1.0 PURPOSE OF THE PROCESSING AND THE LEGAL BASIS FOR THE PROCESSING

In order for Mustcard Limited to fulfil its contractual and customer obligations, there is a requirement to collect specific personally identifiable information relating to our customers. There are a couple of legal bases for the processing of such personally identifiable information. If you sign up on our website or one of our landing pages, then personal information is processed on the basis that we have a legitimate interest in doing so. For marketing communications, if you are an existing member we use the legitimate interest of provide marketing communications. However, you will always have the option of unsubscribing from these emails. If you are a new customer, you will be required to provide consent by checking an ‘opt in’ box. If you do you will always have the option to unsubscribe to marketing. If you do not you will only receive transactional emails and emails that you are required to be made aware of (e.g. updates to terms, privacy policy etc) In other cases (for example, receiving employee benefits) we will be processing your personal information using the lawful basis of fulfilling a contract with the third party benefit provider or the employer

2.0 LEGITIMATE INTERESTS OF MUSTCARD OR THIRD PARTY

Mustcard Limited have a legitimate interest in further processing the information which is provided by customers at the point of sale for marketing purposes.

We may also use your information for other specific legitimate purposes such as:

• To ensure that content from our site is presented in the most effective manner for you and for your computer.
• To provide you with information, products or services that you request from us or which we feel may interest you, where you have either explicitly consented to or we believe you have a legitimate interest in.
• To carry out our obligations arising from any contracts entered into between you and us.
• To allow you to participate in interactive features of our service, when you choose to do so.
• To notify you about changes to our service.

We do not sell, rent or lease customer lists to third parties. We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, we may share data with trusted partners to help us perform affiliate marketing, statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.

If you are an existing customer, we will only contact you by electronic means (e-mail, SMS, Push, Phone) or post with information about goods and services similar to those which were the subject of a previous sale to you.

3.0 INFORMATION WE COLLECT FROM YOU

We may collect and process the following data about you:

• Information that you provide by filling in forms on one of our sites (www.tastecard.co.uk, www.gourmetsociety.co.uk or www.hi-life.co.uk) such as;
• User name and password – If we collect a user name and password, this is so we can keep your information secure and so that we can have your information to hand each time you visit us
• Name, address and postcode – Without this we won’t know where to send your order or to whom, we also use postcodes to quickly get your full address to save you typing it out and in some cases to identify whether we deliver or offer services in your area. If you have location services enabled on your smart device we may also use this to recommend restaurants / applicable services in within the area you are in.
• Email address – We send confirmation of your orders via email and will send you informational messages as well as offers which may interest you.
• Telephone numbers – If there are any problems with your order or we need to check anything, we need to be able to contact you quickly.
• Date of Birth – We may request this to verify your age.
• If you contact us, we may keep a record of that correspondence.
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
• Details of your visits to our site and the resources that you access.
• App usage data – including location services.
• Details of the restaurant you’ve visited when using your dining club card and how you dined – including your savings.

4.0 RECIPIENTS OF THE PERSONAL DATA

Mustcard Limited are required to transfer the personal information provided by its customers to third parties in order to fulfil contractual obligations. The following are categories of recipients that customer information could be transferred to:

• Data Centres – This is so we can store your data securely
• Fulfilment Houses – To allow us to fulfil and send you a physical card if you have ordered one.
• External IT Providers – To provide disaster recovery and back up services
• Payment Providers – To process your payment securely

All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

5.0 RETENTION PERIOD

Mustcard Limited retain all customer information for 5 years after they last interacted with us. Where there has been a period of 5 years after the end of membership and where has been no interaction between the organisation and the customer within this time, their information is erased and securely disposed of.

6.0 RIGHTS OF DATA SUBJECTS

As a Data Subject (individual) which Mustcard Limited process information on behalf of, you have the right to withdraw consent from our marketing at any given time. You can exercise the right at any time by contacting us at tillie@themustcard.com. However, we will still be required to notify you of changes to the privacy policy, terms and conditions and any other legal requirement.

You have the right to make a Subject Access Request to Mustcard Limited’s Data Protection Officer in the event that you wish to determine what information we hold on you. We welcome these requests and aim to respond within 72 working hours of receipt.

You have the right to request your data to be erased. This can be done by contacting tillie@themustcard.com. Please bear in mind this is not an absolute right and there maybe instances where we cannot completely erase your data (e.g. When the personal data is required for the exercise of legal claims), if an exception does come up this will be discussed with you when you make the request.

You have the right to rectification. If you notice that any of your details are incorrect please contact the customer service team who will be more than happy to rectify this. We will also send transactional reminders to request that you notify us of any changes to your personal data so that we can keep your data up to date.

You have the right to portability. This is where you would like to transfer your data to another organisation. To request this, please contact tillie@themustcard.com. We will provide this within a structured CSV file for you to provide to a third party.

You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office in the UK), should you feel that we have not handled your information in line with legislative and regulatory requirements.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

7.0 AUTOMATED DECISION MAKING, INCLUDING PROFILING & INFORMATION ABOUT HOW DECISIONS ARE MADE, THE SIGNIFICANCE OF THE CONSEQUENCES

We use location services through both our applications and websites in order for us to tailor our marketing material to your specific behaviour and activities, e.g. the types of restaurants which you regularly visit. We use email monitoring services to monitor the emails which we send to users. In doing this, we obtain information such as but not limited to:

• Time of receipt
• Time of opening
• Device user to open
• Location it was opened in
• Savings made
• Which parts of the email you interacted with

We use systems that enable us to link your social media accounts to your account if registered with the same email address. This enables us to tailor our promotions and products as best as possible.

Where you have provided us with a mobile number, we may market to you using SMS and Push notification interactions.

8.0 COOKIE POLICY

To enable our systems to recognise your device and to provide features to you, we use cookies. For more information about cookies and how we use them, please read our Cookie Policy.

9.0 MARKETING COMMUNICATIONS

We regularly send out email communication to keep you up to date with all the latest discounts and offers from Mustcard brands and our chosen partners. If you wish to unsubscribe from these emails you can do so at any time by simply clicking either of the links in the header or footer and you will be removed from all promotional emails. Please note that even if you decide not to subscribe to, or to unsubscribe, from promotional email messages, we may still need to contact you with important transactional information related to your account and your purchases. For example, even if you have unsubscribed from our promotional email messages, we will still send you confirmations when you make purchases on the Site or provide updates to the privacy policy.

10.0 CHANGE TO OUR PRIVACY POLICY

We may change this Privacy Policy from time to time.

If we make significant changes in the way we treat your personal information, or to the Privacy Policy, we will make that clear on our websites or by email, so that you are able to review the changes.

In the event that you wish to alter your Privacy settings or opt-out, you are able to do this by emailing our Data Protection Officer at tillie@themustcard.com

11.0 CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should either be emailed to tillie@theustcard.com or addressed to Mustcard Limited, 48 Longdene Road, Haslemere, Surrey, GU27 2PQ.