Privacy Policy
This privacy privacy policy (together
with our terms and conditions www.Flyt.co.uk/poweredby/citypubs/termsofuse.html)
provides information on how Flyt Limited (referred to in this notice as "Flyt",
"we" or "us") uses personal data relating to users
(referred to in this policy as "you") of the Flyt application (the
"Application") or any Flyt website ("Website") and related
services and website (together referred to in this policy as the
"Services").
Please read this privacy policy
carefully to understand our practices regarding your personal data and how we
will treat it.
This notice is version 1.1 and was last
updated on 26th January 2016.
1. Who
are we?
2. What
personal data do we collect and why?
a:
Registration details
If you install the Application or
access the Website, you will be asked to provide us with certain registration
information in order to create a CPC profile and receive the related Services.
Registration information may include:
Your registration information may be
used to perform our obligations under the contract with you for the Services,
in particular to:
Your
registration information may also be used by us for our legitimate business
interests of promoting our business and services to users and developing new
products and services, in particular:
b:
Device and Technical Information
We may collect information about the
device you use to download the Application or access the Website, including,
where available, the device's unique device identifiers, operating system and
mobile network information, for system administration purposes in connection
with our contract with you. We may also collect information about the computer
you use to visit the Website, including session data and your IP address for
our legitimate business purposes of system administration, business analysis
and customer service. We may associate this kind of device information with the
registration information referred to in the sections above for our legitimate
business interests of providing customer services and system administration
purposes and will treat the combined information as personal data in accordance
with this policy for as long as it is combined.
c: Your
payment card details
In order to pay a venue bill using the
Application or open a bar tab, you will need to input credit or debit card
details. Payment processing services are provided by third parties, including
VeriFone, CyberSource and Adyen, who are subject to strict compliance with the
PCI DSS rules. The Application or Website will transfer payment details
directly from VeriFone, CyberSource, Adyen or other PCI compliant verified
payment processing companies to the venue's point of sale system. By inputting
payment card details, you are consenting to use of such details by these third
party payment providers, the venue and us for the purpose of paying your bill
and processing your payment.
The use of your payment card details by
third party payment providers and the venue is not governed by this privacy
policy and will be governed by the third party payment providers and the
venue's own terms of use and privacy policy. We recommend that you access and
review any such terms and policies prior to providing your payment card details.
Your card details will be securely
stored by PCI compliant third party payment providers (including Verifone,
CyberSource and Adyen) for ease of use in future transactions using the
Application or Website. However, your CSC/CVV number is not stored and must be
entered each time you use a card for authentication. CPC does not have access
to your card details nor does it store your card details on its systems,
although it holds a payment processing 'token' which retains some of the card
number digits only. This enables you to identify the appropriate card in future
transactions and on your payment receipt. You may remove payment card details
from the Application or Website at any time by contacting us using the details
at paragraph 13.
d: Your
venue visits
In order to pay a venue bill using the
Application or to open a bar tab, you will need to type in the code for your
table or other methods of interaction, which will link your Application to the
bill within the relevant venue's point of sale or 'POS' system. The details of
your bill will be used to deliver the Services and generate your payment
receipt in relation to your order. We use this for the purpose of performing
the contract with you.
We may also collect POS data relating
to your venue visits or orders placed online via the Website, including:
We may use POS data for
the purpose of performing the contract with you in relation to the first bullet
point below, for our legitimate interests of delivering service improvements in
relation to the second bullet point below, with your consent in relation to the
third bullet point below and for our legitimate interests in expanding the
services we offer in relation to the fourth bullet point below the following purposes:
We collect POS data through the
Application, the Website and directly from the venue's point of sale system. We
may also collect additional data relating to your venue visits and the
surrounding areas, for example:
This additional data is used for
analysis and statistical purposes (see further below).
e:
Contacting us or visiting our website
If you contact us (via email, webform,
telephone, post or otherwise), we may collect and retain your contact details
and your communication for the purpose of handling and responding to your
query, keeping records of communications and improving our customer services. This is used for our
legitimate business purposes of responding to your queries and record keeping
which is necessary for the provision of quality assurance and customer
services.
