Effective Date: Effective Date: 17th December 2025 (framework updated to confirm the “Delivery Responsibility, Risk Allocation and Accountability Policy” as the apex document governing complaints, refunds, disputes, and evidence handling; all users who accepted this Privacy Policy prior to 17 December 2025 are deemed to have accepted these framework updates by their continued use of the Platform after that date).
Business Name: Virtuous Restaurants Ltd
Website & Dashboard: www.virtuousrestaurants.com
Virtuous Restaurants (“we,” “us,” or “our”) values your privacy and is committed to protecting the personal information of our customers, restaurants, and delivery drivers. This Privacy Policy explains how we collect, use, store, and share personal data when you use our website, mobile apps, delivery driver app, or ordering widgets (“Platform”), and your rights regarding that information.
Your privacy is a top priority. Our Privacy Policy explains how we collect, use, store, and protect your personal data, and your rights under UK GDPR and the Data Protection Act 2018.
This Privacy Policy forms part of the overall contractual framework together with our Terms of Use and Delivery Responsibility, Risk Allocation and Accountability Policy. In the event of any inconsistency regarding complaints, refunds, disputes or risk allocation, the Accountability (Technology Partner) Policy shall prevail.
Customers:
Name, email, phone number, delivery address, payment details, order history.
Device and browser information, IP address, and cookies used in the ordering widget.
Location information if applicable for order tracking.
Restaurants:
Business information, contact details, menu items, payment information, and tax documents.
Login credentials and device/browser data.
Delivery Drivers:
Name, email, phone number, vehicle details, license and insurance documentation, background check information.
Location data collected during deliveries via the driver app.
Device identifiers, IP address, and app usage data.
Automatically Collected Information:
IP addresses, browser type, device identifiers, operating system, and usage analytics from the website, apps, and widgets.
Cookies and tracking technologies for functionality, performance, and analytics.
User-Generated Content:
Reviews, ratings, messages, and photos submitted through the Platform.
We use the information to:
Facilitate orders, deliveries, and payments.
Communicate with users regarding orders, account activity, service updates, and marketing (if consented).
Verify identity, eligibility, licenses, and insurance for restaurants and drivers.
Improve and optimise the Platform’s functionality, performance, and security.
Comply with legal obligations, audits, and regulatory requirements.
Complaints, refunds, disputes and evidence handling: We process personal data (including messages, photos, videos, location/GPS data, and order records) strictly for administrative facilitation purposes only, in accordance with our Delivery Responsibility, Risk Allocation and Accountability Policy (incorporated into the Terms of Use). This includes forwarding evidence and messages to the relevant restaurant (or driver) when requested, and processing refunds or remedies solely where the restaurant has given prior written authorisation. We do NOT use such data to investigate, review, decide, determine, approve, deny, or otherwise influence the substantive outcome of any complaint, refund request, dispute, or risk allocation issue. All substantive decisions remain the sole responsibility of the relevant restaurant (subject always to non-excludable statutory consumer rights under UK law, including the Consumer Rights Act 2015).
Essential cookies: Required for login sessions, ordering widget functionality, and cart/session management.
Non-essential cookies: Used for analytics, performance monitoring, and optional marketing.
Driver tracking: GPS/location data collected for routing and delivery purposes; only stored as long as necessary.
Users can opt out of non-essential cookies via browser/app settings.
Disabling essential cookies may limit Platform functionality.
We implement appropriate technical and organisational measures to safeguard your personal data:
Encryption: SSL encryption for sensitive data, including payment information
Access Control: Only authorised personnel can access personal data
Data Retention: Personal data is retained only as necessary or as required by law
Regular Audits: Security audits and risk assessments to maintain compliance
Data Hosting: All personal data collected through the AI-Assistant Dashboard is securely stored on a dedicated UK-based server, ensuring full compliance with UK data protection regulations. Our server infrastructure provides ISO-certified security, robust encryption, high availability, fast performance, proactive monitoring and rapid threat response, guaranteeing the integrity, confidentiality and reliability of your information. No system is completely secure, and users acknowledge that we cannot guarantee absolute security.
