PRIVACY POLICY
COVID-19 UPDATE – 10 APRIL 2021
Recording customer details: how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer of Café des Fleurs you will be asked to provide some basic information and contact details. The following information will be collected:
- the names of all customers or visitors
- a contact phone number for each customer or visitor
- date of visit and arrival time and departure time
The establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).
We will require you to complete a form on arrival.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk.
In charge of data protection duties at this establishment – Lucy Forrester, Proprietor 01797 227894
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page on www.cafedesfleurs.co.uk. This privacy notice was last updated on 10 April 2021.
Privacy Notice – Effective Date: 25 May 2018
Introduction
Cafe Des Fleurs and its subsidiaries and affiliates are committed to safeguarding the privacy and personal information of our customers and business partners. This Privacy Notice explains how we may collect, use, process, share, and store personal information about you, including through designated third-party service providers, and the choices that are available to you regarding this information.
Please read this Privacy Notice carefully to understand our views and practices regarding your personal information and how we will treat it.
In addition to information kept in hardcopy, this Privacy Notice also applies to Company-related websites, online applications that run on smart phones, tablets, mobile devices (“apps”), and other online services that we offer which link to this Privacy Notice. Please note also that our websites may contain links to other websites.
What information do we process?
Only information you give to us
We collect information about you when you hire us to work digitally or practically on your behalf, when you purchase our services and/or remit payment for services. We also collect information about you using cookies if you interact with us via phone, social media, websites, or apps.
The types of information that you may give us vary depending on the specific entity with which you are doing business and/or the particular services requested. For example, you may have – used Cafe Des Fleurs to place an order or to contact us regarding a wedding or funeral.
The information you may give us could include categories such as, but not limited to, your name, work or personal address, e-mail address, phone number, date of birth, gender, passwords to your accounts, as well as customer data, payment data, employee data and/or website user data. Cookies and website usage. We will never hold nor ask for data that is not absolutely essential for the services you have requested.
Our websites use cookies to distinguish you from other users of our websites. This helps us to improve the functionality and content of the websites, including keeping our websites and records safe and secure, and to facilitate usage by you.
Please note that our websites are not intended for children under 13 years of age, and we do not knowingly solicit data online from, or market online to, children under 13 years of age.
Where we have given you (or where you have chosen) a password to access certain parts of websites, including those created for control of your property i.e. your own account you may have with Cafe Des Fleurs, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Nor will we share any password information with any third party other than those possessing the signature on our mutual contract – signed at the commencement of our work for you.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to/from our website — any transmission is at your own risk.
Information we receive from other sources
We may receive information about you if you use any of the other websites we control via third parties or the other services we provide. We also work closely with third parties and may receive information about you from them.
Our information about you may solely come via a third party, we use large collections of customer data to market our own and our clients businesses digitally. This generally consists of large quantities of customer data in the form of mailing lists, social media followers and website sign ups. We ensure wherever possible that all our data from third parties has been obtained in compliance with GDPR Legislation.
How do we use the information about you?
We use your information to provide you with information, process orders for services that you request from us, and administer or otherwise carry out our obligations in relation to any agreement you have with us. Cafe Des Fleurs retains your information for the period necessary to serve a legitimate purpose or as required by law.
We may also use this information to provide you with information about goods or services we feel may interest you, to record statistics which relate directly to your or any of our clients company or services via cookies, google analytics, mail chimp and social media.
If at any time you wish us to stop using your information for any the above purposes, please contact us via our website. We will stop the use of your information for such purposes as soon as it is reasonably possible to do so.
You are able to request and exercise your right to be forgotten at anytime, and all data will be deleted within 30 days. Please note this may infringe upon any on going work.
How do we share your information?
Your information is shared between Cafe Des Fleurs and our web team, Rockpool Creative. We will never share your information with third parties without your prior consent. These third parties will not use your personal information for any other purposes than what we have agreed to with them, and you, and we request those third parties to implement adequate levels of protection in order to safeguard your personal information.
While the information is under our control, Cafe Des Fleurs seeks to ensure that your personal information receives adequate protection, including seeking to ensure that it is kept secure and used only in accordance with our instructions and for legitimate purposes.
In the event we go through a business transition, such as a merger, acquisition of another company, or sale of part or all of our assets, we may disclose your personal information to third parties and your personal data held may be among one of the assets transferred.
We may also automatically collect non-personal information about you such as the type of internet browsers you use or the website from which you linked to our website or those of our clients. We may also aggregate details which you have submitted to us. You cannot be identified from this information and it is only used to assist us in providing effective services, including in connection with our website or those of our customers.
Finally, we may be under a duty to disclose or share your personal information for various other reasons, such as to comply with a legal obligation; to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Cafe Des Fleurs, our customers, or others. This could include, for example, exchanging information with a law enforcement agency or regulator; or with companies and organisations for the purposes of fraud protection and credit risk reduction.
Potential rights under the GDPR
Under the EU General Data Protection Regulation (“GDPR”), if you are a citizen or resident of an EU country or Switzerland, you may have certain rights regarding your personal information:
• Right to access information maintained about you;
• Right to ensure your data is accurate and complete;
• Right to erasure, or the right to be forgotten;
• Right to restriction or suppression of personal data;
• Right to data portability;
• Right to withdraw consent if consent was previously provided; and
• Right to raise a complaint to the Information Commissioner’s Office.
If you are eligible to invoke one of the rights listed above and wish to do so, you may contact us as part of a subject access request using the details found below. Please note that we may not always be able to fulfil your request as there may be legitimate purposes, such as certain legal or statutory obligations, that require us to retain your information as stored or if we believe the change would cause the information to be incorrect.
Updates to our Privacy Notice
As appropriate, we may make changes to this Privacy Notice that will be posted online and, where appropriate, be sent to you by e-mail. Please check back frequently to remain aware of any updates or changes to this Privacy Notice