1. Identity of the Data Controller and Data Protection Officer
Ello Group Limited is the owner of tastecard and Coffee Club (Taste Marketing Limited), gourmet society (Simard Limited) and hi-life (Hi-Life Diners Club Limited). Ello Group are committed to protecting and respecting your privacy whilst remaining compliant with The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). For us to drive compliance, we have a Personal Information Management System which is compliant with BS 10012:2017.
Ello Group could be acting as Data Controller, Joint Controller or Data Processor and have an appointed Data Protection Officer. Ello Group also provide services on behalf of Vue Services Limited and Vue Entertainment Limited (including Vue, and other brands owned by Vue).
This privacy notice was updated September 2023.
For UK residents, questions, comments, and requests regarding this privacy notice are welcomed and should either be emailed to DPO@ellogroup.co.uk or addressed to the Data Protection Officer, Ello Group Limited, Birkby Grange, 85 Birkby Hall Road, Birkby, Huddersfield, HD2 2XB.
If you are a resident of EU, please contact GRCI Law. We have appointed GRCI Law to act as our EU Representative. All requests, questions and comments should either be emailed to email@example.com or addressed to c/o Head of Data Privacy Manager Service for GRCI Law, IT Governance Europe, The Mill, Newton Link Road, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland.
2.0 The type of personal information we collect & the purpose of processing
We currently collect and process the following information to enable us to provide you with information if:
2.1 you have displayed an interest in Ello Group Limited.
2.2 you have displayed an interest in the Vue services.
2.3 you have displayed an interest in a business-to-business partnership.
2.4 you have expressed an interest in joining one of our brands as a venue or chain owner.
2.5 you are completing a job application
If you then decide to do business with Ello Group or secure a role with Ello Group, processing will be necessary for the performance of a contract.
Type of personal information
Purpose of processing
Contact information (Name, email address, postal address, phone number, Social Media profile)
Respond to queries, Recruitment, send updates, verify identity, Lead Generation, Commercial Sales activity
Respond to queries, Lead Generation, Commercial Sales activity
Equal Opportunity, Ethnic Origin & Right to Work in UK
We may also collect.
Type of information
Communication information (comments, posts, feedback, email, chats, calls)
To enable us to improve services, and respond to your queries
To make recommendations about services in your area
IP Addresses (including geographical location)
For system administration, and service improvements
3.0 How we get the personal information and why we have it
Most of the personal information we process is either:
· provided directly by you through interaction with Ello Group website.
· collected through your interaction with us via an external site, where you have shown an interest in Ello Group.
· publicly available information sources, such as Google, or lead generation partners we may work with from time-to-time
Under the General Data Protection Regulation (GDPR) the lawful bases we rely on for processing this information are either:
· We have a legitimate interest.
· We have a contractual obligation.
4.0 Recipients of Personal Data
Ello Group is required to transfer the personal information provided to certain categories of third parties to meet our service obligations. These include:
· CRM systems
· Data centre and warehouses
· Back up providers
· Email communication systems
· Recruitment systems
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet may not be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may disclose your personal information to any member of our group (Ello Group Limited), which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We will not disclose your information to any of the third parties (recipients of personal data) for marketing purposes.
5.0 Details of transfers to third countries and safeguards
Ello Group may work with third parties that require them to store or transfer Personal Data to a third country, controls are in place to ensure that the level of protection is not undermined and that security controls are at a level to commensurate with the type of information being transferred.
We also use an external IT service provider, to assist us with the management of our IT systems and ensuring that our systems are secure. We do not transfer data to this organisation however they will have access to our systems to enable them to complete maintenance and IT support. We also may also provide services using SaaS platforms, which are cloud hosted applications made available to you over the internet.
Where we transfer Personal Data to third countries, we will always ensure that we have the appropriate transfer mechanisms in place. This includes Data Protection Agreements, Standard Contractual Clauses, or International Data Transfer Agreements.
6.0 How we store your personal information
We store your information securely and take all relevant technical and organisational measures required.
Ello Group retain the personal information of job applicants that do not secure a role for 12 months after receiving the information, to allow the recruitment team to identify any other roles which may be beneficial to the applicant.
Client data whereby the data is not that of a natural person is stored no longer than necessary for the task to be performed. Using our basis of legitimate Interest this is to engage with you about our products and services that we think may be of Interest to you.
For all other corporate contacts, where there has been a period of 5 years after the end of our business relationship with no interactions between us, personal information is erased and securely disposed of.
After reaching these retention periods, the personal information is erased and securely disposed of.
7.0 Your Data Protection rights
Under data protection law, you have rights with regards to how a business uses your Personal Data, these rights are not always absolute, and they may not apply in all cases, they include:
Your right of access - You have the right to ask us for copies of your Personal Data.
Your right to rectification - You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your Personal Data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of all or some of your Personal Data in certain circumstances.
Your right to object to automated decision-making including profiling – You have the right to object to decisions made with no human involvement, such as profiling, which use Personal Data to make calculated assumptions about you.
Your right to be informed is fulfilled by providing you with this Privacy Notice.
If you make a request, we have one month to respond to you. There is no fee to pay to exercise your rights in reasonable circumstances. A request may be refused based on exceptional circumstances. For more details you can refer to ICO help and guidance on your rights.
This can be done by emailing DPO@ellogroup.co.uk as a UK resident, or our EU representative as relevant.
For more information on how to submit a request as a UK resident, and the information required, please see the following link from the ICO, on guidance for individuals, Your Rights, ICO. As an EU resident please refer to your own National Supervisory Authorities website.
8.0 Profiling and Automated Decision Making
We may contact you using information collected through your interaction with Ello Group via such sites as LinkedIn, or other Social Media sites.
9.0 Cookies & Tracking
10.0 Marketing Communications
As a Data Subject (individual) which Ello Group process information on behalf of, you have the right to withdraw consent from our marketing at any given time. You can exercise the right at any time by contacting us using the details in the ‘Contact’ section. However, we will still be required to notify you of changes to the privacy notice, terms and conditions and any other legal requirement.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
11.0 CHANGES TO OUR PRIVACY NOTICE
We may change this Privacy Notice from time to time.
If we make significant changes in the way we treat your personal information, or to the Privacy Notice, we will make that clear on our websites or by email, so that you are able to review the changes.
If you wish to alter your Privacy settings or opt-out, you are able to do this by contacting us using the details in the ‘Contact’ section
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at DPO@ellogroup.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk