By providing your personal data to us you acknowledge that it will be processed in accordance with this policy.
Personal data that is captured for our employees or trade customers (Tenants / Free Trade / Nectar Imports customers) is covered separately in our Trade and Employee privacy policies.
2. Who is responsible for your data
To facilitate the delivery of our products and services Fuller’s shares data within the group and is responsible for customer data. Our company registration number is 241882 and our registered office is Griffin Brewery, Chiswick Lane South, London, W4 2QB. We can also be contacted via email to [email protected].
3. Personal data we collect about you
We collect personal data for a variety of purposes as outlined in section. You will provide much of this data to us directly by completing online forms or by communicating with our employees but we also gather some data via the digital interactions that you have with us.
|Name and contact details (email address, telephone number and postal address)||When you book a table / function / hotel room / ticket
When you buy products from our online shops (fullers.co.uk, cornishorchards.co.uk, darkstarbrewing.co.uk and belandthedragon.co.uk)
When you attend a brewery tour
When you choose to receive marketing communication
When you provide us with feedback or submit an enquiry
When you join the Fine Ale Club
When you enter a competition
When you use WiFi
|Nationality / Passport Number||When you are an overseas visitor and book a hotel room|
|Date of Birth||To confirm that you are over 18 in order to receive licensed goods and services
When you choose to provide it for marketing personalisation
|Interests||When you choose to provide it for marketing personalisation|
|Dietary and special needs requirements||When you choose to provide it when booking a table / function / hotel room|
|Information about other guests on your booking including details of any children||When you provide them on behalf of others as part of making a table / function / hotel booking / ticket booking|
|The correspondence that you have with us (eg emails, letters, calls, online chat service)||When you contact us or we contact you. This may include telephone call recording.|
|Your location / visit information||When you use WiFi
When you make a booking
When you use the Stable Pizza app
When you stay in one of our hotels
|Your food / drink transaction details||When you book a table / hotel room|
|CCTV Recording||When you visit Fuller’s locations (including brewery, pubs, restaurants, country inns & hotels)|
|Information about how you use our websites including IP address and Google Analytics.||When you browse our websites|
|Device Information||When you use our WiFi or leave us feedback
When you browse our websites
When you open our marketing emails
Special Category Personal Data
The GDPR definition of Sensitive Personal Data includes data relating to health and religious beliefs.
As a result of you telling us that you have an allergy or a specific dietary requirement you may reveal
medical conditions or religious beliefs. Sensitive Data will only be processed in order to deliver the
products / services that you purchase from us.
4. How and why we use your personal data
We use your personal data to provide the following services:
- To deliver your bookings. When you book with us we will use your information to confirm and deliver your booking and any payments you have made and to send a follow up email for your valued feedback.
- To deliver products that you purchase. When you buy from our online stores, we will use your information to deliver your purchases, confirm your order and payments you have made and send a follow up email for your valued feedback.
- To keep you informed of our products, services, offers and promotions. We may send you marketing communications about our food, drink, hotel rooms, events and unique Fuller’s experiences if you have indicated that you are happy to receive these (e.g. when you opt in to marketing when you book from us).
- We will monitor opens / clicks and offer redemption on marketing emails to assess engagement.
- To personalise and improve your customer experience. We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience.
- To optimise the performance of our websites. We may also collect information on how you use our websites including the pages that you visit and the search criteria that you perform in order to optimise the performance of the website and personalise the content that you see.
- To meet our legal obligations. We are required to keep certain records for legal reasons – for example invoices that we issue. We will keep and use this data in line with our legal requirements.
- We use CCTV to deter and detect crime and civil offences, to support court action and comply with our legal licensing requirements. We also use CCTV to provide a safe environment for our staff and customers. We use CCTV to facilitate entry/exit from buildings and improve customer service.
- For market research and to deliver business insight to help us ensure that our products and services remain relevant.
