Privacy Policy - Brambles

PRIVACY POLICY

Last Update: 25 May 2018

Introduction

Brambles Deli Café Ltd is committed to protecting the privacy of our users and customers. When you visit our websites (or subdomains), make a reservation, contact us, purchase products from us, or visit one of our hotels, we collect personal data from and about you.

This Privacy Statement describes which personal data is collected and for which purposes this personal data is processed by Brambles Deli Café Ltd. It also states which rights you have under applicable data protection law.

It is also intended to assist you in making informed decisions when using our Website and our products and services. Please take a minute to read and understand the policy.

All your personal Information shall be held and used in accordance with the General Data Protection Regulation 2018 and subsequent regulations. If you want to know what information we collect and hold about you, please write to us at:

Brambles Deli Café Ltd

Unit C4 South City Business Park

Whitestown Way

Tallaght

Dublin 24

Or send an email to customercare@brambles.ie

Please quote your name and address. We should be grateful if you would also provide brief details of the information of which you would like a copy or which you would like to be corrected (this helps us to more readily locate your data). We will also ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.

By using this website or submitting personal information to us through or in connection with this website, you signify your consent to our collection, use and disclosure of your personal information in accordance with this privacy policy. If you do not agree with this privacy policy, you must not use this website or any other Brambles Deli Café Ltd website, or submit information to us through or in connection with this website. All of our services with the exception of the Captain America’s & wagamama kids club (details relating to this are outlined in section 4b.) are intended for users aged 18 years or older. If you do not meet these age requirements you must not use our services or submit your personal data to us. If we discover personal data belonging to a person aged younger than 18 years we will destroy that data immediately.

Please be aware that communications over the internet, such as emails/webmail are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the world wide web/internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

All of our employees and data processors that have access to, and are associated with, the processing of your personal information are obliged to respect the confidentiality of our visitors’ information.

We ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.

Who Processes Your Personal Data?

Your information may, for the purposes set out in this privacy policy, be disclosed for processing to:

Our employees;
Our affiliates;
Our group companies and their employees;
Successors in title to our business;
Third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to it support services) to us;
Government bodies and law enforcement agencies and in response to other legal and regulatory requests;
Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.

Which Personal Data Do We Process, And For What Purposes Do We Process Personal Data?

Regardless of which Brambles Deli Café Ltd business you engage with, your personal data will be stored in (i) centralized systems which are under the control of Brambles Deli Café Ltd Operations and accessible for authorized staff of Brambles Deli Café Ltd, and (ii) local systems controlled solely by the relevant business. We want to get to know you, because that enables us to make your experience with us more pleasant, so you may one day decide to return to our hotels, bars, and restaurants or entertainment venues. We collect, store and process personal data at two different stages: (i) before you decide visit one of our premises and (ii) when you stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues.

(i) Before you decide visit one of our premises

When you visit our websites, we collect information about your use of the website. This includes both information we collect directly from you, and information we collect about your behaviour. This information may constitute ‘personal data’ under applicable law. We use this information to provide you with (personal) offers, both on our website and via advertisements on other websites you visit. The information about your use of the website comprises http header information which your browser transmits to our webserver, information collected through the use of cookies and log information which displays the pages that you visited on our Website.

(ii) When you stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues

When you make a reservation, you will have to provide us with your name, your (email) address, phone number, the dates you are staying with, or visiting us and a credit card token or other payment information if applicable. We use this personal data to process the reservation, for billing purposes, and to allow us to communicate with you about your reservation. When you stay or have stayed in one of our hotels, or visited one of our bars, restaurants or entertainment venues, we will collect personal data about your preferences, use of our services, and location. We will retain this information for one year from the date of your visit, or for as long as you are opted in to marketing from us.

