Data Storage & Retention

  • Secure protocols for storage (encrypted servers, access control).
  • Documents and data are retained only as long as needed; securely deleted or anonymized after retention period

7. Access Control & Sharing

  • Role-based access; only authorized personnel can access personal data.
  • Any data sharing (e.g. with third parties) requires compliance agreements and secure transmission

8. Security Measures

  • Technical controls include encryption (at rest and in transit), access controls, regular audits, vulnerability assessments, and incident response protocols.
  • Staff receive regular training on privacy and security obligations

9. Breach Notification & Incident Response

  • In case of a data breach, report promptly to affected individuals and relevant supervisory authority within required timelines (e.g. 72 hours where mandated).
  • Investigate root causes, mitigate harm, and prevent recurrence

10. Data Subject Rights Handling

We have structured processes to respond to requests regarding access, correction, deletion, restriction, or data portability within legally stipulated response times.

11. Policy Review & Updates

Reviewed at least annually or when regulations/practices change. Stakeholder notifications will occur for updates

12. Contact

For privacy inquiries or to exercise your data subject rights, please reach out to: Email: rivern@platemate.uk

Connecting restaurant communities, one meal at a time.

© 2025 PlateMate. All rights reserved.