Data Protection & Privacy Framework

Last Revised: May 2024. Compliance Level: UK GDPR / DPA 2018.

1. Introduction

Absolute Taste Limited ("the Company") serves as the Data Controller for all personal information gathered through the digital domain and physical points of sale. This document outlines our rigorous commitment to data sovereignty and transparency. Our infrastructure is engineered to protect the integrity, confidentiality, and availability of client information.

2. Scope of Data Collection

We process data under the following legal bases as defined by Article 6 of the UK GDPR: - **Contractual Obligation:** Processing necessary for the delivery of food services. - **Legal Mandate:** Compliance with UK food safety and financial auditing laws. - **Legitimate Interest:** Optimization of logistics and anti-fraud telemetry.

The data collected includes, but is not limited to: IP addresses for security screening, corporate billing identifiers, high-granularity allergen profiles, and real-time delivery coordinates.

3. Data Retention and Deletion

Personal data is retained only for the duration of the operational necessity. Financial records are held for the statutory 7-year period as required by HMRC. Technical logs are purged every 90 days unless flagged for forensic investigation. We utilize AES-256 bit encryption for all data at rest and TLS 1.3 for data in transit.

4. Your Statutory Rights

Under the Data Protection Act 2018, individuals possess the Right of Access (Subject Access Requests), Right to Rectification, and the Right to Erasure ("Right to be Forgotten"). Any request for data portability must be directed to our Data Protection Officer at info@sterlingadvisors.sbs. We respond to all verified requests within 30 days.

5. Security Protocols

Our digital perimeter is guarded by enterprise-grade firewalls and intrusion detection systems. Access to client data is strictly limited to authorized personnel using Multi-Factor Authentication (MFA) and is audited on a bi-weekly basis. In the event of a data breach, we adhere to the mandatory 72-hour notification window to the Information Commissioner's Office (ICO).