Privacy Policy & Data Governance

Last Updated: May 2026

PIECARAMBA MANUFACTURING LIMITED (“we”, “us”, or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Policy outlines our data processing practices in strict accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant international standards.

1. Data Controller Information

The data controller responsible for your personal information is PIECARAMBA MANUFACTURING LIMITED, registered at Secure House, Lulworth Close, Chandler's Ford, SO53 3TL, United Kingdom. Any inquiries regarding data protection should be directed to our Data Protection Officer (DPO) at info@thecrusttale.sbs.

2. Scope of Data Collection

We collect and process personal data that is necessary for the performance of our manufacturing and logistical services, as well as for the maintenance of our corporate relationships. This data includes, but is not limited to:

Identity Data: Full names, professional titles, and corporate affiliations.
Contact Data: Professional email addresses, telephone numbers, and delivery addresses.
Technical Data: IP addresses, browser types, and session information collected via our website's secure logs.
Transaction Data: Details of services rendered, payment information, and logistical telemetry.

3. Lawful Basis for Processing

Under the UK GDPR, we rely on several lawful bases for processing your data:

Performance of a Contract: Processing necessary for the fulfillment of manufacturing orders and logistical services.
Legal Obligation: Processing required to comply with United Kingdom tax, employment, and food safety laws.
Legitimate Interests: Processing necessary for the improvement of our manufacturing processes, website security, and business development.
Consent: Explicit permission provided by you for marketing communications or specific data processing tasks.

4. Data Retention and Security

We implement industry-leading security measures to prevent unauthorized access, disclosure, or alteration of your data. This includes AES-256 encryption for data at rest and TLS 1.3 for data in transit. We retain personal data only for as long as is strictly necessary to fulfill the purposes for which it was collected, typically seven (7) years for financial and contractual records to comply with UK statutory requirements.

5. Your Statutory Rights

As a data subject, you possess extensive rights regarding your information:

Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request that we correct any inaccuracies in your data.
Right to Erasure (“Right to be Forgotten”): You may request the deletion of your data where no overriding legal basis for retention exists.
Right to Data Portability: You may request that your data be transferred to another service provider in a structured, machine-readable format.

To exercise any of these rights, please contact our DPO via the details provided in Section 1.

6. International Data Transfers

In the course of our global logistical operations, data may be transferred to entities outside the United Kingdom or the European Economic Area (EEA). We ensure that all such transfers are governed by Standard Contractual Clauses (SCCs) or other adequacy mechanisms recognized by the UK Information Commissioner’s Office (ICO).

7. Complaints

If you believe that your data has been handled inappropriately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.