PRIVACY POLICY
THE HANOI BIKE SHOP
Introduction
Data Controller
‘Greene King’, ‘we’, ‘us’ and ‘our’ are references to Greene King Brewing and Retailing Limited, who is the data controller in respect of this website and the processing described in this notice. Our ICO registration number is ZA054235. We have appointed a data protection officer whose contact details are provided at the end of this notice.
Greene King
As the country’s leading pub retailer and brewer, Greene King welcomes customers into our 3,000 pubs, restaurants and hotels across the UK and brews a range of award-winning ales. Our products and services trade under a wide range of well-known brands, including Greene King, Hungry Horse, Farmhouse Inns, Chef & Brewer, Flaming Grill, Greene King Inns, Greene King IPA and Old Speckled Hen. More information about our brands can be found on here.
IMPORTANT: if asked to do so, we will share certain guest and visitor information with NHS Test and Trace or NHS Scotland Test and Protect during the Covid-19 pandemic – please refer to the Purposes section for more details.
More information about each of these scenarios follows next.
Purposes
We will process your personal data whenever:
you use our websites
we need to verify your age
we need to verify or record information about your identity
you book a room, table or function
you make a payment, request a refund or redeem a voucher
you use our Wi-Fi service
you subscribe to newsletters or direct marketing
we carry out profiling
you use a gift card or participate in a loyalty scheme
you enter a competition
you play pub poker
you submit queries, compliments or complaints
you take part in a survey
we record promotional videos or interviews or take photos
we record CCTV images or emergency phone calls
we record phone calls to our offices
an accident occurs
we impose a ban on visiting a venue
we ask for other people’s personal data
1 – When you use our websites
We use information about our website visitors and their visits to learn more about what our customers like and dislike and to target our direct marketing and advertising. See the profiling section of this notice and the cookie policy of the website you are visiting for more details.
2 – When we need to verify your age
We are required by law to ensure we do not sell alcohol to anyone under the age of 18 so we carry out age checks whenever they are necessary. We log some age verification checks anonymously so that we can check and prove that they are being carried out in accordance with the licensing rules which apply to the venue you are visiting.
The Challenge 21 and Challenge 25 schemes seek to discourage underage drinking by encouraging hospitality businesses to ask anyone lucky enough to look like they are under 21 (or 25) for proof of their age before they are served. If you’re one of the lucky ones, please don’t be offended if we ask you for proof of your age. A photo-card driving license, passport or military ID are valid proof of age for both schemes: if you don’t have these documents, please check the relevant Challenge scheme website to see what else we can accept.
3 – When we need to verify or record information about your identity
The UK government has asked pubs, hotels and restaurants to register information about their visitors during the Covid-19 pandemic. Therefore, the identity information you provide when making a booking or registering your visit, together with the date, time and name of the venue you are visiting, will be recorded for this purpose.
If NHS Test and Trace or NHS Scotland Test and Protect request information from us about our visitors, we will share the information they require, to help them to identify people who are at risk of infection. Personal information collected via our SMS-based guest visit registration scheme will not be used for any other purpose or shared with any other organisation.
Occasionally, a licensing authority may require the licensed premises in their area to verify or record information about their visitors, in particular information about their identity. If we we are required to carry out such activities during your visit, further information will be provided at the venue.
4 – When you book a room, table or function
We will use the information you provide to make and confirm your booking. If you book online, we will record your IP address so we can check if the booking is likely to be genuine.
If you’re making a booking on behalf of a work colleague, we will ask for information about your organisation and the guest, so that we can invoice and bill the correct party.
If you tell us about dietary preferences, allergies, food intolerances or special access needs, we will use this information to help us look after you during your visit or stay with us.
If you provide us with information about birthdays, anniversaries or other celebrations that you want to commemorate during your visit, we will use this information to help make your celebration as special as possible. If you give us permission to do so, we will use this information to send you a reminder to book again when your next birthday or anniversary is almost due.
