Privacy Policy

Last updated: 20 February 2026

At Lezzat.co.uk (“we”, “us”, or “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or use our services.

This policy is written in accordance with the UK GDPR and EU General Data Protection Regulation (GDPR).

If you have any questions, please contact us at info@lezzat.co.uk.

1. Information We Collect

We may collect and process the following personal data:

Your information is processed lawfully based on one or more of the legal grounds outlined in Article 6 of the GDPR. We collect only the minimum data necessary to fulfil the purposes outlined in this Privacy Policy.

a) Information you provide directly

• Name
• Email address
• Phone number
• Business details
• Any information submitted through contact forms, signup forms, or emails
• Payment information (if applicable)
• Communication preferences and marketing consents

b) Automatically collected information

When you visit our website, we may automatically collect:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referring URLs
• Cookies and usage data
• Geolocation data (if enabled)
• Session identifiers and tracking technologies

2. How We Use Your Information

We use your data for the following purposes:

• To respond to inquiries and provide services
• To manage client relationships
• To improve website performance and user experience
• To send service-related communications
• For analytics and internal reporting
• To comply with legal obligations

We only collect data that is necessary for these purposes.

The purposes we use your data for include:

Service Delivery: Providing website functionality, processing orders, and managing your account

Communication: Responding to inquiries, sending transactional emails, and providing support

Website Optimization: Analyzing user behavior to improve our website, services, and user experience

Marketing: With your consent, we may send marketing communications about products, services, and updates

3. Legal Basis for Processing

Under GDPR, we process your personal data based on:

• Your consent
• Performance of a contract
• Legitimate business interests
• Legal obligations

You may withdraw consent at any time by contacting us.

We rely on the following legal grounds for processing your data:

Consent (Article 6(1)(a)): For marketing communications and optional features, we process data only with your explicit consent. You can withdraw this consent at any time.

Contract Performance (Article 6(1)(b)): To fulfill contractual obligations and provide services you have requested.

Legitimate Interests (Article 6(1)(f)): To improve our services, ensure website security, and pursue our legitimate business objectives, balanced against your rights and freedoms.

Legal Compliance (Article 6(1)(c)): To comply with applicable laws, regulations, and legal requests.

4. Cookies

Lezzat.co.uk uses cookies to enhance browsing experience and analyze traffic.

Cookies may include:

• Essential cookies
• Analytics cookies
• Functional cookies

You can control or disable cookies through your browser settings.

Specific Cookie Information:

Essential Cookies: Necessary for core website functionality such as authentication, security, and session management. These are used regardless of consent and are essential for legal compliance.

Analytics Cookies: Used with your consent to understand how visitors interact with our website, helping us improve functionality and user experience. This includes Google Analytics and similar tools.

Functional Cookies: Enable personalized features such as remembering preferences, language settings, and login information to enhance your browsing experience.

Consent Management: We use a cookie banner to obtain your explicit consent before deploying non-essential cookies. You can withdraw consent and manage your preferences at any time through your browser settings or by contacting us.

5. Data Sharing

We do not sell your personal data.

We may share limited information with trusted third parties only when necessary, such as:

• Hosting providers
• Analytics tools
• Email services

All partners are required to comply with GDPR standards.

Data Processing Agreements: All third-party processors have signed Data Processing Agreements (DPAs) that ensure compliance with GDPR Article 28. These agreements outline:

Subject matter and duration of processing

Nature and purpose of processing activities

Types of personal data and categories of data subjects

Obligations regarding data security and confidentiality

Your right to request details of all sub-processors and data transfer mechanisms at any time

6. Data Retention

We keep your personal data only as long as necessary for business or legal purposes. When no longer required, data is securely deleted or anonymized.

