BiteLink Privacy Policy

Effective date: 27/04/2026

1. Controller and Scope BiteLink  ("we", "us", "our") is the data controller for personal data processed via our website and BiteLink services described here.

Where BiteLink provides services to takeaway businesses, the takeaway acts as the data controller and BiteLink acts as a data processor, except where BiteLink processes data for its own purposes, such as analytics, security, and platform improvement.

This policy explains what data we collect, how we use it, and your rights under the UK GDPR and Data Protection Act 2018.

2. Information We Collect

We collect the following categories of personal data:
• Identity data: name
• Contact data: email address, phone number
• Account data: login credentials, authentication identifiers
• Transaction data: order or enquiry details
• Technical data: IP address, device type, browser, operating system
• Usage data: pages viewed, interactions, timestamps

We may also receive personal data from third parties, such as takeaway businesses using our platform, where necessary to provide our services.

We do not intentionally collect special category data. However, users may choose to include information such as allergy or dietary requirements within orders. This data is processed only for the purpose of fulfilling the order and is not used for profiling or marketing.

3. Lawful Bases for Processing

We process personal data on the following lawful bases:
• Contract: to provide services you request (e.g. account, orders)
• Legitimate interests: to operate, secure, and improve our services
• Consent: for marketing communications and optional features
• Legal obligation: to comply with applicable laws and regulations

4. How We Use Your Information

We use your data to:
• Provide and operate our services
• Create and manage user accounts
• Process orders or enquiries
• Communicate regarding accounts, orders, or support
• Monitor performance, prevent fraud, and ensure security
• Improve functionality and user experience
• Send marketing communications where permitted (you can opt out anytime)
• Conduct internal business operations such as audits, reporting, and analytics

Service-related communications (such as order updates or account notices) are essential to the service and cannot be opted out of.

5. Facebook Login

If you log in using Facebook, we receive limited data from your Facebook account, typically:
• Name
• Email address
• Profile picture (if available)
We use this solely to authenticate your account and personalise your experience.
We do not:
• Post to your Facebook account
• Access your friends list or unrelated data
• Sell or share Facebook data for marketing

You can remove this connection at any time via your Facebook settings.

6. Data Sharing and Processors

We share data only where necessary with vetted processors, such as:
• Hosting and cloud infrastructure providers
• Payment processors
• Email/SMS communication providers
• Analytics providers

All processors act under written agreements, process data only on our instructions, and are prohibited from using personal data for their own purposes.

We may also disclose personal data where required by law, to enforce our terms, or to protect our rights, users, or platform, including for fraud prevention and investigations.

We do not sell personal data.

7. International Transfers

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
• UK adequacy regulations
• Standard Contractual Clauses (SCCs)

8. Data Retention

We retain personal data only as long as necessary:
• Account data: retained while account is active + up to 24 months after inactivity
• Transaction data: retained for up to 6 years (legal/accounting requirements)
• Marketing data: until consent is withdrawn or inactivity exceeds 24 months

9. Your Rights

You have the right to:
• Access your personal data
• Correct inaccurate data
• Request erasure ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise rights, contact: help@bitelink.com

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

10. Data Deletion (Facebook Users)If you used Facebook Login, you can request deletion of your data by:
• Emailing: help@bitelink.com
• Providing your name and account email

We will:
• Delete your account and associated personal data
• Confirm completion within 30 days

11. Security

We implement appropriate technical and organisational measures, including:

• Encryption in transit (TLS)
• Access controls and authentication
• Secure infrastructure and monitoring
• Regular security reviews12.

Cookies

We use cookies to:
• Ensure core functionality
• Analyse usage and performance
• Improve user experience

Where required, we obtain consent before setting non-essential cookies. You can manage cookies via browser settings.

13. Children’s Data

Our services are not directed at children under 13. We do not knowingly collect data from children.

14. Automated Decision-Making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

15. Business Users and Marketing Responsibility

We may process personal data of business users (such as staff accounts) to provide access to POS systems, dashboards, and operational tools.

Where marketing is carried out by a takeaway business using BiteLink, that business is responsible for obtaining and managing consent. BiteLink acts only as a data processor in these cases.

16. Corporate Transactions

In the event of a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

17. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with the updated effective date.

18. Contact BiteLink
Email: help@bitelink.com
Website: bitelink.com