f:
Geolocation
With your opt-in permission, we may
also collect information about your geo-location through the Application to
enable us to provide location based services and tailor the offers/promotions
you receive through the Application.
g: Log
Information
When you use the Application or
Website, we may also automatically collect and store certain information in our
server logs to get a better understanding of how people use the Application and
Website, for system administration purposes in connection with our contracts
with you, and, for our legitimate business interests, to ensure we provide a
good user experience and customer service. This type of information includes
"clickstream" data (i.e. information about when, how, and what parts
of the Application or Website you use), viewed and exit pages as well as date
or time stamps.
h:
Contacts
The Application allows you to contact
friends via SMS, Twitter, Facebook or Google Plus to invite them to try the
Application. In order to use this feature, you must select the option which
allows the Application to access your mobile phone contacts or Twitter,
Facebook or Google Plus account (as applicable) and your contacts listed within
that account. Please only use this feature to send an invitation to a friend
who you know would be happy to receive one. We do not collect or process this
information unless a friend accepts the invitation and registers to use the
Application or Services in which case he or she becomes a user.
i:
Analysis and statistics
We may use the data we collect about
you, on an anonymous basis only, for analysis and statistical purposes, for
example to analyse how many users are visiting or ordering from particular
venues at particular times, food preferences, and the characteristics of such
users, for example their age or gender.
Statistics and results of analysis
(anonymised and without reference to your personal data) may be shared with our
selected partners, including partner restaurants and their suppliers for our and
our partners’ legitimate business interests for the purpose of improving the
customer experience within restaurants.
In the course of providing telephone support to you in your use of the
Application or Services, we or our service providers may record the calls for
quality assurance purposes. This is in
our legitimate interests for the purposes of quality assurance and customer
services. Any data collected in this way
will be retained for a period of 3 months, after which it will be deleted.
3.
Cookies and similar technologies
Our Websites use cookies and similar
technologies. For more information, please see our cookie policy, which is
available from the Websites or via www.Flyt.io/cookies.
4. Other
use of your personal data
We may also use your personal data for
our legitimate interests for the purposes of:
5.
Disclosure of your personal data to other parties
We may share statistics and results of
analysis with selected third parties as described in paragraph 2.j above.
We may also disclose your personal data for the purposes outlined in paragraph
4 above to third parties, including:
We may also share your information with
other selected third parties, including: strategic business partners, in
connection with the purposes described in this privacy policy; advertisers and
advertising networks that require the data to select and serve relevant adverts
to you and others; and analytics and search engine providers that assist us in
the improvement and optimisation of the Website.
6.
Storage and security of your personal data
Your personal data is stored in
electronic and physical records maintained by us and/or our service providers (such as point of sale providers, payment gateways,
payment processors, IT support and MailChimp). Whilst we are based in the
UK, our service providers may have servers located overseas, where the laws may
not give the same level of protection to personal data as within the UK. Our
data centre, where are servers are located, and our support provider is located
in Europe but some of our POS providers and payment gateways and payment
providers are located outside the EEA. We have agreements in place with these
service providers which limit their use of the data and place strict security
obligations on the service providers with respect to how your data is
used. In addition, where the service
providers are based outside of the EEA, we rely on approved mechanisms such as
Privacy Shield or the model contracts approved by the European Commission to
provide safeguards for you. By submitting your personal data to us, you consent
to the transfer, storing and processing of your personal data in countries
outside of the UK (including countries located outside of the European Economic
Area ("EEA").
Whenever we transfer your personal data
outside of the EEA, we will take all steps reasonably necessary to ensure that
your data is treated securely and in accordance with this privacy policy.
7.
Passcodes and security
If you create a user ID, a passcode or
any other authentication information as part of our security procedures, you
must treat such information as confidential. You must not disclose it to anyone
else and must take appropriate steps to keep your information secure by not
using an obvious login name and ensuring that you keep your passcode
confidential and change it regularly. If you know or suspect that anyone other
than you, or anyone authorised by you, knows your user ID, passcode or any
other authentication information, you must promptly notify us using the contact
details below. You are entirely responsible for all activities that occur
through use of your user ID, even if another person was using your account at
the relevant time. We are not responsible for any losses or liabilities arising
out of or in connection with any unauthorised use of the Application or
Website.
