Privacy Policy

Privacy
Policy

The www.roadchef.com website (the “Website”) is operated by Roadchef Ltd, company registration number 01713437 and the registered office of which is at Roadchef House, Norton Canes MSA, Betty’s Lane, Norton Canes, Cannock, Staffordshire WS11 9UX (“We”, “Us” or “Roadchef”).

We take your privacy very seriously and we ask that you read this privacy policy carefully as it contains important information on: the personal information we collect about you, what we do with your information, and who your information might be shared with.

Who we are

Roadchef are a “data controller” for the purposes of the UK GDPR, i.e. we are responsible for, and control the processing of, your personal information).

What information we collect

Personal information

We may collect personal information about you (such as your name, address, telephone number, payment card details etc.) when you use our Website, register with us or purchase goods from us. We may also collect personal information when you contact us, send us feedback or post material to the Website.

We may also collect information that your browser sends us whenever you visit our Website. This data may include information such as your computer’s IP address, browser type, browser version, the pages of our Website that you visit and other statistics relating to your use of the Website. This information may be collected in conjunction with third party services such as Google Analytics.

Personal information provided by third parties

We may receive information about you from a third-party source. We will only accept that information if we have evidence that you have consented for the personal information to be passed to us or it is passed pursuant to another legal basis under the UK GDPR.

Personal information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can: give consent on his/her behalf to the processing of his/her personal data; receive on his/her behalf any data protection notices; and give consent to the transfer of his/her personal data abroad.

Sensitive personal information

It is very unlikely that we will ask you to provide sensitive personal information. If we request such information, we will explain why we are requesting it and how we intend to use it.

Sensitive personal information includes information relating to your ethnic origin, your political opinions, your religious beliefs, whether you belong to a trade union, your physical or mental health or condition, your sexual life, and whether you have committed a criminal offence.

Children’s personal information

If you are under 16 years of age, please get your parent or guardian’s permission to provide any personal information to us.

Monitoring and recording communications

We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of performing the services we offer to our clients, quality assurance, training, fraud prevention and regulatory compliance.

Use of cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our Website.

Roadchef uses Cookies on its website. Necessary Cookies are essential for the operation of this site, for example, to ensure the pages of the website display correctly. The Roadchef website will not operate properly without these cookies. As a result, we recommend you keep them on. Analytical cookies help us improve the usability and layout of the site by collecting and reporting information on how you use it. These can be switched off using our site or your browsers settings.

You can set your browser not to accept cookies and remove cookies from your browser. However, some of our Website features may not function as a result. For further information on cookies generally visit  www.aboutcookies.org or www.allaboutcookies.org.

How will we use the information about you?

We collect information about you so that we can: identify you and manage any accounts you hold with us; process your order or carry out obligations arising from any contract(s) entered into between you and us; conduct research, statistical analysis and behavioural analysis; assess your suitability for employment with us (where applicable); if you agree, let you know about other products or services that may be of interest to you—see 'Marketing’ section below; detect and prevent fraud; customise our Website and its content to your particular preferences; notify you of any changes to our Website or to our services that may affect you; carry out security vetting; and improve our services and notify you about changes to these services.

Rest assured we will only collect and process your personal data where we have a lawful basis to do so. We may process your personal data if you have provided explicit consent for us to do so, if it is pursuant to or in anticipation of a contract between us, if we have a legal obligation to do so, or where we have a legitimate interest to process it that does not materially impact your rights, freedoms or interests.

Marketing

Only where you have provided us with specific, informed and unambiguous consent shall we provide you with marketing materials by the mechanism(s) you have consented to (e.g. email). We will only provide you with marketing materials relating to features that you have explicitly consented to.

If you have consented to receive marketing from us, you can opt out at any time. See 'What rights do you have?’ below for further information.

Who your information might be shared with

We may disclose your personal data to: our service providers pursuant to strict data processing agreements that protect your personal data to the same or higher standards than we treat it; law enforcement agencies in connection with any investigation to help prevent unlawful activity; and a court of law or regulator where we are under a duty to disclose or share your personal data in order to comply with a legal or regulatory obligation.

Rest assured that we will never pass your information to a third party outside of the categories above without your explicit consent.

Where we pass your personal data to our service providers, we only do so pursuant to strict data processing agreements that protect your data to the same or higher standards than we treat it.

Keeping your data secure

We will use technical and organisational measures to safeguard your personal data, for example: access to your account is controlled by a password and username that are unique to you; we store your personal data on secure servers; and payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology). Where we provide you with a username and a password in order to access a Roadchef system that contains your personal data, it is your responsibility to ensure these details are kept securely to prevent unauthorised access to your account.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).

Our Website may contain links to other websites of our partners, suppliers, advertisers or other approved third parties. If you follow a link to any of these websites, please note that these websites have (or should have) their own privacy policies. We do not accept any responsibility or liability for these policies or the way in which your personal data may be treated by these third parties. We recommend you check the privacy policy of any third party before you submit any personal data to their website.

Transfers of your information out of the UK

Roadchef’s business operates within the UK. We process and store all personal data of our customers on servers located within the UK. Countries outside of the UK have differing data protection laws, some of which may provide lower levels of protection of privacy. It is sometimes necessary for us to transfer personal data to countries located outside the UK for the purpose of providing services to you. Rest assured that in such cases, we will rely on an adequacy decision relating to the country of transfer (pursuant to Article 45 of the UK GDPR), an appropriate safeguard or specific exemption to ensure the privacy of your personal data.

