— Legal

Privacy Policy

Last updated: 01 May 2026

At Frida Camden ("we", "our", "us") we take your privacy seriously. This policy explains what personal information we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who we are

Frida Camden · 40 Camden High Street, London NW1 0JH · · . We are the data controller for personal data collected through this website.

2. What we collect

• Reservation data: name, email, phone, date/time, party size, optional notes.
• Contact form data: name, email, optional phone, subject, message body.
• Catering enquiries: name, email, phone, event details, guests.
• Technical data: IP address (for rate-limiting), browser type, pages visited.

3. How we use it

• To confirm and manage your reservation (send PNR code, status updates).
• To respond to your enquiry or message.
• To quote and coordinate catering/private event bookings.
• To protect the site from abuse (rate-limiting, spam detection).
• We do not sell or share your data with advertisers or third parties for marketing.

4. Legal basis

We process your data under the following bases: contract (reservations you've requested), legitimate interests (responding to enquiries, site security), and consent where applicable (e.g. marketing if you opt in).

5. Security

Phone numbers are stored encrypted at rest (AES-256). All traffic is served over HTTPS. Admin access is restricted, session-protected, and rate-limited against brute-force attempts.

6. Retention

Reservation records are kept for up to 2 years for operational and tax purposes. Contact form messages are kept for up to 12 months. You may request earlier deletion by contacting us.

7. Your rights

Under UK GDPR you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion ("right to be forgotten").
• Objection — object to processing based on legitimate interests.
• Complaint — lodge a complaint with the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email .

8. Cookies

We use a single session cookie (PHPSESSID) strictly necessary for site functionality and security (CSRF protection, rate-limiting). No tracking, analytics or advertising cookies are used.

9. Third-party links

Our site links to Deliveroo (when enabled), Instagram and Facebook. Those services have their own privacy policies — we recommend you review them.

10. Changes to this policy

We'll post any material updates here with a new "last updated" date. Significant changes that affect how we process your data will also be communicated by email where appropriate.

← Back to Home