GDPR Compliance

Your data rights and our commitment to protection

Our Commitment to GDPR

At Slice & Go Pizzeria, we are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page outlines how we uphold your data rights and our responsibilities as a data controller for our pizza delivery services.

Your Data Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.

Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will respond to your request within 30 days.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or object to its processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Right to Withdraw Consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to fulfill our contract with you, including order processing and delivery of pizzas.

Consent

Processing based on your explicit consent, such as receiving marketing communications or using non-essential cookies.

Legitimate Interests

Processing necessary for our legitimate business interests, such as fraud prevention, improving our services, and network security.

Legal Obligation

Processing required to comply with legal obligations, such as tax and accounting requirements.

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Employee training on data protection
  • Secure data backup and recovery systems
  • Incident response and breach notification procedures

International Data Transfers

If we transfer your personal data outside Singapore, we ensure appropriate safeguards are in place, such as standard contractual clauses, to protect your data in accordance with GDPR requirements.

Data Retention

We retain your personal data only for as long as necessary:

  • Order information: 7 years for accounting and tax purposes
  • Marketing consent: Until you withdraw consent
  • Customer account data: Until account deletion is requested
  • Website analytics: 26 months
  • Support communications: 3 years

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR.

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe we have collected data from your child, please contact us immediately.

How to Exercise Your Rights

To exercise any of your GDPR rights, please:

  • Send an email to [email protected] with your request
  • Include sufficient information to verify your identity
  • Clearly state which right you wish to exercise
  • Provide any relevant details to help us process your request

We will respond to your request within 30 days. If we need more time, we will inform you and explain why.

Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the relevant supervisory authority in Singapore, the Personal Data Protection Commission (PDPC).

Contact Our Data Protection Officer

For any questions or concerns about GDPR compliance or data protection, please contact us:

Slice & Go Pizzeria

Data Protection Officer

123 Orchard Road, #01-05, Singapore 238830

Email: [email protected]

Phone: +65 6123 4567