Privacy Policy for Mantu Eats
Last Updated: 10 May 2025
Welcome to Mantu Eats ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our food delivery application ("App") and website ("Website") (collectively, the "Service"). This policy complies with the UK Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation (GDPR).
1. Data Controller
Food Preparation Disclaimer
Mantu Eats acts solely as an intermediary platform connecting users with third-party restaurants and food providers. We do not:
- Prepare, handle, or inspect food items listed on our Service.
- Guarantee the quality, safety, or allergen compliance of meals.
All food-related responsibilities (including hygiene, packaging, and delivery compliance) remain with the respective restaurants or partners. Users are advised to review the restaurant’s own policies and allergen information before ordering.
If you have questions, contact us at:
2. Information We Collect
a. Personal Data You Provide
- Account Information: Name, email, phone number, delivery address and etc.
- Payment Data: Card details (processed securely via third-party providers like Stripe).
- Order History: Food preferences, transaction records.
- Marketing Preferences: Consent for emails/promotions.
b. Data Collected Automatically
- Device Information: IP address, browser/device type, operating system (via cookies).
- Usage Data: Pages visited, app interactions, crash reports (using tools like Google Analytics).
- Location Data: Approximate location (for delivery tracking; you may disable this).
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Process orders and deliveries | Contractual necessity |
| Personalize recommendations | Legitimate interest |
| Send promotional emails/SMS (with consent) | Consent (you may opt out anytime) |
| Targeted advertising (via partners like Facebook/Google Ads) | Legitimate interest/consent |
| Improve app performance | Legitimate interest |
4. Data Sharing with Third Parties
We share data with:
- Delivery Partners: Restaurants/couriers to fulfill orders.
- Payment Processors: Stripe (we do not store card details).
- Advertising Networks: Google Ads, Meta (Facebook/Instagram) for targeted ads.
- Analytics Providers: Google Analytics, Firebase.
All third parties are GDPR-compliant and bound by data processing agreements.
5. International Data Transfers
If data is transferred outside the UK/EEA (e.g., to US-based servers), we use Standard Contractual Clauses (SCCs) or other GDPR-approved safeguards.
6. Your Rights (UK/EU)
Under GDPR, you have the right to:
- Access, correct, or delete your data.
- Withdraw consent for marketing.
- Object to processing (e.g., profiling for ads).
- Lodge a complaint with the UK ICO or your local DPA.
To exercise these rights, contact us at info@mantueats.co.uk.
7. Data Retention
We retain data only as long as necessary:
- Account data: Until deletion request.
- Order records: 6 years (for tax compliance).
- Marketing data: Until consent withdrawal.
8. Security Measures
We implement:
- SSL encryption for data transfers.
- Regular security audits.
- Access controls to restrict internal data access.
9. Cookies & Tracking
We use cookies for:
- Essential functions (e.g., login sessions).
- Analytics (opt-out via browser settings).
- Advertising (managed via Cookie Preferences).
10. Changes to This Policy
Updates will be posted here. Continued use of Mantu Eats constitutes acceptance.
Contact Us
For privacy concerns, email info@mantueats.co.uk or write to our Data Protection Officer at the address above.