The Platform is not intended for children under 13: We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected such data, it will be deleted immediately.
The Platform is not intended for, and we do not knowingly collect personal data from, children under the age of 13. We do not offer information society services directly to children under 13.
We do not sell personal information to third parties.
We may share personal information with:
Restaurants and drivers to fulfill orders.
Payment processors, delivery logistics providers, and other service partners.
Law enforcement or regulatory authorities as required by law.
In connection with mergers, acquisitions, or business transfers.
Aggregated or anonymised data for analytics or research purposes.
All third-party providers are GDPR-compliant and carefully vetted for data security.
Marketplace App Data Processing: Where a Partner Restaurant has opted in to participation in the Marketplace App (as defined in the Restaurant Agreement (Platform Services Agreement), the Platform will display, host, and make publicly available that restaurant’s menu, pricing, descriptions, images, availability, and allergen information for the purpose of enabling customer discovery and ordering. This constitutes processing of the restaurant’s operational content data. The restaurant remains the data controller for any personal data of its customers that flows through orders originating from the Marketplace App. The Platform processes such content data on the basis of the contractual licence granted in the Platform Services Agreement and the restaurant’s express opt-in. Restaurants may withdraw from the Marketplace App at any time by written notice to admin@virtuousrestaurants.com, subject to any applicable notice period. Withdrawal does not affect other processing activities described in this Policy.
Where a Partner Restaurant has opted in to participation in the Marketplace App, the Platform will host, display, and make publicly available that restaurant’s menu content (including item names, descriptions, pricing, images, allergen summaries, and availability) within the Marketplace App for the purpose of enabling customer discovery and ordering. This constitutes processing of the restaurant’s operational content and, where such content includes personal data, processing of personal data.
The Platform processes this content data on the legal basis of: (a) performance of the contract with the Partner Restaurant (specifically the content licence granted in their Platform Services Agreement); and (b) the restaurant’s express opt-in consent to Marketplace App participation. The restaurant is the data controller for any personal data of its own customers. The Platform acts as data processor in respect of such customer personal data when processing it solely to facilitate individual orders placed through the Marketplace App.
When a customer places an order through the Marketplace App, the personal data collected at checkout (name, delivery address, email, phone number, payment details) is processed in the same manner as any other order placed through the Platform, as described in Section 1 and Section 2 of this Privacy Policy. No additional data categories are collected solely by reason of the order originating from the Marketplace App.
Partner Restaurants participating in the Marketplace App must ensure that their own customer-facing privacy notices and terms of service disclose that orders placed through their menus may be facilitated through a shared marketplace platform operated by Virtuous Restaurants Ltd, and that customer data will be processed in accordance with this Privacy Policy. This is required to satisfy the restaurant’s own transparency obligations as data controller under UK GDPR Article 13.
Partner Restaurants may withdraw from the Marketplace App at any time by written notice to admin@virtuousrestaurants.com. Following confirmed withdrawal, the Platform will remove the restaurant’s content from the Marketplace App within a reasonable operational period. Withdrawal does not affect any other data processing activities described in this Privacy Policy.
Payment data processing: Payment data is processed by Stripe in accordance with Stripe’s own privacy policy and data processing terms. The Platform does not store raw payment card data. In the event of a Stripe system failure, data breach, or processing error caused by Stripe’s systems, the Platform’s liability is limited in accordance with the Platform Services Agreement. Partner Restaurants are directed to Stripe’s own terms for their data processing obligations as Stripe Connect account holders.
You have the right to:
Access: Request a copy of your personal data
Rectification: Correct inaccuracies in your data
Erasure: Request deletion of your data (“right to be forgotten”)
Restriction of Processing: Limit how your data is used
Data Portability: Receive your data in a machine-readable format
Object to Processing: Object to processing for legitimate interests or marketing
Withdraw Consent: Withdraw consent where applicable
To exercise any rights, contact us at support@virtuousrestaurants.com
Your personal data may be transferred or stored outside your country of residence. We ensure such transfers comply with GDPR using appropriate safeguards, such as standard contractual clauses.
