Privacy Policy
These terms and conditions are governed by and to be interpreted in accordance with English law and in the event of any dispute arising in relation to these terms and conditions or any dispute arising in relation to the website whether in contract or tort or otherwise, the English courts will have non-exclusive jurisdiction over such dispute.
Privacy Policy
The Data Controller is The Good Eating Company Limited of One Southampton Row, London WC1B 5HA.
The Good Eating Company (“We”) are committed to protecting and respecting your privacy.
Your privacy is very important to us. We are committed to complying with any applicable legislation relating to Personal Data. This policy together with our terms of use set out the basis on which any personal data We collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The Good Eating Company & Sodexo Limited is part of an international group of companies. Our parent Company Sodexo SA was founded in 1966 in France and is now the worldwide leader in quality-of-life services. We don’t routinely share Personal Data between our group companies, and we’ve set out more details about when we do in the section titled “Disclosure of your Information”
The email for our local Data Protection contact is DataProtection.UKandIE@sodexo.com
How we may collect data from you and how?
|
Obtained From |
Personal Data Obtained |
Purpose and Legal Ground |
|
Contact data from publicly identifiable sources (such as companies house, LinkedIn, |
Name, work email and other contact details, meta data, IP (or equivalent device address |
Our legitimate interests of running and improving our business, statistical analysis, |
|
Directly (from webforms/calls/letters/emails) or from a previous provider of the service |
Marketing and Communications Data includes your preferences in receiving marketing from us |
Provide service (steps to enter contract or perform contract), legal obligation, our |
|
Directly (from websites) |
Usage Data includes information about how you use our website, products and services. |
Our legitimate interests of running and improving our business, marketing, security and fraud prevention |
|
Directly (from webforms/calls/bookings/service requests) and inferred from the information provided |
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses |
Provide service (steps to enter contract or perform contract), legal obligation, our legitimate interests of running and improving our business, customer experience security, fraud prevention, statistical analysis and marketing including segmenting. |
|
Directly (from webforms/calls/emails) or from a provider/previous provider of the service. |
Identity Data includes name, username or similar identifier |
Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving |
|
Directly (from webforms/calls/emails) or from a provider/previous provider of the service |
Contact Data includes billing and delivery address, email address and telephone numbers |
Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving |
|
Directly (from webforms/calls) |
Financial Data includes bank account and payment card details. |
Carry out the service provided by us or a client of ours - steps to enter contract or |
|
Directly (from webforms/calls from the person booking the event) or from a provider (previous provider) of the service |
Transaction Data includes details about payments to and from you and other details of products and services you have purchased or enquired about from us or vice versa. This will include details about delivery of services, such as dietary requirements for catering events. |
Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving |
|
Directly from use of website |
Technical Data includes IP address, login data, browser type and version, time zone |
Carry out the service provided by us or a client of ours- steps to enter contract or |
Explanation of the purposes which we may use your personal data
CONTRACT AND PROVIDING SERVICES
This means things like:
- Carrying out our obligations arising from any contracts entered into between you and us, or a third party we are fulfilling a contract for. For example, sometimes we provide services for a corporate client for users of their service etc.
- Allowing you to participate in interactive features of our service, when you choose to do so.
- To notifying you about changes to our service or that we have taken over a service/business.
- To registering you as a new customer.
- To processing and delivering your order, provide the service. This could include things like details of dietary requirements for guests if we are catering an event or assistance requirements for guests attending events.
- To managing your relationship with us.
LEGAL OBLIGATIONS
This is things like keeping records for tax purposes and complying with statutory requirements when providing services to Consumers.
LEGITIMATE INTERESTS
This means things like running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, health and safety or security requirements such as managing CCTV. Where we manage CCTV on site a separate policy will set out details regards the CCTV used.
It can also mean enabling you to participate in a prize draw, competition or complete a survey. Studying how customers use our products and services to develop our business. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how
we decide which products, services and offers may be relevant for you (we call this marketing). For example, we may market an event to individuals who live near a venue based on the geographical data we hold about them. We only send electronic direct marketing communications to individuals if they have consented to us doing so.
Transfer of personal data
As Good Eating Company is part of an international group (Sodexo), your Personal data may be transmitted to internal or external recipients that are authorized to perform Services on our behalf. Some of the third countries in which we operate outside UK do not provide the same level of data protection as the country in which you reside and are not recognized by the ICO as providing an adequate level of protection for individuals’ data privacy rights.
Personal data may be shared within the Sodexo Group of Companies only where necessary and where joint services are provided. We have implemented appropriate safeguards to ensure an adequate level of protection of your Personal data, even if the Personal data is processed by another Sodexo entity that did not collect your Personal data originally.
Sodexo has implemented the Sodexo’s Binding Corporate Rules (BCRs) within Sodexo Group. Therefore, even if the third countries in which Sodexo entities operate are located outside of the European Economic Area, your Personal data is protected in the same way that they would have been by any entity located within the European Economic Area.
