Privacy Policy
Introduction
This is the privacy and cookies policy for www.orderswift.com (Site) and for the ordering and payment service allowing you to order and pay for food online from your selected restaurant, eatery, café, deli, pub or food truck (Service) (together Site and Platform shall be referred to as the orderswift Systems). The orderswift Platform is operated by Tasty Tech Limited trading as Orderswift (we, us and our). The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. By using the Orderswift Systems, you consent to the collection and use of information in accordance with this privacy policy.We reserve the right to change this privacy policy from time to time by changing it on the orderswift Systems. This privacy policy was last updated in May 2018.
Information we may collect from you
We may collect and process the following information about you:
- information (such as your name, geographical location, IP address, email address, postal address and telephone number) that you provide if you use the orderswift Systems, including if you are remembered as a user of the orderswift Systems, subscribe to any service, upload or submit any material via the orderswift Systems, request any information, or enter into any competition or promotion we may sponsor;
- details of any transactions made by you through the orderswift Systems• communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the orderswift Systems or its content; and
- information from surveys that we may, from time to time, run on the orderswift Systems for research purposes, if you choose to respond to, or participate in, them.
You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services.When you visit the orderswift Systems, we may automatically collect additional information about you, such as the type of internet browser you use, any website from which you have come to the orderswift Systems and your IP address (a unique string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over a network) which is automatically recognised by our web server. You cannot be identified from this information and it is only used to assist us in providing an effective service on the orderswift Systems and to collect broad demographic information for aggregate use.
Specified, Explicit, and Legitimate Purposes
The Company collects and processes personal data. This includes:
Personal data collected directly from data subject; and
Personal data obtained from third parties.
The Company only collects, processes, and holds personal data for the specific purposes as set out in this Policy (or for other purposes expressly permitted by the GDPR).
Data subjects are kept informed at all times of the purpose or purposes for which the Company uses their personal data.
Adequate, Relevant, and Limited Data Processing
The Company will only collect and process personal data for and to the extent necessary for the specific purpose or purposes of which data subjects have been informed.
Cookies
When you interact with the orderswift Systems, we try to make that experience simple and meaningful. When you visit the orderswift Systems, our web server sends a cookie to your computer. Cookies are small pieces of information which are issued to your computer when you visit a website and which store and sometimes track information about your use of the orderswift Systems. A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the orderswift Systems and will last for longer.
We use cookies to:
- remember that you have visited us before; this means we can identify the number of unique visitors we receive. This allows us to make sure we have enough capacity for the number of users that we get;
- customise elements of the promotional layout and/or content of the pages of the orderswift Systems;
- collect anonymous statistical information about how you use the orderswift Systems (including how long you spend on the orderswift Systems) and where you have come to the orderswift Systems from, so that we can improve the orderswift Systems and learn which parts of the orderswift Systems are most popular with visitors; and
- gather information about the pages on the orderswift Systems that you visit, and also other information about other websites that you visit, so as to place you in a "market segment". This information is only collected by reference to the IP address that you are using but does include information about the county and city you are in, together with the name of your internet service provider. This information is then used to place interestbased advertisements on the orderswift Systems which it is believed will be relevant to your market segment. For more information about this type of interest based advertising, and about how to turn this feature off please visit www.youronlinechoices.co.uk
Some of the cookies used by the orderswift Systems are set by us, and some are set by third parties who are delivering services on our behalf.
Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note, however, that by blocking or deleting cookies used on the orderswift Systems, you may not be able to take full advantage of the orderswift Systems.
In addition to cookies, tracking pixels may be set by us or third parties in respect of your use of the orderswift Systems. Tracking pixels are small image files within the content of the orderswift Systems or the body of our newsletters so we or third parties can understand which parts of the orderswift Systems are visited and whether particular content is of interest.
Uses made of your information
We will use the information you provide to:
- enable us and the restaurants that use our Platform to process your food orders and take payment and provide you with any other services and information offered through the orderswift Systems and which you request;
- remember your details;
- verify and carry out financial transactions in relation to payments that are made online;
- share your details and order with the restaurant with which you have placed your order. The restaurants use of that data will be subject to the restaurants own privacy policy;
- audit the downloading of data from the orderswift Systems;
- improve the layout and/or content of the pages of the orderswift Systems and customise them for users;• identify visitors to the orderswift Systems;
- carry out research on our users' demographics and tracking of sales data;
- send you information we think you may find useful or which you have requested from us, including information about our products and services or those of carefully selected third parties, provided you have indicated that you do not object to being contacted for these purposes;
- allow, with your consent, carefully selected third parties to send you information directly which you may find useful regarding their products and services.
