Privacy Policy

Last updated: 14 December 2025

1. Who we are

This Privacy Policy explains how TheGrillQueen collects, uses, shares and protects your personal data when you use the website available at https://www.thegrillqueen.co.uk and any related services (together, the “Website”).

For the purposes of UK data protection law, TheGrillQueen is the data controller of your personal data.

If you have questions about this Policy or how we handle your data, please contact us using the contact details provided on our Website, clearly marking your message “Privacy request”.

2. Scope and legal framework

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and, for electronic marketing and cookies, the Privacy and Electronic Communications Regulations 2003 (PECR).

This Policy applies to personal data collected through the Website, by email, and through our social media pages that link to or reference this Policy. It does not cover third-party websites or services that we do not control.

3. What personal data we collect

  • Information you provide to us:
    • Contact details (such as name, email address, telephone number).
    • Order, booking or enquiry details (for example, event date, service requirements, delivery address where relevant).
    • Account details if you create an account (username, password).
    • Marketing preferences and communication choices.
    • Payment-related information needed to complete transactions (processed securely by our payment providers; we do not store full card numbers).
    • Job application information (CV/resumé, cover letter, work history) if you apply to work with us.
    • Any other information you choose to provide when contacting us.
  • Information collected automatically:
    • Technical data from your device and browser (IP address, device identifiers, browser type and version, operating system, time zone, referring URLs).
    • Usage data about how you interact with the Website (pages viewed, clicks, scrolls, access times, error logs).
    • Cookies and similar technologies, as explained in section 5.
  • Information from third parties:
    • Payment and fraud prevention information from payment processors.
    • Delivery information from logistics or courier partners.
    • Analytics and advertising partners (aggregated or pseudonymised usage statistics, campaign performance).
    • Publicly available sources or social media platforms when you interact with us there.

4. Purposes and legal bases for processing

We process your personal data for the following purposes and legal bases:

  • To provide our services, manage orders/bookings, respond to enquiries and provide customer support
    • Legal basis: performance of a contract or steps taken at your request before entering into a contract (UK GDPR Art. 6(1)(b)); and our legitimate interests in operating our business and assisting users (Art. 6(1)(f)).
  • To operate, secure and improve the Website (including troubleshooting, data analysis, testing, system maintenance, support and reporting)
    • Legal basis: our legitimate interests in ensuring the security, integrity and performance of our Website and services (Art. 6(1)(f)).
  • To process payments and prevent fraud
    • Legal basis: performance of a contract (Art. 6(1)(b)); compliance with legal obligations (e.g., anti-fraud) (Art. 6(1)(c)); and our legitimate interests in fraud prevention (Art. 6(1)(f)).
  • To send you marketing communications and personalise advertising where permitted
    • Legal basis: your consent for electronic marketing and non-essential cookies under PECR/UK GDPR (Art. 6(1)(a)); our legitimate interests in promoting our services (Art. 6(1)(f)) where soft opt-in conditions are met. You can withdraw consent or object at any time.
  • To comply with legal and regulatory obligations (tax, accounting, consumer protection, data protection)
    • Legal basis: compliance with legal obligations (Art. 6(1)(c)).
  • To manage and evaluate job applications
    • Legal basis: steps prior to entering into a contract (Art. 6(1)(b)) and our legitimate interests in managing recruitment (Art. 6(1)(f)).
  • To protect vital interests and ensure safety (e.g., significant health or safety incidents at events)
    • Legal basis: vital interests (Art. 6(1)(d)).

Where we rely on legitimate interests, we balance those interests against your rights and freedoms and process data only where they are not overridden by your interests or fundamental rights.

5. Cookies and similar technologies

Cookies are small files placed on your device that help the Website function, improve performance and deliver relevant content. We use:

  • Strictly necessary cookies: required for core features such as page navigation, security and access to protected areas. These cannot be switched off using our systems.
  • Performance/analytics cookies: help us understand how visitors use the Website (for example, pages visited and errors) so we can improve it.
  • Functionality cookies: remember choices you make (such as preferences) to provide enhanced features.
  • Advertising/targeting cookies: may be set by us or our partners to build a profile of your interests and show relevant ads.

