Privacy Policy | Centerplate

The Data Controller is Centerplate UK Limited (company number 04242557) with its registered office being at One Southampton Row, London, England, WC1B 5HA with VAT number GB561 2290 61.

Centerplate UK Ltd (“We”) are committed to protecting and respecting your privacy.

This policy together with our terms of use set out the basis on which any personal data We collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Centerplate UK Limited is a subsidiary of  Centerplate Inc which is based in the USA, and is part of an international group of companies. Our overall parent Company Sodexo SA was founded in 1966 in France and is now the worldwide leader in quality of life services. We provide on-site services, benefits and rewards services and personal and home services to many clients to improve quality of life.  Your personal data will be shared with Sodexo Ltd in the UK, which provides marketing support to us.  We don’t routinely share Personal Data between our other group companies, including in the USA  and we’ve set out more details about when we do in the section titled “Disclosure of your Information”.

You can find out more about us by visiting our website and searching under the other locations tab.

The email for our local Data Protection contact is
and our Group Data Protection Officer contact is

We’ve set out below the data we may collect from you and how and why we use it.

Obtained From Personal Data Purpose and Legal Grounds
Directly (from webforms/calls/emails) or from a provider/previous provider of the service. Identity Data includes name, username or similar identifier Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention customer service, statistical analysis and marketing including segmenting.
Directly (from webforms/calls/emails) or from a provider/previous provider of the service Contact Data includes billing and delivery address, email address and telephone numbers. Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention, customer service, statistical analysis and marketing including segmenting.
Directly (from webforms/calls) Financial Data includes bank account and payment card details. Carry out the service provided by us or a client of ours- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests recovering payments and keeping accounting records and fraud prevention.
Directly (from webforms/calls from the person booking the event) or from a provider (previous provider) of the service Transaction Data includes details about payments to and from you and other details of products and services you have purchased or enquired about from us or vice versa. This will include details about delivery of services, such as dietary requirements for catering events. Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention customer service, statistical analysis and marketing including segmenting.
Directly from use of website Technical Data includes IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website. Carry out the service provided by us or a client of ours- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, security, fraud prevention and marketing and to ensure that content from our site is presented in the most effective manner for you and for your computer.

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.

Directly (from webforms/calls/bookings information) and inferred from the information provided Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses Provide service (steps to enter contract or perform contract), legal obligation, our legitimate interests of running and improving our business, customer experience security, fraud prevention, statistical analysis and marketing including segmenting.
Directly (from websites) Usage Data includes information about how you use our website, products and services. Our legitimate interests of running and improving our business, marketing, security and fraud prevention.
Directly (from webforms/calls/letters/emails) or from a previous provider of the service and where applicable third parties providing preference services checks, entering a competition and surveys, publicity photos and recordings at venues Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences Provide service (steps to enter contract or perform contract), legal obligation, our legitimate interests of running and improving our business, marketing and security, or for electronic marketing to individuals contact is by consent. Necessary for our legitimate interests (to develop our products/services and grow our business).
Contact data from publicly identifiable sources ( such as companies house, Linked in, electoral register, IP look up)
data matching , including meta data.
Name, work email and other contact details, meta data, IP ( or equivalent device address identifier) , preferences Our legitimate interests of running and improving our business,  statistical analysis, marketing including segmenting, customer experience and security and fraud prevention. Necessary for our legitimate interests to develop our products/services and grow our business.

Contract and providing a Service 

This means things like

  • To carry out our obligations arising from any contracts entered into between you and us, or a third party we are fulfilling a contract for.  For example, sometimes we provide services for a corporate client for users of their service.
  • Allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service or that we have taken over a service/business.
  • To register you as a new customer.
  • To process and deliver your order or otherwise provide the service. This could include things like details of dietary requirements for guests if we are catering an event or assistance requirements for guests attending events.
  • To manage your relationship with us.

Legal Obligations

This is things like keeping records for tax purposes and complying with statutory requirements when providing services to customers.

Legitimate Interests

This means things like running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, health and safety or security requirements such as managing CCTV. Where we manage CCTV on site a separate policy will set out details regards the CCTV used.

It can also mean enabling you to participate in a prize draw, competition or complete a survey. Studying how customers use our products and services to develop our business. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). For example, we may market an event to individuals who live near a venue based on the geographical data we hold about them. We only send electronic direct marketing communications to individuals if they have consented to us doing so.

IP addresses and cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to us or our partners. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.

