BUSINESS AND/OR ITS SUBSIDIARIES (“BUSINESS”, “WE”, “US”, “OUR”), RESPECTS YOUR PRIVACY.
This privacy policy (the “Policy”) explains our privacy practices for our services, including each of the mobile applications that you downloaded and their related services (“the Solution”), that we have created, customized and branded for our customer loyalty program, customer engagement program or other service of the Solution you are registered to.
We are the data controller, as described below in this Policy. We work with data processors to whom we have instructed to collect, store and process personal information on our behalf for the purposes of providing our services (e.g. in connection with our customer loyalty program, customer-engagement program or other of our services).
This Policy describes the ways your personal information and data is collected, used and shared and the rights and options available to you with respect to your information.
To the maximum extent permitted by law, you hereby agree to the use of: (a) electronic means to provide you with any notices given pursuant to this Policy and, if so necessary and permissible, to consent to this Policy; and (b) electronic records to store information related to this Policy and your use of the Solution.
1. Privacy Policy Summary
| Section | Summary – for the full text please review the respective Section of this Policy |
| 2 | Personal information that you voluntarily provide. We collect personal information you voluntarily provide, mainly through a Registration Form customized by us, which you fill in and submit while you register to the Solution and the related services (such as our loyalty program). If you choose not to provide information determined by us as mandatory, you will not become a Registered Member, and only Basic Functionalities, as determined by us, will be available to you. |
| 3 | Information collected from all End Users. We collect information in regard of (a) your mobile device identifier and/or account identifier, the Internet protocol (IP) address of the device used to access the Internet, geo-location (if enabled), device type and its operating system version; and (b) your usage of the Solution, including, without limitation, interactions you make with the Solution’s features and functionalities, websites and content you have accessed, clicked or interacted with through/via the Solution. |
| 4 | Other Information collected from Registered Members. We collect information regarding messages you receive through the Solution, your participation in, or use of, certain features available to Registered Members only, and purchases you make. |
| 5 | Collection of your location. We collect your geo-location (if made available to us by you) and other information which can identify your assumed location, such as our premises when you make a purchase or by Beacons (if installed there). |
| 6 | Additional Information collected. We collect information regarding your activity with us and when you interact with us, as further described below. |
| 7 | Process of Sensitive Information. We do not require you to provide sensitive information and do not intentionally collect or process otherwise sensitive information. |
| 8 | Children’s Privacy. If you are under age of 13 years, or other minimum age which applies in your country (e.g. 16 in most EU countries) you are not permitted to register to any Members Features, or use any aspect of the Solution. |
| 9, 10 | Use of information. The information collected will be used for several purposes, such as: (a) providing you with the Solution’s functionalities, features and services, which includes specific and/or personalized activities, promotions, advertisements, features and/or services (including location-based services); (b) developing new services and/or improving the Solution; or (c) enforcing this Policy or complying with applicable laws. Further information is provided in Section 9 below.
Legal basis (GDPR only). The GDPR legal basis applicable to each purpose is identified next to each purpose in Section 9 below. |
| 11 | Anonymized or aggregated information that does not include personal data may be used in any way without restrictions or limitations. |
| 12 | Automated decision making. We use automated decision-making, based on the information you provide us and your usage of the Solution, including number of transactions, frequency and volume. As a result, you will receive different offerings that we pre-customize for you. |
| 13 | Third parties services. You may provide information through certain areas, features, frames or sections of the Solution such as when a link directs you to a third party (such as a social media channel). Please note that these are operated by third parties and, to the maximum extent permitted by law, we are not responsible for their own data-collection practices. |
| 14 | Information regarding transfers (GDPR only): we store your personal information in connection with the Solution either in the European Economic Area, in the US, in the country where we are located, or in countries deemed as providing an adequate level of data protection. Your data will be accessible in the country where we or our service providers are located, the UK, the US, and countries deemed as providing an adequate level of data protection. If you wish to receive further information, please contact us. |
| 15 | Your rights. You are entitled to exercise any of the rights set forth in privacy laws or regulations applicable to you. We handle these requests in accordance with applicable law. Please note that these rights may be subject to certain derogations, exceptions or limitations. |
| 16 | Data retention. We retain your data for as long as we have a legitimate need, reason or purpose to use it. For example, we retain your data while you are a registered user to the Solution. If you want to be deleted, you can contact us or exercise your rights and we will process your request in accordance with applicable law and this Policy. |
| 18 | Changes to this policy. We may change this Policy from time to time. Updated versions will be made available in an electronic or equivalent manner. |
2. Personal information that you voluntarily provide
2.1. You are requested to submit a registration form (or otherwise provide personal information about you in an equivalent form or manner) in order to become a registered (or logged in) member of our loyalty program, customer engagement program or other service of the Solution (“Registered Member” and the “Registration Form” respectively). The Registration Form includes personal details such as: name, phone number, email and home address. It is customized by us and may include fields which are explicitly indicated as mandatory (i.e.: fields determined by us, which must be completed in order to submit the registration form and to join the customer loyalty program or customer engagement program in connection with the Solution; “Mandatory Fields”).
