Catering in Buckingham
Catering in Buckingham

Privacy Policy

Blame Frank Privacy Policy

Last updated: 31st July 2025

Who we are

Blame Frank is operated by 4SHR Ltd, a company registered in England and Wales (No. 09524711), trading as Blame Frank. Our business address is:

8 New Road, Linslade, Leighton Buzzard, Bedfordshire, LU7 2LX, United Kingdom.

If you have any questions about this notice or your data, contact our Data Protection Officer:

Thomas Houghton – [email protected]

1. What personal data we collect

We collect and process the following types of personal data, depending on how you interact with us:

  • Name, email address, and phone number (for bookings, event planning, or enquiries)

  • Event details, guest lists, and dietary/allergy information (for event management)

  • Postal address (for contracts, invoices, or event deliveries)

  • Payment information (for deposits, refunds, or invoices – processed via bank transfer or secure payment platforms)

  • Marketing preferences and communications (if you subscribe to our emails or newsletters)

  • Employment data (for staff, freelancers, and job applicants)

  • Photos and event images (if supplied for marketing, social media, or website use—with consent)

  • Any other information you choose to provide via web forms, emails, phone calls, or in person

We may also collect technical data from visitors to our website (e.g., IP address, cookies) for analytics and security.

2. How and why we use your personal data

We use your personal data to:

  • Process bookings and enquiries

  • Plan and deliver your event (including dietary or accessibility needs)

  • Communicate with you about your event, feedback, or future services

  • Manage payments, deposits, and refunds

  • Meet legal or regulatory obligations (such as tax or employment law)

  • Send marketing communications (if you have opted in)

  • Improve our website and services through analytics

We only process your data where we have a lawful basis, typically one of:

  • Contractual necessity: To fulfil your booking or provide a service

  • Consent: For marketing or where we need your permission (e.g., photos, special dietary needs)

  • Legal obligation: For things like payroll or tax records

  • Legitimate interests: For managing business operations, customer service, or security

3. Who we share your data with

We may share your data with:

  • Our event staff, chefs, or contractors (only what is necessary to deliver your event)

  • Third-party service providers (such as Google Workspace, Xero, Stripe, Freshsales, Pandadoc) for secure document, payment, and communication management

  • Professional advisers (accountants, legal, HR, etc.)

  • Law enforcement or regulators where required by law

We never sell your data or use it for any other purpose without your consent.

4. International transfers

Some of our service providers may transfer your data outside the UK or EEA. We ensure all such transfers are protected by appropriate legal safeguards (such as Standard Contractual Clauses or adequacy decisions).

5. How we keep your data safe

We take data security seriously and use:

  • Password protection and two-factor authentication

  • Secure cloud storage with access restricted to authorised staff

  • Encryption for communications and sensitive data

  • Regular staff training and secure disposal of paper records

If you want more details on our security measures, contact [email protected].

6. How long we keep your data

We only retain your personal data as long as necessary for the purposes collected, typically:

  • Booking and event information: 6 years after your event (for reference, repeat business, or disputes)

  • Payment and invoice records: 6 years (for tax/regulatory compliance)

  • CVs/job applications: 6 months unless hired

  • Marketing data: until you unsubscribe or request deletion

When data is no longer required, it is securely deleted or anonymised.

7. Your rights

You have rights over your personal data under UK GDPR, including:

  • Access: You can request a copy of your data at any time.

  • Correction: You can ask us to correct inaccurate data.

  • Deletion: You can request deletion where we have no ongoing legal basis to retain it.

  • Restriction: You can ask us to limit how we use your data.

  • Objection: You can object to processing in certain circumstances (e.g., direct marketing).

  • Data portability: You can request your data in a portable format.

To exercise your rights, email [email protected]. We will respond within one month.

8. How to complain

If you have a concern about how we use your personal data, please contact us first at [email protected] and we will do our best to resolve it.

You can also contact the UK Information Commissioner’s Office (ICO): https://ico.org.uk/concerns/

9. Updates to this Privacy Policy

We may update this notice from time to time. The latest version will always be available on our website.

For further information or to make a request, contact:

Thomas Houghton (Data Protection Officer)

[email protected]

[End of Document]

Facebook Twitter Instagram