This Privacy Policy explains how UKBD TECH LTD trading as CROWN EPOS (“we”, “us”, “our”) collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are committed to protecting the privacy of our clients, their staff, and their customers.
1.Who We Are (Data Controller Information)
UKBD TECH LTD trading as CROWN EPOS — Company No: 13450076
Registered Address: Ashley House Business Centre, Suite 301, 235–239 High Road, Wood Green, London N22 8HF
Email: [email protected] · Phone: +44 (0)7522 58 11 22
For the purposes of UK GDPR, we act as:
- Data Controller for restaurant clients using our POS, RMS, and online ordering platform
- Data Processor for customer order data processed on behalf of restaurants
- Technology Provider for payment processing integrations (e.g., Stripe, Ryft)
2.Data We Collect
We may collect the following categories of personal data:
A. Restaurant Clients (Merchants)
- Business name and address
- Contact name(s)
- Email address and phone number
- Login credentials (encrypted)
- Billing and subscription information
- Device information (IP address, browser type, OS)
B. Restaurant Staff
- Names
- User accounts and login activity
- POS usage logs
- Permissions and role settings
C. End-Customers (Restaurant Customers)
Collected only when placing orders through the restaurant’s online ordering system:
- Name
- Phone number
- Delivery address (if applicable)
- Order details
- Transaction metadata (NOT card details)
D. Technical & Usage Data
- IP addresses
- Device identifiers
- Browser information
- Access logs
- Error logs
- Security logs
3.How We Use Personal Data
We process personal data for the following purposes:
- To provide POS, RMS, and online ordering services
- To manage client accounts and subscriptions
- To deliver technical support
- To improve system performance and security
- To comply with legal and regulatory obligations
- To prevent fraud and misuse of our platform
- To enable payment processing through integrated payment merchants
We do not sell personal data.
4.Legal Basis for Processing (UK GDPR Article 6)
We process data under the following lawful bases:
- Contractual necessity — to provide services to our clients
- Legitimate interests — platform security, fraud prevention, service improvement
- Legal obligation — accounting, tax, anti-fraud, regulatory compliance
- Consent — where explicitly required (e.g., marketing communications)
5.Payment Processing & Card Data
CROWN EPOS does not store, process, or transmit cardholder data.
All payments are handled securely by the integrated payment merchant (e.g., Stripe, Ryft) in accordance with PCI-DSS Level 1 requirements.
We only receive:
- Transaction status
- Transaction reference
- Fee information
We never receive card numbers, CVV, or full payment details.
6.Sharing of Personal Data
We may share data with:
- Payment processors (e.g., Stripe, Ryft)
- Cloud hosting providers
- Technical support partners
- Analytics and security services
- Regulators or law enforcement (only when legally required)
We do not share data with advertisers or unrelated third parties.
7.International Data Transfers
We do not actively share personal data with third parties outside the UK. However, personal data stored within our hosting environment may be accessible to our hosting service provider as part of their infrastructure management responsibilities.
If any data is transferred or accessed outside the UK by our hosting provider or integrated service partners, we ensure that appropriate safeguards are in place, such as:
- UK adequacy regulations
- Standard Contractual Clauses (SCCs)
- Equivalent data-protection measures
We only use reputable, GDPR-compliant service providers.
8.Data Retention
We retain data only for as long as necessary:
- Client account data — retained while the account is active
- Order data — retained according to restaurant requirements
- Logs and security data — typically 12–24 months
- Financial records — minimum 6 years (legal requirement)
After retention periods expire, data is securely deleted or anonymised.
9.Your Rights Under UK GDPR
You have the right to:
- Access your data
- Correct inaccurate data
- Request deletion (where applicable)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent (where applicable)
- Lodge a complaint with the ICO
To exercise your rights, contact: [email protected]
10.Security Measures
We implement:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted storage for sensitive data
- Access controls and authentication
- Regular security audits
- Firewalls and intrusion detection
- Strict staff access policies
We take all reasonable steps to protect personal data.
11.Cookies & Tracking
Our platform may use cookies for:
- Authentication
- Session management
- Security
- Performance monitoring
Users can control cookies through their browser settings.
12.Restaurants’ Responsibility for Customer Data
Restaurants using our platform act as Data Controllers for their customers’ order information.
They are responsible for:
- Managing customer data
- Handling customer refund requests
- Responding to customer data rights requests
We act as their Data Processor for order-related data.
13.Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be published on our website.
14.Contact Information
UKBD TECH LTD trading as CROWN EPOS
Email: [email protected]
Phone: +44 (0)7522 58 11 22
Address: Ashley House Business Centre, Suite 301, 235–239 High Road, Wood Green, London N22 8HF