What is this notice for?
This notice explains what we do with your personal data and the steps we take to keep it secure. It explains when and how we collect personal data, who we share it with, how we process it and what your rights are in respect of the personal data processing we carry out.
Who is Greene King?
As the country's leading pub retailer and brewer, Greene King welcomes customers into our 3,000 pubs, restaurants and hotels across the UK and brews a range of award-winning ales. Our products and services trade under a wide range of well-known brands, including Greene King, Hungry Horse, Farmhouse Inns, Chef & Brewer, Flaming Grill, Old English Inns, Greene King IPA and Old Speckled Hen. More information about all of our brands can be found on here.
When we say ‘we’, ‘us’ or ‘our’ in this notice, we are referring to Greene King Brewing and Retailing Limited. We are the data controller in respect of this website and the services described in this notice. Our ICO registration number is ZA054235.
When do we use your personal data?
We believe that a good customer experience means:
- Providing you with the products and services you want
- Giving you relevant information about our company, brands, products and special offers
- Keeping you safe whilst we entertain you
To do these things well, we need to process some of your personal data. We do this whenever:
- you use our websites
- we need to verify your age
- you book a room, table or function
- you make a payment or request a refund
- you use our Wi-Fi service
- you sign up for our email alerts or direct
- we send you direct marketing
- you opt out of direct marketing
- we carry out profiling
- you use our gift cards or participate in our
- loyalty schemes
- you enter any of our competitions
- you play pub poker in our pubs
- you submit queries, compliments or complaints
- you participate in guest surveys
- we record promotional photos, video or audio
- we record CCTV images or emergency audio
- we record telephone calls to our offices
- an accident occurs
- we impose a ban on visiting our venues
- we ask you for other people’s personal data
We don’t keep your personal data for any longer than we need it. See our retention periods for more details.
Some of the processing we do is called profiling. This involves trying to understand people’s likes, dislikes and preferences and using this understanding to improve our business and make our brands, products, services and direct marketing as appealing as we can. See the profiling section for more details.
Sometimes we need to share your personal data with other Greene King companies or with other organisations that help us provide our products and services to you. We will not sell your personal data and we do not allow these organisations to use your personal data for anything that’s not described in this notice. We might also need to share your personal data to uphold your rights, our rights or the rights of other people and we may need to share your personal data to meet some of our legal obligations. See the data sharing section for more details.
You can find out more about how we meet our data protection law obligations below. This section also explains what rights you have in respect of the personal data processing we do, and how you can exercise them.
How can you contact us?
If you want to opt out of direct marketing
- Follow the unsubscribe instructions in the last marketing message you received
- Send an email to email@example.com
If you want to discuss how we use your personal data
- Write to us at Guest Relations, Greene King, Sunrise House, Ninth Avenue, Burton-upon-Trent, Staffordshire, DE14 3JZ
- Send an email to firstname.lastname@example.org
- Call us on 01283 498400
If you want to contact our Data Protection Officer
- Write to the Data Protection Officer, Greene King, Westgate Brewery, Bury St Edmunds, Suffolk, IP33 1QT
- Send an email to email@example.com
- Call us on 01284 763222
Changes to this privacy notice
Last updated: 24/05/18
Besides cookies, we use other information about your website visits to learn more about what our customers like and dislike, work out what changes we can make to improve our business and target our direct marketing. See the profiling section below for more details.
When we need to verify your age
The Challenge schemes aim to discourage underage drinking. They encourage hospitality industry staff to ask anyone lucky enough to look like they’re under 21 or 25 for proof of their age before we serve them. If you’re one of the lucky ones, please don’t be offended if one of our staff asks you for proof of your age.
A photo-card driving license, passport or military ID are valid proof of age for both schemes. If you don’t have these documents, check the relevant Challenge scheme website to see what else we can accept.
When you book a room, table or function
We will ask for your name, gender, address, telephone number and email address. We use this information to make and confirm your booking. If you book online, we will also record your IP address. We use this information to check that the booking is genuine.
If you’re making a booking on behalf of a work colleague, we will ask for information about your company and the guest, so that we can invoice and bill the correct party and welcome your colleague when they arrive at our venue.
