Last updated : 29 May 2026

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 give individuals more rights and protections regarding their personal data, helping minimise the possibility of theft, fraud, and misuse of information.

These regulations include provisions for the following areas:

• The right to be informed: Companies must publish a privacy notice and explain transparently how personal data is used.
• The right of access: Individuals have the right to request details of any personal data a company holds about them. This information must normally be provided within one month of the request and at no charge.
• The right to rectification: If personal data is incorrect or incomplete, individuals have the right to have it corrected. Where applicable, third parties who received the incorrect data will also be informed.
• The right to be forgotten: Individuals may request the removal of their personal data in certain circumstances.
• The right to restrict processing: Under certain circumstances, individuals can request that the processing of their personal data be restricted.
• The right to data portability: Individuals can request access to their personal data for their own use elsewhere.
• The right to object: Individuals can object to the use of their personal data for certain purposes.

1.0 Our Core Principles Regarding User Privacy and Data Protection

• User privacy and data protection are fundamental rights.
• We have a duty of care to all individuals whose data we process.
• Data is a liability and should only be collected and processed where necessary.
• We despise spam in all its forms.
• We will never sell, rent, or otherwise distribute personal information to third parties for commercial gain.

2.0 Relevant Legislation

Alongside our business and internal computer systems, our website and mobile application are designed to comply with the following legislation relating to data protection and user privacy:

• Data Protection Act 2018
• UK General Data Protection Regulation (UK GDPR)
• EU General Data Protection Regulation (GDPR), where applicable

Compliance with the above legislation means that our website and mobile application are also likely to comply with many other international data protection and privacy laws. If you are unsure whether our website and mobile application comply with the legislation applicable in your country of residence, please contact our Compliance Team using the details in section 10.0.

3.0 Personal Information That Our Website and Mobile Application Collect and Why We Collect It

Our website and mobile application collect and use personal information for the following reasons:

3.1 Site Visitation Tracking

Like most websites, this site uses analytics tools to track user interaction. We use this data to determine the number of people using our website, understand how visitors find and use our web pages, and improve the customer experience.

Our analytics tools may collect information such as:

• approximate geographical location
• device type
• internet browser
• operating system
• IP address
• browsing behaviour and website usage activity

This information does not personally identify users to us.

Analytics tools we use, do uses cookies. Disabling cookies within your internet browser settings will stop them from tracking your visit to our website.

3.1.2 App Location Data

We use location-related data to better understand customer demand and improve customer service and staffing levels within our stores.

Our mobile application may use approximate current geographical location information to provide relevant information such as:

• store opening times
• offers and promotions
• latest stock availability

No location data is permanently stored within the app.

3.2 Customer Promotions

Should you choose to register to access customer promotions, personal information entered by you may be stored within our website or mobile application databases together with:

• IP address
• login time and date

This information is used solely for customer identification and account administration purposes.

3.3 Contact Forms and Email Links

If you contact us using a website contact form or email link, the data supplied will be processed for the purpose of responding to your enquiry.

Data submitted via contact forms is transmitted securely via SMTP servers protected using TLS/SSL encryption with SHA-2 256-bit cryptography before transmission across the internet.

3.4 Email Newsletters and Marketing Communications

If you subscribe to our newsletter or marketing communications, the contact information you provide may be stored within our internal systems for marketing purposes.

We may contact customers through:

• email newsletters
• SMS communications
• social media and messaging channels
• promotional notifications

You may unsubscribe or opt out of marketing communications at any time using unsubscribe links or by contacting us directly.

4.0 Categories of Personal Data Processed

We may collect and process the following categories of personal data where necessary for business, contractual, legal, or security purposes:

• Identity data – including name, title, date of birth, username, or other identifiers
• Contact data – including address, email address, and telephone number
• Account and access data – including user IDs, login details, authentication information, and permissions
• Professional or employment data – including job title, employer name, and business contact details
• Financial and transactional data – including billing information, payment details, and transaction records where applicable
• Technical and usage data – including IP address, browser type, operating system, device information, access logs, and usage activity
• Security and audit data – including system logs, monitoring records, access records, and incident information
• Communications data – including emails, correspondence, and records of interactions with us
• Compliance and risk data – including records required for regulatory, audit, due diligence, or fraud prevention purposes

5.0 Legal Basis for Processing Personal Data

Personal data is processed in accordance with the UK GDPR and the Data Protection Act 2018.

