Preloader

Privacy Policy

Last Updated: 5th December 2025

At The Prep Studio Ltd, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you visit our website, place an order, or communicate with us through any channel including email, telephone, WhatsApp, or social media.

Please read this Privacy Policy carefully to understand how we handle your personal data in accordance with UK data protection laws.

1. Who We Are

Business Name: The Prep Studio Ltd
Website: https://theprepstudio.co.uk
Email: info@theprepstudio.co.uk
Address: 423 Airedale House, Kirkstall Road, Leeds, LS4 2EW, United Kingdom

The Prep Studio Ltd (“we”, “our”, or “us”) is the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This means we determine how and why your personal information is processed and are responsible for ensuring compliance with data protection laws.

2. Information We Collect

We collect and process personal data that helps us deliver your orders, communicate with you effectively, improve our services, and fulfill our legal obligations. The type of information we collect depends on how you interact with us.

a) Information You Provide Directly

When you place an order, create an account, or contact us, you may provide:

Contact Information:

  • Full name
  • Email address
  • Telephone number (including mobile and WhatsApp contact)
  • Delivery address (including postcode)
  • Billing address (if different from delivery address)

Order Information:

  • Food preferences and menu selections
  • Order history and purchase records
  • Dietary requirements, allergies, and special instructions
  • Delivery preferences and instructions
  • Safe place delivery authorizations

Payment Information:

  • Payment card details (last 4 digits only – full card details are processed securely by our third-party payment processor and are not stored by us)
  • Billing information
  • Transaction history

Communication Records:

  • Messages, emails, and correspondence with our customer service team
  • WhatsApp conversations related to orders or support
  • Social media messages and interactions
  • Feedback, reviews, testimonials, and survey responses
  • Complaint details and resolution records

Marketing Preferences:

  • Consent records for marketing communications
  • Communication channel preferences (email, SMS, WhatsApp)
  • Opt-out and unsubscribe requests

Account Information (if applicable):

  • Username and password (encrypted)
  • Account preferences and settings
  • Saved delivery addresses and payment methods

b) Information Collected Automatically

When you visit our website, certain technical information may be collected automatically to ensure the website functions properly and to improve your user experience:

Technical Data:

  • IP address (anonymized where possible)
  • Browser type and version
  • Device type and operating system
  • Screen resolution and device settings
  • Referring website or source
  • Pages visited and time spent on our website
  • Date and time of access
  • Geographic location (country/region level only)

Important: We do not use:

  • Google Analytics or similar comprehensive tracking platforms
  • Third-party advertising cookies or tracking pixels
  • Behavioral tracking for advertising purposes
  • Social media tracking or retargeting pixels (except on social media platforms themselves)

We only collect essential technical data necessary for website functionality, security, and basic performance monitoring.

c) Information from Third Parties

We may receive limited information from:

  • Payment processors confirming successful transactions
  • Delivery partners confirming delivery completion
  • Fraud prevention services to protect against fraudulent transactions
  • Social media platforms if you interact with us publicly

3. Legal Basis for Processing Your Data

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

1. Contract Performance: Processing necessary to fulfill our contract with you, including:

  • Processing and delivering your food orders
  • Managing your account
  • Providing customer support
  • Processing payments

2. Legitimate Interests: Processing necessary for our legitimate business interests, such as:

  • Improving our products, services, and customer experience
  • Preventing fraud and ensuring transaction security
  • Managing customer relationships
  • Internal record-keeping and business analytics
  • Protecting our legal rights and business interests

3. Legal Obligation: Processing required to comply with legal requirements, including:

  • Food safety and traceability regulations
  • Tax and accounting obligations
  • Financial record-keeping requirements
  • Responding to legal requests from authorities

4. Consent: Processing based on your explicit consent for:

  • Marketing communications (promotional emails, SMS, WhatsApp messages)
  • Optional cookies and tracking (if implemented)
  • Testimonials and reviews (if you provide them)
  • Participation in loyalty or affiliate programs

You have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4. How We Use Your Information

We use your personal information for the following purposes:

a) Order Fulfillment & Service Delivery

  • Processing and confirming your food orders
  • Preparing meals according to your specifications and dietary requirements
  • Coordinating delivery logistics and scheduling
  • Communicating delivery updates, delays, or issues
  • Managing delivery instructions and safe place authorizations
  • Handling order modifications or cancellations (where permitted)

b) Customer Service & Support

  • Responding to your inquiries, questions, and support requests
  • Managing complaints and refund requests
  • Providing information about our products and services
  • Resolving technical issues with your account or orders
  • Following up on customer satisfaction

c) Payment Processing & Financial Management

  • Processing payments securely through third-party payment providers
  • Verifying payment information and preventing fraud
  • Managing refunds and financial adjustments
  • Maintaining financial records for accounting and tax purposes
  • Invoicing and receipt generation

d) Marketing & Communications (with your consent)