You can tell us not to contact you with information regarding our products and services or those of third parties or to share your details with third parties so that they can send you information regarding their products and services, either at the point such information is collected on the orderswift Systems (by checking or un-checking (as directed) the relevant box) or, where you do not wish us to continue to use your information in this way, by following the unsubscribe instructions on any communications sent to you. You can also exercise the right at any time by contacting us using the Contacting us details at the end of this privacy policy.
Information sharing
We may disclose aggregate statistics about visitors to the orderswift Systems, customers and sales in order to describe our services to prospective partners, advertisers, sponsors and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information. We will disclose your personal information to the restaurants from whom you ordered food. We will with your permission share your personal information with other restaurants who use our Platform.
We may disclose your personal information to any of our affiliates, or to our agents or contractors who assist us in providing the services we offer through the orderswift Systems, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in other tasks, from time to time. Our agents and contractors will only use your information to the extent necessary to perform their functions. In the event that we undergo re-organisation or are sold to a third party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third party.
We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber crime or to protect the orderswift Systems or the rights, property or personal safety of any person.
Accountability and Record-Keeping
The Company’s Data Protection Officer is Candice Mast, Candice.mast@mastassociates.co. and by telephone on +44 (0) 208 720 6830.
The Data Protection Officer shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, the Company’s other data protection-related policies, and with the GDPR and other applicable data protection legislation.
The Company shall keep written internal records of all personal data collection, holding, and processing, which shall incorporate the following information:
The name and details of the Company, its Data Protection Officer, and any applicable third-party data processors;
The purposes for which the Company collects, holds, and processes personal data;
Details of the categories of personal data collected, held, and processed by the Company, and the categories of data subject to which that personal data relates;
Details of any transfers of personal data to non-EEA countries including all mechanisms and security safeguards;
Details of how long personal data will be retained by the Company (please refer to the Company’s Data Retention Policy); and
Detailed descriptions of all technical and organisational measures taken by the Company to ensure the security of personal data.
Restaurants and External links
We are not responsible for the privacy policies or the content of any restaurants who use the Platform or any external sites to which we may link from the Site.
Payment processing
Payment details you provide will be encrypted using secure sockets layer (SSL) technology before they are transmitted to us over the internet. Payments made through the orderswift System are made through our PCI compliant payment gateway provider, Stripe. You will be providing credit or debit card information directly to Stripe which operates a secure server to process payment details, encrypting your credit/debit card information and authorising payment. Information which you supply to Stripe is not within our control and is subject to Stripe's own privacy policy and terms and conditions.
Security
We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the orderswift Systems whilst it is in transit over the internet and any such submission is at your own risk.
It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.
Storage of your information
Information that you submit via the orderswift Systems will only be stored for as long as we legitimately need it or as required by the law. This information is sent to and stored on secure servers located in the United Kingdom. This is necessary in order to process the information. Information submitted by you may be transferred by us to our other offices and/or to the third parties mentioned in the circumstances described above (see Information sharing), which may be situated outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA. The countries concerned may not have similar data protection laws to the EEA. Where we transfer your information, we will take all reasonable steps to ensure that your privacy rights continue to be protected.
Data Breach Notification
All personal data breaches must be reported immediately to the Company’s Data Protection Officer.
If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
In the event that a personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the Data Protection Officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.
Data breach notifications shall include the following information:
- The categories and approximate number of data subjects concerned;
- The categories and approximate number of personal data records concerned;
- The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);
- The likely consequences of the breach;
- Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.
Your rights
Data Subject Access
Data subjects may make subject access requests (“SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why.
Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
All SARs received shall be handled by the Company’s Data Protection Officer.
The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
Contacting us
Please submit any questions, concerns or comments you have about this privacy policy or any requests concerning your personal data by email to support@orderswift.com.