Data Protection

Data Protection Policy

1. Introduction

This Data Protection Policy outlines how Diva convenience stores ltd will collect, store, and process personal data to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the UK.

2. Purpose of the Policy

The purpose of this policy is to ensure that all personal data is processed legally, transparently, and in a manner that respects the privacy of individuals. It applies to all employees, contractors, and third-party service providers who handle personal data on behalf of the Company.

3. Types of Personal Data We Collect

The types of personal data we collect may include, but are not limited to:

  • Name

  • Address

  • Email address

  • Phone number

  • Payment details

  • IP address

  • Order and transaction history

  • Demographic data (age, gender, preferences)

4. Legal Basis for Processing Personal Data

We process personal data based on one or more of the following legal grounds:

  • Consent: When an individual has given explicit consent for us to process their data.

  • Contractual necessity: To fulfil a contract with the individual or provide the requested service.

  • Legal obligation: When required by law or regulatory authority.

  • Legitimate interests: Where processing is necessary for our legitimate business interests, provided these do not override the individual’s rights and freedoms.

5. How We Collect Personal Data

We may collect personal data in the following ways:

  • Directly from individuals through our website forms, customer surveys, or interactions.

  • From third-party services (e.g., payment processors).

  • Automatically, through cookies and other tracking technologies when individuals use our website.

6. How We Use Personal Data

We use personal data for the following purposes:

  • To process orders and payments.

  • To communicate with customers about their orders, delivery updates, and promotional offers.

  • To comply with legal obligations (e.g., tax reporting).

  • To improve our services, products, and customer experience.

7. Data Retention

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal or regulatory requirements. The retention period will be determined by:

  • The nature of the data.

  • Legal or contractual obligations.

  • The purpose of the data collection.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These include:

  • Encryption of sensitive data.

  • Regular security audits and updates.

  • Restricted access to personal data for authorized personnel only.

9. Rights of Data Subjects

Under GDPR, individuals have certain rights regarding their personal data, including:

  • Right to access: The right to request copies of personal data we hold.

  • Right to rectification: The right to request corrections to any inaccurate or incomplete personal data.

  • Right to erasure: The right to request deletion of personal data under certain circumstances.

  • Right to object: The right to object to the processing of personal data based on legitimate interests or direct marketing.

  • Right to data portability: The right to request that personal data be transferred to another service provider.

  • Right to restrict processing: The right to request that processing of personal data be restricted.

Requests can be made by contacting us at [Company Contact Information].

10. Data Sharing and Disclosure

We may share personal data with the following entities:

  • Service providers (e.g., payment processors, delivery companies, IT support).

  • Regulatory authorities and law enforcement, if required by law.

We ensure that all third parties that process personal data on our behalf are compliant with GDPR and have appropriate data protection measures in place.

11. International Transfers

We don’t do any international data transfers.

12. Training and Awareness

All employees and contractors who handle personal data will receive training on data protection laws, the importance of safeguarding data, and the procedures for handling data securely.

13. Monitoring and Compliance

We monitor compliance with this policy on an ongoing basis and conduct regular audits of our data protection practices to ensure continuous improvement. Any breaches of this policy will be taken seriously and addressed immediately.

14. Changes to the Data Protection Policy

We reserve the right to update this policy periodically. All changes will be communicated to employees, contractors, and customers as applicable. The latest version of this policy will always be available on our website.

15. Contact Us

For further questions or concerns about how we handle personal data, please contact us at:

  • Email: Familyshopperrawmarsh@gmail.com

  • Phone: 01709510991

  • Address: Diva Convenience stores ltd

T/A Family shopper, 18 Kilnhurst road, Rawmarsh, Rotherham, S625NE.