Telephone: 01403 741177

Email: info@theeasylunchcompany.co.uk

School lunch customers

Book meals

Privacy Statement

Introduction

The Easy Lunch Company Ltd (the company, we, us) is a Service Provider of Hot School Meals.

ICO Registration Number: ZA144079

We are committed to protecting your privacy and only using your personal information in accordance with relevant UK legislation including the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communication Regulations.

This Privacy Statement tells you what we do with your personal information including where we collect information from, how we use it and how long we store it for. It also explains your rights in relation to this.

Contact Information

The Easy Lunch Company Ltd is the Data Controller for all data collected, stored and used in relation to the business interests and activities of the company.

We can be contacted in relation to the use of personal data using the details below:

Emma Treasure
The Easy Lunch Company Ltd
01403 741177
emma@theeasylunchcompany.co.uk

Your Personal Information

Personal information is data which can be used to identify you. This can include your name, address, email address, telephone number. The information we collect and where it comes from can vary depending on your relationship with the company.

Information about Children and Parents or Carers

When we are contracted to provide our service for a school, the school facilitates data sharing with the Easy Lunch Company using SchoolGrid which is the secure cloud based software we use for ordering of school meals.  Further data may come directly from parents; this enables us to provide you with the services you require particularly when a Special Dietary Meal is required.

We collect and use information about children and their parents or carers to enable us to provide you with products and/or services.

We will also use the information we collect to:

  • improve our products and services
  • market the business

We will collect and use the following information relating to clients:

  • Names
  • Contact details such as telephone numbers, address, email address
  • Records of meetings, conversations and decisions
  • Purchase or service history
  • Transaction data (including details about payments to and from you and details of products and services you have purchased)
  • Information relating to compliments or complaints
  • Marketing preferences
  • Correspondence

We collect or receive this information from you directly or from your child’s School via SchoolGrid.

If you choose to interact with us on social media we may receive information relating to you such as your social media handles via those platforms.

Job Applicants

When you apply for a job with us you will be known by us as an “applicant”.

We collect and use information about applicants to enable us to undertake a fair and lawful recruitment process.

We will collect and use the following information relating to applicants:

  • Names
  • Contact details such as telephone numbers, address, email address, social media handles
  • Employment and volunteering history
  • Records of interviews, conversations, tests and decisions
  • Correspondence
  • Special category data where this is necessary to facilitate a fair and inclusive recruitment process
  • ID Documents

We collect or receive this information from you directly or from publicly available sources such as your social media channels.

In some situations, we could receive this data from a recruitment agency where you have engaged them to act on your behalf.

Employees and Volunteers

On appointment into a paid role within the organisation, you will be known by us as an “employee”.

When you undertake an unpaid role within the organisation you will be known as a “volunteer”.

We collect and use information about employees and volunteers including substantive employees, bank and agency workers, contracted staff, volunteers, trainees and those carrying out work experience in order to meet our contractual, statutory and administrative obligations.

We will also use the information we collect to monitor inclusivity and monitor our appeal as an employer across our local population

We will collect and use the following information relating to employees and volunteers:

  • Names
  • Contact details such as telephone numbers, address, email address, social media handles
  • Qualifications
  • Employment and volunteering history
  • Referee details
  • Records of interviews, conversations, tests and decisions
  • Correspondence

For the purposes of carrying out employee verification checks prior to an employment offer, we will collect additional information from you including:

  • Copy of qualifications/ certificates
  • Pre-employment checks, including references, identity documents and ‘right to work’ information
  • Bank details

Following your appointment, we may add any other information you supply to us or is required as part of your employment including:

  • Training, appraisal and revalidation information
  • Occupational health information (medical information including physical or mental health conditions)
  • Details of any absences (other than holidays) including statutory parental leave and sick leave
  • Vaccination status (including Flu and COVID-19) if necessary
  • Information relating to health and safety
  • Employment tribunal applications
  • Complaints
  • Accidents
  • Incident details

We collect or receive this information from you directly or from publicly available sources such as your social media channels.