2.2. You may choose not to share your personal information with us. There are many activities, functionalities, features or services of the Solution (as will be determined by us; such as, opening hours, locations list, menus, catalogues or promotions), which will be available to you if you choose not to fill in all Mandatory Fields and not become a Registered Member thereof (“Basic Functionalities”).
2.3. If you specifically opt-in to permit access and collection of information from your social network account(s), then your basic personal information in your social network account will be collected (such as your name, photo and email address) as well as your social network user ID (but not your password). Please refer to the social network’s privacy policy for more details on how you can set the privacy preferences of your account to control the information that may be accessed and retrieved. We collect this information for the purpose of enabling your registration to the Solution.
2.4. In order to enjoy the benefits of the Solution, you will be requested to identify yourself at our premises or upon usage of Third Parties Services. We will use the information you provide through the Registration Form to verify your identification (including enabling the Third Parties Services) and to attribute your purchases or actions (made online or offline) to you (including those made through the Third Parties Services) and for redemption purposes.
2.5. Depending on the context, we may ask you to provide additional information or your information may be provided in several occasions or phases and/or in separate submissions. Please note that refusal to provide any additional information or to accept further terms or offers shall not derogate from our right to store former information provided or submitted to the Solution or to us.
3. Information collected by Us from all End Users
The following section applies to our data collection practices which apply to all End Users, including End Users which do not voluntarily share their personal information with us and use the Basic Functionalities of the Solution.
3.1. We collect from all Solution End Users information about the mobile device, such as mobile device identifier and/or account identifier (Android UDID, iOS UUID; Advertising ID: IDFA for iOS devices and AAID for Android devices, or their equivalent), the Internet protocol (IP) address of the device used to access the Internet, geo-location (if enabled), device type and its operating system version.
3.2. We also collect information regarding the features, content, services or websites accessed, clicked or interacted with through the Solution as well as information regarding the interactions made with the Solution’s interface and features such as logging info, the Solution’s tabs, banners, or pages that are clicked on or accessed, ads and/or promotions viewed through the Solution and receipt of notifications sent through the Solution.
4. Other Information collected by Us from Registered Members
4.1. In addition to the above, if you are a Registered member, we collect information regarding (i) receipt of SMS text messages or emails sent to you through the Solution; (ii) your participation in, or use of, the Solution features available to Registered Members only (such as: scratch card, point accumulation plans, punch card, coupons, gift card, cash back, “Pay with Budget” or their equivalent; collectively: “Members Features”); and (iii) details of purchases made online or offline by using the Solution (e.g., time and date of your purchase, place where purchase was made, the amount paid and information about the items purchased).
5. Collection of your location
5.1. We process your geo-location information in order to provide you with offers and/or promotions which are based on your location (“Location Based Services”). These Location Based Services apply whenever your location is made available to us.
5.2. Your location will be available to us (i) via your mobile phone, if you provide permission to share it with us; and/or (ii) other sources integrated to the Solution such as: (a) upon purchase at our premises – since we have the knowledge about these premises location; (b) external services integrated with the Solution; and/or (c) through Beacons if used by us at our premises or nearby.
5.3. By disabling your geo-location (e.g. through the mobile device operating system), certain features which require your geo-location information may not function or may be interrupted. Please note that by such disabling, your location may still be assumed and/or collected by us from other available sources as described above.
5.4. A beacon is a device designed to attract attention to a specific location by using Bluetooth low energy signals (“Beacon”). We may place these Beacons in or nearby our premises in order to collect your approximate location. Once your mobile phone device identifies a signal from a specific Beacon, the Solution will send that identification to our servers. By receiving such identification, we will assume that you are physically located in proximity of the location of that respective Beacon as registered in our database.