5 – When you make a payment, request a refund or redeem a voucher
We will use the information you provide to process your payment or refund. We do not keep records of payment card details, however please be aware that some booking agents transmit payment card details by fax to whichever hotel their users have booked. If a booking agent sends us your payment card details, we will store the information securely until payment has been made, which is normally at the end of your stay.
6 – When you use our Wi-Fi service
We will use the information you provide to register you for and connect you to the service. When you first register, and each time that you connect to the service, we obtain additional information from your device and from the equipment used to provide the Wi-Fi service. This information describes where, when and how you registered or connected. We use this information to provide and maintain your connection to the service.
Please take these steps to prevent information sharing when you are not actively using the service:
• Don’t select the ‘connect automatically’ option if you want to avoid connecting and sharing information automatically whenever you are in range of our or another Sky partner’s Wi-Fi service
• If you chose to automatically connect to the service but have since changed your mind, either delete then recreate the Wi-Fi connection, or turn off Wi-Fi on your device whilst you are not using it
• Check you have not saved your Greene King Wi-Fi connection settings before you let anyone else use your device
7 – When you subscribe to newsletters or direct marketing
If you permit us to do so, we will use the information you provide to select and send you messages containing special offers, discounts, promotions or any other type of information you have requested.
Every marketing message we send includes an unsubscribe link or similar opt-out mechanism.
Greene King Wi-Fi users can change their marketing preferences on the Wi-Fi app’s Account Settings page at any time.
8 – When we carry out profiling
We use customer profiles to keep track of our customer interactions and learn more about their likes and dislikes. This helps us target our advertising and marketing and improve our products, brands and services.
The personal data we use in our profiles includes:
• Demographic information, such as your age, gender, address and postcode
• Purchase information, such as what you bought, how you paid and whether or not you took advantage of a discount
• Your likes and dislikes, such as what you drink, what you eat, whether or not you take advantage of special offers and whether or not you like what we post on our websites and our social media pages
• Information about family events and special occasions, such as the dates of birthdays, weddings and anniversaries
• Information about your visits to our pubs, restaurants, hotels and websites, such as which ones you visit, when, how often and how long you stay for
• Information about your use of our services and whether or not you participate in our promotions, such as our Wi-Fi service, email clubs, loyalty schemes and any competitions you enter
• Information about how you respond to our marketing and advertising campaigns, such as whether or not you read our marketing messages, see our adverts on social media or take up any of our special offers
If we get our profiling right, you will enjoy our products, services and brands more and more as we make improvements to them based on what we learn about you. And if you have signed up to receive direct marketing, you will get the special offers that we think will most appeal to you.
If you don’t want us to use your personal data this purpose, you can let us know using the contact details at the end of this notice.
9 – When you use a gift card or participate in a loyalty scheme
When you buy a gift card, we will use the information your provide to personalise, activate and send the gift card to you or the person you bought it for.
If you join one of our loyalty schemes, we will use the information you provide to enrol you and to provide confirmation of this and other necessary information about your membership.
When you redeem your gift card and whenever you present your loyalty scheme membership number during payment, we will use information about your visit, purchases and use of our services to update your gift card balance, credit your account with any loyalty points you have earned and update your profile.
10 – When you enter a competition
Please read the competition’s privacy notice before you submit your entry.
11 – When you play pub poker
Please read the game organiser’s privacy notice before you participate.
12 – When you submit queries, compliments or complaints
We will use the information you provide to deal with your enquiry and keep you informed about its progress. If you compliment a person or a team for their service, we will pass your compliment on to them and their manager, so that their achievement can be recognised.
Most complaints can’t be resolved without discussing the matter with other people, so we may need to share information about your complaint with: the team at the pub you visited, or their area or regional manager; the management team of a contractor we have engaged; or other types of third party organisation. We will only share information with others when it’s necessary to do so in order to investigate and resolve your complaint.
13 – When you take part in a survey
Please read the survey’s privacy notice before you participate.
14 – When we record promotional videos or interviews or take photos
We display signage at our venues to notify visitors whenever these activities are taking place. If you don’t want to involved, please let a member of staff know on your arrival so that they can ensure your wishes are respected.