Unfortunately, the transmission of
information via the internet is not completely secure. Although we will do our
best to protect your personal data, we cannot guarantee the security of your
data transmitted via the Application or Website; any transmission is at your
own risk. Once we have received your information, we will use appropriate security measures which aim
to prevent your personal data from being accidentally lost, used or accessed in
an unauthorised way, altered or disclosed. In addition, we limit access to your
personal data to those employees, agents, contractors and other third parties
who have a business need to know. They will only process your personal data on
our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal
with any suspected personal data breach and will notify you and any applicable
regulator of a breach where we are legally required to do so.
8.
Marketing
As mentioned above, where you consent, we
may also use your personal data to provide you with information about our
products and services, which may be of interest to you. If you do not want us
to use your information in this way at any time, we will give you the
opportunity to opt-out of receiving any such marketing communications in each
marketing communication that we send to you. Please note that if you opt out
from receiving marketing communications, we may still contact you about service-related
issues, such as where we make any changes to the Application or Website, or the
terms of this policy.
9. Third
party sites and services
Your use of the Application will also
be subject to the privacy policies of any app store provider and/or operator
("App Store Provider") from whom you have downloaded the
Application ("App Store Policies"). The Application and
Website may also contain links to other third party websites and services
including through advertising and social media tools and widgets such as those
provided by Facebook and Twitter ("Third Party Sites and Services").
The links to these Third Party Sites and Services are provided for your
convenience only. Your use of the Third Party Sites and Services will be
governed by their terms and conditions and privacy policies (if any) ("Third
Party Terms"). It is your responsibility to read the Third Party
Terms. You acknowledge that we have no control over the Third Party Sites and
Services and are not responsible for them.
10.
Removal of your details
You may request removal of your live
profile at any time by sending an email to us at appsupport@citypubcompany.com.
We may however retain certain aspects
of your profile and other personal details for the purposes of maintaining
records of our dealings with you, analysis and statistics.
We may remove your profile in
accordance with clause 2(e)(iii) of our terms and conditions, including in the
circumstances where you breach our terms or have not used our Services for a
substantial period of time.
Any call recordings for IT support purposes will be deleted after 3
months.
We will not keep your personal data for longer than we need it. We will
keep under review the retention periods outlined above and change them as
necessary.
11. Your
rights
You have a right to request a copy of
the personal data we hold about you. If
you would like to access a copy of any personal data which we hold about you,
please send a request by email or by post using the contact details in
paragraph 13 below. We try to
respond to legitimate requests within one month. Occasionally it may take us longer than a
month if your request is particularly complex or you have made a number of
requests. In this case we will notify
you and keep you updated.
You have the right, in certain
circumstances, to object to us processing your personal data or to request that
your personal data is corrected or deleted or that our processing of your data
is restricted. Please contact us to discuss this as required.
In addition, where our processing is
based on your consent, you have the right to withdraw consent at any time.
Where you have provided us with any
data, such as a profile picture, you have the right for that to be provided to
you in a standard format which we reasonably determine.
You also the right to complain to the
data supervisory authority if you are unhappy with our processing of your
personal data. The data supervisory
authority in the UK is the Information Commissioner’s Office at www.ico.org.uk.
12.
Changes to our privacy policy
We may change this policy at any time.
Your continued access or use of the Application or Website after such a change
signifies your acceptance of the updated or modified policy. We may email
registered users about any material changes to the policy and we may notify you
of a change to this policy when you next start the Application or access the
Website. The new policy may be displayed on-screen via the Application or
Website and you may be required to agree to it to continue your use of the Application
or Website. The date this policy was last updated appears at the top of this
document.
13.
Queries
If you have any queries in relation to
the processing of your personal data by CPC, please contact us: