top of page

Privacy Policy

A Legal Disclaimer

Effective Date: [5 October 2025]
Last Updated: [5 October 2025]

This Privacy Policy explains how [Three Dumplings] (“we”, “our”, or “us”) collects, uses, and protects your personal information when you interact with our Private Dining Club (the “Club”), whether through our website, email, telephone, or in person.

We respect your privacy and are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The Information We Collect

We may collect and process the following categories of personal information:

A. Information You Provide Directly

  • Identity information: Name, title, and contact details (email, phone, address).

  • Membership details: Application information, preferences, and communications.

  • Dietary and health information: Allergies or food preferences provided voluntarily to ensure safe and enjoyable dining experiences.

  • Payment details: Transaction information (processed securely via a third-party payment provider; we do not store full card details).

  • Correspondence: Records of your communications with us (e.g. emails, messages, feedback).

B. Information Collected Automatically

  • Website usage data: IP address, browser type, device identifiers, and site activity (via cookies or analytics tools).

  • Event participation: Attendance and guest information relevant to bookings or club events.

 

3. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases for processing your personal data:

Purpose                                                                                 Lawful Basis

Managing membership and reservations                         Performance of a contract

Communicating about club events and services             Legitimate interests

Processing payments                                                          Performance of a contract

Sending newsletters or updates                                         Consent

Health and dietary requirements                                        Explicit consent

Legal and tax compliance                                                   Legal obligation

You can withdraw your consent at any time by contacting us (see Section 10).

How We Use Your Information

We use your information to:

  • Manage Club memberships, events, and reservations

  • Communicate with you about Club activities and updates

  • Process payments and maintain accurate financial records

  • Personalise your dining and event experiences

  • Comply with legal and regulatory obligations

  • Improve our services, website, and member experience

Sharing Your Information

We will never sell or rent your data.
We may share your personal information with:

  • Service providers (e.g., payment processors, email marketing tools, IT support) who act as data processors under contract.

  • Event venues or partners when necessary for event logistics and only with your consent.

  • Public authorities or regulators when required by law.

All third parties are required to protect your information and process it in accordance with UK GDPR.

Data Transfers Outside the UK

If we transfer your data outside the UK (for example, if a service provider is based abroad), we will ensure that appropriate safeguards are in place — such as the UK’s International Data Transfer Agreements (IDTAs) or adequacy decisions — to protect your privacy.

Data Retention

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.
Typically:

  • Membership and booking records: up to 6 years after your last interaction.

  • Financial and tax records: as required by law (usually 6 years).

  • Marketing communications: until you withdraw consent or unsubscribe.

Data Security

We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, or disclosure. This includes secure data storage, encryption where appropriate, and restricted access controls.

Your Data Protection Rights

  • Under UK GDPR, you have the following rights:

  • Right of access – request a copy of your personal data.

  • Right to rectification – correct inaccurate or incomplete information.

  • Right to erasure (“right to be forgotten”) – request deletion of your data in certain circumstances.

  • Right to restrict processing – request that we limit how your data is used.

  • Right to data portability – request transfer of your data to another organisation.

  • Right to object – object to certain types of processing (e.g., direct marketing).

  • Right to withdraw consent – withdraw consent for marketing or special category data at any time.

  • To exercise your rights, please contact us at Judy3dumplings@gmail.com

Cookies

Our website may use cookies or similar tracking technologies to enhance your browsing experience and analyse website traffic.
You can manage or disable cookies through your browser settings. For more details, please see our separate Cookie Policy (if applicable).

bottom of page