15 – When we record CCTV images and emergency phone calls
We use CCTV and emergency audio recording technology to help keep our guests and staff safe and to help us investigate any potentially criminal or unsafe incidents which occur. Please refer to the signage on arrival at any of our venues to find out what else these recordings could be used for.
If we need to carry out an investigation, we will review these recordings to determine if they contain relevant information. If this is the case, the recording may be shared with members of our management team, our own or third party insurers, suppliers, contractors, licensing authorities or the police. Recordings may also be used in any insurance claim or other type of legal claim or proceeding that follows.
16 – When we record phone calls to our offices
We record some of the telephone calls we receive, including all of the calls to our Guest Relations team. If we intend to record your call, a recorded message will be played to inform you of this before recording commences. Your options for avoiding the call being recorded will also be explained.
We use suitable recordings anonymously, to train call handlers. We may review a recording if you or we are disputing a matter that the recording deals with.
17 – If an accident occurs
If you are unfortunate enough to be involved in an accident on our premises, we will use the information you or others present at the time provide to record the incident in an accident book. We may also use this information to conduct an investigation and to make or defend an insurance or other type of legal claim.
18 – If we impose a ban on visiting a venue
If you are banned from any of our venues, we will use your name, photos and recordings of you and any other personal information that we need to identify you and which we can obtain and use lawfully to enable our staff to record and enforce the ban.
If you are banned from a pub that is a member of a Pubwatch, they may share and receive information about you from other members of the Pubwatch.
General information about Pubwatch can be found on the national Pubwatch website. You can find out more about a particular Pubwatch by asking a member of staff at a participating venue, or visiting that Pubwatch’s website. Pubwatches are data controllers for the personal information they collect and share.
19 – If we ask for other people’s personal data
Please refer them to this notice and ask for their permission to share their information first.
Retention
Information aboutIs kept until use of our websites25 months from your last known interaction with us.age verification checksNo information is retained, unless required for another purpose in this list.identity verification checksInformation collected solely for the purpose of sharing with NHS Test and Trace or NHS Scotland Test and Protect is retained for 21 days from when it is collected.bookingsBooking information that you provide directly to a venue is normally held for 1 year from the end date of the booking. However, some of our venues use a booking diary and these diaries are kept for 2 years from the end of the calendar year. Contractual paperwork relating to bookings is kept for 2 years after the contract has concluded. When you make a booking online, we keep booking information for 13 months from the date of your last booking. However, if you opt in to receive direct marketing, this period is extended (see below).payments, refunds and voucher redemption6 years from the date of the transaction. Payment card details are not retained unless they are faxed to us by your booking agent, in which case they are held until the booking has been completed and paid for.Wi-Fi usage13 months from the date you last used our Wi-Fi. However, if you opt in to receive direct marketing, this period is extended (see below).customer profile13 months from your last known interaction with us, or for as long as you remain opted-in to marketing, then for a further 25 months from your last known interaction with us.marketing preferencesThese are kept indefinitely to ensure we can continue to respect your wishes.gift cards and loyalty scheme membership6 years from the date of your last purchase or refund.competition entriesNormally 4 months after the end of the competition, but please check the rules for each competition before you enter.pub poker gamesSee the game’s privacy notice.queries, compliments and complaints1 year from the date of the last correspondence on the matter.guest surveysSee the survey’s privacy notice.promotional video, audio and photosSee the signage on display during the recording.CCTV and emergency audio recordingsCCTV is kept for 31 days and emergency audio is kept for 6 years from the date of the recording. However,if they are used as part of an investigation or claim, this period may be extended.phone calls to our offices3 months from the date of the recording.accidents6 years from the date of the accident, or 3 years from the age at which a child involved in the accident becomes an adult, or 3 years from the date of settlement of a claim, whichever occurs last.bansAsk the person who informs you of the ban or, if applicable, seethe local PubWatch’s privacy notice.exercising your data protection rights12 months from the date of our final response to you.information used in connection with an insurance or other legal action, proceeding or claim6 years from the date that the action, proceeding or claim is settled.
