IDENTITY & CONTACT DETAILS OF THE CONTROLLER & THE DATA PROTECTION OFFICER
State Bidco Limited is the fast growing owner of the UK’s three leading discount dining clubs, tastecard (Taste Marketing Limited), Gourmet Society (Simard Limited) and Hi-Life (Hi-Life Diners Club Limited). State Bidco are committed to protecting and respecting your privacy whilst remaining compliant with The General Data Protection Regulation (EU GDPR) and the Data Protection Act (DPA). In order for us to drive compliance, we have a Personal Information Management System which is compliant with BS 10012:2017 Data Protection.
State Bidco are the Data Controller and have an appointed Data Protection Officer whom can be contacted via email; DPO@diningclubgroup.co.uk
You can also contact State Bidco via post at; Birkby Grange, 85 Birkby Hall Road, Birkby, Huddersfield, England, HD2 2XB.
PURPOSE OF THE PROCESSING AND THE LEGAL BASIS FOR THE PROCESSING
In order for State Bidco to fulfil its contractual and customer obligations, there is a requirement to collect specific personally identifiable information relating to our customers. There are a couple of legal bases for the processing of such personally identifiable information. If you sign up on our website or one of our landing pages, then personal information is processed on the basis that we have a legitimate interest in doing so and to fulfil a contract with yourselves.
In other cases (for example, receiving employee benefits) we will be processing your personal information using the lawful basis of fulfilling a contract with the third party benefit provider or the employer.
LEGITIMATE INTERESTS OF STATE BIDCO OR THIRD PARTY
State Bidco have a legitimate interest in further processing the information which is provided by customers at the point of sale for marketing purposes.
We may also use your information for other specific legitimate purposes such as:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have either explicitly consented to or we believe you have a legitimate interest in.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
We may also use your data, or permit selected third parties, such as but not limited to; participating restaurants or Livebookings Holdings Limited, trading as Bookatable, to use your data to provide you with information about goods and services which may be of interest to you and we may contact you using electronic means (e-mail, SMS, Push, Phone) or post.
We do not sell, rent or lease customer lists to third parties for the purpose of them to market to you. We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, we may share data with trusted partners to help us perform affiliate marketing, statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.
If you are an existing customer, we will only contact you by electronic means (e-mail, SMS, Push, Phone) or post with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, and where we permit selected third parties, such as participating restaurants or Bookatable, to use your data, we (or they) will contact you by electronic means only if you have consented to this or we believe there is legitimate interest.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- Information that you provide by filling in forms on one of our sites (www.tastecard.co.uk, www.gourmetsociety.co.uk, www.hi-life.co.uk or www.hi-life.ie) such as;
- User name and password – If we collect a user name and password, this is so we can keep your information secure and so that we can have your information to hand each time you visit us.
- Name, address and postcode – Without this we won’t know where to send your order or to whom, we also use postcodes to quickly get your full address to save you typing it out and in some cases to identify whether we deliver or offer services in your area. If you have location services enabled on your smart device we may also use this to recommend restaurants / applicable services in within the area you are in.
- Email address – We send confirmation of your orders via email and will send you informational messages as well as offers which may interest you.
- Telephone numbers – If there are any problems with your order or we need to check anything, we need to be able to contact you quickly.
- Date of Birth – We may request this to verify your age.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site and the resources that you access.
- App usage data – including location services.
- Details of the restaurant you’ve visited when using your dining club card and how you dined – including your savings.
RECIPIENTS OF THE PERSONAL DATA
State Bidco is required to transfer the personal information provided by its customers to third parties in order to fulfil contractual obligations. The following are categories of recipients that customer information could be transferred to:
- Data Centres – This is so we can store your data securely
- Fulfilment Houses – To allow us to fulfil and send you a physical card if you have ordered one.
- External IT Providers – To provide IT infrastructure, delivery and security services
- Payment Providers – To process your payment securely
- Business Benefit Providers – To allow you to access the benefits
- Corporate Partners that have referred you to us – To provide them with information on usage and to verify some orders made through a third party.
All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may disclose your personal information to any member of our group (State Bidco Limited), which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We will not disclose your information to any of the relevant third parties listed above for marketing purposes.