Please also tell us about any preferences or specific needs you or anyone in your party has, especially dietary preferences, food allergies or access needs. We will use this information to make preparations for your visit and look after you whilst you stay with us.
If you’re celebrating a special occasion, we may ask for your age or date of birth, or about your anniversary or special event, so that our staff can make your celebration as special as we can. If you give us permission to do so, we will use this information to send you an email reminder when your next birthday or anniversary is coming up. You can stop these reminders at any time by contacting our Guest Relations team.
We also use booking information to learn more about what our customers like and dislike, work out what changes we can make to improve our business and target our direct marketing. See the profiling section for more details.
When you make a payment or request a refund
If you want to pay for your purchases with a payment card, we will ask for your name and the card number, start and expiry date, verification code (CVC) and if prompted by the payment terminal, your personal identification number (PIN). We will also need these details to make any refunds.
We don’t normally record your payment card details. However, some booking agents transmit full credit card details by fax to whichever hotel you book. Whenever we are sent this information, we store it securely until the end of your stay with us.
If all or part of your payment is to be made by voucher, we will ask you for the voucher number, code, image or the voucher itself, so that you can redeem it.
When you use our Wi-Fi service
We will ask for your name, email address, date of birth, gender, home address and mobile number so that we can register you for the service.
When you first register, and then each time you connect to the Wi-Fi service, we get information directly from your device and from the equipment used to provide the Wi-Fi service that describes where, when and how you registered, or where when and how you connected to the service. We use the date, the time, the name and location of the venue you are at and your device’s MAC address to provide the Wi-Fi service and to make the service as reliable as possible.
We also use information about your use of our Wi-Fi service to learn more about what our customers like and dislike, work out what changes we can make to improve our business and target our direct marketing. See the profiling section below for more details.
Important: If you don’t want your device to auto-connect to the Greene King Wi-Fi service, don’t select the ‘connect automatically’ option when you sign up.
You must check you have not saved your Greene King Wi-Fi connection settings before you give your device to someone else, otherwise they may be able to access some of the personal data used to provide the Wi-Fi service.
If you choose to connect automatically and then change your mind, you can delete the Wi-Fi connection or turn off Wi-Fi on your device.
When you sign up for email alerts or direct marketing
When you use one of our services, we will ask you if you want to receive direct marketing from us. You don’t have to sign up for direct marketing – it’s your choice.
There is an email alert service you can sign up to on this site and many of our brand websites run an email club for people who want to receive information about our promotions, events and special offers. You can sign up to receive these emails by providing us with your name, date of birth, home address and email address. We use this information to send you email alerts and to personalise our direct marketing, such as by addressing you by name, and targeting our marketing based on your age, birth date and where you live.
We also use information about how you respond to our marketing to learn more about what our customers like and dislike, work out what changes we can make to improve our business and target our direct marketing. See the profiling section below for more details.
When we send you direct marketing
If you have signed up for direct marketing, depending on how we are communicating with you, we may use your name, home address, telephone number or email address to send you the special offers and other information we think you’ll like the most.
We will not send you excessive amounts of marketing and every marketing message we send includes an easy way for you to opt out.
If you opt out of direct marketing
You can opt out of receiving direct marketing at any time by following the unsubscribe instructions in any of our marketing messages, changing your marketing preferences on the Wi-Fi app Account Settings page or by contacting ourGuest Relations team.
When we carry out profiling
Knowing what interests our customers the most helps us build better products, brands and services and accurately target our direct marketing and advertising campaigns. Therefore, we use profiling to help us find out as much as we can about what our customers like and expect from us.