Overview of Activities Under Stage (3i) And (3ii)

We may at each of the stages outlined above use your personal data. For your convenience, we have made an overview of activities that involve the processing of your personal data, and the corresponding legal basis/legal bases that allow/s us to process this data:

	Purpose/activity	Legal basis
1.	First of all, we store the personal data you provide to us in our systems for administrative purposes.	· Consent (if required) · Enter into or perform a contract to which you are a party
2.	Under several jurisdictions and/or local city regulations we are legally obliged to ask you to provide us with certain information when you arrive at a Brambles Deli Café Ltd business. This may include information such as: birth date, nationality, place of residence, date of arrival and profession.	· Compliance with a legal obligation
3.	We will have to verify your identity when you arrive at a Brambles Deli Café Ltd. We will use your passport or other identification document. We will not store a copy of your passport, unless to the extent permitted by law.	· Enter into or perform a contract to which you are a party · For the purposes of our, or a third party’s, legitimate interests
4.	We store information of your use of the systems in our guest rooms to ensure that they work correctly. This information is used by our 24/7 support team for preventative and reactive support purposes.	· For the purposes of our, or a third party’s, legitimate interests
5.	We store your personal data in our database(s), also after your transaction has been completed or after you have stayed in one of our hotels, in order to comply with data retention obligations and to be able to contact you and welcome you again in the future. We will retain this information for one year from the date of your stay or most recent visit.	· Compliance with a legal obligation · Enter into or perform a contract to which you are a party · For the purposes of our, or a third party’s, legitimate interests
6.	It may be necessary to transfer personal data to another Brambles Deli Café Ltd business or other recipient (such as franchisees, partners and third party service providers) in a country outside of the country where it was originally collected or outside of your country of residence or nationality. For many of our business purposes we use cloud based services. Therefore, for technical and organizational reasons, it may be necessary that your personal data is transferred to servers located in the US, or to servers located in countries outside of the European Economic Area (‘EEA’).	· Enter into or perform a contract to which you are a party · For the purposes of our, or a third party’s, legitimate interests When we transfer the data to a country outside of the EEA that does not offer an adequate level of data protection, we will ensure compliance with applicable law by way of: · EU Model Clauses · EU-US Privacy Shield-certification · Other legally accepted safeguards, as applicable
7.	We process your booking, howsoever made (directly via our website or via a third party (online) travel agent or restaurant reservation provider.	· Enter into or perform a contract to which you are a party
8.	We create a general and simple profile of you on the basis of information disclosed by you via public sources on the internet. We will not use any sensitive personal data that we may collect or derive from your stay or from public sources on the internet.	· Enter into or perform a contract to which you are a party · For the purposes of our, or a third party’s, legitimate interests
9.	We offer and provide services and products you request from us or which we may think you are interested in, via email, telephone or other media. You can subscribe to our newsletter, which contains commercial offers and news of Brambles Deli Café Ltd businesses and related third parties provided you have opted in via our website, or via a third party service provider. We use the email address you provide to send the newsletter to. If you no longer wish to receive the newsletter, you can use the link provided in every newsletter to unsubscribe.	· Consent (if required) · Enter into or perform a contract to which you are a party · For the purposes of our, or a third party’s, legitimate interests
10.	We use credit card data or other payment data for invoicing purposes, such as the purchase of a Brambles Deli Café Ltd Gift Card or to complete a restaurant or hotel booking.	· Enter into or perform a contract to which you are a party
11.	When purchasing a Brambles Deli Café Ltd gift card you have the option of registering your card through our websites to protect your card balance in the event of loss. This step is not mandatory, and any information collected during this process will be held by our 3^rd party gift card service provider Loylap.	· Enter into or perform a contract to which you are a party
12.	We collect (meta)data on your use of our Wi-Fi services for security and anti-piracy purposes (such as: IP address, your device’s MAC address, connections made, location, etc.). We do not process the content of traffic.	· Consent (if required) · For the purposes of our, or a third party’s, legitimate interests
13.	We collect automatically generated information for statistical (research) purposes. This information tells us how well our services are functioning. This information may be provided to third parties, but only if permitted by law or if this information cannot be traced back to you.	· For the purposes of our, or a third party’s, legitimate interests
14.	We track information on your purchases for future use in case you return to a Brambles Deli Café Ltd business.	· For the purposes of our, or a third party’s, legitimate interests
15.	We track and record your use of our, or our affiliates’, (online) services, either through cookies or via other means. Cookies enable us and others to monitor your browsing behaviour. Please read our Cookie Statement (Section 7) for further information on cookies.	· Consent (if required) · Enter into or perform a contract to which you are a party · For the purposes of our, or a third party’s, legitimate interests
16.	We engage in the advertising and marketing of our brand, company, affiliates, services and/or products both online and offline, possibly via 3^rd party service providers. For this, we use your contact details, information on your visit to a Brambles Deli Café Ltd business and information collected through cookies. This information is anonymised upon upload to our 3^rd party service providers and no personally identifiable information is sent with it.	· For the purposes of our, or a third party’s, legitimate interests
17.	We endeavour to provide a high level of security of both the information we store as well as our facilities, (IT) systems and premises, by means of encryption, physical security measures, passwords, company procedures and policies and professional IT support. Personal data may be processed in this context by Brambles Deli Café Ltd and its vendors.	· For the purposes of our, or a third party’s, legitimate interests
18.	We endeavour to prevent our services and facilities from being used for illegal purposes, of any kind. Personal data may be processed in this context by Brambles Deli Café Ltd and its vendors, such as through CCTV surveillance.	· For the purposes of our, or a third party’s, legitimate interests
19.	We engage in activities required for compliance with legal obligations, third party claims or requests from public authorities, such as (i) the mandatory storage/containment of certain information because of a criminal investigation, (ii) requests from third parties for access to information (iii) any further instructions from third parties, such as supervisory authorities, that involve data processing.	· Consent (if required) · Enter into or perform a contract to which you are a party · For the purposes of our, or a third party’s, legitimate interests

