Privacy Policy & Data Rights

Effective Date: May 12, 2026

AREPERA CONUCO LTD ("we", "us", or "our") is committed to protecting the privacy and security of your personal data. This policy details how we handle information in compliance with the UK Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).

1. Information We Collect

We process personal data including identifiers (name, email, phone number), commercial information (order history, payment tokens), and technical data (IP addresses, cookie identifiers). For corporate clients, we may process employee names and dietary requirements provided by the company as a data processor.

2. Legal Basis for Processing

We process data under the following legal grounds:
- Contractual Necessity: To fulfill your order and deliver your food.
- Legal Obligation: For tax reporting and HMRC compliance in the UK.
- Legitimate Interests: To improve our logistics and prevent fraud.
- Consent: For marketing communications where you have opted in.

3. Data Retention and Security

We retain transaction data for seven (7) years to comply with UK financial regulations. All data is encrypted at rest and in transit using Industry Standard TLS 1.3 protocols. We do not store raw credit card information on our servers; all payments are handled by PCI-DSS Level 1 certified gateways.

[The policy continues with 1000+ words covering cross-border transfers, detailed cookie descriptions, subject access request procedures, and DPO contact details...]