Keeping your data safe
WHO’S IN CONTROL OF YOUR PERSONAL DATA?
The following of our Group companies may from time to time be the “controller” of all personal data collected and used for the purposes of providing and promoting our services:
Elior UK Holdings Limited (registered in England and Wales with company registration number 02352329 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
Elior UK Plc (registered in England and Wales with company registration number 1106729 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
Elior UK Services Limited (registered in England and Wales with company registration number 5032425 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
Waterfall Elior Limited (registered in England and Wales with company registration number 10182710 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
Taylor Shaw Limited (registered in England and Wales with company registration number 06576188 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
Caterplus Services Limited (registered in England and Wales with company registration number 02594800 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
The Riverside Events LLP (registered in England and Wales with company registration number OC350199 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
Lexington Catering Limited (registered in England and Wales with company registration number 03428444 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
Edwards and Blake Limited (registered in England and Wales with company registration number 03461947and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET).
This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
WHERE DO WE COLLECT DATA FROM?
We collect personal data from a variety of sources and in a variety of ways, including the following:
from you when you make a booking or an enquiry either through one of our websites (including our website contact form) or otherwise (for example, by email, telephone or via social media);
from you when you enter a raffle or competition (for example, by giving us your business card in a business card raffle);
from you when you complete a feedback form, questionnaire or survey;
from other customers if you attend an event that is run or organised by them and at which we are asked to provide catering services; and
via loyalty apps if you sign up to a loyalty app.
WHAT DATA DO WE COLLECT AND WHY?
We collect the following personal data about you and use it for the following purposes:
When you make a booking or enquiry, we collect your full name, address, email address, telephone number, the company you are from (if you are booking or enquiring on behalf of a company) and details about your booking or enquiry. We will also collect any additional personal data you choose to send to us as part of your booking or enquiry. If you contact us on social media, we will also collect your social media handle.
We don’t ask you for dietary requirements at booking stage but if you (or any other guests) have any dietary needs, we will need to ask you for these before the event so that we can ensure that we provide appropriate meals.
When you enter a raffle or competition, we collect your full name, email address, telephone number and any other personal data which you submit as part of the raffle or competition (for example, your work address if this appears on your business card in a business card raffle).
When you complete a customer feedback form, questionnaire or survey, we collect your name, address, email address, telephone number, gender, dietary requirements and any feedback or information you provide about your experience of our catering services.
When we obtain information about you from other customers, this information will include your name and any dietary requirements that you have. We sometimes also receive your email address from customers, for example if we are providing catering services at a corporate event that you are attending and it is easiest for us to communicate directly with guests.
If you sign up to a loyalty app, the app provider itself will collect and control the personal details that you provide when you sign up (such as your name, email address and password). Whenever you use the app, the app will then pass information to us about the value of your transaction and what you have purchased. This enables us to track the number of loyalty points you have collected and ensure that you receive your loyalty offers.
Some personal data is designated as “special category” personal data. This is personal data which is subject to higher levels of protection because it is more sensitive. This includes information about health, race, religion and political opinions. We don’t usually collect any special category data, but we do need to know about any dietary requirements that you or any guests have. Usually this will only tell us what food is required (e.g. “gluten-free” or “no pork”) but occasionally it might include some special category data (e.g. “coeliac disease” or “Muslim”). You should note the following points specifically about this type of data:
We will only use this data to make sure you are provided with a safe and suitable meal for you. Usually this is only used in conjunction with your name so that we know who needs to be served with a particular meal.
If you are providing dietary requirements about yourself or anyone else, where possible you should only tell us the food required and not any information about the reason for the food being required.
If you do give us information about the reason for the food being required and this reveals a health issue or your or someone else’s religion, you should make sure that you and/or that other person are aware of the fact that we will process this data and happy for us to do so.
WHAT DO WE USE YOUR PERSONAL DATA FOR?
We use your personal data for the following purposes:
to fulfil bookings, respond to enquiries and correspondence and to provide our catering services to you;
to ensure we can provide you with a safe and suitable meal for you;
to enable you to participate in raffles and competitions that you enter and to fulfil those raffles/competitions (for example, we use your email address to contact you if you win a prize);
to improve our business (for example, we use feedback gathered through feedback forms, questionnaires and surveys to see what people liked and didn’t like about our services so that we can act on this feedback);
to communicate with you about your event or an event you are attending; and
to provide you with loyalty offers if you sign up to a loyalty app.