4b. Use of Children’s Data

Brambles Deli Café Ltd offers some services to children via the Captain Americas and wagamama brands which are primarily targeted at children, and others that are intended for users of all ages and their families including activities that may collect information from children. Below we summarize potential instances of collection and outline how and when we will provide parental notice and/or seek parental consent. In any instance that we collect personal information from a child, we will retain that information only so long as reasonably necessary to fulfil the activity request or allow the child to continue to participate in the activity, and ensure the security of our users and our services, or as required by law. In the event we discover we have collected information from a child in a manner inconsistent with the GDPR’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.

Registration for Kids Club

Children up to the age of 12 can be registered for our Kids Club on our Captain Americas and wagamama websites. Every year on the child’s birthday we will send a birthday card to your child’s registered postal address with a voucher for a free kid’s meal.

During the registration process, we ask for the Parents name and email address for notification and security purposes, as well as the child’s first name and date of birth, (for age verification purposes) and a postal address.

Competitions

We occasionally run in-venue competitions where we collect data. Unless specified with an option to tick a consent box, this information will not be used to market to you. This information is only collected to inform you if you are a lucky prize winner. Data will not be retained after the closing date of any such competition.

About the Collection of a Parent or Legal Guardian’s Email Address

This information is collected for notification and security purposes. If you believe your child is participating in a Kids Club activity that collects personal information and you or another parent/guardian have NOT received an email confirming subscription to the kids club, please feel free to contact us at customercare@brambles.ie. We will not use parent emails provided for parental consent purposes to market to the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.

When Information Collected From Children Is Available to Others

We may share or disclose personal information collected from children in a limited number of instances, including the following:

We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us.
We may disclose personal information if permitted or required by law, for example, in response to a court order.

Parental Choices and Controls

At any time, parents can refuse to permit us to store personal information from their children in association with a particular account, and can request that we delete from our records the personal information we have collected in connection with that account. Please keep in mind that a request to delete records may lead to a termination of a membership, or other service.

Where a child has registered for a Captain Americas or wagamama’s Kids Club, we use one method to allow parents to access, change, or delete the personally identifiable information that we have collected from their children:

Parents can contact us to request access to, change, or delete their child’s personal information by sending an email to us at customercare@brambles.ie. A valid request to delete personal information will be accommodated within 30 days as per the GDPR legislation.

