Welcome to State Bidco Ltd
We recognize the importance of your personal information security therefore this privacy notice explains what we do to look after your personal data.
It tells you:
- Where and how we collect your personal information
- What we do with your information and how we keep it secure
- What your privacy rights are and how the law protects you
- How we look after your personal data
- How to contact us with any queries that you have
1.IMPORTANT INFORMATION AND WHO WE ARE
a. What does this privacy notice cover?
This privacy notice applies to you if you are a taste card, Gourmet Society, Hi-life member or nonmember, if you are contracted with or is an intermediary between State Bidco Ltd and its customers or contracted as a delivery and payment services partner/user for the provision or reception of our services whether done online, by phone, in person, through written forms, through mobile applications or otherwise by using any of our websites or interacting with us on social media. This privacy notice gives effect to our commitment to protect your personal information and is available on all our membership products websites and apps. You can find out more about each of our group of companies by clicking the below links:
It is important that you read this privacy notice together with any other privacy information we may provide, on specific occasions, when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
b. Who we are
State Bidco Ltd is the owner of tastecard and Taste Marketing Limited trading as Ello media, Gourmet society (Simard Limited), Hi-life (Hi-Life Diners Club Limited). State Bidco Ltd is committed to protecting and respecting your privacy whilst remaining compliant with the General Data Protection Regulation (EU GDPR) 2016 and the United Kingdom Data Protection Act (DPA) 2018. To drive compliance to the regulation and make it a company culture, we have a Personal Information Management System which is compliant with BS10012:2017.
When personal data is collected directly from you, State Bidco Ltd is the Data Controller. However should your personal data is received from you with your consent indirectly (via your employer, State Bidco Ltd business partners, third-parties websites or applications where you are customer of or subscribe to products and/or services), State Bidco Ltd will either be a joint controller or data processor. We will therefore ensure our status, obligations and responsibilities towards your data is clearly defined in the contract we have with these companies.
State Bidco Ltd have an appointed Data Protection Officer who can be contacted using the below details:
By email: DPO@diningclubgroup.co.uk
By post: Data Protection Officer, State Bidco Limited, Birkby Grange, 85 Birkby Hall Road, Birkby, Huddersfield, HD22XB
For those residing in the EU (excluding the UK) you can contact our EU representative whose details are listed below. This EU Representation has been appointed as the UK is departing from the EU:
c/o Head of Data Privacy Manager Service for GRCI Law, IT Governance Europe, Third Floor, The Boyne Tower, Bull Ring, Lagavooren, Drogheda, Co. Louth, A92 F682
c. How to contact us and make a complaint
If you would like to exercise one of your rights as set out by the EU General Data Protection Regulation 2016, have a question or query or you wish to complaint about this privacy notice or the way your personal information is processed by State Bidco Ltd group of companies, please contact us using the below address:
Data Protection Officer
State Bidco Limited
85 Birkby Hall Road,
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the United Kingdom (UK) supervisory authority for data protection issues. The ICO contact details are as follow:
Information Commissioner’s Office
Helpline number: 0303 123 1113
We would, however, appreciate the chance to deal with your concerns before you approach the ICO. So please contact us in the first instance.
d. Changes to this privacy notice and your duty to inform us of changes
This version was last updated in November 2020 and any historic versions can be obtained by contacting us as detailed in the ‘Contact section’ above.
We may change some of our company's structures for administrative reasons however this will not impact what we do with your data or the services you receive from State Bidco Ltd group of companies. If on the other hand there is a change in how your data is collected and processed as well as a change in the purpose and legal basis for processing, we will update this privacy notice to make you aware.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us
e. Third Party Links
Our website, apps and other documents you may receive from us may include links to third-party websites, plug-ins and information. Following these links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. More information about how these third-parties collect, use and process your data will then be in their respective privacy notice and/or Terms and Conditions.
2.PURPOSE AND LEGAL BASIS FOR PROCESSING
For State Bidco Ltd group of companies to fulfil its contractual and customer obligations around the purchase by customers of one of our membership products, there is a requirement for us to collect specific personally identifiable information relating to our customers.
Therefore, the processing of your personal data by State Bidco Ltd relies on three legal bases:contractual, consent and legitimate interest.
When registering to one of the products State Bidco Ltd provides, customers are given the opportunity to read this privacy notice and/or agree to our terms and conditions. This, thus, allows us to process personal information in relation to the membership purchase directly or indirectly from us (i.e. as part of our Business to Business or Employee Benefit Schemes). Your data is then used to send communications that you are required to be made aware of and this is done via email and SMS (i.e. updates to terms, privacy notice, membership or membership related services/products).
Please note that this is not applicable to Vue Pass customers’ data. More details about how your data is processed in relation to Vue Pass can be found in section 4 of this notice.
