This privacy notice applies to the processing of personal data by Tiffin Tin Holdings Limited (company number 12328857, registered address: 2nd Floor Premier House, 309 Ballards Lane, London, United Kingdom, N12 8LY) in connection with the processing of personal data on this website, including any personal data you may provide though the use of the website when you sign up to receive newsletters, make online orders or use our contact forms (referred to through this notice as this Website).

 References in this notice to “you” or “your” are references to individuals who use this Website and references in this notice to “The Tiffin Tin”, “we”, “us” or “our” are references to Tiffin Tin Holdings Limited’s subsidiary companies trading as The Tiffin Tin. The Tiffin Tin is a trading name of TT Tufnell Park Ltd, TT West Hampstead Ltd, TT Totteridge Ltd, TT Hornsey Ltd, and TT Wanstead Ltd. A full list of the legal entity names and addresses are available from info@thetiffintin.com.

The Tiffin Tin is committed to ensuring confidentiality and that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy statement.

The Tiffin Tin may change this policy from time to time by updating this page. Please check this page from time to time to ensure that you are happy with any changes.

This policy is effective from March 2013.

What information we collect

When you visit ‘The Tiffin Tin’ website, no personal identifiable information is kept.

If you place an order or register, we collect the following information:

• Website account membership registration details (as below)
• Name and Address including Postcode
• Contact details including e-mail and telephone number
• Order details and preferences
• Confirmation reference of payment from your credit /debit card company. We do not hold any credit card details.

What we do with the information we collect

We require this information to process your order and delivery of your delicious meal.

We use this information for the following reasons:

• To administer your own user account on The Tiffin Tin website when you register
• To contact you to confirm your order
• Internal records and accounts
• We may use the information to improve our products and services and improve our website
• We may periodically send you promotional material, special offers, menu updates and relevant material only with your consent.

Is this information shared with anyone else?

The Tiffin Tin will not share your information with any third-party company.

How we protect your data

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We take data protection seriously and therefore use SSL encryption on our website to limit the ability of unauthorised people to see information communicated between website users and our website, and to securely process your online transactions and orders. We also implement a website firewall and regular anti-virus scanning to try and prevent intrusion. Finally, we purposefully limit the amount of data we collect about website visitors and do not share any data to third parties (unless legally required to do so) in order to minimise our exposure in the unlikely event of a breach.

Embedded content and other websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.) or links to other websites. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

How you can control your personal information – how to contact us.

You may choose to restrict the collection or use of your personal information in the following ways:

Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by us for direct marketing purposes

We will not disclose your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to us via info@thetiffintin.com.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Plugins

Our website is powered by the open source content management system, WordPress, and uses various plugins to add functionality to the website and keep it secure. The following plugins on our website store information about website visitors:

Wordfence – we use this plugin to protect our website. The plugin provides a firewall, antivirus scanning and other security hardening features to protect our website from intruders. In order for the plugin to work effectively it needs to collects information about user’s IP addresses and registered users on our website so that it can control access to our website and block unwelcome visitors where necessary.

WP Security Audit Log – we use this plugin to track any alterations to the website undertaken by registered users. The purposes of this plugin is to track general activity on the backend of the website so that in the event of a website intrusion we can check to see whether a data breach has occurred and what alterations have taken place.

RocketshipWP website monitor – we use this plugin to undertake regular backups of our website. In the event on an intrusion in the website using RocketshipWP’s EU-based servers we can initiate a full restore of our website. As part of the backup process, RocketshipWP takes a full copy of our website’s database, including registered users, event tracking from WP Security Audit Log and Wordfence data tables used to record IP addresses and other user information.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

We use Google Analytics to track how users interact with our website and improve the user experience. The tool captures information about website visitors, including IP address, date and time people visited our site and the individual pages viewed, which is then processed by Google’s servers in the United States. Google does not associate this data with any other data held by Google. Google Analytics uses the following cookies to track user interaction:

_ga cookie – is used to identify unique users and it expires after 2 years.

_gat cookie – is used to throttle the request rate and it expires after 1 minute.

_utma cookie – is a persistent cookie which remains on a computer, unless it expires or the cookie cache is cleared. It tracks visitor metrics including first visit and last visit.

_utmb cookie & __utmc cookie –  are used to calculate user visit length, including arrival time and exit time of the user. _utmb is a sessional cookie and the _utmc cookie expires if no new page view is recorded within 30 minutes.

_utmz cookie – monitors where a visitor arrived from (search engine, organic, social media or direct) and what keyword is generated and and geolocation data. This cookie lasts 6 months.

_utmv cookie – is a persistent cookie used to improve audience segmentation.

You can read more about Google’s privacy policy at: https://support.google.com/analytics/answer/6004245

As mentioned above, we use Wordfence to secure our website. The plugin sets three technical cookies to enable it to function:

wfwaf–authcookie-(hash) – used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded and detect logged in and non-logged in users and grant or restrict access accordingly.

wf_loginalerted_(hash) – used to notify the Wordfence admin when an administrator logs in from a new device or location.

wfCBLBypass – helps track who should be allowed to bypass country blocking.

For further information about cookies, visit:

www.aboutcookies.org or

www.allaboutcookies.org

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Where we send your data

Data entered via our website may be sent and stored via our web host, Site Ground Hosting Ltd (GB), whose servers are based in the UK and comply with EU’s GDPR regulations. Further details about their privacy policy can be found at: https://www.siteground.co.uk/privacy.htm

What data breach procedures we have in place

In the event of a data breach, we have a protocol in place to contact the Information Commissioner’s Office and all our registered website users, in line with legally required timelines. However, as we do not collect personal information about general website visitors we do not have a protocol in place for contacting general website visitors in case of a breach.

