The Data Controller is Sodexo Limited of One Southampton Row, London WC1B 5HA.
Sodexo Limited (“We”) are committed to protecting and respecting your privacy.
Sodexo Limited is part of an international group of companies. Our parent company Sodexo SA was founded in 1966 in France and is now the worldwide leader in quality of life services. We provide on-site services, benefits and rewards services and personal and home services to many clients to improve quality of life. We don’t routinely share Personal Data between our group companies and we’ve set out more details about when we do in the section titled “Disclosure of your Information”
To find out more about us visit our website http://atthebotanics.co.uk/.
How we may collect data from you and how and why we use it.
|Obtained from||Personal Data||Purpose and legal ground|
|Directly (from webforms/calls/emails) or from a provider/previous provider of the service.||Identity Data includes name, username or similar identifier.||Carry out the service provided by us or a client of ours/previous provider – steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention customer service, statistical analysis and marketing including segmenting.|
|Directly (from webforms/calls/emails) or from a provider/previous provider of the service||Contact Data includes billing and delivery address, email address and telephone numbers.||Carry out the service provided by us or a client of ours/previous provider – steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention customer service, statistical analysis and marketing including segmenting.|
|Directly (from webforms/calls)||Financial Data includes bank account and payment card details.||Carry out the service provided by us or a client of ours – steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests recovering payments and keeping accounting records and fraud prevention.|
|Directly (from webforms/calls from the person booking the event) or from a provider (previous provider) of the service||Transaction Data includes details about payments to and from you and other details of products and services you have purchased or enquired about from us or vice versa. This will include details about delivery of services, such as dietary requirements for catering events.||Carry out the service provided by us or a client of ours/previous provider – steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention customer service, statistical analysis and marketing including segmenting.|
|Directly from use of website||Technical Data includes IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.||Carry out the service provided by us or a client of ours – steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, security, fraud prevention and marketing. To ensure that content from our site is presented in the most effective manner for you and for your computer. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.|
|Directly (from webforms/calls/bookings information) and inferred from the information provided||Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.||Provide service (steps to enter contract or perform contract), legal obligation, our legitimate interests of running and improving our business, customer experience security, fraud prevention, statistical analysis and marketing including segmenting.|
|Directly (from websites)||Usage Data includes information about how you use our website, products and services.||Our legitimate interests of running and improving our business, marketing, security and fraud prevention.|
|Directly (from webforms/calls/letters/emails) or from a previous provider of the service and where applicable third parties providing preference services checks, entering a competition and surveys||Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.||rovide service (steps to enter contract or perform contract), legal obligation, our legitimate interests of running and improving our business, marketing and security, or for electronic marketing to individuals contact is by consent. Necessary for our legitimate interests (to develop our products/services and grow our business).|
|Contact data from publicly identifiable sources (such as companies house, Linked in, electoral register, IP look up) data matching, including meta data.||Name, work email and other contact details, meta data, IP (or equivalent device address identifier), preferences.||Our legitimate interests of running and improving our business, statistical analysis, marketing including segmenting, customer experience and security and fraud prevention. Necessary for our legitimate interests to develop our products/services and grow our business.|
Explanation of the purposes which we may use your personal data
Contract and providing services
This means things like:
- Carrying out our obligations arising from any contracts entered into between you and us, or a third party we are fulfilling a contract for. For example, sometimes we provide services for a corporate client for users of their service etc.
- Allowing you to participate in interactive features of our service, when you choose to do so.
- Notifying you about changes to our service or that we have taken over a service/business.
- Registering you as a new customer.
- Processing and delivering your order, or otherwise providing the service. This could include things like details of dietary requirements for guests if we are catering an event or assistance requirements for guests attending events.
- Managing your relationship with us.
This is things like keeping records for tax purposes and complying with statutory requirements when providing services to consumers.
This means things like running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, health and safety or security requirements such as managing CCTV. Where we manage CCTV on site a separate policy will set out details regards the CCTV used.
It can also mean enabling you to participate in a prize draw, competition or complete a survey. Studying how customers use our products and services to develop our business. We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). For example, we may market an event to individuals who live near a venue based on the geographical data we hold about them. We only send electronic direct marketing communications to individuals if they have consented to us doing so.
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to us or our partners. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where We have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once We have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Disclosure of your information
We may disclose your personal information to any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1162 of the UK Companies Act 2006. This information is not routinely shared. It may be shared for the provision of joint services, for example IT support, Legal advice, debt recovery or HR support. It may also be shared for statistical analysis. Where appropriate a data sharing agreement is put in place. In the unusual circumstance that personal data could be shared with a Sodexo group company outside UK/EEA, standard EU contractual clauses will be applied.