In order for us to market new products and services to you as a member, your consent is required by selecting the 'opt in' option made available to you when subscribing to a membership. If you do, you will always be given the opportunity to unsubscribe to marketing. If you do not and as mention in 'Section a' above, you will only receive communications that you are entitled to be made aware of. Your marketing opts'in' or 'out' will then be electronically kept and maintained by the company throughout the membership life cycle.
In the event you are provided with an option to allow notifications (Push notification), you will be required to provide consent by clicking the appropriate option. If you do, you will always have the option to change the types or receipt of any Push notifications through your account in the mobile applications.
Under your consent we may also use your data, or permit selected third parties, to use your data to provide you with information about goods and services which may be of interest to you.
We do not sell, rent or lease your personal data or our customers lists to third party companies for them to market to you. We may, from time to time, following your consent obtained directly or indirectly (via our business partners) from you, as part of our affiliate marketing activities, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number and, in the case of our Collection and delivery service, any other details you will provide to us to facilitate your food order delivery) is not shared with the thirdparty.
As part of our Collection and Delivery service, our customers are asked to consent to the service terms and conditions and our payments platform users (Restaurants / Chains) are asked to consent both to the service terms and conditions and our payment service providers’ terms and conditions. These are done prior placing an order or using our payments platform service. State Bidco Ltd and our Collection and Delivery supplier (processors) will then use Restaurants’ / chains’ and customers’ data to make the restaurants market place available to view on the taste card website and app, process and receive orders, process and accept payments, process refunds, and to abide to the contractual transfer of fees and funds between us, designated supplier and Restaurants / Chains. In order to enhance customers’ experience throughout the Collection and Delivery website and app and to provide reporting information back to us, our Collection and Delivery processors will be keeping your personal information , contractually, for as long as the agreement with them is live and, where applicable and required by the Data Protection law, for a limited period of time following the termination of the contract. Finally, in some cases and where you consent to, your data will be used to enable you to track the delivery of your order. Additional information on how long your personal information will be kept by these suppliers, why and their legal basis for processing can be obtained by contacting us as detailed in section c 'How to contact us and make a complaint'.
Whether you have purchased a membership with us or made an order via our Collection and Delivery service, State Bidco Ltd does not keep your payment information however our payment platform providers will keep them in order to facilitate the provision of payment service to us and our payment platform users, to enhance the payment experience and to fulfil their legal / compliance obligations which require them to disclose information about us, you and our payment platform users to financial services providers, payment method providers and their service providers in order to prevent (and not limited to) fraud and anti-Money Laundering. At payment stage, you will then be required to provide us with your first name, surname, address details and card information. State Bidco Ltd uses, with its payment platform providers, a token base exchange system which links your payment profile, held with our payment providers, with our records and allows the renewal of your membership.
c. Legitimate Interest
In order to provide the service to you, State Bidco Ltd, relies on this lawful basis when you have signed up directly or indirectly on our website, via a refer a friend scheme or one of our landing pages. Your data is therefore processed to verify you have been referred to us by an existing member and for the same purpose of ensuring you receive communications that you are required to be made aware of.
We may also use your information for other specific legitimate interest such as:
- To ensure that content from our websites are presented in the most effective manner for you and for your device.
- To provide you with information, products or services that you have requested from us or which we feel may be of interest to you and where you have either consented to or we believe you have a legitimate interest in.
- To carry out our obligations arising from any contracts entered between you and us.
- To allow you to participate in interactive features of our service when you choose to do so.
- To notify you about changes to our service.
In addition, we may share data with trusted partners to help us perform statistical analysis, send you communications, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of yourinformation.
We will mainly contact you by electronic means (e-mail, SMS, Push) or by post with information about goods and services similar to those which were the subject of a previous sale to you, where you have consented to this or we believe there is a legitimate interest. However, you will always be given the opportunity to unsubscribe with details on how to do it as mentioned in section c 'How to contact us and make a complaint'
3. INFORMATION WE MAY COLLECT FROM YOU AND HOW DATA IS COLLECTED
We may collect and process the following data about you:
- Information that you provide by filling in forms on one of our sites (www.tastecard.co.uk, www.gourmetsociety.co.uk or www.hi-life.co.uk) or on one of our Mobile Applications (iOS and Android) such as;
- Username and password– we collect a username and password to ensure your membership is only access by you.
- Name, address and postcodeThese data are required for identity verification when accessing your membership and to ensure your order is sent, collected and delivered to the correct place and person. This is all required to quickly find your address and identify whether our partners restaurants and services are available in your area. Finally, if location services is enabled on your smart device, we may also use it to recommend restaurants/applicable services available in your area.
- Email address – this is used to send your orders confirmation, membership sign up confirmation and to send you, if applicable, informational messages plus offers which might be of interest to you.
- Telephone numbers– are used to contact you should there be any issues identified with your order or your membership.
- Date of Birth – this is used to verify your identity when you contact us and may be requested to verify your age as part of your order collection or delivery.