  • Sending promotional emails with discount codes and special offers
  • Sharing new menu items, seasonal offerings, and product updates
  • Providing exclusive deals to loyalty program members
  • Sending birthday or anniversary offers (if you’ve provided this information)
  • Communicating about affiliate or referral programs

You can opt out of marketing at any time (see Section 10).

e) Business Improvement & Analytics

  • Analyzing order patterns and popular menu items
  • Understanding customer preferences to improve our menu
  • Monitoring website performance and user experience
  • Conducting customer satisfaction surveys
  • Identifying areas for operational improvement
  • Aggregate statistical analysis (anonymized data only)

f) Legal Compliance & Protection

  • Complying with food safety and labeling regulations
  • Meeting tax, accounting, and financial reporting requirements
  • Responding to legal requests from law enforcement or regulatory authorities
  • Protecting against fraud, security threats, and illegal activity
  • Defending our legal rights in disputes or claims
  • Maintaining records required by law (typically 6 years for financial records)

g) Loyalty & Affiliate Programs

  • Managing participation in loyalty reward schemes
  • Tracking referral credits and affiliate commissions
  • Communicating program benefits and reward status
  • Processing reward redemptions

5. Data Sharing & Third-Party Disclosure

We take your privacy seriously and will never sell, rent, or trade your personal information to third parties for their marketing purposes.

However, we may share your data with trusted third-party service providers who help us operate our business efficiently and deliver our services to you:

a) Essential Service Providers

Payment Processors:

  • We use secure, PCI-DSS compliant payment gateways (such as Stripe) to process card payments
  • They receive only the information necessary to process transactions
  • Full card details are never stored on our systems

Delivery & Logistics Partners:

  • If we use third-party courier services, they receive your name, delivery address, and contact number
  • This is necessary to complete delivery of your order
  • Delivery partners are bound by confidentiality agreements

Website Hosting & Technology Providers:

  • Our website is hosted by secure third-party hosting services
  • Technical support providers may have limited access to system data for maintenance
  • All providers are required to maintain strict data security standards

Email & Communication Services:

  • We use email service providers to send order confirmations and communications
  • SMS or WhatsApp business platforms for delivery notifications (if used)
  • These providers process data only as instructed and cannot use it for their own purposes

b) Legal & Regulatory Disclosure

We may disclose your personal information when required by law or when necessary to:

  • Comply with court orders, subpoenas, or legal processes
  • Respond to requests from law enforcement or regulatory authorities
  • Enforce our Terms and Conditions or other agreements
  • Protect our rights, property, or safety, or that of our customers or others
  • Prevent fraud, security threats, or illegal activity

c) Business Transfers

In the event of a merger, acquisition, sale of assets, or business reorganization, your personal data may be transferred to the new owners or operators. We will notify you of any such change and ensure the new entity continues to comply with data protection laws.

d) Third Parties We DO NOT Share With

We do not share your data with:

  • Marketing companies or data brokers
  • Social media platforms for advertising purposes (except where you interact with us on those platforms)
  • Affiliate networks or partners (except for managing referral credits if you participate)
  • Any party for purposes unrelated to providing our services to you

All third-party service providers:

  • Are carefully selected and vetted
  • Process data only as necessary to perform their specific function
  • Are contractually bound to protect your data and comply with UK GDPR
  • Cannot use your data for their own purposes
  • Are required to implement appropriate security measures

6. International Data Transfers

We primarily operate within the United Kingdom and store data on servers located in the UK or European Economic Area (EEA).

If we need to transfer your data outside the UK or EEA (for example, to a cloud service provider with global operations), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office
  • Adequacy decisions recognizing equivalent data protection standards
  • Other legally approved transfer mechanisms

You have the right to request information about international transfers and the safeguards we use.

7. Data Retention – How Long We Keep Your Information

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations.

Retention Periods:

Order & Customer Data:

  • Minimum 6 years from the date of your last order
  • This is required for accounting, tax, and legal compliance purposes under UK law
  • Includes order history, delivery records, and financial transactions

Marketing & Contact Data:

  • Until you withdraw consent or request deletion
  • We will periodically review and clean marketing lists to remove inactive contacts
  • Typically retained for up to 3 years of inactivity before deletion

Account Data:

  • Retained while your account remains active
  • If you close your account, data is deleted within 30 days (except where we must retain financial records for legal compliance)

Communication Records:

  • Customer service correspondence: up to 3 years
  • Complaint records: up to 6 years (for legal protection)

Website Technical Data:

  • IP addresses and technical logs: typically 90 days to 1 year
  • Security logs: retained longer if required for fraud prevention

CCTV or Security Footage (if applicable):

  • Typically 30 days unless required for investigation or legal purposes

After retention periods expire:

  • Data is securely deleted or permanently anonymized
  • Anonymized data (which cannot identify you) may be retained indefinitely for statistical purposes

You can request deletion of your data at any time (subject to legal obligations) – see Section 9.