The AI-Assistant dashboard data remains primarily on our dedicated UK-based server, with international transfers only where legally required and safeguarded.
The Platform is not intended for use by children; if we become aware that we have collected information from a child, we will promptly delete it. Personal data, including order history, account information, and driver location data, is retained only for as long as necessary to provide services, comply with legal obligations, or for legitimate business purposes, with specific retention periods applied where applicable (e.g., 7 years for tax documents, 5 years for order history). Marketing communications are sent only to users who have opted in, and users may withdraw consent or opt out at any time they wish to. For users outside the UK, all data processing and transfers comply with applicable data protection laws, including GDPR and equivalent international privacy regulations, and users retain all rights granted under their local laws. By continuing to use the Platform, all users acknowledge and accept these practices regarding data collection, retention, tracking, and marketing communications. By continuing to use the Platform, all users acknowledge and accept these practices regarding data collection, retention, tracking, and marketing communications.
Certain processing activities (e.g. marketing communications, non-essential cookies, and optional AI personalisation) rely on your consent. You can withdraw consent at any time without affecting core services. See section 6 for your rights and how to opt out.
We may update this Privacy Policy at any time. Updates will be posted on this page, and the Effective Date will be revised. Please review periodically to stay informed about how we protect your personal data.
10.1 Principles of Retention
We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including order fulfilment, account management, administration, audits, dispute resolution, and legal obligations.
When retention is no longer necessary, we securely delete, anonymise, or overwrite data, unless further retention is required by law (e.g., tax, accounting, litigation).
We apply the principle of least retention: keeping data only as long as necessary to meet legal and business needs.
10.2 Typical Retention Periods
Below are the standard retention durations we apply (subject to legal requirements and internal needs). These are aligned with best practices used in online restaurant and food-ordering platforms:
Order and transaction records: retained for 7 years for tax, accounting, and audit purposes.
Customer account and profile data (non-transactional): retained for up to 5 years from the date of last active use. If a user becomes inactive or deletes their account, personal information is removed unless legal obligations require otherwise.
Driver and restaurant verification and compliance documents: retained for 6 years after the end of the business relationship to meet audit, insurance, and legal requirements.
Location, GPS, and delivery route data: retained for 30 days after delivery completion, unless required longer for dispute resolution, investigation, or legal compliance.
Marketing consent and communication preference data: retained until consent is withdrawn, plus an additional 1 year to maintain evidence of consent history.
Usage, device, and analytics data: retained for between 1 and 3 years, after which any personal identifiers are removed or anonymised so that individuals cannot be identified.
10.3 Deletion, Anonymisation & Overwriting
After the relevant retention period ends, we securely delete data from active systems.
If full deletion is not feasible (e.g., due to backup systems or logs), we overwrite or pseudonymise personal identifiers so that individuals can no longer be identified.
For transactional records that must remain for legal compliance, we remove or mask personal identifiers wherever possible while preserving essential non-identifying details for accounting and audit purposes.
10.4 Right to Request Deletion / Erasure (“Right to be Forgotten”)
You may request erasure of your personal data at any time, subject to the constraints of this retention scheme and legal obligations.
If your request relates to data that is still required for a legal or operational purpose (e.g., tax records, open disputes), we will comply to the maximum permissible extent by removing what can be removed or masking identifiers.
We will respond to a deletion request without undue delay, and at most within 30 calendar days (or longer if complexity requires, notifying you).
10.5 Backup & Archive Retention
Backups or archives may retain historical snapshots for a limited period, generally between 90 days and 1 year, depending on system architecture.
Data in backups or archives is subject to the same deletion or anonymisation rules once the retention period in the live system has expired.
Access to backups and archives is restricted, encrypted, and read-only, except for necessary recovery operations.
10.6 Legal Holds / Exceptional Retention
In the event of litigation, regulatory investigation, or legal obligation, we may place a “legal hold” on specific records, temporarily suspending deletion until obligations have been met.