If you contact us, we may keep a record of thatcorrespondence and/or call(s) for a duration of five years from the last interaction with us. Your call(s) may be recorded for quality and training purposes. Should you require to know what information we hold about you, our contact details are listed in section c 'How to contact us and make a complaint'.
- Although you do not have to respond to them, we may also ask you to complete surveys that we use for research and analysis purposes.
- Details of your visits to our site and the resources that youaccessed.
- App usage data – including location services.
- Details of where and how you have used the product, including the savings you have made.
4. VUE PASS CUSTOMERS
In order to fulfil your Vue Pass products and services order or respond to any query that you have in relation to those products and services and to fulfil our contractual obligation with Vue Pass, Taste Marketing Ltd trading as Ello Media a subsidiary company of State Bidco Ltd will share your personal data with Vue Entertainment Ltd (Vue). Your data will then be kept for as long as the processing is necessary and for an additional five years from the last interaction with us.
Ello media and Vue Entertainment Ltd are joint controllers of any personal data collected and shared in connection with your Vue Pass order. Vue may share personal data relating to Third Party Purchasers (and/or their personnel) with Ello media for the purposes of enabling Ello Media to perform Marketing Activities and Services in relation to those data subjects.
Our Legal basis for processing your data is both contractual and based on your consent for the marketing by Ello Media and Vue of any Vue products and services agreed between both parties. Previous customers will not be contacted for marketing should consent has not been received in the first instance. Should you are a bulk cinema tickets purchaser, when and where required, you will be receiving from us a transactional emails prompting you to ensure you have got an adequate stock level in order to fulfil your customers’ cinema tickets orders.
Below are the type and categories of data collected and processed by us:
- Identity Data:this is including first names and surnames and are used for identification and verification purposes
- Contact Data: this is your email, telephone number and home address. Your telephone number and third-parties purchasers contact details allow us or Vue to contact you in the event of a customer service query, complaint or any issue(s) you have raised with regards to your cinema tickets purchase, the voucher(s) and/or your Vue Pass registration. Your email will be used, following your consent, to market Vue products/services as mentioned above and finally your home address details are used, by our payment service provider, to not only verify your identity but also for payment verification when processing your cinema ticket order.
Should you be a 'VeryMe'customer, it is important for you to know that Vodafone does not share your personal data with Ello media. However, Ello Media has a contractual obligation to permit Vodafone and its representatives to inspect and copy the data. All data collected will be requested from you upon Vue Pass registration and/or when you register, via our websites and apps, to products or services that Ello media and/or all others State Bidco Ltd group of companies provide. As a 'VeryMe' customer purchasing Vue Pass cinema tickets, your personal data will be kept by Ello Media for at least three years from registration (or longer if required by Applicable Law).
5. RECIPIENTS OF THE PERSONAL DATA AND DATA STORAGE
In order to fulfil our contractual obligations, State Bidco Ltd is required to transfer personal information provided by its customers to appointed third parties. The following link provides information on data recipients who we use to facilitate the provision of our services to you. The document lists State Bidco Ltd brands with related processors:
All information you provide to us is stored on secured servers. Any payment transactions are encrypted using SSL technology (Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the internet).Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website(s) or app(s), you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We make reasonable efforts to ensure there is a level of security appropriate to the risk associated with the processing of your data. We maintain organizational, technical, and administrative measures designed to protect personal data within our organization against unauthorized access, destruction, loss, alteration, or misuse. Within the organization your personal data is only accessible to who need access to the information to perform their duties and documented encryption/classification tools are used by staff when sharing your personal information. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reasons to believe that the service we provide to you is no longer secure (for example if you feel that the security of your membership has been compromised), please contact us immediately. In addition, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorized access.
As defined in section 1159 of the UK Company Act 2006 we may disclose your personal information to any of our State Bidco Ltd group of companies which are its subsidiaries. State Bidco Ltd is therefore the holding company.
We will not disclose your information to any of the listed contracted processors for marketing purposes.
We can provide you with contact details of our third parties, external business partner and trusted partners upon request. You can do this by contacting us using the details provided in section c 'How to contact us and make a complaint’ above.
6. INTERNATIONAL DATA TRANSFER & SAFEGUARDS
To facilitate our service to you, State Bidco Ltd have to transfer personally identifiable information to contracted processors which are not all located in the EEA (European Economic Area). When your data is transferred outside the EEA, as our data processors are contractually oblige to, State Bidco Ltd will ensure controls and adequate set of policies and procedures have been put in place by the processors and their sub-processors in order for them to be compliant to the European Union General Data Protection Regulation 2016 and/or (when applicable) the European Union (EU) Standard Contractual Clauses and State Bidco Ltd supplier security policy. All the above measures are to ensure that the level of data protection is not undermined and that security controls implemented by our processors and their sub-processors (where applicable) match (or when applicable) surpass the level of data being transferred.
Should you wish to have details of such safeguards and others safeguards put in place by State Bidco Ltd to protect your data, please contact us using the details provided in the 'How to contact us and make a complaint'; section c of this policy.