Non-essential cookies (analytics, functionality, advertising) are used only with your consent where required. You can manage your cookie preferences via the cookie banner (when presented) and by adjusting your browser settings to block or delete cookies. Blocking some cookies may impact your experience on the Website.

Cookie lifespans vary: some expire when you close your browser (session cookies); others remain for a defined period (typically from a few days up to two years) unless you delete them sooner.

6. How we share your personal data

We share personal data only as necessary for the purposes described above and with appropriate safeguards:

  • Service providers acting as processors that help us operate the Website and deliver services (hosting and cloud providers, IT support, analytics, payment processors, email and communications platforms, delivery/courier partners, event staff).
  • Professional advisers (lawyers, accountants, auditors) and insurers where needed for our legitimate business purposes.
  • Regulators, law enforcement and authorities where required by law or to protect our rights, users or the public.
  • Third parties involved in a business transaction (merger, acquisition, restructuring or sale of assets), in which case personal data may be disclosed under confidentiality and transferred as part of the transaction.

We do not sell your personal data.

7. International data transfers

Some of our service providers or partners may be located outside the United Kingdom, including in countries that may not provide the same level of data protection as the UK. Where we transfer personal data internationally, we ensure that one of the following applies:

  • An adequacy regulation is in place for the destination country; or
  • We use appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with supplementary measures where necessary; or
  • A UK GDPR derogation applies (for example, your explicit consent or the necessity of the transfer for the performance of a contract).

8. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected and to meet legal, accounting or reporting requirements. Typical retention periods are:

  • Enquiries and customer service correspondence: up to 24 months after resolution.
  • Order/booking, contract and transaction records: up to 6 years from the end of our relationship (to meet tax and legal obligations).
  • Marketing data (including consent records): until you withdraw consent or object, and otherwise reviewed at least every 24 months for inactivity.
  • Account data: for the life of the account and up to 24 months after closure or last activity, unless a longer period is required by law.
  • Job applications (unsuccessful): typically 6 to 12 months after the process ends, unless you agree to a longer period.
  • Technical logs and security records: typically up to 12 months, unless needed for investigation or legal purposes.
  • Cookies: as set out in section 5.

We may retain data longer where necessary to establish, exercise or defend legal claims.

9. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or damage. These include access controls, encryption in transit, secure configurations, regular monitoring, contractual safeguards with service providers and staff training. While we work to protect your data, no website or internet transmission is completely secure; you should take care when sharing information online.

10. Your rights

Subject to conditions and exemptions under UK law, you have the following rights with respect to your personal data:

  • Access: to obtain a copy of your personal data and certain information about how we process it.
  • Rectification: to have inaccurate or incomplete data corrected.
  • Erasure: to request deletion of your data in certain circumstances.
  • Restriction: to request we limit processing in certain cases.
  • Portability: to receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where feasible.
  • Objection: to object to processing based on our legitimate interests and to object to direct marketing at any time.
  • Withdraw consent: where we rely on consent, you may withdraw it at any time (this will not affect processing already carried out).

To exercise your rights, please contact us using the contact details provided on our Website and clearly describe your request. We may need to verify your identity. We aim to respond within one month, or inform you if more time is needed due to complexity.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). ICO contact details include: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone 0303 123 1113.

11. Marketing communications

Where permitted by law, we may send you marketing communications about our products and services. We will obtain your consent when required by PECR. You can opt out at any time by following the unsubscribe instructions in our emails or by contacting us. Even if you opt out of marketing, we may still send service or transactional messages (for example, order updates).

12. Children’s privacy

Our Website and services are not directed to children and we do not knowingly collect personal data from anyone under 13 years of age. If you believe a child has provided us with personal data, please contact us so that we can delete it.

13. Automated decision-making

We do not carry out solely automated decision-making that produces legal or similarly significant effects on you. If this changes, we will inform you and explain the logic involved and your rights.

14. Data Protection Officer and contact

We are not required to appoint a Data Protection Officer under the UK GDPR. For any questions about this Policy or our data practices, or to exercise your rights, please contact us using the contact details provided on our Website and include “Privacy request” in your message.

15. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or for other operational reasons. The date at the top of this page indicates when it was last updated. We encourage you to review this Policy periodically to stay informed about our handling of personal data.

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2026 TheGrillQueen