Caterbook Privacy Notice
Our Privacy Notice describes the personal information we collect from or about you, and how it will be processed when you:
· Visit our website or use one of our web based applications.
· Enquire about our products or services.
· Enter into a contract for us to provide products or services.
· Require support for those products or services.
Additionally, this document will describe how we process data for which you may be the controller, concerning the personal information of your staff or clients.
For clarity, “GDPR” means the General Data Protection Regulation (EU) 2016/679 and “controller”, “processor”, “process”, “data subject”, “personal data”, “personal data breach” and “supervisory authority” have the meanings given to them in the GDPR.
1. Information we may collect from you
We may collect and process the following data about you:
· Information you give us. You may give us information about you by filling in forms on our website www.caterbook.com (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to trial our service, subscribe to our service, and when you contact us with a support query about our service. The information you give us may include your name, address, e-mail address and phone number and financial information.
· Information we collect about you. With regard to each of your visits to our website or use of the Caterbook service we may automatically collect the following information:
· technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
· information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
· Records of certain actions carried out by you within the service and the time it occurred (for example, entering a reservation.)
· Information we receive from other sources. We may receive information about you if you use any of the other third party websites or web based services that we operate or provide, including for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers.
Our support chat portal on the website also allows us to recognise you on subsequent visits to improve our interaction with you if you need assistance.
2. How we use the information
We use information held about you in the following ways:
· Information you give to us. We will use this information:
· to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
· to provide you with information about other goods and services we offer that are similar to those that you have already subscribed for or enquired about;
· to notify you about changes to our service;
· to ensure that content from our site is presented in the most effective manner for you and for your computer.
· Information we collect about you. We will use this information:
· to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
· to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
· to allow you to participate in interactive features of our service, when you choose to do so;
· as part of our efforts to keep our site safe and secure;
· Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
3. Disclosure of your information
We may share your personal information now or in the future with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
· Our business partners, suppliers and sub-contractors for the performance of any contract we enter into with you, and who may be data processors on our behalf.
· Analytics and search engine providers that assist us in the improvement and optimisation of our site.
· From time to time some of our partners may also make special deals available to our clients, for example reduced commission rates from OTA’s, or preferential pricing for merchant bank accounts. You may register your interest for such offers on our website, and it will be clear that any information you provide as part of that specific process will be shared with the partner, and used for that purpose only so they might contact you to discuss their proposal.
We may disclose your personal information to third parties:
· In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
· If Caterbook Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
4. Where we store and process your personal data
The data that we collect from you may be transferred to, stored at and processed at a destination outside the European Economic Area ("EEA") in accordance with Chapter 5 of the GDPR. This mandates that such transfer, storage and processing can only occur in third countries where the EU have previously determined such countries have adequate levels privacy, whether by its domestic legislation or of the international commitments it has entered into.
(The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection.)
Any payment transactions will be encrypted using the latest appropriate technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict policies, procedures and security features to prevent unauthorised access.
5. Your rights
You have a right not to be sent unsolicited marketing material, but in any case we do not routinely use your information for advertising, or share your information with any third party without your specific consent and only then on a per use case basis.
We may follow up on an enquiry you made about our products or services within 3 calendar months of your original contact if we didn’t enter into a contract. You can request we don’t contact you again at any time.
On the basis of an ongoing business relationship, we may contact you via email or telephone to keep you updated about our services, your account and any invoices and payments due or past due.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The GDPR gives you the right to access information we hold about you. Your right of access can be exercised in accordance with the Act. Any initial, reasonable access request will be free of charge, but subsequent requests may at our discretion be subject to a fee of £10 to meet our costs in providing you with details we hold about you. We will usually respond to such requests within 10 working days.
Correcting Inaccurate Data
If we have inaccurate data about you, just let us know and we will update it. It’s in all our interests that the information we hold is correct.
6. Data Retention Periods
We retain your information only for as long as necessary in each case. If you decide to cease using our service, providing your account is in good financial standing you will have the opportunity to export your customer and booking data prior to cessation. All data associated with your service will be deleted within a maximum timeframe of 6 months of your cessation date.
Some information we must legally hold on to for longer, such as any financial records and invoices but we may substitute your personal information from these records on request if you can provide us with non-personal alternative contact data (for example the main reception telephone number rather than your mobile number, and a generic “reception@” email address rather than a personal one.)
Any support telephone calls which are recorded are deleted automatically after 1 month.
7. Caterbook as Data Processor.
In using our service, you are the data controller for your own staff and client’s personal data. You will have your own policies and procedures in place for how you intend to ensure the privacy rights of your data subjects are upheld.
Under this scenario though, Caterbook is the data processor. The GDPR now mandates that the data processor has greater responsibilities than the old Data Protection Act.
To that end, we affirm that we have taken all reasonable steps to ensure that we, and any third parties we work with (acting as sub-processors) have the appropriate measures in place to ensure continued compliance with GDPR when processing the personal data of yourself, your staff, and your clients.
· Third party companies we work with have demonstrated a commitment to comply with GDPR legislation.
· This includes implementing appropriate security measures to protect data, and report any personal data breach in accordance with Article 33 of GDPR.
· Any sub-processing of your own, your staff and your client data will only be carried out on instruction from Caterbook.
· Any transfer, storage or processing of data outside of the EU will only be carried out in a country that the EU has previously agreed offers an adequate level of data protection. (GDPR Chapter 5)
· We will offer assistance to our clients in meeting any data subject access requests that may be made at no additional cost
8. Changes to our Privacy Notice