Profiling involves comparing what we know about you with what we know about other customers and people with similar likes or interests. The personal data we use in our profiles includes:
- Demographic information, such as your age, gender, address and postcode
- Purchase information, such as what you bought, how you paid and whether or not you took advantage of a discount
- Your likes and dislikes, such as what you drink, what you eat, whether or not you take advantage of special offers and whether or not you like what we post on our websites and our social media pages
- Information about family events and special occasions, such as the dates of birthdays, weddings, and anniversaries
- Information about your visits to our pubs, restaurants, hotels and websites, such as which ones you visit, when, how often and how long you stay for
- Information about your use of our services and whether or not you participate in our promotions, such as our Wi-Fi service, email clubs, loyalty schemes and any competitions you enter
- Information about how you respond to our marketing and advertising campaigns, such as whether or not you read our marketing messages, see our adverts on social media or take up any of our special offers
If we get our profiling right, you will enjoy our products, services and brands more and more as we make improvements to them based on what we learn about you. And if you have signed up to receive direct marketing, you will get the special offers that we think will most appeal to you.
Profiling helps us to improve our business and customise what and how we communicate to you. However we don’t profile people who don’t want to be profiled - so if you don’t want us to use your personal data for these purposes, tell us and we won’t.
When you use our gift cards or participate in our loyalty schemes
If you buy a gift card, we will ask for your name, address, telephone number and email address, so that we can activate your gift card and send it to you. We will ask for the same information about the gift card recipient if you want us to send the gift card directly to them.
We will ask for the same information if you want to join one of our loyalty schemes. We use this information to enrol you and to provide confirmation of your membership.
When you use your gift card or your loyalty scheme membership number, we will capture information about your visit, your use of our services and your purchases. We use this information to update your gift card balance and to credit your membership account with any loyalty points you have earned.
We also use this information to learn more about what our customers like and dislike, work out what changes we can make to improve our business and to target our direct marketing. See the profiling section for more details.
When you enter any of our competitions
When you enter one of our competitions, we will ask you for your name, date of birth and email address. Depending on the nature of the competition and the prizes on offer, we may ask you for more information, such as whether or not you have a passport and can travel overseas if you win a foreign holiday.
Please read each competition’s privacy notice before you enter, to find out exactly what personal data we will need from you and how we will use it.
When you play pub poker in our pubs
Some of our pubs offer guests the opportunity to play pub poker. The leagues and tournaments you can take part in depend on which pub you visit.
In most cases, these games are not run by us, so please read the privacy notice for the game you want to play to find out who is running it and what personal data you will need to provide them with to be able to participate.
When you submit queries, compliments or complaints
We will ask for your title, name, address telephone number and email address so that we can identify you and discuss your enquiry with you. We will also ask for any other relevant information, such as further information about you, other members of your party, the pub or restaurant you visited and when, or your purchases. We will use this information to take your enquiry and respond appropriately to it.
When you participate in guest surveys
We will ask for your name, telephone number, email address and your answers to the questions asked in the survey. In most cases, this information is used to run the survey and interpret the results but please read the privacy notice we provide with each survey invitation to find out if we intend to use your personal data for anything else.
When we record promotional photos, video or audio
We always provide information to guests arriving at the venue when these activities are taking place. If you don’t want to be photographed or recorded, please let a member of staff know so that they can ensure your wishes are respected.
When we record CCTV images or emergency audio
We use CCTV to help keep our guests and staff safe, so your image may be recorded when you visit us. We display signs at our venues to tell you when CCTV is being used. If no incidents take place, the CCTV images will not be looked at before they are deleted. However, if an incident occurs, we will review the CCTV images to see if they contain footage that relates to the incident.
In the event of an emergency at one of our venues, our staff may activate an emergency phone link which will automatically make an audio recording of what takes place during the call. Depending on the incident and the information that is recorded, these recordings may be used in any legal or insurance claim-related proceedings that follow.
When we record telephone calls to our offices
We record some of the telephone calls we receive, including all of the calls to our guest relations team. We use the recordings for staff training and to refer back to if you question something we said or you make a complaint. If we intend to record your call, a recorded message will be played first to inform you before the recording starts.
When an accident occurs
If you are unfortunate enough to be involved in an accident on our premises, we will ask for your name, address, phone number, age and any other details that relate to the accident, such as information about any relevant health conditions you have or any injuries or treatments you received.
When we impose a ban on visiting our venues
Many of our venues are members of a local Pubwatch scheme. General information about Pubwatch schemes can be found on the national Pubwatch website. You can find out more about a local Pubwatch scheme by asking a member of our staff at a participating venue, or visiting the relevant local Pubwatch scheme website.