Where we hold your email address, we use this to contact you with information about our services that we think that you will be interested in. We will ask you for your consent and/or give you an opportunity to opt out of receiving such communications when we collect your information. You can change your mind at any time and object to receiving such communications by clicking the “Unsubscribe” link in each email. We also use telephone numbers that we hold to market and promote our services by telephone. We will screen against the Telephone Preference Service and Corporate Telephone Preference Service before we do this and you can let us know at any time that you don’t want to receive further calls by telling the person who calls you.
WHAT IS OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA?
Where we process your personal data for the purposes of fulfilling a booking you have made and corresponding with you in relation to that booking, we do this on the basis that it is necessary to perform our contract with you to provide our services. Similarly, if you make an enquiry about a booking and we process your personal data in order to communicate with you regarding your enquiry, we do this on the basis that it is necessary to take steps at your request prior to entering into a contract with you.
For all other purposes listed above, we process your personal data on the basis that it is in our legitimate interests to do so. The legitimate interests that we rely on are as follows:
We have a legitimate interest in responding to any queries, comments and correspondence that you send to us so that we can ensure we provide a high standard of service and a good impression of our business to anyone who gets in touch with us.
We have a legitimate interest in running raffles and competitions in order to promote our business.
We have a legitimate interest in collecting customer feedback so that we can continue to improve our business.
We need to know guests’ dietary requirements as we have a legitimate interest in ensuring appropriate meals are provided for all guests.
We have a legitimate interest in using personal data for marketing purposes and to send you loyalty offers so that we can promote our business.
You have a legal right to object to us using your personal data where we process your data on the basis of our legitimate interests. To object to marketing, you can respond to our emails and confirm “Unsubscribe” or tell the Elior representative making a marketing call to you or email email@example.com. To object to us using personal data to send you loyalty offers through loyalty apps, you should delete your account and the app. To object to all other uses set out above, you can either choose not to provide us with the data in the first place (e.g. by not entering a competition or completing a feedback form anonymously) or you can email firstname.lastname@example.org. We may not always be required to stop processing your data if we have compelling legitimate reasons to continue to do so.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us, such as IT service providers and hosting providers.
We will also share your personal data with third parties in the following circumstances:
where you have specifically consented to us sharing your data with a particular third party;
where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party; and
if our business or any part of it is acquired by a third party, in which case we will need to share your personal data with that third party.
If we hold your personal data as a result of a relationship or potential relationship with the business that you work for, your business details will be stored in our client relationship management system. Some of the information within this system (including your contact name and contact details, business name and details, revenue, employee numbers and market) will be visible by employees across the Elior Group in the EEA, Dominican Republic, Chile, India, Mexico and the USA.
We do not transfer or store your personal data outside the European Economic Area (EEA). If we do transfer your data outside the EEA, we will inform you and we will ensure that equivalent protections to those in the UK are put in place to protect your personal data.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will keep all your personal data for up to 6 years from our last event or contract with you, or if we feel that your personal data is not needed for such a period of time we will delete your personal data sooner.
What rights do you have?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
If you want to exercise any of these rights, please email us at email@example.com or write to us at The Courtyard, Catherine Street, Macclesfield, Cheshire, SK11 6ET.The rights you have are as follows:
a right to access your information (subject to some exceptions);
a right to receive an electronic copy of the information that we use to fulfil your booking and/or respond to booking enquiries and to ask us to send that information to a third party if it is technically possible to do so;
a right to object to us processing your information where we rely on our legitimate interests as the basis of our processing. If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so;
a right to have inaccurate personal data corrected;
a right to have your data erased in certain circumstances, for example if we no longer need your data or we have processed your data unlawfully; and
a right to have processing of your data restricted in certain circumstances, for example if you think the data is inaccurate and we need to verify its accuracy. “Restricting” personal data means that we only store it and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or protect a third party or the public.
HOW CAN YOU CONTACT US?
What if you have a complaint?
You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
You can find out how to do this by visiting www.ico.org.uk.
WHAT IF THIS POLICY CHANGES?
Last updated: 12 June 2018