Last updated: 15 July 2019
Applicable for all service users.
WaiterX is committed to protecting your personal information and being clear and transparent. This privacy statement provides information about the personal information that WaiterX Limited collects, and the ways in which WaiterX processes that personal information.
1. Who We Are.
WaiterX Limited, or/and the brand name “WaiterX”, refers to WaiterX Limited (“WaiterX”, “We”, “Us”, “Our”), a company registered in England (10691166).
If you need to contact us, you can:
- Email email@example.com;
- Send your correspondence to our registered office:
WaiterX Limited, Faraday Wharf,
Innovation Birmingham Campus,
Birmingham, B7 4BB.
WaiterX Limited is registered with the Information Commissioner's Office under registration reference ZA298845.
While everyone at WaiterX is committed to respecting and protecting your privacy, we have a Data Protection Officer responsible for data compliance and confidentiality. If you have any questions, comments or concerns regarding your data, please email the Data Protection Officer: firstname.lastname@example.org.
2. Data We Collect.
Whenever you interact with a digital service provided by WaiterX, or use a WaiterX service within the WeChat platform or wider ecosystem, or otherwise interact with the WaiterX sites or services, we may collect, use, transfer, share, process and store the following information (summarised in the table below):
2.1. Aggregate Service Data
Aggregate Service Data is collected from your use of the WaiterX services and is not classified as personally identifiable information. It comprises statistical, demographic and usage data in aggregate form – meaning that you cannot be identified, directly or indirectly. We collect, use, transfer, share, process and store this data for any purpose, but primarily to understand customer engagement with a particular service or offering (for example, understanding what the most popular restaurant in a specific location is, or how many people from a specific province order a specific item).
2.2. Special Categories of Personal Data
WaiterX does not collect any "Special Categories of Personal Data" (including details about your race, ethnicity, religion, sexual orientation, political opinions, and membership of any union, your personal health, criminal convictions and biometric data).
2.3 Information Related to Children
This website and the WaiterX suite of services are not intended for use by children and we do not knowingly collect data relating to children. If you become aware that your child (under 16) has provided their personal information to us, without your consent, please let us know as soon as possible by emailing email@example.com that we can take appropriate action.
3. How We Collect It.
There are three main ways you allow us collect this data: you can provide it to WaiterX directly (for example, when you are filling in a web form subscribing to our services); we can collect it indirectly (for example, recording your IP when you visit our site, or when you create something on our servers); and, when provided by publicly available or third party data (for example, data analytics providers).
3.1. Directly Provided by You
You may provide us with Identity, Contact, Profile, Financial, or Marketing & Communications data each time you interact with the WaiterX website or one or all of the WaiterX digital services. This can include the personal data you provide when you:
- Register your interest;
- Apply to any of the WaiterX services;
- Create or access an account on our site;
- Subscribe to any of our services;
- Subscribe, download or share any of our publications;
- Request marketing or promotional media;
- Provide us with feedback;
- Contact us in any way.
3.2. Indirectly Collected by Us
3.3. Publicly Available or Third-Party
WaiterX connects with a variety of stakeholders and organisations across the hospitality, catering, tourism and food service industries. We may receive your personal data from a variety of third parties and public sources which may or may not operate within the EU. These include (but are not limited to):
- Tour operators;
- Travel agents;
- Promotional organisations;
- Student associations;
- WeChat (and other companies within the Tencent group);
- Data brokers or aggregators;
- Data analytics providers;
- Payment gateway services;
- Publicly available databases.
4. How We Use It.
We will use your personal data when it is necessary to do so. In all cases, we will only use your data as and when permitted by law. In the case of marketing communications, we will obtain your consent before sending third party direct marketing communications to you via post, email, text message or phone call. You have the right to withdraw consent to marketing at any time by contacting us.
4.1. Our lawful basis
We must have a lawful basis by which to store, process, share and otherwise use your personal data. We may process your personal data under multiple lawful bases depending on the specific purpose for which we are using your data. In the interest of transparency, the table below outlines the specific ways WaiterX uses your personal information and other data you may provide to us. Generally, we use your personal information in the following circumstances:
- Where you have consented for us to do so;
- When it is necessary to perform the contract we have entered into with you (or, are about to enter into with you);
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with our legal obligation.
