FOOD & DRINK APP PRIVACY NOTICE
Food & Drink App is an app provided by CH&CO Catering Limited (referred to in this privacy notice as “CH&CO”, “we”, “us” or “our”).
We are the “data controller” of the personal data that you provide when you sign up for and use the app. This means that we are responsible for ensuring that your personal data is protected in accordance with data protection laws.
This privacy notice tells you what we do with your personal data, why we do it and what your rights are. Please click on each of the headings below to find out more.
1 What personal data we collect
1.1 We collect different types of personal data from different sources; either from you directly or automatically through your use of the app. Click on the headings below to read more about the different categories of personal data we collect.
1.2 Account information
1.2.1 We collect some personal data from you when you sign up for the app. This is called “account information”. Some account information is mandatory as we need it to run and manage your account. Other account information is voluntary and it will be clear when you sign up which information you need to provide and which is optional.
1.2.2 The account information we collect includes your name, email address, phone number, day and month of birth.
1.3 Dietary requirements
1.3.1 When you sign up for the app, you can also (if you wish to do so) provide information about your dietary requirements or preferences, for example if you have a nut allergy or require gluten-free food. This helps us to identify products that may or may not be suitable for your requirements.
1.3.2 You don’t have to provide this information and you can delete the information at any time. We always recommend that you check the ingredients of any purchases and speak to a member of staff about any allergies.
1.4 Transaction data
1.4.1 Whenever you place an order, we collect information about that transaction. You will also be asked to provide payment details to our payment service provider so that you can pay for the order.
1.5 Technical information
1.5.1 We automatically collect some information about your use of the app, such as how often you use it, and your device, such as your IP address, device and connection type.
1.6.1 If you contact us via email, post, phone or any other method, we will collect any further personal data that you provide to us in those communications.
2 What we use your personal data for and our legal justification
2.1 We use your personal data for different purposes. Click on each of the purposes below to find out more about why we collect and use your personal data.
2.2 Running your account and processing orders
2.2.1 We use the mandatory account information that you provide to us to provide you with access to the app and supply you with the services you have requested.
2.2.2 Your payment information and information about orders you place are used to process your orders. If necessary, we will also use your contact details to contact you in relation to our services, for example to resolve issues with an order or manage refunds.
2.3 Helping you to manage dietary requirements
2.3.1 If you choose to provide information about your dietary requirements, we will use this to tailor the information that you see about products in the app so that you can identify products that are and are not suitable for your requirements.
2.3.2 We will notify you if you click on a product that is not suitable for your requirements, but this is not a substitute for making sure that you check the ingredients carefully and speak to a member of staff. We always recommend that you do this.
2.3.3 If you choose to purchase a product after we have notified you that it may not be suitable, we will keep a record of the fact that we provided a notification and you chose to purchase the product anyway (“dietary audit log”). This is because we might need to refer back to this information if you raise any complaints, claims or issues relating to allergens.
2.4 Loyalty scheme
2.4.1 We use your transaction data to keep track of what you have spent and what products you have purchased and to provide you with loyalty offers through the “Loyalty” section of the app.
2.5.1 We use your transaction data to build a profile of you and categorise you into particular groups of people. This information is then used to inform what offers and promotions we send to which groups of people. We also use this information to analyse buying trends and inform our strategy and decision-making in our business more generally.
2.5.2 For example, if you buy a coffee and a croissant every morning, we could categorise you into a group of other people who also buy a coffee and a croissant every morning. The information about this group could then be used to identify that customers who only buy a coffee each morning might also want a croissant, so that we can provide those customers with an offer for a free or discounted croissant.
2.6 Advertising and marketing
2.6.1 If you sign up to receive marketing communications from us about free and discounted items, we will use your profile to personalise the marketing communications you receive and ensure that we provide you with the most relevant offers for products that you are likely to enjoy.
