Shadi's Kitchen logoShadi'sKitchenA Taste of Persia

Privacy Policy

Last updated: 8 June 2026

1. Who We Are

Shadi's Kitchen Ltd ("we", "us", "our") is a Persian meal delivery service based in London, operating through www.shadiskitchen.co.uk. We are the data controller responsible for your personal information.

  • Registered company name: Shadi's Kitchen Ltd
  • Company number: 16565951
  • Website: www.shadiskitchen.co.uk

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

2. What Personal Data We Collect

We collect and process the following categories of personal data:

Account and Registration Information

  • Full name
  • Email address
  • Password (stored securely in encrypted form)

Order and Delivery Information

  • Delivery address and postcode
  • Meal plan preferences and selections
  • Order history
  • Loyalty stamp card progress

Payment Information

  • Payment card details (processed securely by Stripe; we do not store full card numbers on our systems)
  • Billing address

Communications

  • Messages sent to us via our contact/support form
  • Any correspondence by email or Instagram

Technical and Usage Data

  • IP address
  • Browser type and version
  • Pages visited on our website
  • Time and date of your visit
  • Referring website

3. How We Collect Your Data

We collect data in the following ways:

  • Directly from you when you create an account, place an order, or contact us
  • Automatically via cookies and similar tracking technologies when you visit our website (see Section 9 — Cookies)
  • From Stripe, our payment processor, when a transaction is completed

4. How We Use Your Personal Data

We use your personal data for the following purposes and legal bases under UK GDPR:

To Fulfil Your Orders (Contract Performance)

  • Process and manage your meal plan orders
  • Arrange delivery of your meals on your selected days
  • Manage your loyalty stamp card and apply earned discounts
  • Send order confirmations and delivery notifications

To Manage Your Account (Contract Performance)

  • Create and maintain your Shadi's Kitchen account
  • Allow you to log in, view order history, and update preferences

To Process Payments (Contract Performance / Legal Obligation)

  • Facilitate secure payment via our payment provider
  • Maintain records of financial transactions as required by law

To Improve Our Service (Legitimate Interests)

  • Analyse website usage and performance
  • Understand customer preferences and improve our menu and delivery service
  • Troubleshoot technical issues

To Communicate With You (Legitimate Interests / Consent)

  • Respond to enquiries, complaints, and support requests
  • Send you marketing communications about new meals, promotions, or updates, where you have opted in or where permitted under the soft opt-in rules for existing customers
  • You may unsubscribe from marketing at any time

To Comply With Legal Obligations

  • Retain records as required by HMRC or other regulatory authorities
  • Cooperate with law enforcement if required by law

5. Who We Share Your Data With

We do not sell your personal data. We may share your data with the following trusted third parties only where necessary:

  • Stripe (payment processing) — to securely process your payments. Stripe is PCI-DSS compliant and operates under its own privacy policy at stripe.com/gb/privacy
  • Delivery logistics partners — to fulfil your deliveries (name and address shared as required)
  • IT and hosting providers — who host and maintain our website and systems
  • Email service providers — to send transactional and marketing emails

All third parties are required to handle your data securely and in accordance with UK GDPR. They are only permitted to use your data for the specific purpose we have engaged them for.

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary:

  • Account data: retained for the duration of your account and for up to 2 years after your last order, unless you request deletion sooner
  • Order and financial records: retained for 6 years to comply with HMRC and UK tax requirements
  • Marketing preferences: until you unsubscribe or request deletion
  • Website usage logs: typically retained for up to 12 months

7. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure ('right to be forgotten') — request deletion of your data (subject to legal retention requirements)
  • Right to restrict processing — ask us to limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at info@shadiskitchen.co.uk or via www.shadiskitchen.co.uk/support. We will respond within one calendar month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

9. Cookies and Cookie Consent

We use cookies and similar technologies on our website. Cookies are small text files placed on your device that help the website function, remember your preferences, and allow us to analyse how the site is used.

Cookie Consent Banner

When you first visit www.shadiskitchen.co.uk, you will be shown a cookie consent banner. This banner allows you to:

  • Accept all cookies — allowing essential, analytics, and preference cookies
  • Reject non-essential cookies — allowing only strictly necessary cookies
  • Manage your preferences — choose which categories of cookies to allow

We will not set non-essential cookies until you have given your consent. Your preferences are saved and applied on future visits. You can update or withdraw your cookie consent at any time by clicking the "Cookie Settings" link in the footer of our website.

Types of Cookies We Use

1. Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be switched off. They do not require your consent under UK PECR rules.

  • Session cookies — keep you logged in during your visit
  • Shopping/order cookies — remember your plan selections and basket
  • Security cookies — protect against cross-site request forgery (CSRF)
  • Cookie consent cookie — stores your cookie preferences

2. Analytics Cookies

These cookies help us understand how visitors interact with our website so we can improve it. They are only set with your consent.

  • Page view tracking — which pages are visited most
  • Traffic source tracking — how visitors find our site
  • Session duration — how long visitors spend on the site

3. Preference Cookies

These cookies remember your settings and choices to personalise your experience. They are only set with your consent.

  • Remembered postcode for delivery area checks
  • Display preferences and language settings

Managing Cookies

In addition to our cookie consent banner, you can control and delete cookies at any time through your browser settings. Please note that blocking essential cookies may prevent parts of the website from working correctly.

For guidance on managing cookies in your browser, visit: www.allaboutcookies.org

Third-Party Cookies

Some of our third-party services may set their own cookies. These include:

  • Stripe — sets cookies to enable secure payment processing and fraud prevention

These third-party cookies are governed by the respective providers' privacy policies.

10. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include:

  • Encrypted storage of passwords
  • Secure HTTPS connections across our website
  • Use of Stripe, a PCI-DSS Level 1 compliant payment processor
  • Access controls limiting who can view your data internally

No method of transmission over the internet is 100% secure. If you suspect your account has been compromised, please contact us immediately.

11. International Data Transfers

We primarily process your data within the UK and European Economic Area (EEA). Where any data is transferred outside these areas (for example, by a third-party service provider such as Stripe), we ensure appropriate safeguards are in place in accordance with UK GDPR, such as Standard Contractual Clauses approved by the ICO.

12. Children's Privacy

Our services are not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the date at the top of this page. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please get in touch:

We take data privacy seriously and will do our best to address your query promptly.