Privacy policy for end users
In this privacy policy, you can learn more about how Mum’s Thai (www.mumsthai.com) processes your personal data when you use our online order website and mobile application, depending on the platform you use (the Service).
We provide you with this information as we are required to do so under the EU General Data Protection Regulation (the GDPR).
Controller
Mum’s Thai is the controller in respect of the processing of your personal data when you create a user profile and/or when you complete an order on the Service.
Mum’s Thai’s contact details are stated at the bottom of this webpage.
Purposes of and legal basis for processing
When you use the Service, we process your personal data for several purposes. In the table below, you can learn more about the various purposes, which data we process and what the legal basis for our processing is.
Processing activities | Purpose(s) of the processing | Legal basis for the processing |
Processing your orders and creating your user profile | We process your contact details (name, address, email address and telephone number) and particular order data (any comments on the order, purchase history, payment details, etc.) for the purpose of registering and completing payment of your order which we share with the relevant takeaway and for the purpose of relocating the details in connection with future orders. In addition, we process your contact details to be able to create your user profile, if relevant. | The legal basis for our processing is point (f) of article 6(1) of the GDPR as we are pursuing our legitimate interest in collecting payments for our and the takeaway’s services, letting the takeaway know which order to prepare and deliver, and creating a profile for you. |
Checking and correcting errors in the Service | We record log data in the Service, and such log data may include personal data (e.g. your IP address). The log data is recorded for the purpose of correcting technical errors in the Service and identifying and preventing potential fraud (e.g. in case of unusual orders etc.). | The legal basis for our processing is point (f) of article 6(1) of the GDPR as we are pursuing our legitimate interest in correcting errors and improving the Service, including making it more user-friendly. |
Answering and processing enquiries about the Service | When you contact us (e.g. by email or directly on the Service), your enquiry will often contain personal data, including your contact details and other personal data which you may disclose to us. We process such data to be able to process and answer your enquiries and provide general customer service and technical support etc. relating to your use of the Service. | The legal basis for our processing is point (f) of article 6(1) of the GDPR as we are pursuing our legitimate interest in providing relevant customer service and/or technical support to you when you use the Service. |
Recipients of your personal data
Disclosure to external third parties
We disclose your name, email address and order data to the takeaway preparing your order, in particular for the purpose of enabling the takeaway to send service notices about the delivery of your order. The takeaway also receives your name and your email address for the purpose of distributing marketing material (if you have consented to receive electronic marketing from the takeaway).
We may also disclose your personal data to our external business partners (e.g. carriers or couriers who may deliver the items you have ordered from the takeaway on the Service). We also disclose personal data included in our accounting records (e.g. your contact and/or payment details) to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc.
Disclosure within the Mum’s Thai Medway
For the purpose of providing efficient and stable customer service irrespective of the country you are in, we share your personal data with the other Mum’s Thai Medway. That also means that we may have received personal data about you from one of our group companies, e.g. for the purpose of processing your enquiries relating to particular orders or your use of the Service.
Use of processors
We make your personal data available to our processors who e.g. host, develop and support the Mum’s Thai Medway IT systems and/or send service notices for us.
Transfer of your personal data to third countries
When we make data available to our processors, we may transfer your personal data to the USA, Ukraine, Serbia and the Philippines. The basis for such transfer is the Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council as we have entered into such standard contractual clauses with the relevant recipients of the data.
Storage of your personal data
We are required to only store your personal data for the period necessary for us to fulfil the purposes for which they were collected. For that reason, we have established the time limits for erasure set out in the table below. As a general rule, we erase or anonymise your personal data according to the time limits stated below unless it is necessary that we continue to store them, e.g. for the purpose of particular cases or the like.
When it is stated below that your personal data will be erased, we may instead anonymise the data, and then the data can no longer be used to identify you. Anonymised data are not covered by the GDPR as they are no longer personal data.
Processing activities | Storage and time limits for erasure |
Processing your orders and creating your user profile | As a general rule, data relating to particular orders or other agreements with you are stored for 5 years after the end of the financial year in which the order was completed or the agreement has ended. The personal data are stored e.g. for the purpose of complying with our obligation to present financial statements etc. As a general rule, data included in your user profile but not related to a particular order (e.g. your login information etc.) are stored for 12 months after the end of the financial year in which you were last logged in (unless you have deactivated your user profile before that). |
Checking and correcting errors in the Service | As a general rule, the personal data included in the recorded log data are erased no later than 12 months after the particular actions on the Service are recorded. |
Answering and processing enquiries about the Service | As a general rule, data relating to particular cases or agreements with you, or the business you represent, are stored for 5 years after the end of the financial year in which your last enquiry was closed or the agreement has ended. The personal data are stored e.g. for the purpose of complying with our obligation to present financial statements etc. As a general rule, we erase data not related to a particular case or agreement 12 months after the end of the financial year in which your last enquiry was closed. |
Your rights etc.
You have special rights to help you control your personal data, and we wish to make it easy for you to exercise those rights:
Rights | Descriptions |
Right of access | If you ask us, we will confirm whether we process your personal data and, if so, we will give you a copy of them. |
Right to rectification | If your personal data are inaccurate or incomplete, you have a right to ask us to correct or complete them. |
Right to erasure and right to restriction of processing | In certain circumstances, you may ask us to erase the data or to restrict our use of them. |
Right to data portability | You have the right to receive the personal data that we process about you in a structured, commonly used and machine-readable format and to use it elsewhere. |
Right to object and withdrawal of consent | In certain circumstances, you have the right to object to our otherwise lawful processing of your personal data, including processing for direct marketing purposes. |
Right of complaint | If you wish to complain about our processing of your personal data, you may file a complaint with the Information Commissioner’s Office (ICO) on https://ico.org.uk/ |
You can read about how to contact the relevant controller Mum’s Thai company at the bottom of this webpage.
Right to withdraw consent (unsubscribing from marketing)
If you are no longer interested in receiving news or offers from Mum’s Thai, you may withdraw your consent by unsubscribing from marketing in the individual emails you receive. You may also contact us directly using the contact details stated at the bottom of this webpage.
If you withdraw your consent, it will not affect the lawfulness of our processing before the withdrawal. As a result, your withdrawal will only be effective in respect of future processing.
Contact
If you have any questions about how we process personal data, please contact us using the following contact details:
Mum’s Thai Medway
50 New Road
Chatham, Medway
Kent, ME4 4QR
United Kingdom
Email: privacy@mumsthai.com
For the purpose of protecting your data, we may, in certain circumstances, ask you to confirm your identity before we are able to process your request. Therefore, it will be practical if you contact us by email and include a reference to an order number or the like in your enquiry.