2.6.2 For example, if you buy a coffee every morning and we know that lots of people who buy a coffee every morning also buy a croissant, we could send you a personalised offer for a free or discounted croissant.
2.6.3 We could also use your birthday, if you provide it to us, to provide you with a birthday offer (again, only if you have consented to receiving marketing). If you sign up to receive other types of marketing communications (such as newsletters), we will use your contact details to send you these communications.
2.6.4 You can unsubscribe from all marketing communications at any time, either by following the instructions to unsubscribe in the communication itself, or by changing your consent preferences in the app. If you do not want to receive push notifications, you can turn these off on your device.
2.7 Improving the app
2.7.1 We use technical information about your use of the app to improve the app, for example to see how often customers use it and which parts of the app they use, so that we can inform future development.
2.8 Communicating with you
2.8.1 We process your contact details and any other information that you provide us when you communicate with us, to handle any complaints, queries, issues, feedback or other communications that you provide.
3 Our legal justification for processing your personal data
3.1 Whenever we process your personal data, we have to have a legal basis under data protection laws for doing so. This protects you and means that we only use personal data where there is a legitimate reason for us to do so. Click on each heading below to find out what our legal justification is for processing your personal data for each purpose.
3.2 Running your account and processing orders
3.2.1 We process your personal data for these purposes on the basis that we need to do so in order to fulfil our contract with you to provide the app and to provide any products that you order. If you do not provide data that we need for these purposes, we will not be able to provide you with the services you request.
3.3 Helping you to manage dietary requirements
3.3.1 We process your personal data for these purposes on the basis that it is in our and your legitimate interests for us to do so. We have a legitimate interest in helping you to identify products that may or may not be suitable for your dietary requirements and this benefits you too as it enables you to make informed choices.
3.3.2 Some information you provide about your dietary requirements might be health information (for example, if you tell us you have a nut allergy) or information about religion (for example, if you identify that you require kosher food). This information is more sensitive, which means that we need consent to process it. Consent is obtained by you making an affirmative choice to provide this information after we have given you clear information about the consequences of doing so. Provision of the information is entirely voluntary and you can delete this information from your profile at any time.
3.3.3 The dietary audit logs we keep are retained for our legitimate interests in investigating and handling any claims, complaints or issues arising in connection with allergens.
3.4 Loyalty scheme
3.4.1 We process your personal data in connection with our loyalty schemes on the basis that this is necessary for our and your legitimate interests. We have a legitimate interest in ensuring that our customers are rewarded for their purchases so that they continue to make purchases through the app. This also benefits you because it provides you with loyalty offers to save you money.
3.5.1 We process your personal data for profiling purposes on the basis that it is in our and your legitimate interests to do so. We have a legitimate interest in providing tailored offers to our customers to increase uptake of offers and increase purchases. This also benefits you because it provides you with offers for products that are likely to be of most interest and relevance to you.
3.6 Advertising and marketing
3.6.1 We process your personal data for these purposes on the basis that we have your consent to do so. You can withdraw your consent at any time by unsubscribing or changing your preferences within the app.
3.7 Improving our app
3.7.1 We process your personal data for these purposes on the basis that it is in our legitimate interests to do so. We have a legitimate interest in improving our app in line with user behaviour and expectations, to ensure that our app remains useful and relevant to customers so that they continue using it. This also helps create the best user experience for you.
3.8 Communicating with you
3.8.1 We process your personal data for these purposes on the basis that it is in our legitimate interests to do so. We have a legitimate interest in dealing effectively with communications and correspondence, including complaints, issues and feedback, to ensure that we continue to provide the best possible service to our customers.
4 Who we share your personal data with
4.1 We use certain third party service providers who have access to your personal data as this is required for the app to perform. These include:
4.1.1 the company that provides the platform on which the app operates;
4.1.2 the company that hosts the data within the app; and
4.1.3 our payment provider.
4.2 All of these third parties are required to protect your personal data and keep it secure. We take steps to check that the third parties’ security measures are appropriate before using them.
