Ello Group Privacy Notice
Identity of the Data Controller and Data Protection Officer
Ello Group Limited is the owner of tastecard and Coffee Club (Taste Marketing Limited), gourmet society (Simard Limited) and hi-life (Hi-Life Diners Club Limited). Ello Group are committed to protecting and respecting your privacy in line with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR") as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018, together with the Data Protection Act 2018 and other data protection or privacy legislation in force from time to time in the United Kingdom following the United Kingdom exit from the European Union. For us to drive compliance, we have a Personal Information Management System which is compliant with BS 10012:2017.
Ello Group could be acting as Data Controller, Joint Controller or Data Processor and have an appointed Data Protection Officer.
Ello Group also provide services on behalf of Vue Services Limited and Vue Entertainment Limited (including Vue, and other brands owned by Vue). When using one of Vue’s e-commerce sites you will be asked to agree to the site-specific Privacy Notice.
This Privacy Notice was updated: September 2023.
For UK residents, questions, comments, and requests regarding this Privacy Notice are welcomed and should either be emailed to DPO@ellogroup.co.uk or addressed to the Data Protection Officer, Ello Group Limited, Birkby Grange, 85 Birkby Hall Road, Birkby, Huddersfield, HD2 2XB.
If you are a resident of EU, please contact GRCI Law. We have appointed GRCI Law to act as our EU Representative. All requests, questions and comments should either be emailed to firstname.lastname@example.org or addressed to c/o Head of Data Privacy Manager Service for GRCI Law, IT Governance Europe, The Mill, Newton Link Road, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland.
The type of Personal Data we collect & the purpose of processing
We currently collect and process the following information to enable us to provide the service to you, and for general administration:
Type of Personal Data Purpose of processing Contact information (Name, email address, postal address, phone number) Provide memberships, provide products, respond to queries, send updates, verify identity, verify eligibility Payment information (payment details, billing address) Process payments, and fulfil orders Shipping Address Send products to you Company information As part of provision of services on behalf of an employer, third-party benefit provider or reward provider Unique identifiers (username, MembershipCode, Redemption Code) To verify your identity and provide access to a product or service. Preference Information (order history, membership usage, marketing preferences) Provide updates with regards to your use of the product, and products that may be of interest
We may also collect:
Type of information Purpose Communication information (comments, posts, feedback, email, chats, calls) To enable us to improve services, and respond to your queries Location information To make recommendations about services in your area IP Addresses (including geographical location) For system administration, and service improvements Date of Birth (in certain contractual circumstances) Validate eligibility for products or services
How we get the Personal Data and why we have it
Most of the Personal Data we process is provided to us directly by you through our mobile app(s), our website(s) or one of our landing pages, for the one of following reason(s):
- to provide and administer a membership,
- to provide access to a product,
- to provide and administer a service to you.
We may also receive Personal Data indirectly, from the following sources in the following scenarios:
- your employer, to provide a membership to you
- a third-party benefit provider, to provide a membership to you
- a reward provider, to provide a membership to you
How we use that information is detailed in section 2.0 The type of Personal Data we collect & the purpose of processing.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are either:
- We have your consent.
- We have a contractual obligation.
- We have a legitimate interest.
Recipients of Personal Data
Ello Group may be required to transfer or provide access to the Personal Data provided by its customers to third parties to fulfil contractual obligations. The following link provides information on data recipients who we use to provide the service we offer. The document will explain which processors work on which brand and what safeguards we have in place, Recipients of Personal Data
All information you provide to us is stored securely. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access our mobile app(s) or website(s), you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The transmission of information via the internet may not be completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
We may disclose your Personal Data to any member of our group (Ello Group Limited), which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We will not disclose your information to any of the third parties (Recipients of Personal Data) for marketing purposes.
For Customers of Vue
Where it is necessary to fulfil your order for Vue products and services or any query that you have in relation to those products and services, we will share your Personal Data with Vue. Vue acts as a Joint Controller or Controller of your Personal Data which is collected as part of the Vue services, we share this with them in connection with your Vue order.
Details of transfers to third countries and safeguards
Ello Group may work with third parties that requires them to transfer Personal Data to a third country, controls are in place to ensure that the level of protection is not undermined and that security controls are at a level to commensurate with the type of information being transferred.
We also use an external IT service provider, to assist us with the management of our IT systems and ensuring that our systems are secure. We do not transfer data to this organisation however they will have access to our systems to enable them to complete maintenance and IT support.
We also may also provide services using SaaS platforms, which are cloud hosted applications made available to you over the internet.
Where we transfer Personal Data to third countries, we will always ensure that we have the appropriate transfer mechanisms in place. This includes Data Protection Agreements, Standard Contractual Clauses, or International Data Transfer Agreements.
