Frequently Asked Questions Background

Privacy Information


HGEM Ltd ("We") are committed to protecting and respecting your privacy.

This policy (together with our Cookie Policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We are committed to safeguarding the privacy of our website visitors and service users. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

HGEM Ltd of Kings Court, Parsonage Lane, Bath, BA1 1ER, United Kingdom is the Data Controller for the purpose of the General Data Protection Regulation (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and any successor legislation to the GDPR or the Data Protection Act 1998.
You can contact us by emailing privacy@hgem.com.


1 What is Personal Data?

Personal Data” means any information relating to an identified or identifiable natural person, known as a “data subject”, who can be identified directly or indirectly. It may include names, addresses, email addresses, telephone numbers, IP addresses, location data and other similar information. It may also include “special categories of personal data” such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union memberships, genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a natural person’s sex life or sexual orientation.


2 The information we collect from you and how we collect it

We will collect and process the following Personal Data about you:

2.1 Information you give us

This is information about you that you give us by filling in forms on our site www.mysterydining.net (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register your interest, apply to be a Mystery Guest, correspond with us and if you report a problem with our site. The information you give us may include your name, address, e-mail address, phone number, gender, date of birth and bank details.

2.2 Information we collect about you

With regard to each of your visits to our site we will automatically collect the following information:

Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.


3 Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use, the purposes for which we use them, and how you can disable them, please see our Cookie Policy.


4 Uses made of the information

In this section we have set out:
• The general categories of Personal Data that we may process;
• The purposes for which we may process that Personal Data; and
• The legal basis for the processing of that Personal Data.

Service Data – we may process your Personal Data that is provided in the course of the use of our services. The Service Data may include your name, email address, telephone number, and occupation. The Service Data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases, notifying you about changes to our service, marketing our services to you and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Where we are processing Personal Data for the purpose of marketing our current or future products or services to you, the basis for this is consent.

Enquiry Data - we may process information contained in any enquiry you submit to us regarding services. The Enquiry Data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Where we are processing Personal Data for the purpose of marketing our current or future products or services to you, the basis for this is consent.

Transaction Data - we may process information relating to transactions, including purchases of goods and services that you enter into with us and/or through our website and for making payment of any services that you provide to us. The Transaction Data may include your contact details and your card details or invoicing details. The Transaction Data may be processed for the purpose of supplying the purchased goods and services or making payment to you for the services you have provided and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.

Correspondence Data - we may process information contained in or relating to any communication that you send to us. The Correspondence Data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The Correspondence Data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.

Usage Data - we may process data about your use of our website and services. The Usage Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the Usage Data is our analytics tracking system. This Usage Data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services, troubleshooting and as part of our efforts to keep our site safe and secure. Please see our Cookie Policy for further information on this.

In addition to the specific purposes for which we may process your Personal Data set out above, we may also process any of your Personal Data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.


5 Disclosure of your information

We may share your Personal Data with:

5.1 Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, insofar as is reasonably necessary for the purposes set out in this policy.

5.2 Our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance cover, managing risks, obtaining advice and managing legal disputes.

5.3 Our business partners, third party suppliers and sub-contractors for the performance of any contract we enter into with them or you;

5.4 analytics and search engine providers that assist us in the improvement and optimisation of our site;

5.5 any prospective buyer of our business or assets, or any prospective seller of another business or business assets that we are interested in buying.

We may transfer your Personal Data to a third party to process on our behalf in countries outside of the European Economic Area (EEA) in accordance with the purposes set out above. Such countries do not have the same data protection laws as the UK or EEA. If this is the case, we will ensure that your privacy rights are adequately protected by appropriate technical, organisational and contractual means and any such transfer is made in compliance with the GDPR (or any national implementing law) requirements for external transfer. Please contact us by emailing privacy@hgem.com if you would like further details of the safeguards we have in place.

In addition to the specific disclosures of Personal Data set out in this Section 5, we may also disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.


6 Where we store your personal data

The hosting facilities for our website are situated in London.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


7 Your rights

In this section we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summary.

Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:
• the right to access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to object to processing;
• the right to data portability;
• the right to complain to a supervisory authority; and
• the right to withdraw consent.

You have the right to request information as to whether or not we process your Personal Data and, where we do, access to the Personal Data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Data concerned and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Provision of such information will be subject to you supplying us with appropriate evidence of your identity.

You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by unsubscribing at any time. You can also exercise the right at any time by contacting us at privacy@hgem.com. We do not share your Personal Data with third parties for marketing purposes.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.


8 Retention and deletion of Data

This section sets out our data retention procedure, which is designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of Personal Data.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We may keep an anonymised form of your Personal Data, which no longer refers to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

We will retain your Personal Data indefinitely whilst you are actively completing mystery dining assignments for us. When you stop completing mystery dining assignments, we will retain some restricted Personal Data in order to respond to any requests, support or defend any claims, and provide evidence of financial transactions in accordance with statutory retention periods. Personal Data not required for these purposes will be deleted.

Notwithstanding the other provisions of this section, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.


Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.


Contact

Questions, comments and requests regarding this privacy policy should be addressed to privacy@hgem.com.