The Data Controller is Centerplate UK Limited (company number 04242557) with its registered office being at One Southampton Row, London, England, WC1B 5HA with VAT number GB561 2290 61.
Centerplate UK Ltd (“We”) are committed to protecting and respecting your privacy.
Centerplate UK Limited is a subsidiary of Centerplate Inc which is based in the USA, and is part of an international group of companies. Our overall parent Company Sodexo SA was founded in 1966 in France and is now the worldwide leader in quality of life services. We provide on-site services, benefits and rewards services and personal and home services to many clients to improve quality of life. Your personal data will be shared with Sodexo Ltd in the UK, which provides marketing support to us. We don’t routinely share Personal Data between our other group companies, including in the USA and we’ve set out more details about when we do in the section titled “Disclosure of your Information”.
You can find out more about us by visiting our website uk.sodexo.com/home and searching under the other locations tab.
We’ve set out below the data we may collect from you and how and why we use it.
|Obtained From||Personal Data||Purpose and Legal Grounds|
|Directly (from webforms/calls/emails) or from a provider/previous provider of the service.||Identity Data includes name, username or similar identifier||Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention customer service, statistical analysis and marketing including segmenting.|
|Directly (from webforms/calls/emails) or from a provider/previous provider of the service||Contact Data includes billing and delivery address, email address and telephone numbers.||Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention, customer service, statistical analysis and marketing including segmenting.|
|Directly (from webforms/calls)||Financial Data includes bank account and payment card details.||Carry out the service provided by us or a client of ours- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests recovering payments and keeping accounting records and fraud prevention.|
|Directly (from webforms/calls from the person booking the event) or from a provider (previous provider) of the service||Transaction Data includes details about payments to and from you and other details of products and services you have purchased or enquired about from us or vice versa. This will include details about delivery of services, such as dietary requirements for catering events.||Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, recovering payments, security, health and safety, fraud prevention customer service, statistical analysis and marketing including segmenting.|
|Directly from use of website||Technical Data includes IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.||Carry out the service provided by us or a client of ours- steps to enter contract or perform/fulfil the contract, legal obligation, our legitimate interests of running and improving our business, security, fraud prevention and marketing and to ensure that content from our site is presented in the most effective manner for you and for your computer.
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
|Directly (from webforms/calls/bookings information) and inferred from the information provided||Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses||Provide service (steps to enter contract or perform contract), legal obligation, our legitimate interests of running and improving our business, customer experience security, fraud prevention, statistical analysis and marketing including segmenting.|
|Directly (from websites)||Usage Data includes information about how you use our website, products and services.||Our legitimate interests of running and improving our business, marketing, security and fraud prevention.|
|Directly (from webforms/calls/letters/emails) or from a previous provider of the service and where applicable third parties providing preference services checks, entering a competition and surveys, publicity photos and recordings at venues||Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences||Provide service (steps to enter contract or perform contract), legal obligation, our legitimate interests of running and improving our business, marketing and security, or for electronic marketing to individuals contact is by consent. Necessary for our legitimate interests (to develop our products/services and grow our business).|
|Contact data from publicly identifiable sources ( such as companies house, Linked in, electoral register, IP look up)
data matching , including meta data.
|Name, work email and other contact details, meta data, IP ( or equivalent device address identifier) , preferences||Our legitimate interests of running and improving our business, statistical analysis, marketing including segmenting, customer experience and security and fraud prevention. Necessary for our legitimate interests to develop our products/services and grow our business.|
Contract and providing a Service
This means things like
- To carry out our obligations arising from any contracts entered into between you and us, or a third party we are fulfilling a contract for. For example, sometimes we provide services for a corporate client for users of their service.
- Allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service or that we have taken over a service/business.
- To register you as a new customer.
- To process and deliver your order or otherwise provide the service. This could include things like details of dietary requirements for guests if we are catering an event or assistance requirements for guests attending events.
- To manage your relationship with us.
This is things like keeping records for tax purposes and complying with statutory requirements when providing services to customers.
This means things like running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, health and safety or security requirements such as managing CCTV. Where we manage CCTV on site a separate policy will set out details regards the CCTV used.
