Our approach to data protection and your rights under UK GDPR
Our commitment: InOrdera is built to be compliant with UK GDPR and the Data Protection Act 2018. We treat data protection as a fundamental responsibility โ not an afterthought. This page explains our approach and your rights.
Everything we do with personal data follows the seven principles of UK GDPR:
We only process data on a lawful basis and are transparent about how we use it.
Data is collected for specified, explicit purposes and not processed in ways incompatible with those purposes.
We collect only what we need. No excessive data collection.
We take reasonable steps to keep data accurate and up to date.
Data is held only as long as necessary. Our retention schedules are defined and enforced.
Appropriate technical and organisational security measures protect all personal data.
As a data subject, you have the following rights. You can exercise any of them by contacting privacy@inordera.com. We will respond within one calendar month.
You can request a copy of all personal data we hold about you, along with information about how we use it.
If data we hold about you is inaccurate or incomplete, you can ask us to correct it.
You can ask us to delete your personal data where we have no legitimate reason to continue holding it. Note that some data must be retained for legal or allergen compliance purposes.
You can ask us to limit how we process your data in certain circumstances โ for example, while you contest its accuracy.
Where processing is based on consent or contractual necessity, you can receive your data in a structured, machine-readable format to transfer to another service.
You can object to processing based on legitimate interests or direct marketing. We will stop processing unless we have compelling grounds that override your interests.
If a decision that significantly affects you is made solely by automated means, you have the right to request human review, express your view, and contest the decision.
Where InOrdera acts as a data processor on behalf of our restaurant customers (for example, processing end-user order data), we enter into a Data Processing Agreement (DPA) that complies with UK GDPR Article 28. Our DPA is available on request for enterprise customers.
Where InOrdera acts as a data controller (for example, when we hold our customers' account data), we are directly accountable under UK GDPR.
The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO). If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the ICO:
We would always appreciate the opportunity to address any concerns directly before you contact the ICO. Please email us first at privacy@inordera.com.
Email: privacy@inordera.com
Subject line: GDPR Request โ [your name]
We aim to respond to all data subject requests within 30 calendar days. For complex requests we may extend this to 90 days and will notify you accordingly.