5 Where your personal data is held
5.1 Your personal data is stored on cloud servers that are located in the UK.
5.2 Our payment provider processes personal data outside the UK (including in the USA) where this is necessary to process your transaction and therefore to fulfil our contract with you, and our payment provider’s contract with us which allows your orders to be processed.
5.3 In limited circumstances, the hosting provider might need to transfer your personal data to other countries, for example if there is an emergency that results in the UK server being unavailable, or if the hosting provider needs to provide support outside UK daytime hours. The hosting provide is required to ensure that adequate safeguards are in place to protect any personal data that is transferred outside the UK.
5.4 Standard contractual clauses are in place with both the payment provider and the hosting provider. These help to ensure that personal data is adequately protected if it is transferred to, or accessed from, a country outside the UK or the EEA.
6 How long we keep your personal data for
6.1 We keep your personal data for as long as your account is open. You can delete your profile at any time by contacting us at firstname.lastname@example.org. If you have not used the app for one year, we will automatically delete your profile. After your profile is deleted, we will anonymise your information so that we retain your transaction details, but these cannot ever be linked back to you.
6.2 The exception to this rule is the dietary audit logs that we retain when you purchase a product after we have notified you that it might not be suitable for dietary requirements that you have submitted. We keep these for six years from the date they are created, to enable us to manage any claims relating to allergens. They are isolated and kept separately from your transaction data and other account/profile data.
7 What rights you have
7.1 You have a number of rights over your personal data. If you want to exercise any of these rights, please contact us at email@example.com. We may need to ask you for ID or other information to process your request. Once we have everything we need, we will aim to respond to your request within one month, but we can extend this if your request is complex or if you make several different requests. Click on each heading below to find out more about each right.
7.2 Right of subject access
7.2.1 This enables you to obtain a copy of your personal data that we hold, subject to certain exceptions.
7.3 Right of data portability
7.3.1 This applies to your mandatory account information that is used to run and manage your account and provide our services to you, as well as order information that we use to process orders and fulfil our contracts with you. It enables you to ask us to transfer this data either to you or to an alternative provider, in a common electronic format.
7.4 Right to correct inaccurate data
7.4.1 If you think that personal data that we hold about you is inaccurate, you have a right to tell us and we will correct that data.
7.4.2 Please note that it is your responsibility to ensure that your profile data is kept up-to-date if any of your information changes.
7.5 Right to erasure
7.5.1 You have a right to ask us to delete your data in certain circumstances. If you ask us to delete your profile, we will do so and we will anonymise your data. As described above, we need to keep dietary audit logs for longer and we may not be obliged to delete this data if you ask us to, as we have legitimate grounds to keep it.
7.6 Right to restriction
7.6.1 This right enables you to ask us to only store your data and not carry out any other processing on it, in certain circumstances, for example if you think that personal data is inaccurate but we disagree and need time to verify the accuracy of the data. As with the right to erasure, we will not always be obliged to comply with this right and if we are not, we will let you know why.
7.7 Right to object
7.7.1 When we process data on the basis that it is in our legitimate interests to do so, you have a right to object to that processing. We may not always need to stop processing your personal data if we have compelling legitimate grounds to continue doing so. In relation to the profiling of your data, you can ask us to anonymise your profiled data.
8 What to do if you have any concerns about your personal data
8.1 If you have any questions or concerns about our processing of your personal data, please raise them with us first by contacting firstname.lastname@example.org and we will do our best to resolve them.
8.2 You do have a right to complain to the Information Commissioner’s Office, which regulates data protection in the UK. You can find out how to do this on www.ico.org.uk.
9 Changes to this privacy notice
9.1 We may change this privacy notice from time to time to reflect changes in our processes and data protection laws and guidance. We will post any changes on this page and, if the changes are significant, we will notify you when you next sign into the app that changes have been made.