Data Sharing
Other companies in the Greene King group
Whenever other companies in the Greene King group help us to provide our products or services, we may need to share some of your personal information with them. These companies are:
Company Role Registered Office CK Asset Holdings Limited. The ultimate holding company of the Greene King group8th Floor, Cheung Kong Centre, 2 Queen’s Road Central, Hong Kong. Greene King Limited, The holding company in the Greene King Group - Westgate Brewery, Bury st Edmunds, Suffolk, IP33 1QT
Greene King Retailing Limited. Operating companies that own pubs within the group. Spirit Pub Company (Managed) Limited. Spirit Pub Company (Trent) Limited. Greene King Services Limited Companies that employee the group’s employees. Greene King Retail Services Limited
Each of these companies is bound by the terms of this privacy notice and they are required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
Other organisations who help us to provide our products and services:
We work with a number of third-party suppliers and service providers. Many of these organisations process personal data in order to provide products or services to us, or on our behalf. See the Third Parties list for more details.
These organisations are bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
Other situations in which we may share your personal data:
We will share your personal data if it is necessary to do so to comply with a legal requirement, such as to comply with a condition attached to a premises license by a licensing authority.
We will share your personal data if it is necessary to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt or defend other legal rights.
We may need to share your personal data with an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, acquisition, restructuring or insolvency of any part of our business, provided that we inform any recipient that it must use your personal information only for the purposes disclosed in this privacy notice.
We may share your personal data where there is a legitimate interest to do so, for example, for the detection or prevention of crime, fraud or money laundering; to allow a regulator or ombudsman to investigate a complaint you have submitted to them; or to protect the rights of other people or organisations.
International data transfers
Before your personal data is transferred outside the UK, we implement at least one of the following safeguards:
• Check whether the personal data is being transferred to a country that has been deemed to provide an adequate level of protection by the UK government. More information about this is available on the UK government website.
• Where we use third parties based in the United States, check if they have signed up to the Privacy Shield framework. This framework requires signatories to provide a similar level of protection to personal data as would be the case if the personal data remained within the UK.
• Use contractual clauses approved by the UK government which give personal data equivalent protection to that which it would have if processed in the UK.
• If we are unable to apply any of the first three safeguards, we will try to contact you to ask for your consent before we transfer your personal data.
Third Parties
Organisation Contact Details
Data shared Reason for sharing International data transfer
Destinations and Safeguards
123 Form Builder Flavia Palace, Vladimirescu n° 10′ Ground Floor 300195
Timisoara, Romania
https://www.123formbuilder.comName, DOB, address, telephone, contact preferences, complaint / enquiries.Managing guest queries and complaints, managing competition entries & ad hoc web formsAction Solutions Vouchers LimitedThe Grange Worksop Road, Aston, Sheffield, S26 2EBName, contact details, payment details, details regarding the gift vouchers and their usageProviding gift vouchersBookingLive Software LimitedSuite 231 179 Whiteladies Road, Clifton, Bristol, BS8 2AG
https://www.bookinglive.com/Name, email, telephone, child dataManaging Playzone soft play bookingsBunzl Retail and Healthcare Supplies Limited t/a MDAYork House, 45 Seymour Street, London, W1H 7JTName, contact details, payment details, details regarding the gift vouchers and their usageFulfilment of gift vouchersCampaign Monitor Pty LimitedAustraliaName, email, address, DOB, contact preferences, telephone, email engagement, website visit engagementManaging our customer databaseAustralia, Standard Contractual ClausesCard Commerce Limited t/a Savvy5 Wormwood Street, London, EC2M 1RQName, contact details, payment details, details regarding the gift vouchers and their usageProviding gift vouchersCelerity Information Services Limited82 St John Street, London EC1M 4JN
www.celerity-is.comName, address, date of birth, email address, purchase information engagement information, preferences, marketing opt out status, demographicsManaging our customer databaseClarabridge, Inc11400 Commerce Park Drive, Suite 500, Reston, VA 20191, USASurvey dataSourcing and analysing survey dataUSA, Privacy ShieldDotmailer LimitedNo.1 London Bridge, London SE1 9BG
