You acknowledge and agree that your personal data may be processed in accordance with this policy. Without this, we will be unable to provide you with certain marketing communications.
We are the data controller in respect of any personal data we collect about you.
We have appointed a data protection officer who is responsible for monitoring our data protection compliance.
2. COLLECTION OF YOUR PERSONAL DATA
We collect and process the following information about you; this is for the purposes explained in section 3.
- Information you give us
Name, email address (personal and/or work), postal address, encrypted password(s), telephone number(s), date of birth, gender, interests, preferences, and competition entry details and answers
- Information automatically collected from you
When you visit or use any of our Digital Applications, we automatically collect certain information from you (the majority of which is from a server log), including:
- geo-location data
- operating system and browser type
- domain name requested
- server log details
- browser language
- access times
- application version, platform and settings
- URL of the website you visited before browsing to our websites
- time you spent on each page visited
- URLs of the pages you visited on our websites
- IP address used to connect your computer or mobile device to the internet
- other information about your use of and actions on our websites
We may record or monitor calls, emails, text messages and other correspondence for training purposes to improve the quality of our offering and to prevent and detect fraud.
- Information collected from third parties
Google analytics – collects information about how visitors use our Digital Applications.Doubleclick (Data collection for Google Adwords) – collects information about how visitors use our Digital Applications.Authentication information – see section 10
3. USE OF YOUR PERSONAL DATA
We may use your personal data for any or all of the following purposes:
- to provide a high level of customer service (including assisting with any of your enquiries and bookings) and to notify you of any security and data breach alerts, and technical notices (including services messages and updates to our Digital Applications and terms);
- to help operate, maintain and improve our offering and our Digital Applications;
- to communicate with you about our offers, promotions, upcoming events, reviews and other news or those of our selected partners – this may be via email, telephone, text message and/or push notification – you can change your marketing preferences (including the way in which we contact you) by visiting our preference centre – see section 12*;
- to facilitate profiling, segmentation and personalisation – these may be based on location, preferences, interests and past actions (including in-pub purchases, hotel stays and restaurant bookings);
- to meet our legal obligations and for establishing, exercising or defending our legal rights;
- to compile reports and to help us understand and improve our Digital Applications; and
- to enable us to carry out targeted online advertising more likely to be relevant to you.
4. SHARING OF YOUR PERSONAL DATA
We sometimes need to share the personal information we process with other organisations and, where necessary or required, we may share your personal data with the following categories of third parties:
- service providers and suppliers assisting with our business activities, business associates, customers, payment services providers, hosting providers, providers of IT support, advertising platforms, providers of booking systems, providers of cloud-based software or services used by us, accounting firms and law firms;
- ombudsman, regulators, public authorities and security organisations, such as the police, HM Revenue & Customs and the Information Commissioner’s Office, to the extent required by law, regulation, court order or if necessary to establish, exercise or defend our legal rights, including if we suspect fraud or attempted fraud;
- companies in the same group as us;
- current, past and prospective employers, recruitment and employment agencies, trade and employer associations and professional bodies and educators and examining bodies;
- financial organisations and advisors, credit reference agencies, debt collection and tracing agencies, and tenants;
- staff including volunteers, agents and temporary and casual workers;
- family, associates and representatives of the person whose personal data we are processing;
5. TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF THE UK OR THE EUROPEAN ECONOMIC AREA (EEA)
Some third parties to whom we may transfer your personal data may be located outside of the UK or the EEA. In the event of a transfer, we will seek to ensure that appropriate safeguards to protect your data are in place which could include entering into a data transfer agreement with such third parties to ensure adequate protection for your information. Examples of the types of contractual clauses we may use can be found at the following link: http://ec.europa.eu/justice/data-protection/internationaltransfers/transfer/index_en.htm.
6. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We will process your personal data where it is necessary:
- for the performance or entering into of a contract with you, including in order to provide our offering, process your payment and to respond to enquiries and bookings made by you;
- for compliance with our legal obligations;
- for the purpose of furthering our legitimate interests including to:
- improve our offering and Digital Applications;
- operate our Digital Applications efficiently and effectively;
- carry out behavioural advertising; and
- prevent, detect and investigate fraud or illegal activity.
We may also process your personal data on the basis of any consent given by you. This consent may be updated by visiting our preference centre – see section 12*.
7. PROTECTION OF YOUR PERSONAL DATA
We are committed to protecting your personal data and to keeping it safe and confidential. We will therefore ensure that appropriate technical and organisational physical, electronic and procedural safeguards are implemented to protect it. Access to your personal data will also be limited to our employees and certain third parties who process it on our behalf.
8. STORAGE OF YOUR PERSONAL DATA
Your personal data will generally be stored for up to 5 years.