What third parties we receive data from

We do not receive information about website visitors from third party services.

What automated decision making and/or profiling we do with user data

We do not undertake any automated decision making or profiling based on user data we receive via the website or other third party services.

‘The Tiffin Tin’ (also referred to as either ‘We’, ‘Us’ or ‘Our’) privacy policy sets out how any information that you give to us is used and protected when you use this website.

The Tiffin Tin is committed to ensuring confidentiality and that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy statement.

The Tiffin Tin may change this policy from time to time by updating this page. Please check this page from time to time to ensure that you are happy with any changes.

This policy is effective from March 2013.

What information we collect

When you visit ‘The Tiffin Tin’ website, no personal identifiable information is kept.

If you place an order or register, we collect the following information:

• Website account membership registration details (as below)
• Name and Address including Postcode
• Contact details including e-mail and telephone number
• Order details and preferences
• Confirmation reference of payment from your credit /debit card company. We do not hold any credit card details.

What we do with the information we collect

We require this information to process your order and delivery of your delicious meal.

We use this information for the following reasons:

• To administer your own user account on The Tiffin Tin website when you register
• To contact you to confirm your order
• Internal records and accounts
• We may use the information to improve our products and services and improve our website
• We may periodically send you promotional material, special offers, menu updates and relevant material only with your consent.

Is this information shared with anyone else?

The Tiffin Tin will not share your information with any third-party company.

How we protect your data

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We take data protection seriously and therefore use SSL encryption on our website to limit the ability of unauthorised people to see information communicated between website users and our website, and to securely process your online transactions and orders. We also implement a website firewall and regular anti-virus scanning to try and prevent intrusion. Finally, we purposefully limit the amount of data we collect about website visitors and do not share any data to third parties (unless legally required to do so) in order to minimise our exposure in the unlikely event of a breach.

Embedded content and other websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.) or links to other websites. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

How you can control your personal information – how to contact us.

You may choose to restrict the collection or use of your personal information in the following ways:

Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by us for direct marketing purposes

We will not disclose your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to us via info@thetiffintin.com.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Plugins

Our website is powered by the open source content management system, WordPress, and uses various plugins to add functionality to the website and keep it secure. The following plugins on our website store information about website visitors:

Wordfence – we use this plugin to protect our website. The plugin provides a firewall, antivirus scanning and other security hardening features to protect our website from intruders. In order for the plugin to work effectively it needs to collects information about user’s IP addresses and registered users on our website so that it can control access to our website and block unwelcome visitors where necessary.

WP Security Audit Log – we use this plugin to track any alterations to the website undertaken by registered users. The purposes of this plugin is to track general activity on the backend of the website so that in the event of a website intrusion we can check to see whether a data breach has occurred and what alterations have taken place.

RocketshipWP website monitor – we use this plugin to undertake regular backups of our website. In the event on an intrusion in the website using RocketshipWP’s EU-based servers we can initiate a full restore of our website. As part of the backup process, RocketshipWP takes a full copy of our website’s database, including registered users, event tracking from WP Security Audit Log and Wordfence data tables used to record IP addresses and other user information.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

We use Google Analytics to track how users interact with our website and improve the user experience. The tool captures information about website visitors, including IP address, date and time people visited our site and the individual pages viewed, which is then processed by Google’s servers in the United States. Google does not associate this data with any other data held by Google. Google Analytics uses the following cookies to track user interaction:

_ga cookie – is used to identify unique users and it expires after 2 years.

_gat cookie – is used to throttle the request rate and it expires after 1 minute.

_utma cookie – is a persistent cookie which remains on a computer, unless it expires or the cookie cache is cleared. It tracks visitor metrics including first visit and last visit.

_utmb cookie & __utmc cookie –  are used to calculate user visit length, including arrival time and exit time of the user. _utmb is a sessional cookie and the _utmc cookie expires if no new page view is recorded within 30 minutes.

_utmz cookie – monitors where a visitor arrived from (search engine, organic, social media or direct) and what keyword is generated and and geolocation data. This cookie lasts 6 months.

_utmv cookie – is a persistent cookie used to improve audience segmentation.

You can read more about Google’s privacy policy at: https://support.google.com/analytics/answer/6004245

As mentioned above, we use Wordfence to secure our website. The plugin sets three technical cookies to enable it to function:

wfwaf–authcookie-(hash) – used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded and detect logged in and non-logged in users and grant or restrict access accordingly.

wf_loginalerted_(hash) – used to notify the Wordfence admin when an administrator logs in from a new device or location.

wfCBLBypass – helps track who should be allowed to bypass country blocking.

For further information about cookies, visit:

www.aboutcookies.org or

www.allaboutcookies.org

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Where we send your data

Data entered via our website may be sent and stored via our web host, Site Ground Hosting Ltd (GB), whose servers are based in the UK and comply with EU’s GDPR regulations. Further details about their privacy policy can be found at: https://www.siteground.co.uk/privacy.htm

What data breach procedures we have in place

In the event of a data breach, we have a protocol in place to contact the Information Commissioner’s Office and all our registered website users, in line with legally required timelines. However, as we do not collect personal information about general website visitors we do not have a protocol in place for contacting general website visitors in case of a breach.

What third parties we receive data from

We do not receive information about website visitors from third party services.

What automated decision making and/or profiling we do with user data

We do not undertake any automated decision making or profiling based on user data we receive via the website or other third party services.