Contact us
Contact us
  • Tasty Digital Ltd.
    Suite A, Jubilee Centre
    10-12 Lombard Road
    Wimbledon, London
    SW19 3TZ

Follow us

Data Protection Policy

Tasty Digital Ltd is committed to protecting the privacy and security of personal data. This policy outlines our approach to data protection and our compliance with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018.

Data Controller

Tasty Digital Ltd is the data controller under GDPR. We are registered with the Information Commissioner's Office (ICO) with reference number A8325173.

Registered Address:
Suite A, 10-12 Lombard Road, Wimbledon, London, SW19 3TZ
Company Number: 9474918

Data We Collect

We collect and process personal data only where necessary for business operations:

  • Client data: Names, email addresses, business contact details, project information
  • Technical data: IP addresses, browser information, device type (for website functionality and security)
  • Communication data: Correspondence, meeting notes, project documentation

How We Store Data

All personal data is stored securely:

  • Files containing personal data are encrypted and password-protected
  • Where available, we use two-factor authentication
  • Physical documents are stored in locked cabinets with restricted access
  • Digital data is stored on secure servers in the UK and Netherlands
  • Regular security audits and monitoring for unusual activity

How We Use Data

We process personal data for legitimate business purposes:

  • Delivering services to clients
  • Managing client relationships and communications
  • Fulfilling contractual obligations
  • Meeting legal and regulatory requirements
  • Improving our services and website functionality

Data Sharing

We do not sell or rent personal data to third parties. We only share data with:

  • Trusted service providers who assist in delivering our services (e.g., hosting providers, email services)
  • Professional advisors (accountants, lawyers) where necessary
  • Government agencies when legally required

All third-party vendors are GDPR compliant and have appropriate contractual protections in place.

Data Retention

We retain personal data only as long as necessary:

  • Active client data is retained for the duration of the business relationship
  • Contact form submissions are reviewed annually and removed after 24 months of inactivity
  • Financial records are retained for 7 years to comply with legal requirements
  • Website analytics are retained for a maximum of 26 months

Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Request limited processing of your data
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to processing of your data

Data Breach Procedures

In the event of a suspected data breach:

  • We will immediately investigate and contain the breach
  • If confirmed, we will notify affected individuals within 72 hours
  • We will report to the ICO as required by law
  • We will take steps to prevent future breaches
  • Compromised account passwords will be reset

Staff Training

All staff receive training on data protection principles and best practices. We continually enhance our data protection procedures and keep up to date with regulatory changes.

Contact

For questions about data protection or to exercise your rights, please contact our Data Protection Officer via our contact form.

This Data Protection Policy was last updated on 28th October 2025.

← Back to Home