https://www.dotmailer.comName, email address, DOB, contact preferencesManaging and distributing email marketing campaignsEagleEye Solutions Limited5 New Street Square, London EC4A 3TW
https://www.eagleeye.comName, email, telephone, address, DOB, transaction and voucher informationManaging the Season Ticket appExperian LimitedLandmark House, Experian Way, NG2 Business Park, Nottingham NG80 1ZZ
www.experian.co.ukName, age, address, purchase information, engagement information (this information describes your use of our services and our websites)For demographic segmentation and profilingExtravision LimitedTomorrow Blue, Media City UK, Salford M50 2AB
www.extravision.comName, email, address, DOB, contact preferencesManaging and distributing email marketing campaignsFacebook, Inc1 Hacker Way, Menlo Park, CA94025, USA
www.facebook.com/about/privacyemail address, address, DOB, marketing opt out statusAssisting with preparing, sending and monitoring marketing emailsUSA, Privacy ShieldGBG Group PlcThe Foundation, Herons Way, Chester Business Park, Chester CH4 9GBguest identity information including copies of ID documentsManaging information recorded using the Scannet systemGI Solutions Group Limited147 Scudamore Road, Leicestershire LE3 1UQ
www.gi-solutionsgroup.comName, address, phone, emailData entry of paper forms into our electronic systems and fulfilment of Loch Fyne loyalty cardsGoogle, LLC1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
https://policies.google.com/privacyCookie information, IP addressWebsite analyticsUSA, Privacy ShieldGuestline LimitedGuestline House, Shrewsbury Business Park, Shrewsbury, SY2 6LGName, address, DOB, payment details, email, telephoneManaging hotel bookingsHopewiser LimitedMerlin Court, Atlantic Street, Altrincham, WA14 5NL
www.hopewiser.com/privacy-policyName, addressData cleansing for OEI mailing dataHotelshop UK LimitedBrine Well House, Tower Hill, Droitwich Spa, Worcestershire WR9 8BY
www.hotelshopuk.com/Name, address, DOB, payment details, email, telephoneManaging hotel function room bookingsInspire Protection Solutions LimitedHilton Hall, Hilton Lane, Essington WV11 2BQVisual imagesManaging, maintaining and operating CCTVInspired Thinking Group (ITG) Limited315 Fort Dunlop, Fort Parkway, Birmingham B24 9FDName, address, DOB, email, telephoneManaging our OEI mailer and fulfilmentJT Response Limited28 Mill Road, Ashley, Suffolk CB8 9EEIP address, MAC address, Cookies, Web browsing historyManaging and maintaining our websitesLiveBookings Limited5th Floor, Elizabeth House, 39, York Road, London, SE1 7NQ
http://console.livebookings.com/Name, email, telephone, child dataManaging Wacky Warehouse soft play bookingsLogwood Computing LtdThe Old Granary The Lynch, Kensworth, Dunstable, Bedfordshire LU6 3QZName, email, telephone, address, DOBManaging table bookingsMarket Force Information (Europe) LtdMount Mill Farm, Stratford Road, Wicken,
Milton Keynes MK19 6DG
www.marketforce.comSurvey dataSourcing and analysing survey dataMercury Security Systems Limited9 Bridgegate Centre, Martinfield, Welwyn Garden City, Hertfordshire, AL7 1JGVisual imagesManaging, maintaining and operating CCTVMobas LimitedCambridge House, 65 London Road, Stapleford, Cambridge CB22 5DG
www.mobas.com/privacy-noticeIP address, MAC address, Cookies, Web browsing historyManaging and maintaining our websitesMovable, Inc5 Bryant Park, 9th Floor, New York City, NY 10018, USA
movableink.com/legal/privacyLocation, email address, email responsesAssisting with preparing, sending and monitoring marketing emailsUSA, Privacy ShieldOpentable International Limited5 New Street Square, London, EC4A 3TW
www.opentable.comName, email, telephone, address, DOBManaging table bookingsOR Multimedia Limited50 Eastcastle Street, London W1W 8EA
www.ormlondon.comIP address, MAC address, Cookies, Web browsing historyManaging and maintaining our websites and appsPointer SecurityScotland Security
65 North Wallace Street
Glasgow
Strathclyde G4 0DTVisual imagesManaging, maintaining and operating CCTVPropeller Communications Limited33 Great Queen Street, Covent Garden, London WC2B 5AAIP address, MAC address, Cookies, Web browsing historyManaging and maintaining our websitesRed Box Recorders LimitedBradmore Business Park, Loughborough Road, Bradmore, Nottingham, NG11 6QAName, contact information, nature of enquiry or complaintManaging telephone conversation recordingsSecure Trading LimitedEuropean Operations Centre, Parc Menai, Bangor, Gwynedd LL57 4BL
www.securetrading.comName, address, payment card informationMaking card-based payments and refunds for gift cardsSensor Technologies UK LimitedUnit 9, Southgate Industrial Park, Green Lane, Heywood, Lancashire OL10 1NDVoice recordingsManaging emergency audio recordingsService Now Nederland B.V.Hoekenrode 2, 1102 BR, Amsterdam Zuidoost, The NetherlandsName, contact information, enquiry / complaint information,Managing guest queries and complaintsSky UK LimitedGrant Way, Isleworth, Middlesex, TW7 5QD