5. Data Security, Retention, and Storage & Disclosure
WaiterX Limited is registered with the Information Commissioner's Office under registration reference ZA298845. This section details the security we have in place to protect your personal information, our data retention policy, information on how and where we store your personal data, and information on disclosure.
5.1. Data Security
WaiterX is a digital technology services company and has implemented appropriate security measures to prevent your personal data from being accessed, used or shared in an unauthorised way, altered, lost or otherwise disclosed. Moreover, we limit access to those employees, agents, contractors and other authorised third parties who have a business need to know your personal information, only processing your personal information under our instructions and with a duty of confidentiality. We have implemented procedures to respond to and mitigate any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5.2. Data Retention
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Your personal data is retained by us for as long as is reasonably necessary to fulfil the purposes we collected it for. In some circumstances you can ask us to delete your data by contacting firstname.lastname@example.org. In some circumstances we will anonymise your personal information so that it can no longer be associated with you. Thereafter, this anonymised data shall only be used for research and statistical analyses, in which case we may use the anonymised data indefinitely without further notice to you.
We may retain your personal information for a longer period in the event of a complaint made by or against you, and only if the information we hold could reasonably be expected to be used in any potential or subsequent legal proceedings. We may also be required to retain your personal information for the purposes of satisfying any accounting, tax, regulatory, legal or reporting obligations.
5.3. Data Storage
WaiterX will store all the information you provide to it on its secure servers within UK or EEA. In the course of your engagement and interaction with the services, the personal information that we may directly or indirectly collect may be shared with and stored by our partner organisations, sub-contractors or other service providers in a destination outside the European Economic Area (“EEA”), and accordingly, may also be processed by staff operating outside the EEA who work for us or for one of our service providers. Staff operating in a destination outside the EEA may be engaged in, among other things, facilitating the provision of the services by processing your payment details, retrieving information to troubleshoot or answer your queries, and in providing customer support. By using the WaiterX services and by submitting your personal information, you agree to this transfer, storing, processing and retrieval.
- WeChat (and other companies within the Tencent group);
- Restaurant and food service partners;
- Hotel and hospitality service partners;
- Tourism and tour agent partners;
- Advertising networks and marketing partners;
- Suppliers and subcontractors (to ensure performance of any contract we have with you);
- IT service providers;
- Other business-related external third parties.
A non-exhaustive list of events which may trigger a disclosure of your personal information is provided below:
- WaiterX buys or sells any business or assets (we may disclose your personal information to the prospective seller or buyer of such business or assets);
- All or a substantial amount of our assets is acquired by a third party (personal information held by WaiterX regarding its customers may be one of the transferred assets);
- WaiterX is compelled to disclose or share your personal information in order to comply with any legal obligation;
- In the application of our Terms of Service;
- To protect ensure the safety of our stakeholders and to protect our rights and property, including trademarks and intellectual property.
5.5. Our Relationship with Partner Organisations
6. Your Rights
You have various rights in relation to your personal information. Under the General Data Protection Regulation, you have the right to:
- Access your personal data by making a subjective access request;
- Rectification, erasure or restriction of your information where this is justified;
- Object to the processing of your information where this is justified.
You can find further information on your data protection rights from the Information Commissioner’s Office (the “ICO”) at www.ico.org.uk or any other supervisory authority.
6.1. Your right to complain
If you are unhappy with the way we handled your personal information or any privacy query or request you have raised with us you also have a right to complain to a data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen. A list of national data protection authorities can be found here.
6.2.Removal of your personal information
You may request removal of your personal information at any time by writing this request in an email to us. Please send your request to us at email@example.com. We may however retain certain aspects of your profile and other personal details for the purposes of maintaining records of our dealings with you, i.e. analysis and statistics. We may remove your personal information in accordance with our terms of service, including in circumstances where you breach our terms or have not used our services for a substantial period of time.
We may modify or amend this privacy statement from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the end of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.