Welcome to Hi-Life Diners Club Limited
We recognise the importance of your personal information and its security. This privacy notice therefore explains how we look after your personal data.
It tells you:
- How we collect your personal data
- What we do with your information
- What your privacy rights are
- How we look after your personal data and keep it secure
- How to contact us with any queries or complaints that you may have with regards to the processing of your data by Hi-Life Diners Club Limited
1. NOTICE SCOPE AND WHO WE ARE
This privacy notice applies to you if you have purchased or activated your membership on our website or mobile application, if you are interacting with us on social media, if you are eligible to receive lifestyle benefits from us through your employer and finally, if you are an eligible customer of or contracted with a company or third-party website Hi-Life Diners Club Limited has contracted with to provide you with the membership.
This notice emphasises our commitment to protect your personal data and is available on Hi-life website and mobile application. You can find out more about Hi-life by clicking the below link:
It is important that you read this privacy notice along with any other privacy information we may provide to you. This will thus ensure that you are fully aware of how and why we are processing your data.
Our website, mobile application, and other documents you may from time to time receive from us may include links to third-party websites, plug-ins, and information. Following these links may allow third party to collect, process and share data about you with other companies. We do not control these third-parties’ websites or mobile applications and are not responsible for how they process your personal information. More information about how these third parties collect and process your personal data can be found in their respective privacy notices
b. Who we are
State Bidco Ltd is the owner of Hi-Life Diners Club Limited. Hi-Life Diners Club Limited is committed to protecting and respecting your privacy by remaining compliant with the General Data Protection Regulation 2016 (GDPR) and the UK Data Protection Act 2018.
When personal data is collected directly from you or provided directly by you, Hi-Life Diners Club Limited is the Data Controller. If however your personal data is shared with us by your employer or the company you have contracted with, Hi-Life Diners Club Limited is a Data Processor. In some cases, Hi-Life Diners Club Limited could joint control the personal data you provided but rest assured that, in accordance with the GDPR, our legal position towards the processing of your personal data will be reflected in the contract we sign with our Clients, Business Partners and Suppliers.
It is important that the personal information we get and hold about you is accurate and up to date. We therefore recommend that you make us aware of any change(s) to your personal information when the change(s) occurs and throughout your membership lifecycle. You can make us aware of any change to your personal information via email or by completing the contact form made available to you on our websites. Upon receipt of your change update(s), our Customer Services Team will be happy to respond and update your records.
2. INFORMATION WE COLLECT FROM YOU
To create, manage and administer the membership, the below data may be requested from you or maybe gathered by us from your usage of the membership:
a. Personal identifiable information
Requested from you are:
First and last name - this data is used to create and administer the membership, for identification and verification purposes when you get in touch with us, it is also required to find your record and identify whether our partners’ restaurants and services are available in your area.
Postal address including postcode – this information is used for identification and verification purposes. It is also used for the creation and administration of the membership and is required for us to find your address and identify whether our partners’ restaurants and services are available in your area.
Billing address – this is used to validate your payment and may also be used for identification and verification purposes.
Personal email address –your email address is used for the following purposes: to create the membership, for identification and verification purposes, to send you the membership creation confirmation email, send your digital card, send you updates on how you can use your membership, send you informational communication with regards to your membership including information about your membership renewal, send newsletters and surveys to you when you sign up to them and confirm your purchase. If you have referred a friend to us, your personal email address as well as the personal email address of the person you referred us to will be used to confirm the referral and track its usage. Where we have received your consent, your email is used to send you marketing communications. Your personal email address is important to us because it is our primary method of communication with you. Therefore, we ask that you let us know if your email address change.
Telephone number - this information is used to create the membership, for identification and verification purposes, to contact you about your purchase, helps you track your order, and, if required by our Clients/Business Partners, our customers’ telephone numbers are used for customer support and services.
Geo-location data: when location services is enabled on your smart device, this information is collected and may be used by us to recommend restaurants and/or applicable services available in your area. This information also helps us report on and validate your membership usage. Your IP address is collected and used for statistical purposes for us to understand our users' browsing activities and patterns.
Dietary requirements – this information is not compulsory for you to provide however can be provided directly to the restaurant partner you have ordered from.
b. Non - Personal identifiable information
The below data is either collected from you, generated from your registration/sign-up to the membership or collected when you post a comment about the product and/or the company on social media:
Marketing consent and preference(s) - for us to evidence that you have given us consent to market, this information is requested and stored in your customer account.
Social media account identifiers – this information enables us to identify your post or comment, respond to and manage your queries on social media.
Reporting data including product usage data– this information is used for analysis, reporting and, where you provided marketing consent to us, for targeted marketing.
Service history – where marketing consent has been given to us, this information is used for marketing purposes. It is also used for analysis, customer queries, complaints management and reporting purposes.
