Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

‍

Who we are

Food-rewards is a brand of BaxterStorey Limited is the controller and responsible for your personal data (collectively referred to as “BaxterStorey Limited”, “we”, “us” or “our” in this Privacy Notice)
‍

Special categories of personal data

We do not proactively collect personal data considered as special category personal data via our website such as health information. However, our website does include text boxes which are designed for you to provide us with certain information and you should be aware that information you freely submit in these boxes may reveal to us certain information that may be considered as special category personal information.

We may from time to time ask you to provide us with special category personal data, for example to understand any allergen information so that we can cater appropriately for you. We will only collect your special category personal data with your explicit consent. If we request such information, we will explain why we are requesting it and how we intend to use it.

‍
Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

- Give consent on his/her behalf to the processing of his/her personal data;
- Receive on his/her behalf any data protection notices;
- Give consent to the transfer of his/her personal data outside the European Economic Area;
- Monitoring and recording communications

We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance activities.

‍

How we use your personal data

Overview

We collect information about you so that we can:

1. identify you and manage any accounts you hold with us;
2. process and fulfil any orders for goods and/or services which you make with us;
   manage your loyalty account;
3. assist you with your queries in relation to our business and/or venues;
4. conduct research, statistical analysis and behavioural analysis;
5. carry out customer profiling and analyse your purchasing preferences (although this is only ever done in an anonymised manner and will not identify you specifically);
6. carry out customer profiling and analyse your purchasing preferences in order to provide you with relevant marketing material in accordance with your marketing preferences;
7. detect and prevent fraud;
8. customise our website and its content to your particular preferences;
9. notify you of any changes to our website or to our services that may affect you;
10. carry out security vetting;
11. improve our services;

‍

Marketing

We would like to send you information by email, telephone, text message (SMS), App push notification and other digital means about our products and services, competitions or prize draws and special offers which may be of interest to you.

If you provide us with consent, we will share your details with our third party service providers, including our email service provider.

‍

1.Google analytics
2.Food-rewards app
‍

We will only send you marketing messages (or share your details with the third parties listed above) when you click to register on our website or tick the relevant consent box when you provide us with your personal data.  If you have consented to receive such marketing from us, or the third parties listed above, you can opt out at any time by using the unsubscribe function on each of our emails or by contacting us directly on Food-Rewards@Baxterstorey.com

‍

When we might share your personal data with third parties

We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or payment card information. We want to earn and maintain your trust, and we believe this is essential in order do that.

‍

When do we collect information?

We collect information from you when you fill out a form or enter information on our site.

Provide us with feedback on our products or services How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:      

‍

• To personalise your experience and to allow us to deliver the type of content and product offerings in which you are most interested.      
• To improve our website in order to better serve you.      
• To allow us to better service you in responding to your customer service requests.      
• To administer a contest, promotion, survey or other site feature.      
• To ask for ratings and reviews of services or productsHow do we protect your information?

‍

We use regular Malware Scanning on our website, on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.

As an essential part of being able to provide our services to you, we do share your data with the following categories of third parties:

1. service providers that help us to get any purchases which you make through our website to you, such as delivery companies, gift voucher printers, payment service providers;
2. service providers that help us to run our business such as marketing agencies, website hosting providers, website developers, providers of wifi access at our venues and newsletter distributors;
3. service providers that help us manage our loyalty scheme, including the provision to make payment using the loyalty App;
4. service providers that help us to process and fulfil orders for products and/or services via the Food Rewards Scheme (including the Click & Collect and delivery system).
5. service providers that give us the ability to send email, text messages (SMS), mobile app push notifications and messages using other digital means;
6. professional advisers including lawyers, bankers, auditors and insurers who provide advice to us when we require it;
7. law enforcement agencies in connection with any investigation to help prevent unlawful activity;
8. third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice;

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.  For the avoidance of doubt, we may share your personal data with your employer. If you would like any more information about the third parties which we work with to provide our services to you, please contact us on the contact details provided later in this Privacy Notice.

‍

How we ask for consent

- You can change your opt in Website Preferences here

In those cases where we need your consent to hold and process your personal data, We will ask you to check a box on any form requiring consent except when registering for an Account via our website or App, when we will ask you to click to register.  By checking these boxes you are confirming that you have been informed as to why we are collecting the information, how this information will be used, for how long the information will be kept, who else will have access to this information and what your rights are as a data subject (all of which is set out in this Privacy Notice).