We may, however, keep your personal data for longer than 5 years if we need it to fulfil our contractual obligations to you, the law requires us to maintain it for a longer period or you have not withdrawn your consent.
9. YOUR RIGHTS
You have the following rights, albeit some of them only apply under certain circumstances:
- to have a copy of the personal data we have collected about you and to send a copy of it to another data controller;
- to update or amend the personal data we have collected about you if it is inaccurate or incomplete;
- to erase, or restrict the processing of, the personal data we have collected about you;
- to object to the processing of the personal data we have collected about you, including in respect of any data processed for direct marketing purposes;
- to withdraw any consents you have provided in respect of our processing of your personal data; and
- to lodge a complaint with the Information Commissioner’s Office (www.ico.org).
To exercise any of these rights, please contact us – see section 12.
If you want to amend your personal data or preferences, please visit our preference centre – see section 12*.
10. CONNECTING TO THIRD PARTY SERVICES INCLUDING SOCIAL NETWORKS
Our offering may contain links to third-party apps, services, tools and websites that are not affiliated with, controlled or managed by us (including Facebook, Instagram, LinkedIn and Twitter®) and these services and links may also include social networking features (such as the Facebook® “Like” button and widgets, “Share” buttons, and other interactive mini-programs). Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn® to log into some of our services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these services. These services may collect information, such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use or access as the privacy practices of these third parties will be governed by their own privacy statements. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the services we provide and do not participate in social sharing.
What is a cookie?
Cookies are small text files containing small amounts of information which are downloaded to your computer or mobile device when you access our Digital Applications. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie.
Cookies are useful because they allow our Digital Applications to recognise your device. We use them to make our Digital Applications work, or work more efficiently, as well as to store information about your preferences or past actions. You can find out more information about cookies at www.allaboutcookies.org.
What types of cookies do we use and how?
We use the following types of cookies:
- ‘session cookies’: these are allocated to your device only for the duration of your visit to our Digital Applications – they are deleted automatically once you close your browser; and
- ‘permanent cookies’: these survive after your browser is closed and can remain on your device for a period of time – they can be used by our Digital Applications to recognise your computer or mobile device when you open your browser and browse the internet again.
These cookies may be served directly by us to your computer or mobile device (so-called ‘first-party cookies’) or by one of our service providers (so-called ‘third-party cookies’). A first-party cookie is only used by us to recognise your computer or mobile device when you revisit, or access content via, our Digital Applications. Third-party cookies can be used to recognise your computer or mobile device across different websites (and are most often used for analytical and advertising purposes).
- essential cookies: these are essential to provide you with services available through our Digital Applications and to use some of their features, such as access to secure areas – without these, providing core functionality, such as transactional pages and secure login accounts, would not be possible;
- analytics cookies: these are used to collect information about how you and others use our Digital Applications – the information gathered does not identify you and is aggregated – this includes the number of visitors to our Digital Applications, the websites or other applications that referred them to our Digital Applications and the pages that they visited on our Digital Applications – we use this information to help operate our Digital Applications more efficiently, to gather broad demographic information and to monitor the level of activity on our Digital Applications;
- functionality cookies: these allow our Digital Applications to remember choices you make (such as your user name or the region you are in) and provide enhanced, more personal features – they can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize – they may also be used to provide services you have asked for, such as watching a video or commenting on a blog – the information these cookies collect may be anonymised and they cannot track your browsing activity on other websites;
- performance cookies: these collect information about how you and others use our Digital Applications, for example, which pages are most visited, if error messages come up and how effective our online promotions are – they are only used to help us improve how our Digital Applications work and to ensure ease and speed of use;
- marketing cookies: these facilitate online advertising – our Digital Applications, for instance, use remarketing with Google – third-party vendors, including Google, use these cookies to tailor adverts based on someone’s past visits to our Digital Applications and serve these across the web – you can set preferences for how Google advertises to you using the Google Ads Settings; and
- social media cookies: these are used when you share information using a social media sharing button or “like” button on our Digital Applications or you link your account or engage with our content on or through a social networking site such as Facebook, Instagram, Twitter or Google+ – the social network will then record that you have done this and the information may be linked to advertising activities such as targeted banners.
What particular cookies do we use?
The following are our own cookies; they are controlled by us and used to provide information about usage of our Digital Applications. These are all session cookies and automatically expire when you close down your browser:
- ci_session / ASPSESSIONIDQABRARAD / fueldid / PHPSESSID: these are unique identifiers for your session;
- TextSize: this sets the text size;
- TextType: this sets the graphic version;
- js-cookie-notice: this remembers the status of your cookie banner; and
- landing_auth: this remembers the status of your popups.
We use a number of suppliers who may also set cookies on their websites on their behalf. We do not control the use of these cookies, so you should check the third party websites for more information about them.