Guests using the Order & Pay App

Greene King Companion App Privacy Notice

Deleting your account

This notice tells you what we do with the information you give with us when you use our Companion Application (App), where and how we collect it, how we keep it secure and your rights in relation to this information.

DATA CONTROLLER

'Greene King', ‘we’, ‘us’ and ‘our’ are references to Greene King Brewing and Retailing Limited, who is the data controller in respect of this App and the processing described in this notice. Our ICO registration number is ZA054235. We have Appointed a data protection officer whose contact details are provided at the end of this notice.

ABOUT GREENE KING

As the country's leading pub retailer and brewer, Greene King welcomes customers into our 3,000 pubs, restaurants and hotels across the UK and brews a range of award-winning ales. Our products and services trade under a wide range of well-known brands, including Greene King, Hungry Horse, Farmhouse Inns, Chef & Brewer, Flaming Grill, Greene King Inns, Greene King IPA and Old Speckled Hen. More information about our brands can be found on our website.

DELETING YOUR ACCOUNT
If you wish to delete your account, you can do this in your account settings, by selecting the ‘delete account’ function, which will delete all data relating to your App account that we are not required to keep, for example future bookings you may have made via the App.

Alternatively, you can email our Guest Relations team at guestrelations@greeneking.co.uk to ask us to delete your account. To ensure you are the account owner, you should email us from the address associated with your account. This ensures we are acting on your instructions and prevents unauthorised activity on your App account. We will delete this for you as soon as possible (and not exceeding 28 days).

 

WHY WE PROCESS YOUR DATA

We will process your personal data whenever you interact with our App. This can be when:

1. you use our App
2. we need to verify your age
3. you make a booking
4. you make a payment, request a refund or redeem a voucher
5. you subscribe to newsletters or direct marketing
7. we carry out profiling
8. you use a gift card or participate in a loyalty scheme
9. you provide us feedback

More information about each of these scenarios follows.


1 - When you use our App

We collect some information about you when you register and use our App. We use information about our App users and their interactions to learn more about how our App is being used, what our customers like and dislike, and to target our direct marketing and advertising.

If you install our App, you will be asked if you allow tracking of your activity, including across other companies’ Apps and websites. You will also be asked if you would like to receive Push Notifications. Also, if you choose to give us permission to see your location when using the App, we can show you your nearest Greene King venue. You can adjust your preferences within your account or your device settings at any time. We retain this data for 13 months from your last known interaction with us. See the profiling section of this notice for more details.

If you create an account within our App, we will use the information you provide to administer your account, such as record your transactions and save your favourite pubs. We will retain the data for the longevity of your account, or until 25 months after the date of your last interaction with us.


2 - When we need to verify your age

You must be 18 or over to use our App. We are required by law to ensure we do not sell alcohol to anyone under the age of 18 so we carry out age checks whenever they are necessary, including when you have ordered via our App. We do not retain information; however we log some age verification checks anonymously so that we can check and prove that they are being carried out in accordance with the licensing rules which Apply to the venue you are visiting.

The Challenge 21 and Challenge 25 schemes seek to discourage underage drinking by encouraging hospitality businesses to ask anyone lucky enough to look like they are under 21 (or 25) for proof of their age before they are served. If you’re one of the lucky ones, please don’t be offended if we ask you for proof of your age. A photo-card driving license, passport or military ID are valid proof of age for both schemes: if you don’t have these documents, please check the relevant Challenge scheme website to see what else we can accept.


3 - When you make a booking

We will use the information you provide to make and confirm your booking. If you book online via our App, we will record your IP address so we can check if the booking is likely to be genuine.

If you make a group booking and provide us with the contact details of other people in your party, we will use these to communicate important information about the booking. Please ask their permission first.

If you tell us about dietary preferences, allergies, food intolerances or special access needs, we will use this information to help us look after you and anyone else in your party during your visit or stay with us.

If you provide us with information about birthdays, anniversaries, or other celebrations that you want to commemorate during your visit, we will use this information to help make your celebration as special as possible. If you give us permission to do so, we will use this information to send you a reminder to book again when your next birthday or anniversary is almost due.

If you’re making a booking on behalf of a work colleague, we will ask for information about your organisation and the guest, so that we can invoice and bill the correct party.