‍

How we keep your personal data secure

To protect your information we have policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner, and all systems that can access the information have the necessary security measures in place.

All employees, contractors and sub-contractors receive the necessary training and resources to ensure they understand their responsibilities in relation to all of our policies and procedures.

In addition to these operational measures we also use a range of technologies and security systems to reinforce the policies and procedures, including ensuring that:

1. access to personal data is strictly restricted to those employees who need to access this information as part of their role;
2. we store your personal data on secure servers and unauthorised external access to personal data is prevented through the use of a firewall;
3. information used for reporting and/or customer profiling purposes is anonymised (so that it does not identify you);
4. payment details are tokenised using a PCI DSS payment gateway system; and

To make sure that these measures are suitable, we run vulnerability tests regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled.

How long do we keep your personal data

We shall only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you would like more information about how long we retain specific types of your information, please contact us on the contact details provided later in this Privacy Notice.

Transfers of your personal data out of the EEA

We may need to transfer your personal data to the USA which is located outside the European Economic Area, for the purpose of storing your data for email and digital marketing. Any transfer of your data will be subject to a European Commission approved contract that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.

When you link to one of our social media sites via our website, any personal data which you provide them may be transferred or stored outside the EEA. Please check their websites’ privacy notice carefully.

Your rights

The right to access information we hold about you

At any point you can contact us to request the information we hold about you as well as why we have that information, who has access to the information and where we got the information. Once we have received your request we will respond within 30 days.

The right to correct and update the information we hold about you

If the information we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated.

The right to have your information erased

If you feel that we should no longer be using your information or that we are illegally using your information, you can request that we erase the information we hold. When we receive your request, we will confirm whether the information has been deleted or tell you the reason why it cannot be deleted.

The right to object to processing of your information

You have the right to request that we stop processing your information. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your information to comply with your other rights.

The right to ask us to stop contacting you with direct marketing

You have the right to request that we stop contacting you with direct marketing.

The right to data portability

You have the right to request that we transfer your information to another controller. Once we have received your request, we will comply where it is feasible to do so.

For your security we may need to verify your identity before we process your instructions above.

‍

Cookies used:

‍

Gstatic.com - Consent

This cookie provides performance enhancements for websites by adding static content. Google policies can be reviewed at https://policies.google.com/technologies/types‍

Essential cookie: This cookie is essential to the functioning of the website and therefore we do not request you consent.
‍

‍

Gstatic.com - iP_JAR

Set by Google. This sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates. Google policies can be reviewed at https://policies.google.com/technologies/types‍

Essential cookie: This cookie is essential to the functioning of the website and therefore we do not request you consent.

‍

‍

How can I control cookies?

In relation to any non-essential cookie, we will ask for your permission prior to placing such cookie or other similar technologies on your device (known as consent). You can withdraw your consent to the use of cookies or manage any other cookies preferences. It may be necessary to refresh the page for the updated settings to take effect.

Please note we do not request consent in relation to cookies which are strictly necessary or essential for the functionality of the Website as indicated above.

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

In addition, most advertising networks offer you a way to opt out of targeted advertising.

What about other tracking technologies, like web beacons?

Cookies are not the only way to recognise or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called “tracking pixels” or “clear gifs”). These are tiny graphics files that contain a unique identifier that enable us to recognise when someone has visited our Website or opened an e-mail including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of e-mail marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

Do you use Flash cookies or Local Shared Objects?

Website may also use so-called “Flash Cookies” (also known as Local Shared Objects or “LSOs“) to, among other things, collect and store information about your use of our services, fraud prevention and for other site operations.

If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tools contained in the Website Storage Settings Panel. You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).

Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.

Do you serve targeted advertising?

Third parties may serve cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by them using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other details that directly identify you unless you choose to provide these.

For further information in relation to our use of cookies please get in touch using the details set out in the Contacting Us section below [].

How often will you update this Cookie Policy?

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.

‍

‍

Contact Data Controller

Registered office is:

BAXTERSTOREY LIMITED

300 Thames Valley Park Drive, Reading, RG6 1PT

‍

Changes To Our Privacy Policy

This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log.

‍