Privacy Policy


What does Lunchtab Inc Do?

Lunchtab provides a service to the school and the user to keep and maintain a ledger of transactions between both parties. These include the details of the user, any order and purchase transactions of goods and services that the school provides to the user.


Why Personal Data is Used

In order to provide this service, Lunchtab must hold personal data related to the user to identify who makes a transaction or registers an intent to make a transaction. The resultant ledger holds personally identifiable data which allows both the school and the user to see a history of transactions, an intent to make future transactions, an account balance and information related to those transactions (for example, allergies, dietary restrictions, spending restrictions, the subject of the transaction, the date time and location).

Lunchtab processes the data for the following reasons: –

  • To provide the service under contract between the school and Lunchtab
  • To verify the users’ identity for the purposes of using the services
  • To improve the products and services offered to Lunchtab’s customers
  • To provide ongoing administration of the service
  • To facilitate prevention and detection of crime, fraud and to adhere to anti-money laundering regulations
  • To comply with legal and regulatory obligations
  • To ask the user their opinion of the service provided by Lunchtab in order to improve the service
  • To ask the user their opinion of the service provided by the school in order that the school may improve its services offered to the user
  • For research and analysis purposes (only anonymised data is used)


Special Category Data

Special category data is personal data which needs more protection because it is sensitive. Lunchtab optionally collects and processes biometric data for identification purposes.

The lawful basis for this processing is based on acquisition of consent from the user in order to provide an enhanced service on the school premises. The condition of processing is based only on this consent which may be withdrawn at any time.

When the consent is not given, no biometric data will be collected or processed and when the consent is withdrawn (and when the limit of data retention is reached) all biometric data will be permanently removed.

As with all other personal data that Lunchtab holds, biometric data is never shared with a third party, it is never transferred outside lunchtab’s systems and encryption is always used when this data is in transit and at rest.

For those users who do not wish to have their biometric data collected and used, alternative identification methods will be made available. The user will not suffer any penalty or degradation in service should they opt not to provide biometric data.


How we process the data

Lunchtab acquires the personal data either directly from the school or by authority from the school via a third party who also acts as either a data processor or data controller under contract with the school.

Lunchtab and its employees have access to the personal data and use it only for the purposes of providing the services to the school and the user.

Some of our supporting services (e.g. Sendgrid for email transmission) might use cloud platforms from third countries. Where this is the case, we ensure that adequate safeguards are put in place to protect the data.


Lawful Basis for Data Processing

Lunchtab requires that the user gives consent to use its services. Lunchtab has services which are directly for use by children. In all cases, consent must be given by an adult and where children are concerned, the consent must be given by the child’s parent or guardian.


What Data is Used

The following personally identifiable data belonging to the data subject is processed and stored: –


Mandatory or Optional

Reason for holding data

Customer Name


To identify the person

Customer External Id


To identify the person – this may be used to identify the person on a third-party system

Family Memberships


To identify which family/families the user belongs to in order to associate balance affecting transactions

Consumer Classification


To group consumers together according to business need. For example: – “Grade 6” or “Faculty and Staff”

Date of Birth


to help identify people who share a name

Profile Image


to help identify a person at the POS

Email Address


This is mandatory if the user wants to use the web application. For children who do not and only need to record transactions at the POS, it is optional

Password Hash


As for email addresses.

This is used to authenticate a user logging into the web application or a cashier logging into the POS application.



to authenticate the card used to access the account of the card holder

Fingerprint Template


To identify the user at the POS

Product Restrictions


This may contain disliked products or harmful allergens. It is used to alert the cashier of any purchases which should be queried

Family Name


This is used to hold the family account balance against.

Family Code


to identify the family in lunchtab and which may be used to identify the family on a third-party system

Family Address


to help identify families who share a name. To allow the system administrators to contact families who owe or are owed money in the event that they are not contactable via email



The system holds operational transaction data in order to provide the user a record of the family activity and also to prepare financial and accounting documents for local / international tax authorities



This is either a purchase of something yet to be delivered or an indication of intent to purchase


Individual Rights

GDPR provides the following rights to individuals


The right to be informed

The user will be informed at the time of registration for the service by means of a terms and conditions page which must be agreed to before the user can use the services. The terms and conditions will contain the full privacy policy. Any changes to the terms and conditions will be emailed to the user at which point they may opt out of using the services.


The right to access

Most personal information can be accessed directly by the user through the lunchtab application at any time however, should this not be possible the user can submit a data subject access request which will be logged and actioned, providing the relevant information to the user within one month of the initial request.


The right to rectification

The user has the right to request that any inaccurate information is corrected. In some circumstances the user must make the request to the data controller (the school) who will then action (or pass on) the data correction to Lunchtab.


The right to erasure

The user has the right to be forgotten and may request either verbally or in writing that lunchtab removes their data. On request, Lunchtab will remove or anonymise all data related to the user and will write to the user to confirm this within one month of the initial request. User data will also be removed or anonymised according to the normal data retention policy.

Personal data may exist in backup systems for up to one month following the removal or anonymization process after which point it will be overwritten once the retention schedule expires. The backup data is beyond use for any operation other than for disaster recovery purposes.


The right to restrict processing

The user has the right to request that the user’s personal data is restricted in processing. Upon receiving such a request, Lunchtab will, without unreasonable delay, suspend the user account and notify the user. A suspended user account cannot be used with the scoped services of the system. This restriction would usually be temporary because for an indefinite period, we would remove or anonymize the personal data.


The right to data portability

The user may at any point request a copy of their personal data and lunchtab will, within one month, provide to the user a copy of the data in a commonly used and well-structured format. The request will be logged and the user will be notified. Any data will be transferred to the user in a secure manner.


The right to object

The user has the right to object to their data being processed and lunchtab will, without unreasonable delay and within one month of receiving the request, remove or anonymize the data. The request will be logged and the user will be notified.



Lunchtab will keep the personal data for as long as is necessary to deliver the services to the school and the user. The data controller (school) may retain information for longer according to their own policy.


How long we keep your information

A user (or family) account will be removed or anonymized within 12 months of the date that the user or family leaves the school (or within 1 month of the receipt of a request that their data should be removed).


Privacy Notice

Lunchtab maintains and publishes its privacy notice on its website and also links to this within the terms of service that users must agree to before they can use the services.


Changes to Privacy Notice

Lunchtab may change the privacy notice and will ensure that these changes are reflected on its website. All users will be advised of any changes to the privacy notice and may withdraw their consent for lunchtab to process data at any time.

If you have any questions or queries, please contact our Data Protection Officer at [email protected]