In some situations, we could receive this data from:

  • From an employment agency
  • From referees, either external or internal, providing confidential information about your suitability to the role
  • From the Disclosure and Barring Service where applicable, which will inform us about any criminal convictions you may have
  • From occupational health service providers and other health providers
  • From His Majesty’s Revenue and Customs (HMRC) relating to your pay, tax and employment
  • From government departments about your right to work and visa applications
  • From your Trade Union
  • From providers of staff benefits
  • Confirmation of your registration with a professional body
  • CCTV images taken using our own CCTV systems
  • Photography

At the time of your recruitment, we take photographs which are then used for ID Cards. This photograph may also be used in local/departmental areas and on the organisation’s intranet page to support with identification of employees. You may be asked to update this image on a regular basis to ensure that it is still usable for the purpose of employee identification.

If you agree to your photograph being taken or take part in a video or audio recording for any purpose other than for ID cards (such as publishing, republishing, transmitting or broadcasting across a range of print, online, broadcast and social media channels to promote the organisation), we will first seek your consent.

We will continue to use your images until you tell us not to.

Sensitive or Special Category Data

In some situations, we may collect or process special category data. This is personal data which needs more protection due to its sensitive nature such as data concerning your health. We collect or process this data in order to:

  • make services accessible and inclusive.

We process the following special category data:

  • Race or ethnic origin
  • Religious or philosophical beliefs
  • Health information

We will normally collect this information direct from you, but we may also receive it from your school.

Closed Circuit Television (CCTV) and other Security Cameras

We use CCTV on our premises for the purposes of security, safety and crime prevention.

Footage may be recorded and stored securely for a limited period of time up to 30 days and access is restricted to authorised people only. We ensure that all video surveillance use complies with relevant UK legislation and is carried out in a way which respects individuals rights.

Lawful basis

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal data.

Consent – Sometimes we will ask for your consent to process your personal data. Before doing so we will provide you with the necessary information to make an informed decision. Once given, you can withdraw your consent at any time.

We use consent when:

  • Collecting  information in order to make services accessible and inclusive.
  • Collecting special category data about you in order to provide you with our services.
  • Using images in which you are identifiable on the company’s social media accounts or website.

Legitimate Interest – At times we will rely on the legitimate interest as the lawful basis for processing your personal data. This can only be used where we believe there is a legitimate interest to either you or the company and it must be balanced with your rights and freedoms in relation to your personal information. We may use legitimate interest when:

  • using your personal data in order to send you an email about a new service.

Legal Obligation – I may need to collect, process, share or hold personal data in order to meet legal obligations. We / I use legal obligation:

  • if ordered to process your data by a court.

Performance of a Contract – If you enter into a contract with the company such as commissioning work or purchasing a service from us. We will need to collect and process some personal data in order to meet the contractual obligations.

Public Interest – We process personal data where it is necessary for us to perform a task carried out in the public interest or in the exercise of official authority vested in us.

This means we may use your personal information where the law allows or requires us to do so in order to carry out our public functions, provide services, or support activities that benefit the public such as:

  • Providing education, healthcare, social care, or other publicly funded services.
  • Sharing information with appropriate authorities where there are concerns about the safety or welfare of a child or vulnerable adult.
  • Sharing relevant information with health authorities to monitor disease, manage outbreaks, or protect public health.
  • Checking information to prevent fraud or misuse of public resources.

Where we rely on this lawful basis, the processing will be supported by legislation, statutory duties, or official powers that apply to our organisation.

Vital Interest – In limited circumstances, we may process your personal data where it is necessary to protect someone’s vital interests. This means processing information in order to protect a person’s life or prevent serious harm.

We will only rely on this lawful basis where the processing is genuinely necessary to protect life or safety and where the individual is incapable of giving consent or it is not possible to obtain consent in time. Such as:

  • Sharing information with healthcare professionals or emergency services where someone requires urgent medical treatment.
  • Sharing health or contact information to ensure appropriate treatment can be provided.
  • Disclosing information to protect an individual where there is an immediate risk of serious harm or death.
  • Using stored emergency contact details where someone has been seriously injured or becomes unconscious.