https://service.thecloud.netName, age, address, email address, gender and mobile numberProviding the Wi-Fi service in our pubs and restaurantsSkyguard LimitedSkyguard House, 457 Kingston Road, Epsom, Surrey KT19 0DBVoice recordingsManaging emergency audio recordingsVeriserv LimitedEnergy House, Attwood Road, Burntwood Business Park, BurntwoodWS7 3GJVisual imagesManaging, maintaining and operating CCTVWorldPay (UK) LimitedThe Walbrook Building, 25 Walbrook, London EC4N 8AF
www.worldpay.com/uk/Name, address, payment card informationMaking card-based payments and refundsWPR Agency Limited39-40 Calthorpe Road, Edgbaston,
Birmingham,
West Midlands B15 1TSName, contact information, DOB, address, telephone, Social media tracking information, website tracking dataManaging PR and social media campaignsZonal Retail Data Systems Limited1 Tanfield, Edinburgh EH3 5DAName, contact details, booking information, loyalty card, transaction details, date of birth, email, telephone, payment detailsManaging table bookings and reservations, till and voucher data, loyalty schemes and apps (including the order & pay app)Zone LimitedWestern Transit Shed, 12-13 Stable Street
London N1C 4ABIP address, MAC address, Cookies, Web browsing historyManaging and maintaining our websites
This section of the notice will be updated as and when suppliers change. Last updated: 6th July, 2020.
Lawful Bases
The lawful bases we rely on for our processing are:
Purpose Lawful basis
When you use our websites
It is in our legitimate interests to provide a fully-functioning, accessible and useful website to our customers.When we need to verify your ageWe process this data to satisfy our legal obligation to not sell alcohol to anyone under the age of 18. It is in our legitimate interests to ensure that we do not market alcohol to anyone under the age of 18.We need to verify or record information about your identityThis is sometimes due to a legal obligation imposed under the Licensing Act, or in the case of assisting NHS Test and Trace and NHS Scotland Test and Protect, their legitimate interest of being able to act quickly during the pandemic.When you make a booking, payment, request a refund, use a loyalty card, use a gift card, use our Wi-Fi or when we send you service-related communicationsWe process data to set up the contract, provide the services to you and notify you of any important changes to them.When you subscribe to newsletters or direct marketingWe send marketing information to people who consent to receive it. We may also send marketing to customers who, when informed that we want to do so, choose not to opt out (soft opt-in). It’s a legitimate interest to send direct mail marketing to let our customers know about our products, brands, services and any special offers we are running. Customers who no longer want to receive marketing can opt out at any time (please follow the instructions in the marketing messages we send you).When we carry out profilingThis helps our business to develop by targeting our advertising and marketing and understand more about our customers like and dislikes, which are legitimate interests for us.When you use a gift card or participate in a loyalty schemeTo provide the benefits you are due under the contract.When you enter a competition.Please see the privacy notice for the competition.When you play pub pokerPlease see the privacy notice for the tournament.When you submit queries, compliments or complaintsSometimes our processing will be necessary for us to meet the terms of the contract we have with you. Otherwise, it we will have a legitimate interest in dealing fully with the matter you have raised.When you take part in a surveyIt is a- legitimate interest to ask you what you think of our service, what we do well and what you think we can improve on, and act on that.We record promotional videos or interviews or take photosIt is in our legitimate interests to take photos and video and recordings to promote our businesses positively via our marketing and press releases.When we record CCTV images or emergency phone callsWe may be required to do so by a licencing authority (legal obligation) or choose to do so for the purposes stated on the signage (legitimate interest).When we record phone calls to our officesIt’s in our legitimate interest to be able to use suitable recordings to train call handlers and to be able to refer to recordings when that can help resolve a dispute.When an accident occursWe record accidents primarily for compliance with our legal obligations and to support and defend claims (legitimate interest).When we impose a banWe may impose a ban on visiting our premises, to protect our customers and staff (legitimate interest).