Data Retention Periods: We retain personal data for the following timeframes based on processing purpose:

Customer Account Data: Retained for the duration of the business relationship plus 3 years for legal and accounting purposes

Transactional Data: Retained for 7 years to comply with UK tax requirements and HMRC regulations

Marketing Communications: Retained until you opt-out or withdraw consent; we respect opt-out requests immediately

Website Analytics Data: Retained for 26 months (Google Analytics default) or as required for legitimate business analysis

Support Requests and Inquiries: Retained for 2 years from last interaction to resolve disputes and maintain service history

7. Your Rights Under GDPR

You have the right to:

• Access your personal data
• Request correction
• Request deletion (“right to be forgotten”)
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent

To exercise any of these rights, email us at info@lezzat.co.uk.

Detailed Information About Your Rights:

Right of Access (Article 15): You can request confirmation of whether your data is being processed and obtain a copy of your personal data in a structured, commonly used, machine-readable format. We will respond within 30 days.

Right to Rectification (Article 16): You can request correction of inaccurate or incomplete personal data. We will update your information within 30 days.

Right to Erasure (Article 17): Under certain circumstances, you can request deletion of your personal data (e.g., when it is no longer necessary for its original purpose). Exceptions apply for legal compliance and fraud prevention.

Right to Restrict Processing (Article 18): You can request that we limit the processing of your data while we verify its accuracy or assess our reasons for processing.

Right to Data Portability (Article 20): You can request your personal data in a portable format and have it transferred to another service provider.

Right to Object (Article 21): You can object to processing based on legitimate interests or direct marketing at any time, without providing any reason.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, or misuse.

However, no online system is 100% secure.

Security Measures We Implement:

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS protocols (HTTPS).

Access Controls: Personal data is restricted to authorized personnel only, with role-based access controls and authentication mechanisms.

​​

Regular Security Audits: We conduct periodic security assessments and penetration testing to identify and remediate vulnerabilities.

Employee Training: Our staff receives regular training on data protection, security best practices, and GDPR compliance.

9. Third-Pattrty Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies separately.

10. International Data Transfers

If data is transferred outside the UK or EU, we ensure appropriate safeguards are in place in compliance with GDPR requirements.

Data Transfer Mechanisms:

Standard Contractual Clauses (SCCs): Where applicable, we use EU Commission-approved SCCs to ensure adequate protections for data transfers outside the EEA.

Adequacy Decisions: Data transfers to countries with an EU adequacy decision (e.g., certain countries with equivalent GDPR standards) are permitted without additional safeguards.

Processor Agreements: All international data processors must comply with GDPR standards and have signed appropriate data processing agreements.

Supplementary Measures: We implement supplementary technical and organizational measures such as encryption to ensure adequate protection.

11. Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect data from minors.

GDPR Article 8 Compliance: In the EU, processing the personal data of children under 16 requires parental or guardian consent, not just the child’s consent. If we discover we have collected data from a child without proper parental consent, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

Significant changes to this Privacy Policy will be communicated to you via email notification at your registered email address, or by prominent notice on our website. Your continued use of our services after such notification constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have questions about this Privacy Policy or how your data is handled, contact us at:

📧 info@lezzat.co.uk

Data Subject Rights Requests: To exercise any of your rights under the GDPR (including access, rectification, erasure, portability, or to lodge a complaint), please send a written request to the above email address. Please include your name, email address, and a clear description of your request. We will respond within 30 days as required by GDPR Article 12.

Supervisory Authority Complaints: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK, or with your relevant EU Data Protection Authority. You can file a complaint at:

ICO (United Kingdom): www.ico.org.uk or by calling 0303 123 1113

EU Data Protection Authorities: You can find contact details at www.edpb.eu

Final Note: This Privacy Policy is subject to applicable GDPR, UK Data Protection Act 2018, and other relevant data protection laws. In the event of any conflict between this policy and applicable law, the applicable law will prevail. We remain committed to maintaining transparency and protecting your privacy rights. If you have any concerns about our data handling practices, please do not hesitate to contact us immediately.