We don’t ban people from our venues unless it’s absolutely necessary to do so. Sometimes we have to impose a ban after serious anti-social, dangerous or criminal behaviour has taken place. If you are banned from any of our venues or from any other venues that are members of a local Pubwatch scheme, we will use your name, photos of you and any other personal data that we need to identify you and which we can use lawfully, to enable our staff to record and enforce the ban and to let other Pubwatch members know about it.
When we ask for other people’s personal data
If you need to provide us with information about other people, please ask them to read this notice before you do so.
Last updated: 24/05/18
|Information about||Is kept until|
|When you use our websites||
25 months from your last known interaction with us
|When we need to verify your age||No information is retained, unless required for another purpose in this list|
|When you book a room, table or function||
Booking information that you provide directly to a venue is normally held for 1 year from the end date of the booking. However, some of our venues use a booking diary and these diaries are kept for 2 years after they have been withdrawn from use.
Contractual paperwork relating to bookings is kept for 2 years after the contract has concluded.
When you make a booking online, we keep booking information for 13 months from the date of your last booking. However, if you ever opt in to receive direct marketing, this period is extended (see email alerts below)
|When you make a payment or request a refund||6 years from the date of the transaction. Payment card details are not retained unless they are faxed to us by your booking agent, in which case they are held until the booking has been completed and paid for|
|When you use our Wi-Fi service||13 months from the date you last used our Wi-Fi. However, if you ever opt in to receive direct marketing, this period is extended (see email alerts below)|
|When you sign up for email alerts or direct marketing and when we send you direct marketing||For as long as you remain opted-in then for a further 25 months from your last known interaction with us|
|If you opt out of direct marketing||We will keep your name, email address and postal address indefinitely, so that we can ensure we don’t accidentally send you direct marketing messages again without you having first opted back in|
|When we carry out profiling||13 months from your last known interaction with us. However, if you ever opt in to receive direct marketing, this period is extended to 25 months|
|When you use our gift cards or participate in our loyalty schemes||
6 years from the date of your last purchase or refund
|When you enter any of our competitions||
Normally 4 months after the end of the competition, but please check the rules for each competition before you enter
|When you play pub poker in our pubs||Please check the privacy notice for the tournament you want to play in|
|When you submit queries, compliments or complaints||1 year from the date of the last correspondence on the matter|
|When you participate in guest surveys||25 months from the date of the survey|
|When we record promotional photos, video or audio||Please ask the staff at the venue for further information|
|When we record CCTV images or emergency audio||CCTV is kept for 31 days and emergency audio is kept for 6 years, both measured from the date of the recording. However, in some situations, these periods may be extended. (see email alerts above)|
|When we record telephone calls to our offices||3 months from the date of the recording|
|When an accident occurs||6 years from the date of the accident, or 3 years from the age at which a child becomes an adult, or 3 years from the date of settlement of a claim, whichever occurs last|
|When we impose a ban on visiting our venues||Please refer to the information sent to you when the ban was imposed or to the local Pubwatch scheme rules on the Pubwatch scheme website|
|When you make a request to exercise your data protection rights||Information about your request and our response will be kept for 12 months from the date of our final response to you|
|[z]When information is relevant to a legal or insurance-related action, proceeding or claim||6 years from the date that the action, proceeding or claim is settled|
Last updated: 24/05/18
Other Greene King companies
Any of the information we collect from you may be shared with other companies within the Greene King group:
|Greene King plc||This is the holding company in the Greene King Group||Westgate Brewery, Bury st Edmunds, Suffolk, IP33 1QT
|Greene King Retailing Limited||These are operating companies that own pubs within the group
|Spirit Pub Company (Managed) Limited|
|Spirit Pub Company (Trent) Limited|
|Greene King Services Limited||These are the companies that employee the group's employees|
|Greene King Retail Services Limited|
Each of these companies is bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
Organisations who help us to provide our products and services
We work with a number of third-party suppliers and service providers. Many of these organisations process personal data in order to provide products or services to us or on our behalf. See the third-party data sharing list for more details.
