Effective Date: 16 April 2025
Last Updated: 16 April 2025

This Privacy Policy explains how The Big Bun Theory, a brand operated by One Elysium Ltd, collects, uses, stores, and protects your personal data when you interact with us via our website, app, in-store services, third-party platforms (such as Remy, Uber Eats, Deliveroo, and Just Eat), or any other channel.

We are committed to respecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable privacy laws.

1. Who We Are

The Big Bun Theory is a trading name of One Elysium Ltd, a company registered in England and Wales under company number 15374787, with its registered office at:

119A Kenton Road, Harrow, HA3 0AZ
Phone: 020 3305 6732
Email: hello@thebigbuntheory.com

2. What Information We Collect

We may collect the following categories of personal data from you:

a) Information You Provide to Us

  • Name
  • Email address
  • Phone number
  • Delivery address
  • Date of birth (if required for loyalty programs or promotions)
  • Payment information (processed securely by third parties)
  • Feedback, complaints, or survey responses

b) Information Collected Automatically

When you interact with us online or via apps/platforms:

  • IP address and device information
  • Location data (if enabled)
  • Browser type and version
  • Usage data (e.g., page views, time spent)
  • Cookies and similar tracking technologies

c) Information from Third Parties

We may receive data from:

  • Loyalty providers (e.g., Remy)
  • Delivery partners (e.g., Uber Eats, Deliveroo, Just Eat)
  • Analytics and marketing partners (e.g., Google, Meta)
  • Payment processors

3. How We Use Your Information

We use your personal data to:

  • Fulfil your orders and provide our services
  • Manage loyalty programs and promotional campaigns
  • Communicate with you about offers, updates, or issues with your order
  • Improve our website, app, menu, and customer service
  • Respond to enquiries or complaints
  • Personalise your experience and marketing content
  • Comply with legal and regulatory obligations
  • Detect and prevent fraud or misuse of our services

4. Legal Basis for Processing

We process your personal data under one or more of the following legal bases:

  • Contractual necessity – to provide the goods or services you request
  • Consent – for marketing or location tracking (you may withdraw at any time)
  • Legitimate interests – for internal business operations, analytics, and improvements
  • Legal obligation – to meet tax, accounting, or regulatory requirements

5. Who We Share Your Information With

We may share your data with:

  • Delivery partners: Uber Eats, Deliveroo, Just Eat (to process and deliver your order)
  • Loyalty partners: Remy (to manage rewards, offers, and points)
  • Payment providers: Stripe, Square, worldpay, takepayments etc.
  • IT and marketing partners: who support our website, CRM, and email systems
  • Regulators and authorities: where legally required

We ensure all partners meet UK data protection standards and enter appropriate data processing agreements.

6. International Transfers

Some of our service providers may store or process data outside the UK or EEA. When this occurs, we ensure adequate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office
  • Data processing agreements ensuring GDPR-level protection

7. How Long We Keep Your Data

We retain your data for as long as necessary for the purposes outlined in this policy, including:

  • Customer accounts and order data: 24 months after your last interaction
  • Loyalty account history: until your account is inactive for 24 months
  • Marketing data: until you unsubscribe or after 24 months of inactivity
  • Financial and transaction records: 6 years, in line with legal obligations

8. Your Rights

You have the following rights under UK GDPR:

  • Right of access – Request a copy of your personal data
  • Right to rectification – Correct inaccurate or incomplete data
  • Right to erasure – Request deletion of your data (subject to legal limitations)
  • Right to restrict processing – Limit how we use your data
  • Right to data portability – Request a copy in a usable format
  • Right to object – To certain uses, such as direct marketing
  • Right to withdraw consent – At any time, if processing is based on consent
  • Right to lodge a complaint – With the Information Commissioner’s Office (www.ico.org.uk)

To exercise your rights, email us at hello@thebigbuntheory.com

9. How We Protect Your Data

We implement robust security measures, including:

  • Encrypted storage and transmission
  • Role-based access control
  • Secure payment processing (PCI-DSS compliance)
  • Staff training and access auditing
  • Monitoring for suspicious activity

Despite these measures, no method of transmission over the internet is 100% secure.

10. Cookies and Tracking

We use cookies and similar technologies on our website and ordering platforms to:

  • Ensure website functionality
  • Analyse site usage and performance
  • Personalise content and offers
  • Serve relevant marketing ads

You can manage or disable cookies via your browser settings. For more information, please refer to our [Cookies Policy].

11. Children’s Privacy

We do not knowingly collect data from children under 13. If you believe we have collected such data, please contact us so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be posted on our website or communicated via email. Please check back periodically.

13. Contact Us

If you have any questions, concerns, or wish to exercise your rights, contact:

Data Protection Officer
The Big Bun Theory (One Elysium Ltd)
119A Kenton Road, Harrow, HA3 0AZ
📧 hello@thebigbuntheory.com
📞 020 3305 6732