Facebook Instagram Linkedin

Delivery Cut Off: 

Hrs
Mins

Shop Now

Privacy Policy

Last Updated: September 22, 2025

Hunt’s Food Group Ltd (“we”, “us”, or “our”) is committed to protecting your privacy and ensuring that your personal data is handled in a way that is fair, transparent, lawful, and secure. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and the Data (Use and Access) Act 2025 (DUAA). These laws form the foundation of data protection in the UK and are designed to protect individuals’ rights regarding their personal information.

We are a wholesale food solutions provider based in the South of England, supplying high-quality food, drink, catering, and retail products to over 6,000 business customers in sectors such as education, healthcare, hospitality, and retail. Our operations involve processing personal data primarily for business-to-business (B2B) purposes, but we also respect the privacy of any individuals whose data we handle.

This policy applies to all personal data we process, whether collected through our website (www.huntsfoodgroup.co.uk), email communications, order forms, account management systems, or other interactions. If you do not agree with the terms of this Privacy Policy, please do not provide us with your personal data or use our services.

For any questions about this Privacy Policy or our data protection practices, please contact our Data Protection Officer (DPO) at the details provided below.

1. Who We Are and Our Contact Details

Hunt’s Food Group Ltd is the data controller responsible for your personal data. Our registered address is:

Hunt’s Food Group Ltd – Ludbourne Rd, Sherborne, Dorset, DT9 3NJ Email: privacy@huntsfoodgroup.co.uk Phone: 01935 810200

Data Protection Officer (DPO): Tom Garratt Email: dpo@huntsfoodgroup.co.uk

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. Contact details: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113. Website: www.ico.org.uk. We encourage you to contact us first to resolve any issues.

2. What Personal Data We Collect

Personal data means any information relating to an identified or identifiable natural person. We collect the following types of personal data, depending on your interactions with us:

  • Identity Data: Name, job title, company name, and professional contact details (e.g., work email, work phone number).
  • Contact Data: Business address, email address, and telephone numbers.
  • Transaction Data: Details of orders, purchases, payment information (e.g., bank account details for B2B invoicing), and delivery addresses.
  • Technical Data: IP address, browser type, device information, and website usage data (e.g., pages visited, time spent on site) collected via cookies or similar technologies.
  • Marketing and Communications Data: Preferences for receiving marketing communications, feedback, and survey responses.
  • Special Categories (if applicable): We do not typically collect sensitive data (e.g., health or biometric data), but if required for specific catering needs (e.g., dietary allergies in orders), we will only process it with explicit consent.

We do not collect data from individuals under 18 years old and have no reason to believe we process data of minors.

3. How We Collect Your Personal Data

We obtain personal data in the following ways:

  • Directly from you: When you fill out contact forms on our website, place orders, register for an account, subscribe to newsletters, or correspond with us via email or phone.
  • Indirectly from third parties: From business partners, suppliers, or public sources (e.g., Companies House for company details) when verifying customer accounts or for B2B marketing.
  • Automated technologies: Through our website, using cookies, server logs, and analytics tools to track usage.
  • Electronic communications: Via email or our website for marketing purposes, in compliance with PECR.

4. How We Use Your Personal Data

We only process your personal data where we have a lawful basis under UK GDPR and DPA 2018. The main purposes and lawful bases are:

 
Purpose Lawful Basis Details
To provide and manage our products/services (e.g., processing orders, delivering goods) Contractual necessity (Article 6(1)(b) UK GDPR) Essential for fulfilling B2B contracts.
To manage customer relationships (e.g., account administration, billing) Legitimate interests (Article 6(1)(f) UK GDPR) Our interest in efficient business operations, balanced against your rights.
For internal record-keeping, financial reporting, and compliance Legal obligation (Article 6(1)(c) UK GDPR) Required under tax laws and accounting standards.
To improve our website and services (e.g., analytics) Legitimate interests (Article 6(1)(f) UK GDPR) To enhance user experience without infringing privacy.
For marketing (e.g., sending B2B newsletters or promotions) Consent (Article 6(1)(a) UK GDPR) or Legitimate interests (for similar products) Under PECR, we obtain opt-in consent for electronic marketing; soft opt-in for existing customers.
To prevent fraud or ensure security Legitimate interests (Article 6(1)(f) UK GDPR) Protecting our business and networks.

