Privacy Policy

Last updated: June 2026

This policy explains how Solacore handles personal data. Solacore is operated by Andrew van Rooyen, trading as Solacore (“we”, “us”, “our”), an online business based in Southend-on-Sea, UK. For any privacy questions or to exercise your data rights, please contact us at hello@solacore.co.uk.

1. The two ways we handle data

Under data protection laws, our responsibilities depend on our relationship with you:

• As a Data Controller: When you visit our website, fill out an enquiry form, or request a product demo, we act as the Data Controller. We decide how and why your information is processed.
• As a Data Processor: When we host or manage a restaurant's booking system, the restaurant is the Data Controller. We act strictly as a Data Processor, handling diner information solely on the restaurant's written instructions to provide our service. If you are a diner with a question about your booking data, please contact the restaurant directly.

2. What personal data we collect (as Controller)

We collect and process the following information when you interact with our website:

• Identity & Contact Data: Your name, email address, telephone number, and restaurant name provided when submitting forms.
• Enquiry Details: Any specific information you share regarding your current operations or setup.
• Technical & Usage Data: Your internet protocol (IP) address, browser type, device details, approximate geographic location, and data on how you interact with our website.

3. How and why we use your data (Lawful Bases)

We only use your personal data when the law allows us to. Under the UK GDPR, we rely on the following legal bases:

• To respond to enquiries and arrange product demos: We process your data based on our Legitimate Interests to manage incoming business requests.
• To provide and bill for our services: If you become a client, we process your data for the Performance of a Contract with you.
• To send business updates or marketing: If you have requested information, we may send relevant updates based on our Legitimate Interests, or your Consent where required. You can opt out at any time.
• To meet legal requirements: We may process data to comply with statutory Legal Obligations (e.g., tax reporting).

4. Who we share your data with

We do not sell, rent, or trade your personal data. We share your information only with trusted third-party service providers who assist us in operating our business and are legally bound to protect your data:

• Supabase: For secure database hosting and data management.
• GoCardless: For managing secure Direct Debit and recurring client payments.
• Email Service Providers: For routing transactional emails, booking confirmations, and enquiries.
• Legal Authorities: We may disclose your data if strictly required by law, regulation, or a court order.

5. International data transfers

Some of our external service providers may be based outside the UK or the European Economic Area (EEA). Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• The country has been deemed to provide an adequate level of protection by the UK authorities.
• We use specific Standard Contractual Clauses (SCCs) or the International Data Transfer Addendum (IDTA) approved for use in the UK.

6. Data retention

We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements:

• Enquiry Data: Retained for up to 12 months following our last contact if no contract is signed.
• Client Data: Retained for the duration of your contract and for a period of up to 6 years following contract termination to comply with UK financial and tax laws.

7. Your legal rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of any inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): Request deletion of your data where there is no good reason for us continuing to process it.
• Right to Object/Restrict: Object to or restrict processing based on legitimate interests or direct marketing.
• Right to Data Portability: Request the transfer of your data to you or a third party.

To exercise any of these rights, please email us at hello@solacore.co.uk. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way. We limit access to your personal data to those with a genuine business need to know.

9. Policy updates

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.