Legal holds are limited to the minimum necessary scope and duration.
10.7 Recordkeeping & Audit Trails
We maintain internal logs of all deletion, anonymisation, or overwriting actions, including timestamp, data category, and responsible system or agent.
Audit trails (with minimal metadata) are retained for at least 3 years to demonstrate compliance with our retention policy.
10.8 User Notification & Transparency
When you request erasure, or when we anonymise or delete your data, we will inform you of which data was removed or anonymised, unless doing so would compromise other users’ privacy or legal obligations.
If we cannot fully erase data due to legal or technical constraints, we will explain the reasons for partial retention or masking.
10.9 Complaints and Dispute-Related Data
Data relating to complaints, refunds, disputes, or delivery evidence (including photographs, videos, messages, and location data) is retained only for as long as necessary to provide administrative facilitation, resolve any related logistical matters, meet legal obligations, or support audits — generally no longer than 180 days from the date of delivery unless a longer period is required by law. Once the dispute is resolved or the retention period ends, such data is securely deleted, anonymised, or overwritten in accordance with our formal data retention schedule. All processing and sharing of this data is governed by the Delivery Responsibility, Risk Allocation and Accountability Policy, which takes precedence on these matters.
For the avoidance of doubt, records relating to commercial invoices issued to Partner Restaurants, including the order details, refund amounts, and payment confirmation that form the basis of such invoices, constitute financial and transactional records and are retained for 7 years in accordance with Section 10.2 of this Policy and applicable tax and accounting obligations, regardless of whether they also relate to a customer complaint or delivery dispute. The 180-day dispute-data retention period applies to operational evidence (photographs, videos, GPS data, messages) and does not reduce the retention period applicable to financial records.
11.1 Third-Party Links and Integrations
Our Platform may contain links to, or integrate with, third-party websites, APIs, or services (including but not limited to payment processors, mapping services, social media platforms, and analytics providers).
These third parties operate independently and have their own privacy policies. We are not responsible for the content, security, or data handling practices of third-party sites or services.
We recommend users review the privacy policies of any third-party services they interact with through our Platform.
11.2 Embedded Content
Content embedded from third-party platforms (such as videos, maps, or widgets) may collect information about your interactions, devices, or IP address.
Embedded content providers may use cookies, tracking pixels, or other technologies, which are outside our direct control.
We advise users to review embedded content providers’ privacy policies to understand how they process data.
11.3 Automated Decision-Making and Profiling
Our Platform may use automated systems, algorithms, or AI (including the AI-Assistant dashboard) to assist with delivery routing optimisation, fraud prevention and risk assessment, personalised recommendations and content suggestions, and operational analytics for efficiency and service improvements.
We comply with the updated rules on automated decision-making under the Data (Use and Access) Act 2025.
Where these processes involve solely automated decision-making that may have legal or similarly significant effects on individuals and involve special category data, we apply the stricter requirements of UK GDPR. For non-special category data, such processing is generally permitted subject to appropriate safeguards.
Users have the right to request meaningful information about the logic involved, to request human review of any automated decision affecting them, to make representations, and to contest the decision.
11.4 AI Transparency and User Rights
Where AI or automated processing is used to make decisions impacting users’ experience, we ensure:
Transparency about the purpose and logic of the processing
Opportunity for human intervention, correction, or objection
Compliance with all applicable UK GDPR and DPA 2018 requirements regarding fairness, accuracy, and accountability
11.5 Data Minimisation in Third-Party and AI Use
We only share or process data with third-party providers or AI systems to the extent necessary for operational purposes.
Personal identifiers are pseudonymised or anonymised wherever possible, especially in analytics or AI-driven insights.
11.6 Third-Party & AI Risk Mitigation
All third-party providers and AI systems are carefully vetted for GDPR compliance, data security, and reliability.
Contracts with third-party service providers include binding data protection obligations, confidentiality agreements, and audit rights.
Any AI or automated system used is regularly monitored, updated, and tested to ensure compliance with privacy, security, and ethical standards.