6. Additional information collected
6.1. We will collect information regarding the purchases made online or at our premises. If you identify yourself at our premises, we will attribute the information in regard of your purchases to you. Purchase details may include: time and date of your purchase, place where purchase was made, the amount paid and information about the items purchased.
6.2. We may have collected or processed non-personal or personal information about you prior to joining the Solution. Such information will be added to, or combined with, other information processed under this Policy, and shall be processed in accordance with this Policy.
6.3. Third parties which provide other services or solutions to us, which are embedded in or integrated with the Solution, such as ordering, payment, e-commerce or scheduling services or solutions (“Third Parties Services”), will share with us information regarding your interactions with their systems such as: (i) your name, email address and/or phone number (if provided by you); and (ii) purchase details (time and date of the purchase, place where purchase was made, the amount paid and information about the items purchased). Please note that we are not responsible for the data collection and processing practices of such Third Parties Services, which you are encouraged to review before interacting with them.
7. Processing of Sensitive Information
7.1. We do not require End Users to provide sensitive information and do not intentionally collect or process otherwise sensitive information.
7.2. If by using the Solution (including any third-party services integrated to or embedded in the Solution) you are asked to provide sensitive information, or you have a reason to suspect that sensitive information is collected, you are kindly requested to immediately report it to us. Please note that the definition of “sensitive information” may not have the same meaning in different jurisdictions.
8. Children’s Privacy
Personal information about children who are under 13 years, or other minimum age which applies in your country (16 in most EU countries) is not knowingly or intentionally collected. If you are under that age, you are not permitted to use the Solution, register to any Members Features, or use any aspect of the Solution. If you have reason to suspect that children data is collected, you are kindly requested to immediately report it to us.
9. Use of collected information. Legal basis (GDPR only)
The information we collect will be used for the following purposes (please note the GDPR legal basis next to each purpose):
9.1. To provide you with the Solution’s functionalities, features and services (including, without limitation, personalized content and Location Based Services, if any), send you, from time to time, push notifications, SMS text messages, commercial emails and/or other communications from us. GDPR legal basis: depending on the context, consent, performance of a contract ((i.e. End User Terms of Use), legitimate interest (e.g. send you administrative communications);
9.2. To develop new services or update or upgrade existing services. GDPR legal basis: legitimate interest, performance of a contract (i.e. End User Terms of Use);
9.3. To manage the administrative and operational aspects of the Solution. GDPR legal basis: legitimate interest, performance of a contract (i.e. End User Terms of Use);
9.4. To enforce this Policy and the End User Terms of Use and prevent unlawful activities and misuse of the Solution. GDPR legal basis: legitimate interest, compliance with laws, performance of a contract (i.e. End User Terms of Use, this Policy);
9.5. To comply with any applicable law and assist law enforcement agencies when we have a good faith belief that our cooperation with them meets the applicable legal standards. GDPR legal basis: compliance with laws, legitimate interest; and
9.6. To take any action in any case of dispute involving you with respect to the Solution. GDPR legal basis: Legitimate interest, compliance with laws.
9.7. If you have questions about these uses, please contact us. Please note that the legal basis is provided for GDPR purposes only.
10. Sharing and transferring collected information
The information outlined in the preceding sections, may be shared with, or transferred to our processors or vendors for the purposes of helping us provide the Solution. This includes our processors, vendors and third parties which provide you with services, features or content in connection with the Solution such as online ordering, ecommerce services, games, payments, communications, agencies, feedback, plugins or APIs, or companies that host the Solution. If you wish to receive further information, please contact us.
In addition to the above, we may share the information as follows:
10.1. If you have breached the End User Terms of Use or this Policy, abused your rights to use the Solution, or violated any applicable law, or in any other case of dispute, or legal proceeding of any kind involving you with respect to the Solution, your information may be shared with competent authorities and with any third party, as may be required;
10.2. We may share information that we collect or obtain through the Solution with the relevant authorities, entities or persons if we reasonably believe that we are required by law to share or disclose your information;
10.3. Personal data or identifiable information may be shared with, or transferred to, our affiliated corporate group entities (entities controlled by, under common control with, or controlling us, directly or indirectly);
10.4. Upon bankruptcy, dissolution or other liquidation or insolvency events or in the event of merger, sale or transfer of all or a portion of our assets or shares or other reorganization or reconstruction in our ongoing business, the information that we receive, collect or obtain, as outlined in the preceding sections, may be shared with or transferred to, that respective entity, provided that it will undertake to be bound by the provisions of this Policy, with reasonably necessary changes taken into consideration. Upon such transfer or sharing of information, that entity will assume full and exclusive responsibility for all subsequent use and processing it makes of the information and we will be released from any liability to you, regarding the succeeding entity’s use and processing of the information by it.