The ICO have published a helpful guide to lawful bases for the general public which you can find here.
Safeguards
We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. Our protective measures include:
• Not collecting personal data that we don’t really need
• Securely destroying or anonymising personal data when we don’t need it any more
• Only allowing our employees and our suppliers to process the personal data they need to carry out their duties
• Encrypting personal data to render it useless to anyone who is not authorised to access it
• Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
• Binding our suppliers and partners to the same standards and duty of care that we hold ourselves to
• Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
• Making periodic checks that these safeguards are working well and making improvements to them when we think we can do better
Your Rights
Data protection law provides you with certain rights and as a responsible data controller, we are committed to uphold these.
Name of right Description
Information:
You have the right to be informed what we will use your personal information for, where we obtain it, who we share it with and how long we keep it for. This is the primary reason for publishing this notice.AccessYou have the right to access a copy of your personal data and an explanation of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’.RectificationYou have the right to ask us to correct or stop processing inaccurate personal data.Erasure (‘right to be forgotten’)You have a right in certain situations to ask us to delete your personal data.Restriction of processingYou have a right in certain situations to ask us not to process your personal data.Object to processingYou have the right in certain situations to object to the fact that we are processing some of your personal data.PortabilityYou have the right in certain situations to ask us to pass some of your personal data to another data controller on your behalf.ComplainYou have a right to submit a complaint to the UK Information Commissioner’s Office (ICO).withdraw ConsentMost of the personal data processing we dois not dependenton your consent but any consent that we are relying on can be withdrawn if you wish to do so.
Detailed information about all of these rights can be found on the ICO website.
Responding to your request
If you notify us that you want to exercise your rights, we will acknowledge your request promptly. if we don’t already know who you are, we may need to ask you to provide us with additional information to enable us to verify your identity. The information we would need depends on the nature of your request.
Once we have confirmed your identity, we will validate your request and gather the information we need to be able to respond to it. We will carry out this work as quickly as possible but it may take up to 30 days to respond in full. If your request is particularly complex, we may ask you for further information to help us respond more quickly, or ask you if there is some information that you want particularly urgently. We may also respond to your request in phases, as relevant information becomes available.
If we cannot satisfy your request within 30 days, we will write to you to tell you why, and when we expect to be able to provide you with a full response.
Some of these rights are subject to conditions. If for any reason we decide that we cannot satisfy your request, we will provide you with our decision and our reasons for reaching it within 30 days.
Contact Us
If you want to discuss how we use your personal data, opt out of profiling, exercise your data protection rights or contact our data protection officer, you may write to: Greene King, Westgate Brewery, Bury St Edmunds, Suffolk, IP33 1QT; or send an email to: dataprotection@greeneking.co.uk.
Status
This version of our privacy notice is effective from 6th July, 2020.
Version 3 was effective from 24th May, 2018 to 5th July, 2020.
Version 2 was effective from 1st November, 2017 to 23rd May, 2018.
Version 1 was effective from 1st March, 2015 to 31st October, 2017