Booking information that you provide directly to a venue is normally held for 1 year from the end date of the booking. Some of our venues use a booking diary, which is retained for 2 years from the end of the calendar year.

Contractual paperwork relating to bookings is kept for 2 years after the contract has concluded.

When you make a booking online through our website or Application, we keep booking information for 12 months from the date of your last booking. However, if you opt in to receive direct marketing, this period is extended.


4 - When you make a payment, request a refund or redeem a voucher

We will use the information you provide to process your payment, Apply a voucher discount, or process a refund. We do not keep records of payment card details, so your refund may take 3-5 working days to reach you if you have paid via our App.

We accept payment through credit and debit cards, as well as via Apple Pay, Google Pay and PayPal. When you make an order via our App and you make a payment using PayPal, PayPal acts as an independent Controller for the purpose of processing your data to fulfil the order. More information can be found here: Braintree Privacy Statement.


5 – When you subscribe to newsletters or direct marketing

If you permit us to do so, we will use the information you provide to select, personalise and send you messages containing special offers, discounts, promotions or any other type of information you have requested. We retain this data for 13 months from your last known interaction with us, or for as long as you remain opted-in to marketing, then for a further 25 months from your last known interaction with us. We retain your marketing preferences indefinitely to ensure we can continue to respect your wishes.

Every marketing message we send includes an unsubscribe link or similar opt-out mechanism, or you can adjust your settings by deselecting your marketing preferences within your App account.


6 - When we carry out profiling

We use customer profiles to keep track of our customer interactions and learn more about their likes and dislikes. This helps us target our advertising and marketing and improve our products, brands and services.

The personal data we use in our profiles includes:

- Demographic information, such as your age, gender and postcode
- Purchase information, such as what you bought, how you paid and whether or not you took advantage of a discount
- Your likes and dislikes, such as what you drink, what you eat, whether or not you take advantage of special offers
- Information about family events and special occasions, such as the dates of birthdays, weddings and anniversaries
- Information about your visits to our pubs, restaurants and venues, such as which ones you visit, when, how often and how long you stay for
- Information about your use of our services and whether or not you participate in our promotions, such as your use of our App
- Information about how you respond to our marketing and advertising campaigns, such as whether or not you read our marketing messages, see our adverts on social media or take up any of our special offers

If we get our profiling right, you will enjoy our products, services and brands more and more as we make improvements to them based on what we learn about you. And if you have signed up to receive direct marketing, you will get the special offers that we think will most appeal to you. We retain this data in line with our retention period for marketing.

If you don’t want us to use your personal data this purpose, you can let us know using the contact details at the end of this notice.


8 - When you use a gift card or participate in a loyalty scheme

When you redeem your gift card and whenever you present your loyalty scheme membership number during payment, we will use information about your visit, purchases and use of our services to update your gift card balance, credit your account with any loyalty points you have earned and update your profile. We will retain this data for 6 years from the date of your last purchase or refund.


9 - When you provide feedback to us

How you enjoy our products and services is important to us, which helps us deliver excellent customer experiences. We provide links to our optional feedback surveys in our App, where the data you provide will help us learn and develop. We will retain this data for up to 25 months from the date of receipt.

LAWFUL BASES

The lawful bases we rely on for our processing are:

Purpose Lawful Basis
When you use our app  It is in our legitimate interests to provide a fully-functioning, accessible and useful App to our customers.
When we need to verify your age We process this data to satisfy our legal obligation to not sell alcohol to anyone under the age of 18.

It is in our legitimate interests to ensure that we do not market alcohol to anyone under the age of 18.
When you make a booking, payment, request a refund, use a loyalty card, use a gift card, create an App account or when we send you service-related communications We process data to set up the contract, provide the services to you, to notify you of any important changes to them and to provide the benefits you are due under the contract.

We process booking data and purchase information to send service messages (such as confirmations, notifications of change and reminders) to you and other people whose contact details you may provide as it is in yours, theirs and our legitimate interest.
When you subscribe to newsletters or direct marketing We send marketing information to people who consent to receive it.

We may also send marketing to customers who, when informed that we want to do so, choose not to opt out (soft opt-in).

It's a legitimate interest to send direct mail marketing to let our customers know about our products, brands, services and any special offers we are running.