These organisations are bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
International data transfers
Some of the third parties we work with have operations in countries outside of the European Union or the European Economic Area. Before your personal data is transferred outside of these regions, we implement at least one of the following safeguards:
- We check whether the personal data is being transferred to a country that has been deemed to provide an adequate level of protection by the European Commission. You can see the list of adequate countries here.
- Where we use third parties based in the United States, we check if they have signed up to the Privacy Shield framework. This framework requires signatories to provide a similar level of protection to personal data as would be the case if the personal data remained within the European Union or European Economic Area.
- We may use specific contracts approved by the European Commission which give personal data the same protection as it has in the European Union and European Economic Area.
- If we are unable to apply any of the first three safeguards, we will try to contact you to ask for your consent before we transfer your personal data.
Other situations that may require us to share your personal data
We will share your personal data if we are required to do so by law or by a regulatory authority. For example, we may have to share your personal data for the detection or prevention of crime, fraud or money laundering, or to allow a regulator or ombudsman to investigate a complaint you have submitted to them.
We will share your personal data if we need to do so to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt or defend our legal rights.
As we develop our business, we might sell or buy group companies or other businesses. This might involve transferring customer information to the person buying the businesses. If this happens, the new owner will be bound by the terms of this privacy notice.
Occasionally, we may need to share your data to protect the rights of other organisations or people. In these cases, we will try to contact you to seek your consent first but this may not be possible, especially in the event of a medical or other emergency.
Last updated: 24/05/18
|Organisation||Contact Details||Data shared||Reason for sharing||International data transfer Destinations|
|123 FormBuilder||Flavia Palace, Vladimirescu n° 10' Ground Floor 300195
|Name, DOB, address, telephone, contact preferences, complaint / enquiries.||Managing guest queries and complaints, managing competition entries & ad hoc web forms|
|Action Solutions Vouchers Limited||The Grange Worksop Road, Aston, Sheffield, S26 2EB||Name, contact details, payment details, details regarding the gift vouchers and their usage||Providing gift vouchers|
|BookingLive Software Limited||Suite 231 179 Whiteladies Road, Clifton, Bristol, BS8 2AG
|Name, email, telephone, child data||Managing Playzone soft play bookings|
|Bunzl Retail and Healthcare Supplies Limited t/a MDA||York House, 45 Seymour Street, London, W1H 7JT||Name, contact details, payment details, details regarding the gift vouchers and their usage||Fulfilment of gift vouchers|
|Campaign Monitor Pty Limited||Australia||Name, email, address, DOB, contact preferences, telephone, email engagement, website visit engagement||Managing our customer database||Australia|
|Card Commerce Limited t/a Savvy||5 Wormwood Street, London, EC2M 1RQ||Name, contact details, payment details, details regarding the gift vouchers and their usage||Providing gift vouchers|
|Celerity Information Services Limited||82 St John Street, London EC1M 4JN
|Name, address, date of birth, email address, purchase information engagement information, preferences, marketing opt out status, demographics||Managin our customer database|
|Clarabridge, Inc||11400 Commerce Park Drive, Suite 500, Reston, VA 20191, USA||Survey data||Sourcing and analysing survey data||USA under the Privacy Shield|
|Dotmailer Limited||No.1 London Bridge, London SE1 9BG
|Name, email address, DOB, contact preferences||Managing and distributing email marketing campaigns|
|EagleEye Solutions Limited||5 New Street Square, London EC4A 3TW
|Name, email, telephone, address, DOB, transaction and voucher information||Managing the Season Ticket app|
|Experian Limited||Landmark House, Experian Way, NG2 Business Park, Nottingham NG80 1ZZ
|Name, age, address, purchase information, engagement information (this information describes your use of our services and our websites)||For demographic segmentation and profiling|