Account history – this information is used for analysis, customer query and complaints management and serves our reporting and analysis of our member’s feedback on the product.
c. Payment information
The below is the data collected from you or gathered from your usage of the membership:
Credit and debit card details - your payment card details are processed and stored by our payment platform provider. This company has all the required legal and regulatory approvals and certifications to take card payments. Your payment information is kept by our payment platform provider to enhance the payment experience and to fulfil their legal and compliance obligations. Your payment details are also used to renew your membership.
Payment history – this enables you and us to track the payments made for and on the membership.
Transaction ID – this serves as proof of payment and in the event of a payment issue, enables us to track any payment made. We also use this information to provide customer services.
3. OTHER DATA PROCESSING ACTIVITIES
In addition to all the above-mentioned data processing activities, if you started the process of buying a membership with us and for any reason did not complete the process, we may temporarily store your information and may send you emails serving as reminders of the product features and the potential savings you could make with the membership. After a period of up to seven days from the time the basket was abandon, the reminder emails stop being sent.
We may also use third parties to help us aquire your feedback, perform statistical analysis, send you communications, provide customer support and raise awareness about the product (Facebook (Instagram), Google and LinkedIn). All such third parties are prohibited from using your personal information except to provide these services to us. They are also required to maintain the confidentiality and security of your information.
If you contact us via email, your email will be kept safely in your customer’s account for a duration of five years from the membership expiry date and 18 months from the last interaction with us. Your call(s) are kept for a period of three years after which they are deleted, and they may be recorded for quality and training purposes. Should you need to know what information we hold about you, our contact details are listed in the ‘How to contact us’ section below.
Finally, where you have given us your consent to market and through systems that enable us to link your social media account(s) to your membership, we use your personal data and information you provide to us to tailor our promotions and products as best as possible to your needs.
4. OUR LEGAL BASIS FOR PROCESSING
Hi-Life Diners Club Limited relies on three lawful bases to process your personal data:
When registering or signing up to the membership, you are given the opportunity to read this privacy notice and agree to the product terms and conditions. This therefore allows us to process your personal information and we use your personal data to send you communications about the product you are entitled to be aware of such as updates to the product terms and conditions, privacy notice, membership or membership related services and products updates.
For us to market to you via email, SMS and/or post, your consent is required. Therefore, to ensure compliance with GDPR and the Privacy and Electronic Communication Regulation (PECR) we capture and keep record of your consent when you sign up or register to the membership. By consenting to receive marketing communications from us, you consent to receive the below:
- Gift promotions;
Any of our product or services sales communications;
Additional product up sale communication;
Invitation for you to review the product or services;
Third-parties product promotions - we may use your data to provide you with information about goods and services provided by third-party companies. It is important for us to emphasize that for those third-party companies to market directly to you they should be seeking your consent to do so. You can find out more about how your personal data is processed by those companies in their privacy notice.
In accordance with the GDPR and PECR, your marketing opt-in data is kept and stored in your customer record however, you will always be given the opportunity to unsubscribe to marketing through the unsubscribe option made available to you in all marketing emails we send you. Alternatively, you can contact our Data Protection Officer at any time via email as specified in the ‘How to contact us’ section below.
When presented with the option to allow push notifications on your mobile device, you will be required to consent to receive them. This can be done by clicking the appropriate options presented to you. If you consent to receive push notifications from us, through the mobile application preference centre, you will always be given the opportunity to change your preference(s).
If you took advantage of the membership through your employer’s employee benefit scheme, rest assured that we will not market to you unless you have separately consented for us to do so when signing-up to a personal membership. Furthermore, we will not market to you if we are contractually obliged with our clients not to do so.
c. Legitimate Interest
Hi-Life Diners Club Limited relies on this lawful basis when you have signed up as a corporate member through your employer’s employee benefit scheme or have got the membership as a benefit being a customer of a company we have contracted with.
This legal basis for processing data is also relied upon when you refer someone to us. For this, your data, and the data of the person you referred to us are processed to verify and confirm that you are a member. Both your personal information is also used to evaluate and assess the scheme success and prevent any misuse.
We may also use your information for other specific legitimate interest such as:
To ensure that content from our website and mobile application is presented in the most effective manner for you and on your device.
To allow you to participate in interactive features of our services when you choose to do so.
5. WHO ARE WE SHARING YOUR DATA WITH AND HOW YOUR DATA IS STORED?
To provide the membership to you, Hi-Life Diners Club Limited uses suppliers who are carefully selected before being appointed.
Where the processing of your personal data is carried out outside the European Economic Area (EEA), safeguards are in place to ensure the safe transfer of your data. Rest assured that the safeguards in place are proportionate to the level of the personal data being transferred. Should you wish to have details of such safeguards please contact us using the details provided in the ‘How to contact us’ section below.
The below link provides you with information on the suppliers we share your data with:
All information provided to us is stored on secured servers and any payment transactions are encrypted using SSL technology.