It can also mean enabling you to participate in a prize draw, competition or complete a survey. Studying how customers use our products and services to develop our business. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). For example, we may market an event to individuals who live near a venue based on the geographical data we hold about them. We only send electronic direct marketing communications to individuals if they have consented to us doing so.
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to us or our partners. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
Technical Data may be obtained from the following parties analytics providers such as Google based outside the UK and EEA.
Where We store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where We have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once We have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1162 of the UK Companies Act 2006. This information is not routinely shared save for when marketing support is provided by Sodexo Ltd. It may be shared for the provision of joint services, for example IT support, legal advice, debt recovery , or HR support. It may also be shared for statistical analysis. Where appropriate a data sharing agreement is put in place. In the unusual circumstance that personal data could be shared with a Group Company outside UK/EEA standard EU contractual clauses will be applied.
We may disclose your personal information to third parties:
- If We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Centerplate UK Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- To fulfil a contract, for example where details have to be shared with a venue that has been booked, or where we provide onsite client services.
Sodexo is committed to ensuring the protection of your rights under applicable laws. You will find below a table summarizing your different rights:
|Right To Access and Rectification||You can request access to your personal data. You may also request rectification of inaccurate personal data, or to have incomplete personal data completed.
You can request any available information as to the source of the personal data and you may also request a copy of your personal data being processed by Sodexo.
|Right to be forgotten||Your right to be forgotten entitles you to request the erasure of your personal data in cases where:
(i) the data is no longer necessary;
(ii) you choose to withdraw your consent;
(iii) you object to the processing of your personal data by automated means using technical specifications;
(iv) your personal data has been unlawfully processed;
(v) there is a legal obligation to erase your personal data;
(vi) erasure is required to ensure compliance with applicable laws.
|Right to restriction of processing||You may request that processing of your personal data be restricted in the cases where:
(i) you contest the accuracy of the personal data;
(ii) Sodexo no longer needs the personal data, for the purposes of the processing;
(iii) you have objected to processing for legitimate reasons.
|Right to data portability||You can request, where applicable, the portability of your personal data that you have provided to Sodexo, in a structured, commonly used, and machine-readable format and you have the right to transmit this data to another controller without hindrance from Sodexo where:
(a) the processing of your personal data is based on consent or on a contract; and
(b) the processing is carried out by automated means.
You can also request that your personal data be transmitted to a third party of your choice (where technically feasible).
|Right to object to processing including direct marketing||You can object to us using your Personal Data for direct marketing. You can also contact us to object to how we are using your Personal Data for any other reason but we may not have to stop using it for this purpose.|
|Right to withdraw consent||If we process your personal data based on your consent, you can withdraw your consent at any time.|
|Right not to be subject to automated decisions||You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect upon you or significantly affects you. You have the right to object to processing including direct marketing.|
|Right to lodge a complaint||You can choose to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages.
You have also the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence. The supervisory authority for ROI is the Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, D02 RD28 www.dataprotection.ie
and for the UK is the Information Commissioner (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk
This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust and after making the request you will be sent details about how to log on.
Alternatively, you can also send your request by email to DSAR.UKandIE@sodexo.com, in writing to 310 Broadway, Salford, M50 2UE or by calling Sodexo PeopleCentre on 0845 603 3644 and asking for DSAR team. The team will liaise with you about how you to contact you about your request and receive information. Please note that it is usually necessary to arrange a telephone appointment to discuss your request once it has been made.
If you wish to unsubscribe to marketing emails communications, you can also do so by using the unsubscribe function on the email.
You can also raise queries or complaints to the UK and Ireland Data Protection Special Point of Contact, by email to DataProtection.UKandIE@Sodexo.com or by post to 310 Broadway, Salford, M50 2UE
Queries and complaints can be escalated to the Group Data Protection Officer, by email to DPO.Group@Sodexo.com.
Our site may, from time to time, contain links, plug-ins or applications to and from the websites of our group companies, partner networks, advertisers and affiliates. If you follow a link to any of these websites or enable these connections, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We use third party tool plugs on social media applications. For example, we use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any third -party organisations. We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it as an enquiry or a complaint. We may use social media posts about us. We also use Facebook Insights and Twitter Analytics to monitor page performance.
We keep personal data for as long as necessary for the purposes for which it is processed. This will usually be six months longer than the statutory limitation period for bringing claims or as required by applicable law.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.