|Extravision Limited||Tomorrow Blue, Media City UK, Salford M50 2AB
|Name, email, address, DOB, contact preferences||Managing and distributing email marketing campaigns|
|Facebook, Inc||1 Hacker Way, Menlo Park, CA94025, USA
|email address, address, DOB, marketing opt out status||Assisting with preparing, sending and monitoring marketing emails||USA under the Privacy Shield|
|GI Solutions Group Limited||147 Scudamore Road, Leicestershire LE3 1UQ
|Name, address, phone, email||Data entry of paper forms into our electrnoic systems and fulfilment of Loch Fyne loyalty cards|
|Google, LLC||1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
|Cookie information, IP address||Website analytics||USA under the Privacy Shield|
|Guestline Limited||Guestline House, Shrewsbury Business Park, Shrewsbury, SY2 6LG||Name, address, DOB, payment details, email, telephone||Managng hotel bookings|
|Hopewiser Limited||Merlin Court, Atlantic Street, Altrincham, WA14 5NL
|Name, address||Data cleansing for OEI mailing data|
|Hotelshop UK Limited||Brine Well House, Tower Hill, Droitwich Spa, Worcestershire WR9 8BY
|Name, address, DOB, payment details, email, telephone||Managing hotel function room bookings|
|Inspire Protection Solutions Limited||Hilton Hall, Hilton Lane, Essington WV11 2BQ||Visual images||Managing, maintaining and operating CCTV|
|Inspired Thinking Group (ITG) Limited||315 Fort Dunlop, Fort Parkway, Birmingham B24 9FD||Name, address, DOB, email, telephone||Managing our OEI mailer and fulfillment|
|JT Response Limited||28 Mill Road, Ashley, Suffolk CB8 9EE||IP address, MAC address, Cookies, Web browsing history||Managing and maintaining our websites|
|LiveBookings Limited||5th Floor, Elizabeth House, 39, York Road, London, SE1 7NQ
|Name, email, telephone, child data||Managing Wacky Warehouse soft play bookings|
|Logwood Computing Ltd||The Old Granary The Lynch, Kensworth, Dunstable, Bedfordshire LU6 3QZ||Name, email, telephone, address, DOB||Managing table bookings|
|Market Force Information (Europe) Ltd||Mount Mill Farm, Stratford Road, Wicken,
Milton Keynes MK19 6DG
|Survey data||Sourcing and analysing survey data|
|Mercury Security Systems Limited||9 Bridgegate Centre, Martinfield, Welwyn Garden City, Hertfordshire, AL7 1JG||Visual images||Managing, maintaining and operating CCTV|
|Mobas Limited||Cambridge House, 65 London Road, Stapleford, Cambridge CB22 5DG
|IP address, MAC address, Cookies, Web browsing history||Managing and maintaining our websites|
|Movable, Inc||5 Bryant Park, 9th Floor, New York City, NY 10018, USA
|Location, email address, email responses||Assisting with preparing, sending and monitoring marketing emails||USA under the Privacy Shield|
|Opentable International Limited||5 New Street Square, London, EC4A 3TW
|Name, email, telephone, address, DOB||Managing table bookings|
|OR Multimedia Limited||50 Eastcastle Street, London W1W 8EA
|IP address, MAC address, Cookies, Web browsing history||Managing and maintaining our websites and apps|
|Pointer Security||Scotland Security
65 North Wallace Street
Strathclyde G4 0DT
|Visual images||Managing, maintaining and operating CCTV|
|Propeller Communications Limited||33 Great Queen Street, Covent Garden, London WC2B 5AA||IP address, MAC address, Cookies, Web browsing history||Managing and maintaining our websites|
|Red Box Recorders Limited||Bradmore Business Park, Loughborough Road, Bradmore, Nottingham, NG11 6QA||Name, contact information, nature of enquiry or complaint||Managing telephone conversation recordings|
|Secure Trading Limited||European Operations Centre, Parc Menai, Bangor, Gwynedd LL57 4BL
|Name, address, payment card information||Making card-based payments and refunds for gift cards|
|Sensor Technologies UK Limited||Unit 9, Southgate Industrial Park, Green Lane, Heywood, Lancashire OL10 1ND||Voice recordings||Managing emergency audio recordings|
|Service Now Nederland B.V.||Hoekenrode 2, 1102 BR, Amsterdam Zuidoost, The Netherlands||Name, contact information, enquiry / complaint information,||Managing guest queries and complaints|
|Sky UK Limited||Grant Way, Isleworth, Middlesex, TW7 5QD
|Name, age, address, email address, gender and mobile number||Providing the wi-fi service in our pubs and restaurants|
|Skyguard Limited||Skyguard House, 457 Kingston Road, Epsom, Surrey KT19 0DB||Voice recordings||Managing emergency audio recordings|