They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so allow us to customise our site according to your individual interests.
  • To speed up your searches.
  • To recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

Find out more about our use of cookies

Technical Data may be obtained from the following parties analytics providers such as Google based outside the UK and EEA.

Where We store your personal data

The data that We collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where We have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once We have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Disclosure of your information

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1162 of the UK Companies Act 2006.  This information is not routinely shared save for when marketing support is provided by Sodexo Ltd. It may be shared for the provision of joint services, for example IT support, legal advice, debt recovery , or HR support. It may also be shared for statistical analysis. Where appropriate a data sharing agreement is put in place. In the unusual circumstance that personal data could be shared with a Group Company outside UK/EEA standard EU contractual clauses will be applied.

We may disclose your personal information to third parties:

  • If We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Centerplate UK Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Sodexo Limited and/or its subsidiary and associated companies, our customers, or others or to assist with regulatory or criminal investigations. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • To fulfil a contract, for example where details have to be shared with a venue that has been booked, or where we provide onsite client services.

Your rights

Sodexo is committed to ensuring the protection of your rights under applicable laws. You will find below a table summarizing your different rights:

Right To Access and Rectification You can request access to your personal data. You may also request rectification of inaccurate personal data, or to have incomplete personal data completed.
You can request any available information as to the source of the personal data and you may also request a copy of your personal data being processed by Sodexo.
Right to be forgotten Your right to be forgotten entitles you to request the erasure of your personal data in cases where:
(i)    the data is no longer necessary;
(ii)    you choose to withdraw your consent;
(iii)    you object to the processing of your personal data by automated means using technical specifications;
(iv)    your personal data has been unlawfully processed;
(v)    there is a legal obligation to erase your personal data;
(vi)    erasure is required to ensure compliance with applicable laws.
Right to restriction of processing You may request that processing of your personal data be restricted in the cases where:
(i)    you contest the accuracy of the personal data;
(ii)    Sodexo no longer needs the personal data, for the purposes of the processing;
(iii)    you have objected to processing for legitimate reasons.
Right to data portability You can request, where applicable, the portability of your personal data that you have provided to Sodexo, in a structured, commonly used, and machine-readable format and you have the right to transmit this data to another controller without hindrance from Sodexo where:
(a)    the processing of your personal data is based on consent or on a contract; and
(b)    the processing is carried out by automated means.
You can also request that your personal data be transmitted to a third party of your choice (where technically feasible).
Right to object to processing including direct marketing You can object to us using your Personal Data for direct marketing.  You can also contact us to object to how we are using your Personal Data for any other reason but we may not have to stop using it for this purpose.
Right to withdraw consent If we process your personal data based on your consent, you can withdraw your consent at any time.
Right not to be subject to automated decisions You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect upon you or significantly affects you. You have the right to object to processing including direct marketing.
Right to lodge a complaint You can choose to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages.

You have also the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence.  The supervisory authority for ROI is the Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, D02 RD28

and for the UK is the Information Commissioner (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You can use this form to make a request.

This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust and after making the request you will be sent details about how to log on.

Alternatively, you can also send your request by email to, in writing to 310 Broadway, Salford, M50 2UE or by calling Sodexo PeopleCentre on 0845 603 3644 and asking for DSAR team. The team will liaise with you about how you to contact you about your request and receive information.  Please note that it is usually necessary to arrange a telephone appointment to discuss your request once it has been made.

If you wish to unsubscribe to marketing emails communications, you can also do so by using the unsubscribe function on the email.
You can also raise queries or complaints to the UK and Ireland Data Protection Special Point of Contact, by email to or by post to 310 Broadway, Salford, M50 2UE

Queries and complaints can be escalated to the Group Data Protection Officer, by email to

Our site may, from time to time, contain links, plug-ins or applications to and from the websites of our group companies, partner networks, advertisers and affiliates. If you follow a link to any of these websites or enable these connections, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We use third party tool plugs on social media applications. For example, we use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any third -party organisations. We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it as an enquiry or a complaint. We may use social media posts about us. We also use Facebook Insights and Twitter Analytics to monitor page performance.

Storage limitation

We keep personal data for as long as necessary for the purposes for which it is processed.  This will usually be six months longer than the statutory limitation period for bringing claims or as required by applicable law.

Changes to our privacy policy

Any changes We may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.


Questions, comments and requests regarding this privacy policy are welcomed and should be emailed to or to our Group Data Protection Officer at

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.