Where you have chosen a password which enables you to access your membership on our website or mobile application, you are responsible for keeping this password confidential. We therefore ask you not to share the password with anyone.
When processing your personal data, we make reasonable efforts to ensure there is a level of security appropriate to the risk associated with the processing of your data. We also maintain and implement organisational, technical, and administrative measures designed to protect personal data against unauthorised access, destruction, loss, alteration, or misuse.
Within our organisation, your personal data is only accessible to who need access to it to perform their duties. Documented encryption and classification tools are used by staff when sharing your personal information.
We cannot guarantee the security of your data transmitted from your device to our website. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
6. OUR DATA RETENTION PERIOD
The following retention periods apply:
Personal memberships: five years from the membership expiry date and 18 months from the last interaction with you;
Corporate memberships: five years from the membership expiry date or as per the contract agreed with the client.
7. YOUR RIGHTS AS DATA SUBJECTS
As defined by GDPR, you have the following rights with regards to the personal data we hold about you:
Right to be informed: this right made it compulsory for us to provide you with this privacy notice.
Right to access: if you wish to know what information we hold about you; You have the right to make a Subject Access Request to our Data Protection Officer. We welcome these requests and aim to provide answer within one calendar a month from verifying your request.
Right to erasure: you have the right to request for your data to be erased. This can be done by contacting us using the details specified in the ‘How to Contact us’ section below. Should there be instances where we cannot completely erase your data (i.e., when your personal data is required for the exercise of legal claims or complaints or to provide the service to you as part of our contractual obligation), we will discuss it and confirm, to you, when your data will be deleted.
Right to rectification: if you notice that any of your details are incorrect, please contact the customer service team who will be more than happy to rectify this. We will also send reminders to request that you notify us of any changes to your personal data.
Right to data portability: this is where you would like us to transfer your data to another organisation. To request this, please contact us using the details in the ‘How to contact us’ section below.
Right to restriction of processing: you have the right to ask us to restrict the processing of your personal information. However, it is not an absolute right and applies in certain circumstances such as where you contest the accuracy of your personal data and we are verifying the accuracy of the data, the data has been unlawfully processed (i.e. in breach of the lawfulness requirement of the first principle of the GDPR), you oppose erasure and requests restriction instead, we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim or you have objected to us processing your data under Article 21(1) of the GDPR 2016, and we are considering whether our legitimate grounds override yours.
Right to object to processing: you have an absolute right to stop your data from being used for direct or indirect marketing.
Right related to automated decision-making including profiling: the GDPR has provisions on automated individual decision-making and profiling.
You are not required to pay any fee for exercising these rights and your request will be answered to within one calendar month from the request verification.
8. HOW DECISIONS ARE MADE USING THE DATA WE COLLECT FROM YOU
We do not automatically make decisions on whether to provide you or not with the membership. The decision to purchase a membership or additional products from us is totally and entirely yours.
However, we use location services throughout our mobile application and website for us to tailor our marketing material to your specific needs.
We also use email monitoring services to monitor the emails we send to you. This feature is used for confirmation that you have received any email we have sent you and helps us respond to your queries or complaints.
Upon accessing for the first time our website or mobile application on your device, a cookies banner is presented to you. On the banner, you have got the opportunity to choose your cookies preferences and save them.
For more information about the cookies on our website, please follow the below links:
10. HOW TO CONTACT US
Hi-Life Diners Club Limited have appointed a Data Protection Officer who you can contact for any data queries, general privacy matters or to exercise your rights as set out by the GDPR. Our Data Protection Officer contact details are as followed:
By email: DPO@diningclubgroup.co.uk
By post: Data Protection Officer, State Bidco Ltd, Birkby Grange, 85 Birkby Hall Road, Birkby, Huddersfield, HD2 2XB
Because the United Kingdom (UK) departed from the EU and for those residing in the European Union (EU) we have appointed IT Governance Europe Limited to act as our EU representative. If you wish to exercise your rights under the GDPR or have any queries in relation to your rights or general privacy matters, please email our Representative at email@example.com. Please ensure to include our company name in any correspondence you send to our Representative.
Our EU Representative postal address is:
IT Governance Europe Limited
6th Floor South Bank House
Barrow Street Dublin 4
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO contact details are as follow:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
We would, however, appreciate the chance to deal with your concerns before you approach the ICO. So please contact us in the first instance.
11. CHANGES TO THE PRIVACY NOTICE
We may change some of our company structure for administrative reasons however this will not impact the way we process your personal data. If there is a change in how your data is collected and processed or a change in our purpose and legal basis for processing your data, we will update this privacy notice to make you aware. An email informing you of the change to this privacy notice will also be sent to you. Any historic versions of this privacy notice can be obtained by contacting our Data Protection Officer using the details specified in section 10 ‘How to contact us’ above.