How we store your Personal Data
We store your information securely and take all relevant technical and organisational measures required.
This is the length of time records should be kept for administrative, legal, fiscal, historical, or other purposes. We strive to maintain and retain adequate, relevant, and limited records to what is necessary in relation to the purposes we set out. As such we define maximum retention periods, and within those periods we will erase and securely dispose of information.
As an example
Type of Record Maximum Retention Period Membership record (as a direct customer) – where your membership has ended 5 years and 18 months after the last interaction with us Corporate Membership – where you’ve been provided with a membership through our client 5 years from expiry of that membership, or as defined in the contract agreed with the Client Guest Checkout – where you have purchased a product, where you were not required to set up an account 2 years – based on the product type that was purchased
Your data protection rights
Under data protection law, you have rights with regards to how a business uses your Personal Data, these rights are not always absolute, and they may not apply in all cases, they include:
Your right of access - You have the right to ask us for copies of your Personal Data.
Your right to rectification - You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your Personal Data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of all or some of your Personal Data in certain circumstances.
Your right to object to automated decision-making including profiling - You have the right to object to decisions made with no human involvement, such as profiling, which use Personal Data to make calculated assumptions about you.
Your right to be informed is fulfilled by providing you with this Privacy Notice.
If you make a request, we have one month to respond to you. There is no fee to pay to exercise your rights in reasonable circumstances. A request may be refused based on exceptional circumstances. For more details you can refer to ICO help and guidance on your rights.
This can be done by emailing DPO@ellogroup.co.uk as a UK resident, or our EU representative as relevant.
For more information on how to submit a request as a UK resident, and the information required, please see the following link from the ICO, on guidance for individuals, Your Rights, ICO. As an EU resident please refer to your own National Supervisory Authorities website.
Profiling covers information about how decisions are made and the significance of the consequences.
Please note that the use of profiling or automated decisions are not made without human involvement.
We use location services through our mobile apps, and our websites for us to tailor our marketing material to your specific behaviour and activities, e.g. the types of restaurants which you regularly visit. We use email monitoring services to monitor the emails which we send to users. We also collect usage data using card usage, systems, and membership apps. In doing this, we obtain information such as but not limited to:
- Time of receipt;
- Time of opening;
- Device used;
- Purchases made;
- Savings made;
- Venue visited;
- Which parts of the website and communications you interacted with;
- Instances of app crashes
We use third party providers of analytics and similar services to track statistics and user demographics, understand usage of our mobile apps and identify and resolve the root causes of app crashes.
If you contact us through social media, you will have agreed to that platforms own Privacy Notice and Terms & Conditions. We will not contact you directly through social media for customer query management, we will only respond to a message you have posted or sent to us.
Where you have provided us with a mobile number, and consent, we may market to you using SMS and Push notification interactions.
Our systems are set up to enable us to collect information on your usage, interactions, and spending history inclusive of savings made, we link this data to your profile so that we can determine what other deals or informational emails may be of interest to you.
We work with third parties to help us create a profile to ensure that we are sending relevant information.
You can stop this profiling activity by contacting us using the details in the 'Contact' section. Please be aware that by objecting to some of this data collection we may not be able to provide the product to you.
Cookies & Tracking
Mobile Applications may use tracking technologies to record how you interact with them. This is used to help improve services.
We regularly send out email communication to keep you up to date with all the latest discounts and offers from the Ello Group brands, Vue, and our chosen partners. If you wish to unsubscribe from these emails, you can do so at any time by simply clicking either of the links in the footer and you will be removed from all promotional emails. To unsubscribe from SMS marketing follow the instructions in the SMS received or contact us.
Please note that even if you decide not to subscribe to, or to unsubscribe, from promotional email messages, we may still need to contact you with important transactional information related to your account and your purchases. For example, even if you have unsubscribed from our promotional email messages, we will still send you confirmations when you make purchases on the app or site or provide updates to the Privacy Notice.
Changes to our Privacy Notice
We may change this Privacy Notice from time to time.
Changes will be posted online, and in our Mobile Applications. We may notify you through communications we send from time to time.
If you wish to view or alter your Privacy settings this can be done in the Mobile Application, or you can contact us through the online Contact form.
How to complain
If you have any concerns about our use of your Personal Data, you have the right to make a complaint:
- For UK residents please use DPO@ellogroup.co.uk
- For EU residents you can contact our EU representative as detailed in Section 1.0.
You can also complain to the relevant supervisory authority if you are unhappy with how we have used your data.
For UK residents:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
For EU residents:
Please refer to your National Supervisory Authority for details on how and where to submit your complaint.