Parents of Captain Americas or wagamama’s Kids Club members may contact us directly at: customercare@brambles.ie.

In any correspondence, please include the child’s name and the parent’s email address. To protect children’s privacy and security, we will take reasonable steps to help verify a parent’s identity before granting access to any personal information.

Your Rights

Right to Revoke Consent

If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward.

Right of Access to Your Information

All your personal Information shall be held and used in accordance with the General Data Protection Regulation 2018 and subsequent Regulations. If you want to know what information we collect and hold about you, please write to us at:

Brambles Deli Café Ltd

Unit C4 South City Business Park

Whitestown Way

Tallaght

Dublin 24

Or send an email to customercare@brambles.ie

Please quote your name and address. We should be grateful if you would also provide brief details of the information of which you would like a copy or which you would like to be corrected (this helps us to more readily locate your data). We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.

Right to Rectification and Erasure of Data, and Restriction of Processing

If you believe that our processing of your personal information is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by sending an email to customercare@brambles.ie.

Right to Data Portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with section 20 of the General Data Protection Regulation.

Right to Object

You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data which is based on the legal basis of either point (e) or (f) of section 6(1) of the General Data Protection Regulation (i.e. The performance of a task carried out in the public interest; the purposes of our, or a third party’s, legitimate interests) including profiling based on those provisions [see the Schedule under clause 4 of this Privacy Statement]. We will only cease the processing if so required under section 21(1) of the General Data Protection Regulation. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes by either (i) opting out by using the option we provide in the relevant direct marketing message (e.g. An email newsletter), or (ii) by sending an email to customercare@brambles.ie.

For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing but are required in order to complete a service request or customer function.

General Information Relevant for all Requests and Queries

You must exercise your rights, as explained in this clause, in accordance with applicable law, in particular section 15, 16, 17, 18, 20 and 21 of the General Data Protection Regulation, if and when it applies. We will solely review your request or query in light of our obligations under applicable mandatory data protection law. Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law.

We will use reasonable endeavours to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires.

Protection and Storage of Your Data

We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state of the art protection measures.

A strictly limited amount of people have access to your personal data. In any instance that we collect personal information from you, we will retain that information only so long as reasonably necessary to fulfil the activity request or to allow you to continue to use our services, and ensure the security of our users and our services, or as required by law. Please keep in mind that a request to delete records may lead to a termination of a membership, or other service provided by us.

Cookies

Please read our full Cookie Policy here.

Please refer to http://www.allaboutcookies.org if you require information about cookies in general or would like to know how to disable cookies on the website.

Use of Your Personal Information Submitted to Other Websites

We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our website.

We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.

Supervisory Authority and Applicable Law

With respect to the processing of your personal data, Brambles Deli Café Ltd Operations is the ‘main establishment’ of Brambles Deli Café Ltd. This means that the data protection authority of Ireland shall have jurisdiction with respect to the cross-border processing of your personal data in which Brambles Deli Café Ltd. Notwithstanding the foregoing you shall be entitled to lodge a complaint with the competent supervisory authority in the territory of a Brambles Deli Café Ltd business.

The processing of your personal data by Brambles Deli Café Ltd Operations and the relevant Brambles Deli Café Ltd business(s) shall be subject to the laws of Ireland, including the General Data Protection Regulation, when it applies from 25 May 2018 onwards. The applicability of the laws of Ireland and General Data Protection Regulation shall be without prejudice to any provisions that may apply to a particular processing activity under local mandatory data protection law.

General

In case you have any questions in relation to this Privacy Statement, you may send an email to customercare@brambles.ie

We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date. To make sure you consult the most recent version of our Privacy Statement, please check the Privacy Statement published on our website.

Changes to this Privacy Statement

Brambles Deli Café Ltd reserves the right to change this Privacy Statement. Brambles Deli Café Ltd will provide notification of the material changes to this Privacy Statement through the Company’s websites at least fifteen (15) business days prior to the change taking effect.