8. Data Security – How We Protect Your Information

We take the security of your personal data very seriously and implement appropriate technical and organizational measures to protect against unauthorized access, loss, misuse, or disclosure.

Security Measures Include:

Website Security:

  • SSL/TLS encryption (HTTPS) for all data transmitted via our website
  • Secure payment gateways with PCI-DSS compliance
  • Regular security updates and patches
  • Firewall protection and intrusion detection systems

Data Storage Security:

  • Encrypted databases for sensitive information
  • Secure, password-protected servers
  • Regular security audits and vulnerability assessments
  • Backup systems with encryption

Access Controls:

  • Restricted access to personal data on a need-to-know basis
  • Strong password policies and multi-factor authentication for staff
  • Regular staff training on data protection and security
  • Confidentiality agreements with all staff and contractors

Third-Party Security:

  • Due diligence checks on all service providers
  • Contractual obligations requiring equivalent security standards
  • Regular reviews of third-party security practices

Payment Security:

  • We do NOT store full credit card details on our systems
  • Payments are processed by PCI-DSS Level 1 compliant providers (the highest security standard)
  • Only the last 4 digits of cards are retained for reference

Important Limitation: While we implement robust security measures, no online data transmission or storage system can be guaranteed 100% secure. We cannot absolutely guarantee the security of information transmitted over the internet, but we continuously work to maintain the highest practical standards of protection.

In the Event of a Data Breach: If we experience a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours
  • Notify affected individuals without undue delay
  • Take immediate steps to contain and remediate the breach
  • Provide guidance on protective measures you can take

9. Your Rights Under UK GDPR

You have important rights regarding your personal data under UK data protection law. You can exercise these rights at any time by contacting us at info@theprepstudio.co.uk.

Your Rights Include:

1. Right of Access (Subject Access Request)

  • You have the right to request a copy of all personal data we hold about you
  • We will provide this information free of charge within one month
  • You can request information about how we use your data and who we share it with

2. Right to Rectification

  • You can ask us to correct inaccurate or incomplete personal data
  • We will update your information promptly upon verification
  • You can update many details yourself via your account (if applicable)

3. Right to Erasure (“Right to be Forgotten”)

  • You can request deletion of your personal data in certain circumstances:
    • When data is no longer necessary for the purpose it was collected
    • When you withdraw consent (for consent-based processing)
    • When you object to processing and there are no overriding legitimate grounds
    • When data has been unlawfully processed
  • Important limitation: We may be unable to delete data if we have a legal obligation to retain it (e.g., financial records for tax purposes)

4. Right to Restrict Processing

  • You can ask us to limit how we use your data while:
    • Verifying the accuracy of contested data
    • Assessing whether our legitimate interests override your rights
    • We no longer need the data but you need it for legal claims
  • During restriction, we can store data but not actively use it

5. Right to Data Portability

  • You can request your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON)
  • You can ask us to transmit this data directly to another service provider (where technically feasible)
  • This applies to data processed based on consent or contract performance

6. Right to Object

  • You can object to processing based on legitimate interests
  • You can object to direct marketing at any time (see Section 10)
  • We must stop processing unless we demonstrate compelling legitimate grounds

7. Right to Withdraw Consent

  • Where processing is based on consent (e.g., marketing), you can withdraw consent at any time
  • Withdrawal does not affect the lawfulness of processing before withdrawal
  • We will stop processing your data for that purpose immediately

8. Right to Lodge a Complaint

  • If you believe we have mishandled your data, you can complain to:
    • The Information Commissioner’s Office (ICO)
    • Website: www.ico.org.uk
    • Telephone: 0303 123 1113
    • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • We encourage you to contact us first so we can try to resolve your concern

How to Exercise Your Rights:

Contact us at:

  • Email: info@theprepstudio.co.uk
  • Post: The Prep Studio Ltd, 423 Airedale House, Kirkstall Road, Leeds, LS4 2EW, United Kingdom

We will:

  • Respond to your request within one month (may be extended to two months for complex requests)
  • Verify your identity before processing requests (to protect your data)
  • Provide information free of charge (unless requests are manifestly unfounded or excessive)
  • Explain our reasons if we cannot fulfill your request

10. Marketing Communications & Opting Out

We only send marketing communications to customers who have provided consent or where we have a legitimate interest (for existing customers).