|Veriserv Limited||Energy House, Attwood Road, Burntwood Business Park, BurntwoodWS7 3GJ||Visual images||Managing, maintaining and operating CCTV|
|WorldPay (UK) Limited||The Walbrook Building, 25 Walbrook, London EC4N 8AF
|Name, address, payment card information||Making card-based payments and refunds|
|WPR Agency Limited||39-40 Calthorpe Road, Edgbaston,
West Midlands B15 1TS
|Name, contact information, DOB, address, telephone, Social media tracking information, website tracking data||Managing PR and social media campaigns|
|Zonal Retail Data Systems Limited||1 Tanfield, Edinburgh EH3 5DA||Name, contact details, booking information, loyalty card, transaction details, date of birth, email, telephone, payment details||Managing table bookings and reservations, till and voucher data, loyalty schemes and apps (including the order & pay app)|
|Zone Limited||Western Transit Shed, 12-13 Stable Street
London N1C 4AB
|IP address, MAC address, Cookies, Web browsing history||Managing and maintaining our websites|
Last updated: 24/05/18
We have adopted the measures that we believe are necessary to comply with the Data Protection Act 1998 and we are preparing for the act’s replacement, which will fully embed the General Data Protection Regulation into UK law.
We have also adopted the measures that we believe are necessary to comply with the Privacy and Electronic Communications Regulations 2003. This law sets out an additional set of rules that we must follow whenever we communicate with you via any of our websites and apps, or by telephone, fax, email or text message.
Protecting your data
We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. These protective measures include:
- Not collecting personal data that we don’t really need
- Destroying or anonymising personal data securely when we don’t need it any more
- Only allowing our staff and our suppliers to process the personal data they need to carry out their duties
- Encrypting personal data to render it useless to anyone who is not authorised to access it
- Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
- Binding our suppliers and partners to the same standards and duties of care that we hold ourselves to
- Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
- Making periodic checks that all of these measures are working well and making improvements to them when we think we can do better
Being accountable for what we do
As well as the security measures mentioned above, we have a team of people whose job it is to make sure that Greene King does the right thing the right way whenever we’re processing personal data. This team includes a Data Protection Officer, who can be contacted using these contact details.
There are a set of checks we apply to make sure we process personal data fairly and transparently. These include:
- Providing you with clear and accurate information about why we need your personal data, what we do with it and how long we keep it for
- Checking that our business interests don’t unfairly or unreasonably impact upon you or your rights
- Identifying personal data processing risks and reducing them to an acceptable level
- Responding honestly, clearly and promptly to enquiries we receive from you or from the Information Commissioner’s Office
Making sure our processing respects the law
The ICO have published a helpful guide to lawful bases for the general public which you can find here. The lawful bases we rely on for the processing we do are shown in bold typeface in this table:
|When you use our websites||We process this personal data because it is in our legitimate interests to provide a fully-functioning, accessible and useful website to our customers|
|When we need to verify your age||We process this data to satisfy our legal obligation to not sell alcohol to anyone under the age of 18. We also do so because it is in our legitimate interests to ensure that we do not market alcohol to anyone under the age of 18|
|When you make a booking, payment, request a refund, use a loyalty card or gift card, use our Wi-Fi, enter one of our competitions or when we send you service-related communications||We process personal data for these core business activities firstly to set up the contract that commits us to providing you with the services you want, and secondly to provide the services to you, as agreed|
|When you sign up for or opt out of email alerts or direct marketing and when we send direct marketing to you||
We are a responsible marketer, so we don’t send marketing to people who have asked us not to do so.
