Caterbook Privacy Notice
Our Privacy Notice describes the personal information we collect from or about you, and how it will be processed when you:
Additionally, this document will describe how we process data for which you may be the controller, concerning the personal information of your staff or clients.
For clarity, “GDPR” means the General Data Protection Regulation (EU) 2016/679 and “controller”, “processor”, “process”, “data subject”, “personal data”, “personal data breach” and “supervisory authority” have the meanings given to them in the GDPR.
1. Information we may collect from you
We may collect and process the following data about you:
Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy http://www.caterbook.com/cookie-policy/.
Our support chat portal on the website also allows us to recognise you on subsequent visits to improve our interaction with you if you need assistance.
Our service also uses cookies as an integral part of it’s operation to enhance your experience. For example, a cookie is used to allow you to return to the same date on the calendar screen after performing an action on another screen (eg “Christmas” rather than reverting straight back to “Today”.)
2. How we use the information
We use information held about you in the following ways:
Information you give to us. We will use this information:
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
3. Disclosure of your information
We may share your personal information now or in the future with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
We may disclose your personal information to third parties:
4. Where we store and process your personal data
The data that we collect from you may be transferred to, stored at and processed at a destination outside the European Economic Area ("EEA") in accordance with Chapter 5 of the GDPR. This mandates that such transfer, storage and processing can only occur in third countries where the EU have previously determined such countries have adequate levels privacy, whether by its domestic legislation or of the international commitments it has entered into.
(The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection.)
It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. Caterbook will take all steps reasonably necessary to ensure that your data is treated securely in accordance with this privacy policy and the requirements of the GDPR.
Any payment transactions will be encrypted using the latest appropriate technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict policies, procedures and security features to prevent unauthorised access.
5. Your rights
You have a right not to be sent unsolicited marketing material, but in any case we do not routinely use your information for advertising, or share your information with any third party without your specific consent and only then on a per use case basis.
We may follow up on an enquiry you made about our products or services within 6 calendar months of your original contact if we didn’t enter into a contract. You can request we don’t contact you again at any time.
On the basis of an ongoing business relationship, we may contact you via email or telephone to keep you updated about our services, your account and any invoices and payments due or past due.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The GDPR gives you the right to access information we hold about you. Your right of access can be exercised in accordance with the Act. Any initial, reasonable access request will be free of charge, but subsequent requests may at our discretion be subject to a fee of £10 to meet our costs in providing you with details we hold about you. We will usually respond to such requests within 10 working days.
Correcting Inaccurate Data
If we have inaccurate data about you, just let us know and we will update it. It’s in all our interests that the information we hold is correct.
6. Data Retention Periods
We retain your information only for as long as necessary in each case. If you decide to cease using our service, providing your account is in good financial standing you will have the opportunity to export your customer and booking data prior to cessation. All data associated with your service will be deleted within a maximum timeframe of 6 months of your cessation date.
Some information we must legally hold on to for longer, such as any financial records and invoices but we may substitute your personal information from these records on request if you can provide us with non-personal alternative contact data (for example the main reception telephone number rather than your mobile number, and a generic “reception@” email address rather than a personal one.)
Any support telephone calls which are recorded are deleted automatically after 1 month.
7. Caterbook as Data Processor.
In using our service, you are the data controller for your own staff and client’s personal data. You will have your own policies and procedures in place for how you intend to ensure the privacy rights of your data subjects are upheld.
Under this scenario though, Caterbook is the data processor. The GDPR now mandates that the data processor has greater responsibilities than the old Data Protection Act.
To that end, we affirm that we have taken all reasonable steps to ensure that we, and any third parties we work with (acting as sub-processors) have the appropriate measures in place to ensure continued compliance with GDPR when processing the personal data of yourself, your staff, and your clients.
In summary,
8. Changes to our Privacy Notice
Any changes we may make to our privacy notice in the future will be available in this document and, where appropriate, notified to you by other means which may include email. Please check back frequently to see any updates or changes to our privacy policy.
9. Contact
The data controller (and where relevant the data processor) is Caterbook Ltd of 19A Normandy Way, Bodmin. PL31 1RB. We are registered with the Information Commissioner’s Office with reference ZA248395. Any enquiries, requests or complaints regarding our Privacy Policy or other privacy issues can be discussed with Chris Noon who can be contacted via info@caterbook.com.