GDPR Compliance

Your data protection rights matter to us

Our Commitment to GDPR

The Artisan Slice is committed to complying with the General Data Protection Regulation (GDPR) and respecting the data protection rights of all individuals, regardless of their location. This page explains how we fulfill our GDPR obligations and how you can exercise your rights.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

1. Contractual Necessity

Processing is necessary to fulfill our contract with you when you place an order for pizza delivery. This includes:

  • Processing your order and coordinating delivery
  • Managing your account
  • Providing customer support
  • Processing payments

2. Legitimate Interests

We process data based on legitimate business interests, including:

  • Improving our products and services
  • Preventing fraud and ensuring security
  • Analyzing website usage and performance
  • Internal administrative purposes

3. Consent

We obtain your explicit consent for:

  • Marketing communications and newsletters
  • Non-essential cookies and tracking
  • Sharing data with third parties for marketing purposes

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Legal Obligation

Processing necessary to comply with legal requirements, such as:

  • Tax and accounting obligations
  • Food safety regulations
  • Response to legal requests

Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

You have the right to obtain confirmation of whether we process your personal data and to access that data. You can request a copy of your personal information at no cost.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your account information directly or contact us for assistance.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent and there is no other legal ground for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • Deletion is required for legal compliance

Note that we may retain certain information where legally required or for legitimate business purposes.

Right to Restriction of Processing

You have the right to restrict processing of your personal data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification of legitimate grounds

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller without hindrance.

Right to Object

You have the right to object to:

  • Processing based on legitimate interests
  • Direct marketing (including profiling)
  • Processing for scientific, historical research, or statistical purposes

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

Data Protection Officer

For questions about data protection or to exercise your rights, you may contact our Data Protection Officer:

Email: [email protected]

Right to Lodge a Complaint

If you believe we have not processed your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In Singapore, you may contact:

Personal Data Protection Commission (PDPC)
Website: www.pdpc.gov.sg

International Data Transfers

When we transfer personal data outside Singapore, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding corporate rules
  • Certifications and codes of conduct

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security testing and assessments
  • Access controls and authentication
  • Employee training on data protection
  • Incident response and breach notification procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

Privacy by Design

We implement privacy by design principles in our operations, ensuring data protection is integrated into all processing activities from the outset. This includes:

  • Data minimization: collecting only necessary data
  • Purpose limitation: using data only for specified purposes
  • Storage limitation: retaining data only as long as necessary
  • Integrity and confidentiality: ensuring secure processing

Updates to GDPR Compliance

We regularly review our GDPR compliance procedures to ensure ongoing adherence to regulations. This page will be updated to reflect any changes in our practices or applicable laws.

Last updated: January 2025