What Marketing We May Send:

With Your Consent:

  • Promotional emails with discount codes, vouchers, and exclusive offers
  • SMS or WhatsApp messages about special deals or new menu items
  • Information about loyalty programs, affiliate opportunities, or referral rewards
  • Seasonal promotions and limited-time offers
  • Updates about service improvements or expanded delivery areas

To Existing Customers (Soft Opt-In):

  • Similar products or services to those you’ve already purchased
  • Relevant updates about our menu or service

How to Opt Out – You Can Unsubscribe Anytime:

Email Marketing:

  • Click the “Unsubscribe” link at the bottom of any promotional email
  • Effect is immediate – you’ll be removed from our marketing list

WhatsApp Marketing:

  • Reply “STOP” or “UNSUBSCRIBE” to any WhatsApp message
  • We will immediately stop sending promotional messages

SMS Marketing:

  • Reply “STOP” to any SMS message
  • You will be removed from our SMS list immediately

Direct Request:

  • Email us at info@theprepstudio.co.uk with “Unsubscribe” in the subject line
  • We will process your request within 2 business days

Important Notes:

  • Opting out of marketing does NOT affect:
    • Essential order confirmations and delivery notifications
    • Customer service communications
    • Legal notices or terms updates
    • Responses to your inquiries
  • You can opt back in at any time by contacting us or updating your preferences
  • We maintain suppression lists to ensure you don’t receive marketing after opting out, even if you place new orders

11. Cookies & Website Tracking

Our website may use cookies and similar technologies to improve functionality and user experience.

What are Cookies? Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and provide a better user experience.

Cookies We Use:

Strictly Necessary Cookies:

  • Essential for website operation (e.g., shopping cart, checkout process)
  • Session management and security
  • Cannot be disabled without affecting site functionality
  • These do not require consent under UK law

Functional Cookies (if applicable):

  • Remember your preferences and settings
  • Enable features like saved addresses or language preferences
  • Improve your experience but not essential

We Do NOT Use:

  • Advertising or tracking cookies
  • Third-party marketing cookies
  • Social media tracking pixels (except on social media platforms themselves)
  • Analytics cookies that track individual behavior

Managing Cookies:

  • You can control and delete cookies through your browser settings
  • Blocking strictly necessary cookies may prevent website functionality
  • Most browsers allow you to refuse cookies or receive alerts when they’re sent

For detailed information about our cookie usage, please see our separate Cookie Policy (if available) or contact us.

12. Children’s Privacy

Our services are not intended for children under the age of 18, and we do not knowingly collect personal information from minors.

  • Orders must be placed by individuals aged 18 or over
  • If we become aware that we have collected data from a child under 18, we will delete it immediately
  • Parents or guardians who believe we may have inadvertently collected information about their child should contact us immediately

13. Third-Party Websites & Links

Our website or communications may contain links to third-party websites, social media platforms, or external services (e.g., payment processors, review platforms).

Important:

  • This Privacy Policy applies only to our website and services
  • We are not responsible for the privacy practices of third-party websites
  • Third-party sites have their own privacy policies and terms
  • We encourage you to review their policies before providing personal information
  • Your interactions on third-party platforms (e.g., Facebook, Instagram) are governed by their privacy policies

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our business operations or services
  • New legal or regulatory requirements
  • Updates to data protection laws
  • Improvements to our data practices
  • Introduction of new features or technologies

How We Notify You:

  • The “Last Updated” date at the top will be changed
  • Significant changes will be notified via:
    • Email to registered customers
    • Prominent notice on our website
    • Notification at your next login (if applicable)

Your Acceptance:

  • Continued use of our services after changes indicates acceptance of the updated Privacy Policy
  • If you do not agree with changes, you should stop using our services and may request deletion of your data (subject to legal retention requirements)

Review Regularly: We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

The current version is always available at: https://theprepstudio.co.uk/privacy-policy

15. Contact Us – Privacy Questions & Requests

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

The Prep Studio Ltd

Email: info@theprepstudio.co.uk
Address: 423 Airedale House, Kirkstall Road, Leeds, LS4 2EW, United Kingdom
Website: https://theprepstudio.co.uk

We aim to respond to all privacy inquiries within 48 hours during business days (Monday to Friday).

For Data Subject Access Requests or formal complaints, we will respond within one month as required by UK GDPR.

16. Complaints to the Supervisory Authority

You have the right to lodge a complaint with the UK’s supervisory authority for data protection:

Information Commissioner’s Office (ICO)

Website: www.ico.org.uk
Telephone: 0303 123 1113
Live Chat: Available on their website
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

We encourage you to contact us first so we can address your concerns directly, but you have the absolute right to complain to the ICO at any time.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your information as described.

© 2025 The Prep Studio Ltd. All rights reserved.

Copyright © 2025. All rights reserved.
Home
Shop
Basket
Search