Under the DUAA 2025, we ensure any automated decision-making (e.g., credit checks) is transparent and includes human review where it significantly affects you. We do not engage in solely automated decisions.

If we process special category data, we rely on explicit consent (Article 9(2)(a) UK GDPR).

5. Who We Share Your Personal Data With

We may share your personal data with trusted third parties to operate our business, but only where necessary and under strict confidentiality agreements. Recipients include:

  • Service Providers: IT providers, payment processors (e.g., for B2B invoicing), delivery couriers, and CRM systems (e.g., hosted in the UK/EEA).
  • Business Partners: Suppliers or affiliates for order fulfillment.
  • Professional Advisers: Accountants, lawyers, or auditors for compliance.
  • Regulatory Authorities: If required by law (e.g., HMRC) or to protect rights.
  • Marketing Platforms: Only with consent, for targeted B2B communications.

We do not sell your data. International transfers (if any, e.g., to non-UK suppliers) are protected by UK adequacy decisions or standard contractual clauses, in line with UK GDPR Chapter V.

6. Cookies and Electronic Communications

Our website uses cookies to enhance functionality and analyze usage. Cookies are small text files stored on your device.

  • Essential Cookies: Necessary for site operation (e.g., session management). No consent required.
  • Analytics Cookies: Track site performance (e.g., Google Analytics – anonymized). Consent obtained via cookie banner.
  • Marketing Cookies: For personalized ads (rare for B2B). Opt-in consent required.

You can manage preferences via our cookie banner or browser settings. For details, see our Cookie Policy [link if separate].

Under PECR, we ensure privacy in electronic communications: we do not use automated calls without consent, protect traffic/location data, and provide clear opt-out options for marketing emails/SMS (e.g., unsubscribe links).

7. Data Security and Breaches

We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and regular audits. This includes safeguards against unauthorized access, loss, or damage.

In the event of a personal data breach, we will notify the ICO within 72 hours if it poses a risk to rights and freedoms, and affected individuals if high risk, per UK GDPR Article 33-34.

8. How Long We Keep Your Personal Data

We retain personal data only as long as necessary for the purposes outlined, or as required by law:

  • Order data: 7 years for tax/compliance.
  • Marketing data: Until consent withdrawn or 2 years inactivity.
  • Technical data: 26 months for analytics.

After this, data is securely deleted or anonymized.

9. Your Rights Under Data Protection Law

Under UK GDPR and DPA 2018, you have the following rights regarding your personal data. We respond to requests free of charge within one month (extendable for complex cases):

  • Right of Access: Request a copy of your data.
  • Right to Rectification: Correct inaccurate data.
  • Right to Erasure (“Right to be Forgotten”): Delete data where no longer needed (subject to legal obligations).
  • Right to Restriction: Limit processing in certain cases.
  • Right to Data Portability: Receive data in a structured format (for contractual data).
  • Right to Object: To processing based on legitimate interests or for marketing.
  • Right to Withdraw Consent: At any time, without affecting prior processing.
  • Rights re Automated Decisions: Not to be subject to decisions with no human involvement.

To exercise rights, email privacy@huntsfoodgroup.co.uk. We may verify identity.

10. Changes to This Privacy Policy

We may update this policy to reflect legal changes or business needs. Significant updates will be notified via email or website notice. Continued use constitutes acceptance.

11. Additional Compliance Notes

This policy aligns with the DUAA 2025 amendments to UK GDPR/DPA/PECR, including enhanced transparency for digital verification and smart data schemes (though not currently applicable to our B2B model). We conduct regular Data Protection Impact Assessments (DPIAs) for high-risk processing and maintain records of processing activities as required for organizations like ours (over 250 employees or sensitive data processors).

For further information on our compliance, contact our DPO. This policy is reviewed annually or upon legislative changes.