Fusion Kitchen

Fusion Kitchen - Privacy Policy and GDPR

Introduction

This privacy policy sets out how FusionKitchen uses and protects any information that you give, when you use this website.

Fusionpos is committed to ensuring that your privacy is protected.we ask you to provide certain information by which you can be identified when using this website, and then you can be assured that it will only be used in accordance with this Privacy Statement describe below (25th May 2018 General Data Protection Regulation)

This Policy sets out the obligations of Fusion Innovative LTD , trading as FusionKitchen, a company registered in England and Wales under number 10752563, whose registered office is at 27 Old gloucester Street, London, WC1N 3AF, UK (“the Company/we/us/our”) regarding data protection and the rights of clients, prospective clients, clients’ customers, business contacts, employees and subcontractors (“data subjects”) in respect of their personal data under the EU General Data Protection Regulation.

The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Policy sets our obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out in this Policy must be followed at all times by the Company and our employees, agents, sub-contractors, or other parties working on our behalf.

We are committed not only to the letter of the law, but also to the spirit of the law and we place a high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom we deal.

The Rights of Data Subjects

The GDPR sets out the following rights applicable to data subjects (please refer to the parts of this policy indicated for further details) :

I. The right to be informed (clause 12).

II. The right of access (clause 13);

III. The right to rectification (clause 14);

IV. The right to erasure (also known as the ‘right to be forgotten’) (clause 15);

V. The right to restrict processing (clause 16);

VI. The right to data portability (clause 17);

VII. The right to object (clause 18); and

VIII. Rights with respect to automated decision-making and profiling (clause 19 and 20).

How we deal with data

Information we collect:

In certain circumstances, we may be required to process clients’ customer data directly. We collect and process the following personal data in order for us to provide our services :

I. Name;

II. Contact information including email address, postal address and telephone number(s);

III. Delivery address.

Information We Collect Automatically

We may receive and store certain information about you and your device(s) automatically when you use our Site and Services.

1. Information related to the device you use to ingress our Services;

2. The type of web browser and operating system you use to access our Services;

3. The domain name of your Internet service provider;

4. The fusion kitchen pages you visit, content you view, features you use and the date and time of your visits;

5. Your search terms, the website you visited before you came to our Services, and other clickstream data; and

We will ensure that the following measures are taken with respect to the storage of personal data :

I. All electronic copies of personal data will be stored securely using passwords and data encryption;

II. All hardcopies of personal data, along with any electronic copies stored on physical, removable media will be stored securely in a locked box, drawer, cabinet, or similar;

III. All personal data stored electronically will be backed up regularly (normally daily) with back-up stored offsite. All back-ups should be encrypted;

IV. No personal data will be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to us or otherwise without the formal written approval of the Data Protection Officer and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary; and

V. No personal data will be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on our behalf where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to us that all suitable technical and organisational measures have been taken).

Data Security – Disposal

When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of.

Organisational Measures

We will ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:

I. All employees, agents, contractors, or other parties working on our behalf and handling personal data will be :

1. made fully aware of both their individual responsibilities and the Company’s responsibilities under the GDPR and under this Policy, and shall be provided with a copy of this Policy;

2. appropriately supervised and trained to do so;

3. required and encouraged to exercise care, caution, and discretion when discussing work-related matters that relate to personal data, whether in the workplace or otherwise;

4. bound to do so in accordance with the principles of the GDPR and this Policy by contract;

II. Only employees, agents, sub-contractors, or other parties working on our behalf that need access to, and use of, personal data in order to carry out their assigned duties correctly will have access to the personal data held by us.

III. Methods of collecting, holding, and processing personal data will be regularly evaluated and reviewed.

IV. The performance of those employees, agents, contractors, or other parties working on our behalf handling personal data will be regularly evaluated and reviewed.

V. All agents, contractors, or other parties working on our behalf handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of ours arising out of this Policy and the GDPR.

VI. Where any agent, contractor or other party working on our behalf handling personal data fails in their obligations under this Policy, that party shall indemnify and hold us harmless against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

Data Retention

We will retain your personal information as long as your account is active with fusion kitchen or as an action of services for you and to maintain a record of your transactions for financial reporting. We will retain your personal information as necessary to follow with our legal commitment, resolve disputes, and implement our agreements

Transferring Personal Data to a Country Outside the EEA

I. We may from time to time transfer (‘transfer’ includes making available remotely) personal data to countries outside of the EEA.

II. The transfer of personal data to a country outside of the EEA will take place only if one or more of the following applies :

1. The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;

2. The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the European Commission; compliance with an approved code of conduct approved by the supervisory authority (e.g. the Information Commissioner’s Office); certification under an approved certification mechanism (as provided for in the GDPR); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;

3. The transfer is made with the informed consent of the relevant data subject(s);

4. The transfer is necessary for the performance of a contract between us and the data subject (or for pre-contractual steps taken at the request of the data subject);

5. The transfer is necessary for important public interest reasons;

6. The transfer is necessary for the conduct of legal claims;

7. The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or

8. The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.

Changes to Our Privacy Policy

Privacy and policy may upgrade from time to time in a reaction of law changes, technical or business developments changes. We hold the right to update or amend this Privacy Statement at any time without foregoing notice. You agree to be bound by the revised Privacy Policy. If you object to any changes you must terminate using our site. We recommend that you check this page regularly to keep up-to-date.

GDPR

The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The Principles of the GDPR

The Data Protection Principles

This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be :

I. Processed lawfully, fairly, and in a transparent manner in relation to the data subject.

II. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, or for historical research or statistical purposes will not be considered to be incompatible with the initial purposes.

III. Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

IV. Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.

V. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, or for historical research or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.

VI. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures

Contact us

If you have any queries about our Site or this Privacy Policy, please contact our Data Protection Officer:

By emails at: sales@fusionpos.co.uk

By writing to us at: 27 Old Gloucester Street, London, WC1N 3AX, UK