10.5. In any case other than the above mentioned in this Policy, your personally identifiable information will be shared with others only if you provide your consent.
11. Aggregated or anonymized information
The Solution collects anonymized as well as aggregated information, which does not identify you personally. In addition, we may anonymize your information and/or aggregate it with other End Users’ information. Such anonymized or aggregated information will be used by us in any way without restrictions or limitations.
12. Use of Automated Decision-Making
The Solution uses automated decision-making. This is based on the information you provide and your usage of the Solution, the number of transactions, frequency and volume. The consequence of this is that you will receive customized content and different offerings that we pre-customize to your profile.
13. Third parties services
13.1. You may provide information through certain areas, features, frames or sections of the Solution, that are operated by or for third parties. Those third parties may include, e-commerce platforms, scheduling partners, payment services providers and payment processors (“Third Parties” and “Third Parties Services”).
13.2. It is those Third Parties, and not us, that are responsible for their data collection practices associated with such Third Parties Services. We encourage you to read the privacy policy of each Third Party.
13.3. Third Parties Services will share with us information they collect from you or you voluntarily provide to them which is related to or within the scope of the Solution.
14. Transfer of Data Outside Your Territory (GDPR only)
We host your personal information in connection with the Solution either in the European Economic Area, in the US, in the country where we are located, or in countries deemed as providing an adequate level of data protection.
Your data will be accessible in the country where we or our service providers are located, the UK, the US, and countries deemed as providing an adequate level of data protection.
Please contact us if you need further information about this.
15. Your Rights with the Data
15.1. Please be informed that under applicable privacy laws, you may have certain rights such as the right to access, rectification, erasure, restriction of processing, objection, withdraw consent (without affecting lawfulness of the processing based on consent before its withdrawal) or data portability. These rights may not be available in certain jurisdictions and/or may be subject to certain derogations or limitations.
15.2. If you choose to exercise any End User Right, we will handle these requests in accordance with applicable law but please note that exercise of some of those rights may have commercial consequences. For example, depending on the right exercised, you may be disconnected from the Solution and cease to be a Registered Member; you may have to promptly redeem your benefits/assets accumulated until such exercise (if any) at our premises only; and you may not be able to accumulate any additional benefits/assets as from exercise of some of these rights. We encourage you to make a screenshot of your benefits/assets before you submit your request in order to be able to present them to us upon redemption.
15.3. You have the right to lodge a complaint with a supervisory authority but, before filing a claim, we encourage you to resolve the issue in question directly with us in good faith.
16. Data Retention
16.1. We keep your data for as long as we have a valid legal basis, reason or need to keep your data.
16.2. Please note that removal of the Solution from your device does not cause a deletion or anonymization of the information you voluntarily provided or information that we collected in accordance with this Policy. You should contact us if you would like your data to be deleted.
17. Changes to this Policy
17.1. This Policy may be changed from time to time. Substantial changes will take effect 30 days after an initial notification is posted through the Solution. Other changes will take effect 7 days after their initial posting within the Solution or other electronic means. However, if the Policy is amended to comply with legal requirements or for urgency reasons, the amendments will become effective immediately upon their initial posting, or as required. The most up-to-date Policy is accessible through the Solution’s settings or information menu or other electronic means.
17.2. Your continued use of the Solution after the changed take effect will indicate your acceptance of the amended Policy. If you do not agree with the amended Policy, you must uninstall the Solution and avoid any further use of it.
18. Contact Us
You may send requests, responses, questions and complaints by contacting us.
(GDPR only) If your question relates to our data protection officer (DPO) or representative in the EU, we will forward the request accordingly.
For your convenience, this Policy may be translated from English to several other languages. Please note that in any discrepancies between the translation available to you (if any) and the English version, the English version shall prevail.
Last Updated: 15-08-19