Last updated: 6 April 2025

Privacy Policy

1. Who We Are

This Privacy Policy explains how Khachapuri Ltd ("we", "us", "our") collects, uses, and protects personal data in connection with our website khachapuri.co.uk. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy or how we handle your data, please contact us at:

Email: [email protected]
Website: www.khachapuri.co.uk

2. What Personal Data We Collect

2.1 Online Orders

When you place an order through our website, we collect:

  • Your name
  • Delivery or collection address
  • Email address
  • Phone number
  • Order details (items, quantities, special instructions)

Payment card details are collected and processed directly by Stripe, our payment provider. We do not store or have access to your full card number, CVV, or expiry date.

2.2 Email Sign-Up (MailerLite)

If you choose to subscribe to our mailing list, we collect your email address and, if provided, your name. This data is managed through MailerLite, our email marketing platform.

2.3 Website Analytics (Google Tag Manager & Google Analytics)

We use Google Tag Manager and Google Analytics to understand how visitors use our website. This may include:

  • Pages visited and time spent on site
  • Browser type and device information
  • Approximate geographic location (country/city level)
  • Referral source (how you arrived at our site)

This data is collected using cookies and is anonymised or pseudonymised. We do not use this data to personally identify you. Please see Section 6 (Cookies) for more information.

2.4 Square POS Integration

We use Square to manage our point-of-sale and ordering data. Order details (items, quantities, order reference numbers) are passed to Square to fulfil your order and manage our kitchen operations. No additional personal data beyond what is necessary for order fulfilment is shared with Square via our website.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To process and fulfil your online orders
  • To communicate with you about your order (confirmation, updates, issues)
  • To send you marketing emails, if you have subscribed (you can unsubscribe at any time)
  • To improve our website and understand how it is used
  • To comply with our legal and regulatory obligations

4. Our Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract performance: Processing your order data is necessary to fulfil the contract between you and us when you place an order.
  • Legitimate interests: Website analytics help us improve our service. We have assessed that this does not override your rights.
  • Consent: If you subscribe to our mailing list, we process your data based on your consent. You may withdraw consent at any time by clicking 'unsubscribe' in any email we send.

5. Who We Share Your Data With

We share data only where necessary, with the following trusted third parties:

  • Stripe — Payment processing. Your payment data is handled directly by Stripe under their own privacy policy. Stripe is PCI DSS compliant.
  • MailerLite — Email marketing. Your email address and name (if provided) are stored and processed by MailerLite to send you our newsletters.
  • Google (Analytics / Tag Manager) — Website analytics data is sent to Google for reporting purposes.
  • Square — Order details are transmitted to Square for fulfilment and kitchen management purposes.

We do not sell your personal data to any third party, and we do not use your data for advertising purposes.

6. Cookies

Our website uses cookies. Cookies are small text files placed on your device to help us provide a better experience. We use:

  • Essential cookies: Required for the website and ordering system to function correctly.
  • Analytics cookies: Used by Google Analytics to collect anonymised usage information about how visitors interact with our website.

You can control or disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of our website, including the ability to place orders.

7. How Long We Keep Your Data

  • Order data: We retain order records for 7 years in accordance with UK tax and accounting obligations.
  • Email marketing data: Retained until you unsubscribe or request deletion.
  • Analytics data: Retained in accordance with Google Analytics' default data retention settings (up to 26 months).

8. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure: You can ask us to delete your personal data, subject to any legal obligations to retain it.
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to data portability: You can ask for your data in a machine-readable format.
  • Right to object: You can object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where we rely on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Payment data is protected by Stripe's industry-leading PCI DSS-compliant infrastructure. Our website uses HTTPS encryption for all data in transit.

10. International Data Transfers

Some of our third-party providers (including Google and MailerLite) may process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as the UK Addendum to Standard Contractual Clauses or adequacy decisions, to ensure your data remains protected to UK GDPR standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website at khachapuri.co.uk/privacy. We will notify you of significant changes where required by law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Khachapuri Ltd
Email: [email protected]
Website: www.khachapuri.co.uk

Cheese up your inbox

Get the special offers big news, events and openings.

£50 giveaway coming soon to email subscribers!