We may disclose your personal information to third parties:
- If We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Sodexo Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- To fulfil a contract, for example where details have to be shared with a venue that has been booked, or where we provide onsite client services.
We are committed to ensure protection of your rights under applicable laws. You will find below a table summarising your different rights:
|Right of access||You can request access to your personal data. You may also request rectification of inaccurate personal data, or to have incomplete personal data completed.
You can request any available information as to the source of the personal data and you may also request a copy of your personal data being processed by us.
|Right to be forgotten||Your right to be forgotten entitles you to request the erasure of your personal data in cases where:
(i) the data is no longer necessary;
(ii) you choose to withdraw your consent;
(iii) you object to the processing of your personal data by automated means using technical specifications;
(iv) your personal data has been unlawfully processed;
(v) there is a legal obligation to erase your personal data;
(vi) erasure is required to ensure compliance with applicable laws.
|Right to restriction of processing||You may request that processing of your personal data be restricted in the cases where:
(i) you contest the accuracy of the personal data;
(ii) We no longer needs the personal data, for the purposes of the processing;
(iii) you have objected to processing for legitimate reasons.
Right to data portability You can request, where applicable, the portability of your personal data that you have provided to us, in a structured, commonly used, and machine-readable format and you have the right to transmit this data to another Controller without hindrance from us where:
(a) the processing of your personal data is based on consent or on a contract; and
(b) the processing is carried out by automated means.
You can also request that your personal data be transmitted to a third party of your choice (where technically feasible).
|Right to object to processing including direct marketing||You can object to us using your Personal Data for direct marketing. You can also contact us to object to how we are using your Personal Data for any other reason but we may not have to stop using it for this purpose.|
|Right to withdraw consent||If We process your personal data on the basis of your consent, you can withdraw your consent at any time.|
|Right not to be subject to automated decisions||You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you. You have the right to object to processing including direct marketing.|
|Right to lodge a complaint||You can choose to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. You have also the right to lodge your complaint before the courts where We have an establishment or where you have your habitual residence.|
This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust and after making the request you will be sent details about how to log on.
Alternatively, you can also send your request by email to DSAR.UKandIE@sodexo.com, in writing to 310 Broadway, Salford, M50 2UE or by calling Sodexo’s PeopleCentre on 0845 603 3644 and asking for DSAR team. The team will liaise with you about how you to contact you about your request and receive information. Please note that it is usually necessary to arrange a telephone appointment to discuss your request once it has been made.
If you wish to unsubscribe to marketing emails communications, you can also do so by using the unsubscribe function on the email.
Our site may, from time to time, contain links, plug-ins or applications to and from the websites of our group companies, partner networks, advertisers and affiliates. If you follow a link to any of these websites or enable these connections, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Storage limitation and accuracy
We will keep Personal Data that is processed accurate and, where necessary, up to date. We only keep Personal Data for as long as necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements and, where required for us to assert or defend against legal claims, until approximately 6 months after the end of any relevant legal limitation period. If you want to learn more about our specific retention periods for your Personal Data established in our retention policy you may contact us at DataProtection.UKandIE@sodexo.com. Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable and regulations.
Security of your personal data
We implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful alteration or loss, or from unauthorised, use, disclosure or access, in accordance with our Group Information and Systems Security Policy.
We take, when appropriate, all reasonable measures based on privacy by design and privacy by default principles to implement the necessary safeguards and protect the Processing of Personal Data. We also carry out, depending on the level of risk raised by the processing, a Privacy impact assessment (“PIA”) to adopt appropriate safeguards and ensure the protection of the Personal Data. We also provide additional security safeguards for data considered to be Sensitive Personal Data.
European data protection law does not allow the transfer of Personal Data to third countries outside EEA that do not ensure an adequate level of data protection. Some of the third countries in which We operate outside EEA do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of protection for individuals’ data privacy rights.
For transfers of your Personal Data to such countries, either to entities within or outside our company, We have put in place an adequate safeguard to protect your Personal Data. You will be provided with more information about any transfer of your Personal Data outside of EEA at the time of the collection of your Personal Data through appropriate privacy statements.
For further information, including obtaining a copy of the documents used to protect your information, please contact us at Data.Protection.UKandIE@sodexo.com.
Google Analytics and social media
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
We use third party tool plugs on social media applications. For example, We use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any third -party organisations. We see all this information and decide how We manage it. For example, if you send a message via social media that needs a response from us, We may process it as an enquiry or a complaint. We may use social media posts about us. We also use Facebook Insights and Twitter Analytics to monitor page performance.