This policy explains how Carteo collects, uses and protects your personal data. We are committed to handling your information transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this carefully.
1. Who we are
Carteo is a digital menu service for restaurants and food businesses, operating at carteo.co.uk. We are based in the United Kingdom.
For the purposes of UK GDPR, Carteo is the data controller — meaning we decide how and why personal data is processed.
You can contact us at any time at: hello@carteo.co.uk
2. What data we collect
We only collect data that is necessary to provide our service. The information we collect depends on how you interact with us.
| Data | When collected | Why |
|---|---|---|
| Name | Contact form submission | To address you personally in our reply |
| Email address | Contact form submission | To respond to your enquiry |
| Restaurant / business name | Contact form submission | To understand and prepare for your project |
| Country | Contact form submission | To understand your location and service requirements |
| Plan interest & message | Contact form submission | To tailor our response to your needs |
| Usage data | Automatically on site visit | Analytics and website improvement (see cookies section) |
We do not collect payment card details, national insurance numbers, or any sensitive personal data as defined under UK GDPR.
We do not knowingly collect data from individuals under 18. Our service is intended for business owners and their representatives.
3. How we use your data
We use the information you provide to:
- Respond to your enquiry and discuss your digital menu project
- Deliver the Carteo service once you become a client
- Communicate updates, changes or information relevant to your service
- Improve our website and understand how visitors use it
- Comply with our legal and regulatory obligations
We will never sell your personal data to third parties. We will never use your data for unsolicited marketing without your explicit consent.
4. Legal basis for processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
- Legitimate interests — responding to enquiries you have voluntarily submitted through our contact form, and analysing website usage to improve our service.
- Contract performance — processing your data to fulfil our obligations once you become a Carteo client.
- Consent — for the use of non-essential cookies and tracking technologies (Google Analytics, Meta Pixel). You can withdraw this consent at any time.
- Legal obligation — where we are required to process data to comply with applicable law.
5. Cookies & tracking technologies
Our website uses cookies and similar tracking technologies. Some are essential for the site to function; others help us understand how visitors use the site so we can improve it.
| Cookie / service | Type | Purpose |
|---|---|---|
| Google Analytics | Analytics | Tracks page views, session data and user behaviour anonymously to help us improve the website. Data is processed by Google LLC. |
| Meta Pixel | Marketing | Tracks visits and actions on our website to measure the effectiveness of any advertising we run on Facebook or Instagram. Data is processed by Meta Platforms Ireland Ltd. |
You can manage or disable cookies at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.
6. Third parties we work with
We use a small number of trusted third-party services to operate our website and business. Each is carefully chosen and only receives data necessary for their function.
| Third party | Purpose | Data shared |
|---|---|---|
| Google LLC | Website analytics via Google Analytics | Anonymised usage data; IP address (analytics) |
| Meta Platforms Ireland Ltd | Website visit tracking for advertising measurement via Meta Pixel | Anonymised visit and interaction data |
All third-party processors are required to handle your data in accordance with applicable data protection law. Where data is transferred outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).
We do not sell, rent or trade your personal data with any third party for their own marketing purposes.
7. Data retention
We retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.
- Enquiry data (contact form submissions) — retained for as long as is reasonably necessary to manage our business relationship with you, including any follow-up communication.
- Client data — retained for the duration of our service agreement and for a reasonable period thereafter for legal and business purposes.
- Analytics data — retained according to the data retention settings of Google Analytics (default 26 months).
When data is no longer required, we will securely delete or anonymise it.
8. Your rights under UK GDPR
As a data subject, you have the following rights. You can exercise any of these rights by contacting us at hello@carteo.co.uk. We will respond within 30 days.
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct any inaccurate or incomplete data.
- Right to erasure — you can ask us to delete your data where there is no compelling reason for us to continue processing it.
- Right to restriction — you can ask us to restrict processing of your data in certain circumstances.
- Right to data portability — you can request your data in a structured, machine-readable format.
- Right to object — you can object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent — where processing is based on consent (e.g. cookies), you can withdraw that consent at any time.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's data protection regulator. Visit ico.org.uk or call 0303 123 1113.
9. Security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse.
Our website is served over HTTPS (encrypted connection). Form submissions are transmitted securely. Access to your data is limited to those who need it to provide our service.
While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. If you have concerns about data security, please contact us at hello@carteo.co.uk.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal obligations. When we make significant changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.
11. Contact us
If you have any questions, concerns or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
Email: hello@carteo.co.uk
We aim to respond to all data-related requests within 30 days in accordance with UK GDPR requirements.