Customer Privacy Policy (covers all Longdan stores & franchisees)

Controller
Longdan Glasgow Ltd (“Longdan”, “we”, “us”). 4 Estate Way, London, E10 7JN, United Kingdom. privacy@longdan.co.uk

Scope
This policy explains how we handle personal data when you message Longdan via WhatsApp Business (Cloud API) and when our franchisees use our app to support those conversations. Franchisees act as our authorised users/processors; Longdan remains the data controller.

Data we process

  • Contact & identifiers: phone number, display name, profile image (if provided).
  • Conversation data: message content and attachments you send; timestamps; store/location; team member responding.
  • Preferences: your opt-in/opt-out for marketing.
  • Technical & logs: delivery/read metadata generated our systems.
  • We do not want sensitive data in chat (e.g., full card numbers, bank details, government IDs, health information). Please don’t send these—our staff will never ask for them in WhatsApp.

Sources

Directly from you in WhatsApp and our app; platform‑provided messaging metadata necessary to deliver the service.

Purposes & legal bases (UK GDPR)

  • Customer support & service messages (answer questions, fulfil requests, order/delivery updates): Contract / Legitimate interests.
  • Marketing messages (offers, product news): only with your prior opt‑in collected outside WhatsApp; you can opt out at any time: Consent.
  • Security/fraud prevention/quality: Legitimate interests and Legal obligation where applicable.

WhatsApp Cloud API specifics

  • We use the WhatsApp Cloud API hosted by Meta. Meta provides the messaging infrastructure and related security controls.
  • Outside the standard customer‑service window, we only send approved message templates. We honour opt‑outs and only message people who have provided their number and consent where required.

Sharing

  • Processors (including franchisees): authorised users acting on our instructions.
  • Meta (WhatsApp): for message delivery/operations.
  • Other processors: hosting/IT/security providers supporting our systems. We do not sell personal data.

International transfers

Where data is transferred outside the UK, we use recognised safeguards (e.g., UK Addendum to EU SCCs) or another valid mechanism.

Retention

  • Message content & attachments: 12 months, then delete.
  • Message metadata/logs: 18 months.
  • Marketing opt in/opt out records: while consent is active + 24 months after opt out (audit).
  • Backups: up to 30 days then overwritten.

Security

Access controls and authentication, encryption in transit and at rest (where applicable), logging, and least privilege administration. (The Cloud API is hosted by Meta, which maintains relevant security certifications.)

Your rights

You can request access, correction, deletion, restriction, objection (including to marketing), portability, and withdraw consent.

How to exercise rights

Email privacy@longdan.co.uk first and last name, email address, and the phone number you use on WhatsApp. We’ll verify your identity and respond within UK GDPR timelines.

Children

Our services are not intended for children under 13. Please do not message us via WhatsApp if you are under 13.

Do not send sensitive data in chat

Please do not send full payment card numbers, bank details, government IDs, health data, or other sensitive information via WhatsApp. We will never request these in chat.

Relationship to platform terms

Nothing in this policy supersedes or conflicts with Meta’s Platform Terms or WhatsApp policies applicable to platform data.

Updates & contact

We may update this policy; we’ll post the latest version with the effective date. Contact: privacy@longdan.co.uk | Longdan Glasgow Ltd, 4 Estate Way, London, E10 7JN, UK.