For further information, including obtaining a copy of the documents used to protect your information, please contact us at Data.Protection.UKandIE@sodexo.com.
To guarantee the security and confidentiality of Personal data thus transmitted, we will take all necessary measures to ensure that this data receives adequate protection, such as entering into data transfer agreements with the recipients of your personal data based on the applicable standard contractual clauses (“SCCs”) or other valid transfer mechanisms and we carry out, in accordance with the European Court of Justice's decision of 16 July 2020 "Scherms II" (Case C 311-18), a risk assessment of the transferred data. If you would like to receive a copy of the safeguards in place to secure data transfers outside the UK, please contact the Data Protection Officer.
Disclosure of your information
We are a subsidiary of Sodexo Limited. We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 2006. This information is not routinely shared. It may be shared for the provision of joint services, for example IT support, Legal advice, debt recovery or HR support. It may also be shared for statistical analysis. Where appropriate a data sharing agreement is put in place.
We may disclose your personal information to third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Good Eating Company Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Good Eating Company Limited and/or its subsidiary and associated companies, our customers, or others or to assist with regulatory or criminal investigations. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- To fulfil a contract, for example where details have to be shared with a venue that has been booked, or where we provide onsite client services.
YOUR RIGHTS
Good Eating Company Limited is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights:
RIGHT OF ACCESS
You can request access to your personal data. You may also request rectification of inaccurate personal data, or to have incomplete personal data completed.
You can request any available information as to the source of the personal data and you may also request a copy of your personal data being processed by The Good Eating Company.
RIGHT TO BE FORGOTTEN
Your right to be forgotten entitles you to request the erasure of your personal data in cases where:
(i) the data is no longer necessary;
(ii) you choose to withdraw your consent;
(iii) you object to the processing of your personal data by automated means using technical specifications;
(iv) your personal data has been unlawfully processed;
(v) there is a legal obligation to erase your personal data;
(vi) erasure is required to ensure compliance with applicable laws.
RIGHT TO RESTRICTION OF PROCESSING
You may request that processing of your personal data be restricted in the cases where:
(i) you contest the accuracy of the personal data;
(ii) Good Eating Company no longer needs the personal data, for the purposes of the processing;
(iii) you have objected to processing for legitimate reasons.
RIGHT TO DATA PORTABILITY
You can request, where applicable, the portability of your personal data that you have provided to Good Eating Company, in a structured, commonly used, and machine-readable format and you have the right to transmit this data to another
Controller without hindrance from Good Eating Company where:
(a) the processing of your personal data is based on consent or on a contract; and
(b) the processing is carried out by automated means.
You can also request that your personal data be transmitted to a third party of your choice (where technically
feasible).
RIGHT TO OBJECT TO PROCESSING INCLUDING DIRECT MARKETING
You can object to us using your Personal Data for direct marketing. You can also contact us to object to how we are using your Personal Data for any other reason, but we may not have to stop using it for this purpose.
RIGHT TO WITHDRAW CONSENT
If We process your personal data on the basis of your consent, you can withdraw your consent at any time.
RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISIONS
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you. You have the right to object to processing including direct marketing.
RIGHT TO LODGE A COMPLAINT
You can choose to lodge a Complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages.
You have also the right to lodge your Complaint before the courts where the GEC entity has an establishment or where you have your habitual residence.
You can also send your request by email to DSAR.UKandIE@sodexo.com, in writing to 310 Broadway, Salford, M50 2UE. The
team will liaise with you about how you to contact you about your request and receive information. Please note that it is usually necessary to arrange a telephone appointment to discuss your request once it has been made.
If you wish to unsubscribe to marketing emails communications, you can also do so by using the unsubscribe function on the email.
If applicable in your country, you can enforce the third-party beneficiary rights afforded to you by the Sodexo BCRs.
Our site may, from time to time, contain links, plug-ins or applications to and from the websites of our group companies, partner networks, advertisers and affiliates. If you follow a link to any of these websites or enable these connections, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
STORAGE LIMITATION AND ACCURACY
Good Eating Company will keep Personal Data that is processed accurate and, where necessary, up to date. We only keep Personal Data for as long as necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements and, where required for Good Eating Company to assert or defend against legal claims, until approximately 6 months after the end of any relevant legal limitation period. If you want to learn more about our specific retention periods for your Personal Data established in our retention policy you may contact us at DataProtection.UKandIE@sodexo.com.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable and regulations.
SECURITY OF YOUR PERSONAL DATA
We implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful alteration or loss, or from unauthorized, use, disclosure or access, in accordance with our Group Information and Systems Security Policy.
We take, when appropriate, all reasonable measures based on Privacy by design and Privacy by default principles to implement the necessary safeguards and protect the Processing of Personal Data. We also carry out, depending on the level of risk raised by the processing, a Privacy impact assessment (“PIA”) to adopt appropriate safeguards and ensure the protection of the Personal Data. We also provide additional security safeguards for data considered to be Sensitive Personal Data.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once We have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
CHANGES TO OUR PRIVACY POLICY
Any changes We may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.