Information about how nano-rift Culinary Ltd complies with the General Data Protection Regulation and protects your personal data.
Last updated: January 2026
nano-rift Culinary Ltd recognises the importance of protecting personal data and is committed to processing it responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This document outlines the specific measures we take to ensure compliance with data protection law and explains how you can exercise your rights as a data subject.
We adhere to the core principles set out in data protection legislation:
We only process personal data when we have a valid lawful basis to do so. The lawful bases we rely upon include:
We process data where necessary to perform a contract with you or to take pre-contractual steps at your request. This includes processing booking information for cooking classes, project details for recipe development work, and contact information for service delivery.
We may process data based on our legitimate business interests, provided these do not override your fundamental rights. Examples include analysing website usage to improve our services and maintaining records for business administration purposes. We conduct legitimate interest assessments where appropriate.
We process certain data to comply with legal requirements, such as maintaining financial records for tax purposes and responding to lawful requests from authorities.
Where required, we obtain your explicit consent before processing. This applies particularly to marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
The UK GDPR provides you with specific rights regarding your personal data. We are committed to facilitating the exercise of these rights:
You have the right to obtain confirmation that your data is being processed and to access a copy of that data along with supplementary information about the processing.
You may request correction of inaccurate personal data or completion of incomplete data we hold about you.
In certain circumstances, you have the right to request deletion of your personal data. This applies where the data is no longer necessary, you withdraw consent, or you object to processing and there are no overriding legitimate grounds.
You may request that we restrict processing of your data in specific situations, such as while we verify the accuracy of data you have contested.
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.
To exercise any of your data protection rights, please contact us using the details below. We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may need up to two additional months, in which case we will notify you.
We may request specific information to help us confirm your identity before processing your request. This is a security measure to ensure personal data is not disclosed to unauthorised parties.
You will not usually need to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks presented by our processing activities. These measures include:
In the event of a personal data breach, we will follow established procedures to assess and contain the breach. Where required by law, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals' rights and freedoms.
If a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
We primarily process and store data within the United Kingdom. Where we transfer personal data outside the UK, we ensure that adequate safeguards are in place, such as:
Where we engage third parties to process personal data on our behalf, we ensure appropriate contracts are in place that require the processor to:
We maintain records of our processing activities as required under Article 30 of the UK GDPR. These records include details of processing purposes, data categories, recipient categories, retention periods, and security measures.
For any questions about our GDPR compliance or to exercise your data protection rights, please contact:
nano-rift Culinary Ltd
42 Spitalfields Market
London, E1 6DY
United Kingdom
Email: [email protected]
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes data protection law. The UK supervisory authority is:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
United Kingdom
We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us in the first instance.