Skip to main content
Dublin Cattering
01 477 3691
Legal

Privacy Policy.

What we collect, what we do with it, and the rights you have under the EU General Data Protection Regulation and the Irish Data Protection Act 2018. Last updated 22 May 2026.

Data controller

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Irish Data Protection Act 2018, the data controller is Dublin Cattering, of 84 Synge Street, Portobello, Dublin 8, D08 X4F2, Ireland. Niamh Doherty is the named contact for privacy matters; you can reach her by email at hello@dublincattering.com or by phone on 01 477 3691.

Data we collect

We only collect personal data that you give us directly when you contact us or book an event. Specifically:

  • Name, phone number and email — provided when you ring or email us
  • Event venue address — provided so we can deliver the catering
  • Guest dietary requirements — provided ahead of the event for food-safety purposes
  • Photos or documents you send by email or text relating to the booking
  • Payment details for the deposit and balance — handled by Stripe; we never see or store the full card number, only the last four digits and the cardholder name
  • Anonymous page-view analytics — only if you accept analytics cookies (see cookies policy)

We do not run any cross-site tracking, marketing-pixel installation, or third-party advertising on this website beyond the opt-in analytics cookie.

Lawful basis for processing

Under Article 6 GDPR, we process your personal data on the following bases:

  • Performance of a contract (Article 6(1)(b)) — to scope, quote, deliver and invoice the catering services you've booked
  • Legitimate interests (Article 6(1)(f)) — to maintain a record of past bookings for follow-up and customer-relationship purposes, balanced against your reasonable expectations
  • Legal obligation (Article 6(1)(c)) — to retain invoice and tax records for the periods required by Irish Revenue and food-safety regulators
  • Consent (Article 6(1)(a)) — for optional analytics cookies, only on opt-in

Where we process dietary requirement data that constitutes special category data (data revealing health conditions), our additional lawful basis under Article 9 GDPR is your explicit consent (Article 9(2)(a)) for the purpose of providing food safe for you and your guests to eat.

How we use it

  • To scope, quote and deliver the catering services you've asked us to provide
  • To send you the quote, invoice and receipt
  • To follow up if there's an issue with the event
  • To send a reminder twelve months later if your event anniversary is approaching (you can ask us never to do this)
  • To meet our food-safety regulatory obligations (allergen records, HACCP traceability)
  • To improve the website — anonymous analytics show us which pages help people find a caterer

We don't sell personal data, we don't share it with advertisers, and we don't send unsolicited marketing emails to people who haven't booked us.

Who we share with

A short list. We share data only with processors we genuinely need to run the business.

  • Stripe (Ireland) — handles card payments; receives card details, name, amount, and the work description. Data residency: EU.
  • Google Workspace (Ireland) — hosts our email; receives anything you email us at hello@dublincattering.com. Data residency: EU (Standard Contractual Clauses in place for any US transfer).
  • Sage Business Cloud (Ireland) — accounting; receives invoice line items (name, address, amount).
  • Plausible Analytics (Estonia) — anonymous page-view stats only on opt-in; sets no client-side cookies, captures no personal identifier. Data residency: EU.

We do not transfer your personal data outside the European Economic Area without appropriate safeguards (typically EU Standard Contractual Clauses).

How long we keep it

  • Job records (address, scope, invoice) — seven (7) years (tax compliance under Irish Revenue rules)
  • Quote requests where you didn't book — twelve (12) months, then deleted
  • Dietary requirement / allergen records — five (5) years (HSE food-safety traceability)
  • Photos sent during the booking process — until the event is complete and a further six months, then deleted
  • Email exchanges — twenty-four (24) months, then archived to a closed folder

Your rights under GDPR

As a data subject in the EU, you have the right to:

  • Be informed about how we process your data (this notice)
  • Access the personal data we hold about you (subject access request)
  • Rectify any inaccurate or incomplete personal data
  • Erasure ("right to be forgotten"), subject to our retention obligations for tax and food-safety records
  • Restrict our processing in certain circumstances
  • Data portability — receive your data in a structured, commonly-used format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where we process on the basis of consent)
  • Lodge a complaint with the supervisory authority (the Irish Data Protection Commission — see below)

To exercise any of these rights, email hello@dublincattering.com with the word "PRIVACY" in the subject line. We respond inside thirty (30) days as required by Article 12 GDPR — and almost always inside seven (7) working days in practice.

Security

We use industry-standard practices: TLS for the website, two-factor authentication on Google Workspace and Sage Business Cloud, encrypted backups of the job-records database, locked file cabinet for any hard-copy contract paperwork. None of these are an absolute guarantee against a sophisticated breach, but they cover the realistic threat profile of a three-person catering business.

In the event of a personal data breach affecting your rights, we will notify the Data Protection Commission within 72 hours where required by Article 33 GDPR, and notify you directly where the breach is likely to result in a high risk to your rights and freedoms.

Complaints to the Data Protection Commission

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Irish supervisory authority:

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
Phone: 01 765 0100 · Email: info@dataprotection.ie · Website: dataprotection.ie

Contact us about privacy

Email hello@dublincattering.com with "PRIVACY" in the subject line. Or ring 01 477 3691 and ask for Niamh. We respond inside seven (7) working days for written requests.