Customers who no longer want to receive marketing can opt out at any time (please follow the instructions in the marketing messages we send you, or by adjusting your settings in your App account).
When we carry out profiling This helps our business to develop by targeting our advertising and marketing and understand more about our customers like and dislikes, which are legitimate interests for us.
When you submit feedback Sometimes our processing will be necessary for us to meet the terms of the contract we have with you. Otherwise, it we will have a legitimate interest in dealing fully with the matter you have raised.

The ICO have published a helpful guide to lawful bases for the general public which you can find here


DATA SHARING

Other companies in the Greene King group

Whenever other companies in the Greene King group help us to provide our products or services, we may need to share some of your personal information with them. These companies are:

Company Role Registered Office
CK Asset Holdings Limited The ultimate holding company of the Greene King group 8th Floor, Cheung Kong Centre, 2 Queen's Road Central, Hong Kong
Greene King Limited The holding company in the Greene King Group  Westgate Brewery, Bury St Edmunds, Suffolk, IP33 1QT
Greene King Retailing Limited Operating companies that own pubs within the group
Spirit Pub Company (Managed) Limited
Spirit Pub Company (Trent) Limited
Greene King Services Limited  Companies that employe the group's employees
Greene King Retail Services Limited

Each of these companies is bound by the terms of this privacy notice and they are required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.

Other organisations who help us to provide our products and services

We work with a number of third-party suppliers and service providers. Many of these organisations process personal data to provide products or services to us, or on our behalf.

The categories of recipients include:

- Application (App) providers
- Marketing and analysis providers
- Bookings providers and payment providers
- Security service operations
- Voucher and gift card providers
- Technology partners

Other situations in which we may share your personal data

We will share your personal data if it is necessary to do so to comply with a legal requirement, such as to comply with a condition attached to a premises license by a licensing authority. We will share your personal data if it is necessary to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt or defend other legal rights.

We may need to share your personal data with an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, acquisition, restructuring or insolvency of any part of our business, provided that we inform any recipient that it must use your personal information only for the purposes disclosed in this privacy notice.

We may share your personal data where there is a legitimate interest to do so, for example, for the detection or prevention of crime, fraud or money laundering; to allow a regulator or ombudsman to investigate a complaint you have submitted to them; or to protect the rights of other people or organisations.


International data transfers

Some of our third-party processors operate outside of the UK. Under these circumstances, before your personal data is transferred outside the UK, we implement at least one of the following safeguards:

- We work with suppliers who have signed up to the Data Privacy Framework (DPF);
- Carry out Risk Assessments to ensure there is a suitable level of protection for your personal data;
- Put Appropriate controls in place to ensure your personal data has a suitable level of protection where the recipient country is not deemed as adequate, for example standard contractual clauses or encryption.


SAFEGUARDING

We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. Our protective measures include:

- Not collecting personal data that we don’t really need
- Securely destroying or anonymising personal data when we don’t need it any more
- Only allowing our employees and our suppliers to process the personal data they need to carry out their duties
- Encrypting personal data to render it useless to anyone who is not authorised to access it
- Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
- Binding our suppliers and partners to the same standards and duty of care that we hold ourselves to
- Protecting our websites, Applications, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
- Making periodic checks that these safeguards are working well and making improvements to them when we think we can do better.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - you have the right to ask us for copies of your personal information.
Your right to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - you have the the right to object to the processing of your personal information in certain circumstances.
Your rights relating to automated decision making - if you want to object to or find out more about an automated decision which affects you, please contact us via the details, below.

You are not required to pay any charge for exercising your rights. If you make a request, we will acknowledge it promptly and we may ask you to provide us with additional information to verify your identity. We have one month to respond to you, but if we cannot satisfy your request, we will let you know why and when we expect to respond. We retain data relating to your request for up to 3 years from the date of our last correspondence with you.

Please contact us at dataprotection@greeneking.co.uk if you wish to make a request.

How to complain

You always have the right to make a complaint to a data protection authority. In the UK, that’s the Information Commissioner’s Office (ICO). You can find guidance on making a complaint on the ICO’s website.

If you want to find out more information about your rights, please refer to the information on the ICO’s website or contact the data protection team by emailing dataprotection@greeneking.co.uk

Our contact details

Name: Greene King Retail Services Limited
Address: Abbot House, Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT
Phone Number: 01284 763222
E-mail: dataprotection@greeneking.co.uk

Status

This version of our privacy notice is effective from: 9th May 2024