Privacy Policy
Last updated: 30 June 2026
This privacy policy applies to the Picky customer app and the
Picky Staff app (collectively, "the apps") and the website
getpicky.co.uk. The apps and website are
operated by Match Tees Valley CIC ("Match Tees Valley", "we",
"us", "our") — a Community Interest Company registered in England &
Wales, with registered office at 7-9 Victoria Road, Hartlepool, TS25 7SE.
Our trading venue (where food is prepared and collected) is Blue Valentines,
48 Church Street, Hartlepool, TS24 7EB.
We take your privacy seriously and only collect what we need to run the
service. This policy explains what we collect, why, how long we keep it,
and your rights under the UK GDPR.
1. What we collect
Picky (customer app)
- Order information — items ordered, delivery / collection address, time slot, special instructions, allergy notes you choose to provide.
- Contact details — name, phone number, email address, used to confirm your order and deliver it.
- Payment information — handled entirely by Stripe (our payment processor). Card numbers never touch our servers — Stripe returns us a token only.
- Device push token — if you grant push notification permission, we store an anonymous token tied to your account so we can notify you when your order is accepted, ready, or out for delivery.
- App analytics — basic usage statistics (which screens are visited, errors encountered) to improve the app. Not linked to your identity.
Picky Staff (driver / kitchen / bar / admin app)
- Staff member identity — name, role, PIN (hashed). Set up by the venue manager.
- Location data — when signed in as a driver and actively on a delivery run, the app collects your phone's GPS location so we can show the customer your ETA and route. Location is only collected during active delivery shifts, not when the app is in the background or you've signed out.
- Order action logs — when you accept, prepare, or complete an order, we record who did what + when, for accountability.
2. Why we collect it
Each category of data has a single, specific purpose:
- Orders + contact — to take, prepare, and deliver your order. Without these we cannot fulfil the order.
- Payment — to charge for what you ordered. Processed by Stripe (a PCI-DSS Level 1 service provider).
- Push token — to send order status notifications. Optional — you can decline at install and use the app fine without push.
- Driver location — to show customers when their food will arrive and improve route efficiency. Optional — drivers can sign out to stop sharing.
- Staff action logs — internal accountability and dispute resolution (e.g. "this order was marked ready by Laila at 18:47").
3. How long we keep it
- Order history — 6 years (HMRC accounting requirement).
- Driver location samples — 30 days, then deleted. Used for delivery analytics, never sold or shared.
- Push tokens — until you uninstall the app or sign out, whichever is sooner.
- Marketing emails (if you opt in) — until you unsubscribe.
4. Who we share it with
We share only the minimum needed to run the service:
- Stripe (payment processing) — card details + amount only. Stripe's privacy policy.
- Hetzner Cloud (server hosting) — all data is stored on their servers located in Falkenstein, Germany. Hetzner's privacy policy.
- Apple / Google (push notification delivery) — receives the push token and the message content only when we send a notification. No personal information is included in the push payload beyond what you've ordered.
- Our kitchen brands — the kitchens fulfilling your order (DING, Hot Club, Mexi-Shan, Bao & Bun) see your name, what you ordered, and delivery time, so they can prepare it. They do not have access to payment details or location data.
We do not sell or share personal data with any other third party, nor do we use it for any advertising
or profiling purpose.
5. Your rights under UK GDPR
You have the right to:
- Access — request a copy of all personal data we hold on you.
- Rectify — correct any inaccurate information.
- Erase ("right to be forgotten") — request deletion of your data. We will comply unless we have a legal obligation to retain it (e.g. tax records for completed orders).
- Restrict processing — ask us to stop using your data while a dispute is resolved.
- Object — to direct marketing (unsubscribe link in every marketing email).
- Data portability — receive your data in a machine-readable format.
To exercise any of these rights, email
info@bluevalentines.co.uk.
We'll respond within 30 days. If you're not satisfied with our response, you
have the right to lodge a complaint with the
Information Commissioner's Office.
6. Children
The apps are intended for users aged 16 or over. We do not knowingly collect
information from anyone younger. Parents who believe their child has
submitted information should email us at
info@bluevalentines.co.uk
and we will delete it.
7. Cookies and similar technologies
The website uses one essential session cookie to keep you logged in. We do
not use third-party tracking cookies or advertising pixels. The apps do not
use cookies — they use local secure storage to remember your login.
8. Changes to this policy
If we make material changes to this policy we'll update the "Last updated"
date at the top and, where the change affects you, send a notification
through the app. Minor wording changes (e.g. spelling fixes) we may make
without notification.
9. Contact
Questions about this policy or your data?
← Back to Picky