We send electronic direct marketing to people who consent to receive it, such as customers who sign up to one of our email clubs or to our customers who, when notified that we wanted to send them marketing information, chose not to opt out (this is a type of consent known as a soft opt-in).
Occasionally, we send marketing information by direct mail. In these cases, we do so as we believe it is in our legitimate interests to let our customers know about our products, brands, services and any special offers we are running.
Customers who no longer want to receive our marketing have the right to opt out by withdrawing their consent at any time. The easiest way to do this is to follow the instructions in the last marketing message you received but you can also notify our guest relations team if you no longer want to receive direct marketing
|When we carry out profiling||
We believe it is in everyone’s interest that we seek to learn from our customers to improve the relevance, appeal and value of the products, services and brands we offer.
This will help our business to continue to prosper, so this processing is a legitimate interest for us
|Promotional photos, video and audio are being recorded||We believe it is in our legitimate interests to take photos and video and recordings to promote our businesses positively via our marketing and press releases|
|When you submit queries, compliments or complaints and when you participate in guest surveys||
We receive and respond to lots of different types of enquiry. Sometimes our processing will be necessary for us to meet the terms of the contract we have with you.
Otherwise we do so because it is in our legitimate interests to allow you to tell us what you think of our service, what we do well and what you think we can improve on
|When we record CCTV images, emergency audio or telephone calls, when an accident occurs and when we impose a ban||
We record accidents primarily for compliance with our legal obligations.
We use CCTV monitoring, emergency audio recording and record some of the telephone calls we receive because we think this is a proportionate approach to deterring the types of situations that present a safety risk to our guests and staff. If these deterrents are unsuccessful, we may impose a ban on visiting our premises, to protect our customers and staff. This processing is carried out because it is in our legitimate interests to do so.
Data protection laws give you certain rights and as a responsible data controller, we are committed to uphold these for you:
|Name of right||Description||How to make a request|
|Information||You have the right to know what we want your personal data for, what we will do with it, who we share it with and how long we keep it for. This is the primary reason for publishing this notice||Send any questions you have about our privacy notices to firstname.lastname@example.org|
|Access||You have the right to be sent information about the personal data we have about you and a description of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’||Send your request to email@example.com|
|Rectification||You have the right to ask us not to process inaccurate personal data or to ask us to correct it||
Send your request to our firstname.lastname@example.org
Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
|Erasure ('right to be forgotten')||You have a right in certain situations to ask us to delete your personal data|
|Restriction processing||You have a right in certain situations to ask us not to process your personal data|
|Object to processing||You have the right in certain circumstances to object to the fact that we are processing some of your personal data|
|Portability||You have the right in certain circumstances to ask us to pass some of your personal data to another data controller on your behalf|
|Complain||You have a right to lodge a complaint with the UK Information Commissioner’s Office or in some situations, another European Union data protection authority||
Send your complaint to the ICO.
You can find a list of all European Union data protection authorities here.
|withdraw Consent||Most of the personal data processing we do does not rely on your consent to make it lawful but any consent that we are relying on can be withdrawn by you if you decide you wish to do so||Follow the unsubscribe instructions in any of the marketing messages we have sent you or send your request to email@example.com|
Detailed information about all of these rights can be found on the ICO website.
Responding to your questions
When you notify us that you want to exercise any of your rights, we will acknowledge your request as soon as possible and ask for any information we may need to verify your identify: if we don’t already know who you are, we will ask you to send us a copy of your passport or photo-card driving licence, so that we can check your name, address and signature.
Once we have confirmed your identity, we will validate your request then gather together the information we need to be able to respond fully to it.
Whilst we always try to carry out this work as quickly as possible, it may take us up to 30 days to respond to you in full. If your request is particularly difficult to respond to, we may ask you for any further information that will help us respond more quickly, or ask you if there is some information that you want particularly urgently. We may also respond to your request in phases, as relevant information becomes available.
If we cannot satisfy your request within 30 days, we will write to you to tell you why, and when we expect to be able to provide you with a full response. If for any reason we decide that we should not respond in the way you have asked us to, we will provide you with our decision and our reasons for reaching it within 30 days.
Last updated: 24/05/18