Depending on the activity involved, we rely on one or more of the following lawful bases:

• Performance of a contract
• Legal obligation
• Legitimate interests
• Consent

Our legitimate interests include:

• operating our business
• fulfilling contractual obligations
• fraud prevention
• system and data security
• risk management
• audit and compliance activities
• protecting customer and business information

Where legitimate interests are relied upon, appropriate balancing assessments are undertaken to ensure that individual rights and freedoms are protected.

6.0 Credit Reference and Affordability Checks

To help us assess applications for trade accounts and business credit facilities, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 742313).

TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 805757).

The information we receive may include:

• identity data
• credit commitments
• payment history
• public record information
• affordability and creditworthiness indicators

This information is used solely for legitimate business purposes including:

• creditworthiness assessment
• identity verification
• fraud prevention
• compliance obligations

Further information regarding how Creditsafe and TransUnion process personal data can be found within their respective privacy notices.

Creditsafe Transparency Notice:
Transparency Notice | Customers & Suppliers

TransUnion CRAIN (Credit Reference Agency Information Notice):
https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference

TransUnion Bureau Privacy Notice:
https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

7.0 Sources of Personal Data

We may collect personal data from:

• individuals directly
• employers or clients
• referees where relevant and permitted
• publicly available sources
• credit reference agencies
• third party service providers supporting compliance or verification activities

8.0 How We Store Personal Information

Information supplied to us may be stored securely within our internal customer databases and systems.

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected and to meet legal, regulatory, accounting, and operational requirements.

Data used for credit reference or affordability checks is retained only for as long as necessary and is then securely deleted or anonymised where appropriate.

9.0 Website and Mobile Application Servers

Our website and mobile application are hosted in secure data centres within the United Kingdom.

All traffic between our website/mobile application and users’ browsers is encrypted and delivered over HTTPS.

Where personal data is transferred outside the UK or European Economic Area (EEA), appropriate safeguards are implemented in accordance with applicable data protection laws.

10.0 Compliance Team and Data Protection Contact

Dhamecha Foods Ltd does not currently appoint a formal Data Protection Officer but has designated a Compliance Manager responsible for data protection matters.

Compliance Team
Compliance Manager, Dhamecha Foods Ltd
Telephone: 0208 903 8181
Email: compliance@dhamecha.com

Registered Office:

Dhamecha Foods Ltd
2 Hathaway Close
Stanmore
Middlesex
HA7 3NR

11.0 Data Breaches

We will report any unlawful data breach affecting personal data stored by us or by our data processors to the relevant supervisory authorities and affected individuals where legally required and where the breach is likely to result in a risk to the rights and freedoms of individuals.

12.0 Automated Decision Making and Profiling

We may use automated systems and tools to support business processes such as:

• risk assessment
• fraud prevention
• affordability checks
• identity verification
• record management

These tools may analyse personal data using predefined rules or criteria to generate indicators, recommendations, or risk scores.

However, we do not make decisions that have legal or similarly significant effects on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

13.0 Provision of Personal Data

The provision of certain personal data is necessary:

• to enter into and perform contracts
• to process orders and manage accounts
• to verify identity and prevent fraud
• to comply with legal and regulatory obligations

If requested personal data is not provided:

• we may be unable to enter into contracts
• we may be unable to supply goods or services
• we may be unable to complete verification or compliance checks
• services or applications may be delayed, restricted, or declined

Where personal data is collected for optional purposes such as marketing communications, providing such data is voluntary and consent may be withdrawn at any time.

14.0 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or another relevant supervisory authority if you believe your personal data has been processed unlawfully or improperly.

15.0 Changes to This Privacy Policy

This privacy policy may change from time to time in line with legislation, regulatory guidance, operational requirements, or industry developments.

Any updates will be published on this page and users are encouraged to review this policy periodically.