Sharing your personal data

The organisation may disclose personal and sensitive information to a variety of recipients including:

  • Our employees, agents and contractors where there is a legitimate reason for them receiving the information
  • Current, past or potential employers of our employees to provide or obtain or supply references
  • Professional and regulatory bodies in relation to the confirmation of conduct including complaints, job description and information provided as part of the recruitment process
  • Government departments and agencies where we have a statutory obligation to provide information (e.g. HMRC, and the Home Office)
  • The Disclosure and Barring Service (DBS) and DBS Update Service where we require a DBS check for certain roles
  • Third parties who work with us to provide employee support services (e.g. counselling)
  • Third parties who provide systems to help us perform business activities
  • Internal and external auditors
  • Debt collection and tracing agencies
  • Courts and tribunals
  • Trade union and staff associations
  • Survey organisations
  • Training providers

Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.

Where possible, we will always look to anonymise/pseudonymise your personal information so as to protect confidentiality, unless there is a legal basis that permits us to use it and we will only ever use/share the minimum information necessary.

However, there are occasions where the organisation is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

There are a number of circumstances where we must or can share information about you to comply with or manage:

  • disciplinary/investigation processes and serious incident management, including but not limited to referrals to professional bodies, and to seek advice from relevant professions for expert opinions
  • legislative and/or statutory requirements
  • court orders which may have been imposed on us
  • requests for information from the police and other law enforcement agencies for the prevention and detection of crime, and/or fraud if the crime is of a serious nature

Your rights

Under UK data protection legislation, you have certain rights in relation to the processing of your personal data.

Your right to be informed – You have the right to be informed about the collection and use of your personal data. This privacy notices aims to fulfil this right supported by information provided by me before we / I ask for consent to process your personal data (if applicable).

Your right of access – You have the right to ask us / me for access to or a copy of your personal information. You can request other information such as details about where we / I get personal information from and who we / I share personal information with. There are some exemptions which means you may not receive all the information you ask for.

Your right to rectification – You have the right to ask us / me to correct or delete personal information you think is inaccurate or incomplete. In certain circumstances your request may be refused.

Your right to erasure – You have the right to ask us / me to delete your personal information also known as the right to be forgotten. There are certain circumstances where this right doesn’t apply such as where legal obligation is the lawful basis for processing the data.

Your right to restriction of processing – You have the right to ask us / me to limit how we / I can use your personal information in some situations.

Your right to object to processing – You have the right to object to the processing of your personal data in some cases. For example, you can object to the use of your data for direct marketing.

Your right to data portability – You have the right to ask that we / I transfer the personal information you gave me to another organisation, or to you.

Your right to withdraw consent – When we / I use consent as our / my lawful basis you have the right to withdraw your consent at any time.

If you make a request, we / I must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us / me using the contact details at the top of this privacy notice.

How long we / I keep information

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including the purposes of satisfying any legal, accounting, or reporting requirements. Retention periods for personal data will vary according to the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When you become a customer, we will store your data for the lifetime of the business relationship plus 6 years from the date of the contract’s termination or last contact whichever is later.

If you are an employee, we will ordinarily retain your information for six years after termination of employment, which is the statutory limitation period for breach of contract claims, and then it is promptly deleted once that period has passed.

A summary of your records will be kept until your 75th birthday or six years after leaving whichever is the longer and then reviewed.

For unsuccessful job candidates, documentation is retained for six months after candidate is rejected for a role and then deleted.

If we are able to anonymise your personal data so that you can no longer be identified from it, we may use such information without further notice to you.

Queries, Concerns or Complaints

If you have any queries, concerns or complaints about our / my use of your personal data, you can contact us / me using the contact details at the top of this privacy notice.

If you have a complaint and remain unhappy with how we’ve / I’ve used your data after raising a complaint with us / me, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Version 1                        Effective date:  23rd March 2026