How long do we hold your data for?

We only keep your personal data as long as necessary for the purpose for which it was obtained. After that period, we either: (1) anonymise the data if we still wish to use it for analytical purposes, or (2) pseudonymise the data if believe in good faith that we may need to process the data in the future for a legitimate purpose, or in all other cases (3) delete it completely from our servers.

What rights do you have?

Right to ask what information we hold

You can make a request to understand what information which we hold relating to you (this is often referred to as a subject access request). You are entitled to a description of the information we hold, the purposes for which it is being processed and details of who has been and will be allowed to see the information. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and let us know if you would like a copy of any of the information. Where you would like a copy of some information we may hold relating to you, please be as specific as possible as to what information you would like to see (please see Time Extensions, Charging and Refusals section below). We will acknowledge receipt of your request and will respond within thirty (30) days.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and let us know the information that is incorrect and what it should be replaced with. We will acknowledge receipt of your request and will respond within thirty (30) days.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and let us know what method of contact you are not happy with (for example, you may be happy for us to contact you by email but not by telephone). We will acknowledge receipt of your request and will respond within thirty (30) days.

Right to erasure

You can request that we delete all personal data relating to you free of charge. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and provide us with the justification for the erasure request (e.g. you are withdrawing your consent, you no longer believe that we should be processing the personal data for the original purpose for which it was obtained, the personal data is being unlawfully processed, there is a legal reason for erasure etc.). We will acknowledge receipt of your request and will respond within thirty (30) days. Where there is no reason why we may need to retain your personal data, we will erase it as per your request within the thirty (30) day period. Where there is a reason that we have to retain your personal data, e.g. a legal obligation on us, we will inform you of this reason within the thirty (30) day period.

Right to Restrict Processing

You can request that we restrict processing of some of your personal data. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and provide us with details of what personal data you would like us to restrict the processing of (e.g. you may want us to stop processing your personal data in respect of email marketing, but you may want to remain a member of a loyalty scheme). We will acknowledge receipt of your request and will respond within thirty (30) days. If we agree to restrict the processing of the personal data before the thirty (30) day period, we will inform you as soon as we have put in place the restriction.

Right to Object

You can object to us processing any of your personal data. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and provide us with details of what personal data you object to us processing. We will acknowledge receipt of your request and will respond within thirty (30) days.

Right to Data Portability

You can request that we provide some or all of your personal data we hold to a third party free of charge. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and provide us with sufficient details of the third-party entity to which you would like your data transferred. We will acknowledge receipt of your request and will provide your personal information to the third-party entity in a commonly used machine-readable format within thirty (30) days providing you have provided us with sufficient information to do so.

Rights relating to automated decision making and profiling

We use software that automatically processes personal data for us. We ensure that processing using this software is fair and we implement all appropriate technical and organisational measures to ensure inaccuracies are minimised. If you are concerned about the use of such software, you have the right to ask for more details about the processing and request that we stop using the software to process your data. If you would like to do this, please make a request (see ‘Making a request and proof of identity’ below) and provide us with details of your concerns and the categories of personal data you believe are being processed by automated software. We will acknowledge receipt of your request and will respond within thirty (30) days. Please note that if the automated processing is necessary for the performance of a contract between you and us, if you request that the software is no longer used to process your data, we may not be able to provide you with services any more.

Making a request and proof of identity

If you would like to make one of the Data Subject Requests above, please take the following steps. Use the online form here. Alternatively, you can contact us by email or by writing to us (see ‘How can you contact us?’ below). Provide us with proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice). If you have used the online form, you can upload your proof of identity at the same place. If you are emailing or writing to us, please send it with your request otherwise a response to your request may be delayed or withheld.

Right to complain to the supervisory authority

If you are unhappy with the way in which we have dealt with a request you have made or you feel that we are not complying with this Privacy Policy in any way, you have the right to complain to the supervisory authority in the country in which you live. The supervisory authority in England and Wales is the Information Commissioners Office and details of how to contact them are available on their website: www.ico.org.uk.

Time Extensions, Charging and Refusals

We reserve the right to extend the time period to respond to any of the requests listed above by up to sixty (60) days where a request is complex or a large number of requests are made. If we fail to respond to you by the deadline we set, you have a right to complain to the supervisory authority or seek a judicial remedy (see – ‘Right to complain to the supervisory authority’ above). As a general rule, we do not charge a fee for responding to any of the Subject Access Requests above. However, where a request is excessive or repetitive, we are entitled to charge a fee reflecting the administration costs of identifying, amending, erasing and or providing copies of the information (as applicable). We may also refuse a request where there are legitimate reasons to do so. Examples include where a request is manifestly unfounded, excessive or repetitive, or where Roadchef may be required to process personal data in order to comply with a legal obligation.

How to contact us

Please contact us via data.protection@roadchef.com or write to us at Roadchef House, Norton Canes MSA, Betty’s Lane, Norton Canes, Cannock, Staffordshire WS11 9UX. If you have any questions about this privacy policy or the information we hold about you, we will be delighted to assist.

Changes to the privacy policy

We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access the Website.