SEA CHEF LTD is a UK limited company operating one fish and chip shop and one collection-only online ordering service.

Business address: 8-10 St Lukes Rd, Hexham, NE46 2BB, United Kingdom.

Contact: seachefhexham@yahoo.com.

ICO registration number: 00012674709.

This policy covers personal data processed through this website and online ordering system for UK customers.

Checkout and order data may include:

• Full name, email address, telephone number.
• Order details, item selections, order notes, collection slot.
• Allergy or dietary information where voluntarily provided in notes or allergy-related fields.
• Payment status and payment references (for example Stripe checkout session and payment intent references).

Contact form data may include:

• Full name, email address, telephone number, and message.

Technical and security data may include:

• IP address, browser/device information, and request metadata.
• Cookie notice acknowledgement records.
• Security and operational logs.
• Website usage, diagnostic, error, and operational browser log data collected through PostHog.
• Basket/session data stored in your browser local storage (`sea-chef-order-session-v1`).
• Cookie notice acknowledgement stored in local storage (`sea-chef-cookie-consent-v2`).

• To take and manage collection orders.
• To process online payments through Stripe.
• To send or provide service updates about your order.
• To respond to contact enquiries.
• To acknowledge, print, and prepare paid orders in the shop.
• To secure and improve our systems and prevent misuse/fraud.
• To keep accounting and tax records.

• Contract: processing orders, managing payment status, and service communications.
• Legal obligation: keeping financial and tax records and meeting legal requirements.
• Legitimate interests: customer support, fraud prevention, security, and business administration.
• Explicit consent where you voluntarily provide allergy or dietary information as part of your order.

You may voluntarily provide allergy/dietary information in order notes or allergy-related fields. We use this only to help handle your order safely.

The allergy checkbox and website information do not replace contacting the shop directly. If you have an allergy or intolerance, contact us before ordering.

We may share relevant data with:

• Stripe, for payment processing and payment security. Card details are handled by Stripe under Stripe's own terms.
• Our website/API hosting and infrastructure providers where needed to run the service.
• Analytics, error tracking, and logging providers such as PostHog where needed to understand and improve website reliability.
• In-shop operational systems, including automatic order printing tools used to prepare orders.
• Professional advisers or authorities where disclosure is legally required.

We use essential cookies and similar technologies needed to run basket, checkout, payment, and security features. We also use PostHog cookies and browser storage for analytics, diagnostics, error tracking, and operational browser logs.

See our Cookie Policy for details.

We do not currently send marketing email or marketing SMS from this website.

We may send or provide service communications related to orders and enquiries (for example order updates, payment/order status updates, or replies to contact submissions), including manual phone or email contact from staff where needed.

• Order history is retained for 6 years for accounting/tax and business record purposes.
• Contact enquiries are retained for as long as reasonably needed to handle and manage the enquiry.
• Technical/security logs are retained for limited operational and security periods unless longer retention is required.
• Cookie notice acknowledgement records are retained to remember that the notice has been shown and acknowledged.
• Stripe retains payment records under Stripe's terms and legal obligations.

Under UK GDPR, you may have rights to:

• Access your personal data.
• Request correction of inaccurate data.
• Request erasure in certain circumstances.
• Request restriction of processing.
• Object to processing based on legitimate interests.
• Data portability where applicable.
• Withdraw consent where processing is consent-based.
• Complain to the Information Commissioner's Office (ICO).

Some records cannot be deleted immediately where retention is required for legal, accounting, fraud prevention, or legitimate business record-keeping reasons.

Email seachefhexham@yahoo.com with enough detail for us to locate your records (for example order number/date or contact details used).