GDPR Compliance | Big Kahuna

GDPR Compliance

Welcome to Big Kahuna’s GDPR Compliance page. At Big Kahuna Street Food, we are committed to protecting the privacy and personal data of our customers, including EU citizens. This page outlines our compliance with the General Data Protection Regulation (GDPR) and our commitment to data privacy.


What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect in May 2018. It sets out guidelines for the collection, processing, and storage of personal data of individuals within the European Union (EU) and the European Economic Area (EEA).


Our Commitment to Data Privacy

At Big Kahuna Street Food, we take data privacy seriously. We are committed to ensuring that all personal data collected and processed by us is done so lawfully, fairly, and transparently, following GDPR requirements.


Collection and Use of Personal Data

We may collect personal data from EU citizens in the course of our business activities, including but not limited to:

  • Name and contact information (e.g., email address, phone number)
  • Billing and payment information
  • Information provided voluntarily through customer inquiries or feedback

We collect this information to provide our services, process orders, and communicate with our customers effectively.


Legal Basis for Processing

Our legal basis for processing personal data under GDPR may include:

  • The necessity of processing for the performance of a contract (e.g., fulfilling orders)
  • Compliance with legal obligations (e.g., tax and accounting requirements)
  • Consent obtained from individuals for specific purposes (e.g., marketing communications)


Data Security Measures

We have implemented appropriate technical and organisational measures to ensure the security of personal data and prevent unauthorised access, disclosure, alteration, or destruction. These measures include encryption, access controls, and regular security assessments.


Data Subject Rights

Under GDPR, individuals have certain rights regarding their personal data, including the right to:

  • Access their personal data
  • Rectify inaccurate or incomplete data
  • Erase personal data (“right to be forgotten”)
  • Restrict or object to the processing of personal data
  • Data portability

We are committed to facilitating the exercise of these rights by individuals following GDPR requirements.


Data Transfers

In certain circumstances, we may transfer personal data to third parties or service providers located outside the EU/EEA. Any such transfers will be made in compliance with GDPR requirements, including the use of appropriate safeguards such as Standard Contractual Clauses or other legal mechanisms.


Contact Us

If you have any questions or concerns about our GDPR compliance or our handling of personal data, please contact us at

Last updated: 20th June, 2024

Get in touch