Our Data Protection Officer can provide you with contact details of our third parties upon request if required. You are able to do this by emailing our Data Protection Officer at DPO@diningclubgroup.co.uk.
DETAILS OF TRANSFERS TO THIRD COUNTRIES & SAFEGUARDS
State Bidco has one system that requires them to transfer personally identifiable information to a third party located in a third country, e.g. USA, controls are in place to ensure that the level of protection is not undermined and that security controls are at a level to commensurate with the type of information being transferred. This is applicable to the email ticketing system. Aside from this, we ensure that all other personally identifiable information held on our customers and employees remains within the EEA.
We also use an external IT service provider that is based outside the EEA to assist us with the management of our IT systems and ensuring that our systems are secure. We do not transfer data to this organisation however they will have access to our systems to enable them to complete maintenance and IT support.
You can get an explanation of our safeguards by emailing DPO@diningclubgroup.co.uk.
State Bidco retain all customer information for 5 years after they last interacted with us. Where there has been a period of 5 years after the end of membership and where has been no interaction between the organisation and the customer within this time, their information is erased and securely disposed of.
RIGHTS OF DATA SUBJECTS
You have the right to make a Subject Access Request to State Bidco’s Data Protection Officer in the event that you wish to determine what information we hold on you. We welcome these requests and aim to complete all requests within 30 days of verifying the request.
You have the right to request your data to be erased. This can be done by contacting DPO@diningclubgroup.co.uk. Please bear in mind this is not an absolute right and there maybe instances where we cannot completely erase your data (e.g. When the personal data is required for the exercise of legal claims), if an exception does come up this will be discussed with you when you make the request.
You have the right to rectification. If you notice that any of your details are incorrect please contact the customer service team who will be more than happy to rectify this. We will also send transactional reminders to request that you notify us of any changes to your personal data so that we can keep your data up to date.
You have the right to portability. This is where you would like to transfer your data to another organisation. To request this, please contact DPO@diningclubgroup.co.uk. We will provide this within a structured CSV file for you to provide to a third party.
You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office in the UK), should you feel that we have not handled your information in line with legislative and regulatory requirements.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
We also use an external IT service provider to assist us with the management of our IT systems and ensuring that our systems are secure. We do not transfer data to this organisation however they will have access to our systems to enable them to complete maintenance and IT support.
You can get an explanation of our safeguards by emailing DPO@diningclubgroup.co.uk.
AUTOMATED DECISION MAKING, INCLUDING PROFILING & INFORMATION ABOUT HOW DECISIONS ARE MADE, THE SIGNIFICANCE OF THE CONSEQUENCES
We use location services through both our applications and websites in order for us to tailor our marketing material to your specific behaviour and activities, e.g. the types of restaurants which you regularly visit. We use email monitoring services to monitor the emails which we send to users. We also collect usage data through the use of our cards and membership apps. In doing this, we obtain information such as but not limited to:
- Time of receipt
- Time of opening
- Device user to open
- Location it was opened in
- Purchases made on our website(s)
- Savings made
- Restaurants visited
- Which parts of the email you interacted with
We use systems that enable us to link your social media accounts to your account if registered with the same email address. This enables us to tailor our promotions and products as best as possible.
Where you have provided us with a mobile number, we may market to you using SMS and Push notification interactions.
Our systems are set up to enable us to collect information on your dining history and spending history inclusive of savings made when using one of dining club cards, we link this data to your profile so that we can determine what other deals or informational emails may be of interest to you.
The use of our cards also involves a level of automated decision making. This is in relation to when the physical cards are used the card is used in some of the restaurants’ tills it will automatically determine whether the card is valid to receive the discount or not.
You have the ability to stop this profiling activity and the automated decision making by contacting DPO@diningclubgroup.co.uk. Please be aware that by objecting to some of this data collection we may not be able to provide the product to you.
We may collect information about your computer, including where available your IP address, geographic location (if you allow when prompted by your browser), operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns.
In the event that you wish to alter your Privacy settings or opt-out, you are able to do this by emailing our Data Protection Officer at DPO@diningclubgroup.co.uk.