11.7 User Consent and Opt-Out
Users retain full control over optional data shared with third-party services or used for AI personalisation and analytics.
Users may withdraw consent for optional processing at any time without affecting core services.
Users can opt out of non-essential cookies, tracking, or AI-driven personalisation via app, website, or account settings.
11.8 Liability Disclaimer
While we enforce strict contractual and technical safeguards, we cannot guarantee the practices of independent third-party services or embedded content providers.
Users acknowledge and accept that interactions with third-party content or AI-assisted recommendations are at their own discretion.
11.9 Separate Programs
Data collected through the Referral & Affiliate Program and the Virtuous Delivery Platform (driver registration) are processed separately and solely for the purposes of the respective program. Participation in one program does not imply consent, access, or rights to the other program.
11.10 Oracle eStore Terms
Certain ordering, menu management, and payment processing features are provided through Oracle Restaurants eStore under separate terms. Partner Restaurants using these features are subject to Oracle’s own terms of use, privacy policy, and data processing requirements. The Platform is not responsible for any errors, downtime, data issues, inaccuracies, or security failures arising from Oracle’s systems. Partner Restaurants acknowledge that their use of Oracle-integrated features constitutes a separate relationship with Oracle, and that customer personal data processed through Oracle’s ordering widget is subject to Oracle’s data processing terms as well as this Policy. Partner Restaurants must ensure their own privacy notices to customers disclose the Oracle integration where required by UK GDPR.
Certain ordering, menu management, and payment processing features available on the Platform are provided through Oracle Restaurants eStore, which operates under its own separate terms of use, privacy policy, and data processing requirements. Partner Restaurants using these integrated features are subject to Oracle’s applicable terms and are responsible for ensuring their own compliance with Oracle’s data processing requirements. Personal data processed through Oracle’s ordering widget or checkout interface — including customer names, email addresses, phone numbers, delivery addresses, and payment details — is subject to Oracle’s privacy policy in addition to this Privacy Policy. The Platform is not responsible for any errors, downtime, data issues, inaccuracies, security failures, or processing incidents arising from Oracle’s systems or services. Partner Restaurants must ensure their own customer-facing privacy notices disclose the Oracle integration and Oracle’s role in processing customer data where required by UK GDPR. Any questions regarding Oracle’s data processing should be directed to Oracle directly.
12.1 Legal Basis for Processing
We process your personal data only when we have a valid legal basis under UK GDPR:
Performance of contract: for orders, deliveries, and payments.
Legal obligation: for tax, audit, or regulatory compliance.
Legitimate interests: for operational analytics, platform optimisation, and security, provided your rights are not overridden.
Consent: for marketing communications, non-essential cookies, and optional personalisation features.
We document and regularly review the legal basis for all processing activities.
12.2 Data Protection Officer (DPO) / Privacy Contact
We have appointed a Data Protection Officer to oversee compliance. You may contact our DPO at: vaibhav@virtuousrestaurants.com for any questions or concerns regarding your personal data.
12.3 ICO / Regulatory Complaint Instructions
If you are unsatisfied with our handling of your personal data, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/concerns/ or by calling 0303 123 1113.
12.4 Children’s Privacy
The Platform is not intended for, and we do not offer information society services directly to, children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected such data, it will be deleted immediately.
12.5 Data Breach Notification
In the event of a personal data breach, we will notify affected users without undue delay and the ICO within 72 hours, where required. Notifications will include the nature of the breach, potential impacts, and recommended actions for users.
12.6 Data Minimisation & Purpose Limitation
We collect only the minimum personal data necessary for the purposes outlined in this Privacy Policy. Data is used exclusively for order processing, account management, delivery, legal compliance, operational optimisation, or marketing where consent has been provided.
12.7 Data Accuracy & User Responsibility
Users are responsible for providing accurate and complete information. We make reasonable efforts to maintain data accuracy and will promptly correct errors upon request.
12.8 Data Transfer & Safeguards
Where personal data is transferred outside the UK or EEA, we implement safeguards such as Standard Contractual Clauses, encryption, and access restrictions to ensure data protection compliance.