5. Sharing your personal data
- We are reliant on a number of 3rd party providers in order to provide our products and services. Where this is the case we will remain in control of the data and we will ensure that the 3rd parties comply with high-security standards for the protection of your personal data. . The 3rd parties will not have any rights to use the data for their own purposes. Our 3rd party providers include
- Website hosting companies. Amazon Web Services (aws.amazon.com), Ocean Digital (www.digitalocean.com) and True Digital (www.truedigital.co.uk)
- Pub & Restaurant Booking System Providers. Collins (www.collinsbookings.com) and OpenTable (https://restaurant.opentable.co.uk/)
- Ticketing System Provider (www.tonicticketing.com)
- Hotel Booking System Providers. Avon Data (www.avondata.co.uk), HLS (www.high-level-software.com) and (www.siteminder.com)
- CRM, Customer Feedback providers & email marketing service providers. Zonal (www.zonal.co.uk), Coniq (www.coniq.com), MailChimp (www.mailchimp.com) Service Monitor Group (www.servicemonitorgroup.com, Feed It Back (www.feeditback.co.uk) and CreateSend (https://websir.createsend.com/)
- WiFi providers. Focus Group (www.focus-grp.co.uk), O2 Wifi (www.o2wifi.co.uk) and Purple Wifi (https://purple.ai/)
- Online shopping providers. Shopify (www.shopify.com), Iconography Ltd (www.iconography.co.uk), Payment Plus (http://www.paymentplus.co.uk/) and WooCommerce (https://woocommerce.com/)
- Online payment systems. Stripe (https://stripe.com/)
- Where relevant we will share your booking data with the franchisees who operate a small number of our restaurants.
- Legal authorities and legal advisors.
- We will also share your name and address details with our delivery partners in order to transport the product that you have ordered.
6. Transfer of Data outside the EU
All of the Fuller’s operations covered by this policy are based in the EU. However, the technical infrastructure of some of our providers is located in data centres outside the EU. The data will be transferred outside the EU as follows:
- Online Hotel Bookings. Siteminder (www.siteminder.co.uk) route hotel bookings that are made on Fuller’s websites and 3rd party providers (eg Booking.com) to the relevant Fuller’s hotels. Siteminder’s systems are located in the United States and transfer takes place in accordance with EU-US Privacy Shield.
- Online Shop Purchases. Shopify (www.shopify.com) provide the shopping cart technology that powers the fullers.co.uk and darkstarbrewing.co.uk online shops. Shopify have data centres in the United States and Canada. Data transfer to the US is covered by EU-US Privacy Shield and to Canada on the basis of adequate protection as determined by the European Commission.
We are currently auditing all of our suppliers and this policy will be updated if new information comes to light.
7. The legal basis for processing your data
We rely on the following reasons for using your data:
- Compliance with a legal obligation / regulatory authority.
- Performance of a Contract. In order to deliver the service that we have agreed to provide you with (such as a hotel or table booking)
- Legitimate Interest. In order to improve customer experience and develop our products & services
- Consent – where you have specifically consented to us using the data.
8. Retention and Security of your data
- We will only retain your personal data for as long as is necessary. This duration will depend on the type of data and the reason for processing it. For example :
- We will view consent to receive marketing communication as revoked if the marketing communication hasn’t been engaged with (opened or clicked) within 13 months.
- We are required to keep invoices if you stay in our hotels for 6 years.
- We will ensure that we use appropriate technical and organisational security measures in order to ensure that your data remains secure. These measures include internal policies and staff training, appropriate contracts with 3rd party suppliers and role-based access control.
9. Your Rights
You have certain rights in relation to the personal information we hold about you. Some of these rights only apply in certain circumstances. In order to exercise these rights please contact us using the contact details below. Please note that we will require proof of identity as part of this request and most rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
- Right of Access. You have the right at any time to ask us for a copy of the data that we hold about you and how it is used.
- Right of Correction or Completion. If the data that we have collected is inaccurate you have the right to update it.
- Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased. This usually applies if the data is no longer necessary for the purpose that it was collected for, or you withdraw your consent for its processing and request its erasure.
- Right to Object to or Restrict Processing. If you wish to challenge our need to process your data on legitimate interest grounds or if you wish to withdraw your consent.
- Right of Data Portability. You have a right to request that we transfer your data to another data processor.
Proof of Identity will be required before we can action some requests. If you choose to exercise any of your rights we will contact you to verify your identity.
12. Contact information & preferences
If you have any questions about this policy or how your data is processed, please contact us at Fuller, Smith & Turner P.L.C., Griffin Brewery, Chiswick Lane South, London, W4 2QB, via phone on 020 8996 2000 or via email to [email protected]
You can unsubscribe from our marketing communication at any time by clicking the unsubscribe link at the bottom of any of our marketing communications. Alternatively, you can email [email protected]
Should you have any concerns about this policy or the way that we are processing data you have the Right to Lodge a Complaint with the Information Commissioner’s Office. Please look at www.ico.org.uk for more detail.
GDPR Version 1.2. This policy was last updated on 21st January 2019