Local Eats UK
Sign in

GDPR Policy

Last updated: 24 June 2026

This page is maintained by Local Eats UK to describe how we meet our obligations under the UK GDPR and the EU GDPR ("GDPR"). It complements our Privacy Policy.

1. Roles

  • Local Eats UK is the data controller for the platform account, order routing, payments orchestration and platform analytics.
  • Vendors are independent controllers for any further use they make of customer data (for example contacting a customer about a specific order or storing it in their own systems).
  • Stripe, our hosting provider and our email provider act as processors for the data they handle on our behalf.

2. Lawful bases

We process personal data under the following bases (Article 6 GDPR):

  • Performance of a contract — to deliver the service.
  • Legitimate interests — fraud prevention, security, product improvement.
  • Consent — marketing communications, optional browser geolocation.
  • Legal obligation — accounting, tax, lawful requests.

3. Your rights

Under the GDPR you have the right to:

  • Be informed about how your data is used (this page and the Privacy Policy).
  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") where there is no legal reason to retain it.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests or direct marketing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

4. How to exercise your rights

Email privacy@local-plate-map.lovable.app from the address linked to your account. We aim to respond within one calendar month. We may need to verify your identity before fulfilling the request. There is no fee unless the request is manifestly unfounded or excessive.

5. International transfers

Where personal data is transferred outside the UK or EEA (for example Stripe processing payments), we rely on adequacy decisions, UK International Data Transfer Agreements, or Standard Contractual Clauses.

6. Retention

Personal data is kept only as long as necessary for the purposes for which it was collected, or as required by law. Account and order data are retained while your account is active and for a reasonable statutory period thereafter (typically up to 7 years for financial records).

7. Security

We apply appropriate technical and organisational measures including TLS in transit, encrypted storage, row-level security policies, role-based access, and the principle of least privilege.

8. Data breach response

If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

9. Data Protection contact

Data Protection enquiries: privacy@local-plate-map.lovable.app.