We use the ICO’s three-step test to identify restricted transfers and apply safeguards such as the UK International Data Transfer Agreement (IDTA) or UK Addendum where required.
12.9 Automated Decision-Making & AI / Profiling
We may use automated systems, algorithms, or AI to optimise delivery routing, prevent fraud, provide personalised recommendations, or conduct operational analytics.
These processes do not create legal effects or similarly significant effects unless explicitly stated.
Users have the right to request human review, contest automated decisions, and receive meaningful information about the logic, significance, and consequences of automated processing affecting them.
12.10 Third-Party & Embedded Content
Our Platform may integrate with third-party websites, APIs, or embedded content (e.g., payment processors, maps, videos).
Third parties operate independently and have their own privacy policies.
Interactions with third-party content are at your own discretion.
We conduct due diligence and contractual safeguards to mitigate risk, but we cannot guarantee third-party practices.
12.11 Retention, Deletion, & Consent Management
Personal data is retained only as long as necessary for legal, tax, or operational purposes.
Users may request deletion, and we will comply unless legal obligations prevent full erasure.
Withdrawn consents are immediately enforced for optional processing, marketing, cookies, or AI personalisation.
12.12 Audit & Accountability
We maintain audit logs of all data processing, sharing, deletion, and access events. Logs are regularly reviewed to ensure accountability and compliance with UK GDPR and other applicable laws.
12.13 Security & Liability Disclaimer
We implement industry-standard technical and organisational safeguards, but no system can be completely secure. Users acknowledge and accept residual risk when using the Platform.
12.14 Updates to the Privacy Policy
Material changes to this Privacy Policy will be notified to users via email or a prominent notice on the Platform before changes take effect. The effective date will be updated accordingly.
12.15 Additional Clauses
Force Majeure / System Failures: We are not liable for data loss or interruptions caused by events beyond our reasonable control.
Governing Law / Jurisdiction: This Privacy Policy is governed by the laws of the United Kingdom.
Severability: If any provision of this Privacy Policy is invalid or unenforceable, the remaining provisions remain in full effect.
13.1 Introduction
Virtuous Restaurants® (“the Company,” “we,” “us”) uses WhatsApp solely as an optional communication channel to provide onboarding support, share general updates, and notify drivers of official delivery opportunities. Participation in WhatsApp communications is entirely voluntary, and drivers may leave the group at any time without consequence. All delivery assignments must be accepted and recorded through the official App, which serves as the only system of record. WhatsApp messages do not create any obligation, employment relationship, or entitlement to work or compensation.
We use WhatsApp (owned by Meta) as a communication channel. Meta acts as an independent controller for its own processing. Please review Meta’s privacy policy. For higher compliance we recommend/review use of WhatsApp Business API where feasible.
13.2 Virtuous Restaurants® Registered Independent Drivers WhatsApp Support Channel – for approved drivers eligible to receive delivery opportunities.
Presence in the group is voluntary and does not guarantee access to jobs, work, or income.
13.3 Data Collected
We process only the data necessary for WhatsApp group operations:
Messages sent from phone numbers within the official group such as questions or comments
Participation logs, engagement, and admin interactions
First and last name for recognition or official communications
Documents submitted for registration, verification, or approval
Any operational data required for compliance, auditing, or dispute resolution
13.4 Legal Basis for Processing
Consent – for public display of your name, phone number, and messages in the official WhatsApp group.
Legitimate Interests – for onboarding, operational management, compliance, auditing, dispute resolution, and official group communications.
13.5 Voluntary Participation & No Guarantee
Participation in Registered Drivers group is voluntary.
Completing the registration form does not guarantee invite to the Registered Drivers group or access to any delivery opportunities.
Membership does not create employment, agency, or contractual rights.
13.6 Consent for Public Display & Communications
By participating, you consent to:
Public display of your phone number, messages, announcements or any recognition posts sent by the Admin.
Logging of messages and participation solely for operational, compliance, auditing, or dispute resolution purposes. You may withdraw consent to be in the WhatsApp at any time via driver.support@virtuousrestaurants.com. Withdrawal does not affect the lawfulness of prior processing but may result in removal or limited participation from the WhatsApp group.
13.7 Security Responsibilities
Drivers are solely responsible for securing their WhatsApp accounts and devices.
Virtuous Restaurants® applies technical and organisational measures to protect your data.
The Company is not liable for losses caused by compromised accounts, devices, unofficial contacts, or actions outside official channels.
13.8 Official Channels & Scam Protection
Admin will only communicate publicly in official WhatsApp group.
Any DM, WhatsApp, SMS, or unofficial contact claiming to be admin is a scam — block and delete immediately.
Only official Driver Registration Form links sent from driver.support@virtuousrestaurants.com or notifications@legalesign.com are valid.
No registration fees, charges, or offers outside the official channels are valid. Do not engage with anyone contacting you privately claiming to be an Admin, as such messages are fraudulent. The authorised Admin will never contact drivers via private message or phone call and will only respond publicly within the group.
13.9 Audit & Monitoring
All communications may be logged or monitored solely for:
Compliance
Operational integrity
Auditing and dispute resolution
No other surveillance is intended or authorised.
13.10 Data Retention
Data is retained only as long as necessary for onboarding, operational, compliance, recognition, auditing, or dispute-resolution purposes.
Once no longer required, data is securely deleted or anonymised.
Maximum retention period for any personal data is 5 years unless operational, legal, or regulatory obligations require longer storage.
13.11 Withdrawal & Complaints
You may withdraw consent for public display of your name or WhatsApp data processing at any time via admin@virtuousrestaurants.com.
Complaints may be submitted to the UK Information Commissioner’s Office (ICO).
13.12 Termination & Group Management
Virtuous Restaurants® may suspend or remove participants from the Registered Drivers group at any time, with or without notice, for:
Non-compliance
Inactivity
Operational requirements
Continued participation does not grant employment, agency, or worker rights.
13.13 Liability Disclaimer
Virtuous Restaurants® is not liable for:
Missed earnings or delivery opportunities
Disputes between drivers
Actions taken outside official channels
Losses caused by unsecured devices or unauthorised communications.
All work, postings, and communications are fully voluntary, optional and performance-based, and do NOT guarantee income or assignments.
13.14 Governing Law
This Policy is governed by the laws of England & Wales.
13.15 Acknowledgement
By registering and participating in the WhatsApp group, drivers:
Confirm they have read, understood, and agreed to this Policy.
Understand participation is voluntary, independent, and fully compliant with UK subcontractor law and GDPR.
Consent to public display of their first and last name in official communications and admin messages.
Agree to use official channels only and ignore all unauthorised/unofficial communications.
Understand that all work, postings, and communications are optional, performance-based, and do not guarantee income or assignments.
Accept that continued participation after updates constitutes acceptance of future amendments.
13.16 Job Claim Policy – Conflict Resolution
When a delivery opportunity is posted in the Virtuous Registered Drivers WhatsApp Group, multiple drivers may indicate interest. To ensure fair assignment, jobs are allocated on a first-come, first-served basis. Drivers must both reply to the WhatsApp message and also call the admin using the official contact method to claim the job successfully. Only the first driver to complete both steps will be assigned the delivery. The admin’s decision on job allocation is final and binding, and all responses are logged for audit, operational, and dispute-resolution purposes. Drivers who fail to follow the official claim process risk losing the opportunity, and no exceptions will be made.
In the unlikely event of a data breach affecting your personal information, we will notify affected users without undue delay and, where required, the ICO within 72 hours. We will provide information on the nature of the breach, potential impacts, and steps you can take to protect yourself.
If you are unsatisfied with our handling of your personal data, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/concerns/ or by calling 0303 123 1113.
For questions or concerns regarding your personal data or this Privacy Policy:
Virtuous Restaurants Ltd
Email: support@virtuousrestaurants.com
Phone: +4478 61 409509