Privacy Notice

  1. Identity of the Data Controller and Data Protection Officer

    Ello Group Limited is the owner of tastecard and Coffee Club (Taste Marketing Limited), gourmet society (Simard Limited) and hi-life (Hi-Life Diners Club Limited). Ello Group are committed to protecting and respecting your privacy whilst remaining compliant with The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). For us to drive compliance, we have a Personal Information Management System which is compliant with BS 10012:2017.

    Ello Group are the Data Controller and have an appointed Data Protection Officer who can be contacted via email using the below details. For those who are based in the EU you can contact our EU representative whose details are below.

    Ello Group also provide services on behalf of Vue Entertainment Limited (VuePass).

    This privacy notice was updated 5th September 2022.

    For UK residents, questions, comments, and requests regarding this privacy policy are welcomed and should either be emailed to DPO@ellogroup.co.uk or addressed to the Data Protection Officer, Ello Group Limited, Birkby Grange, 85 Birkby Hall Road, Birkby, Huddersfield, HD2 2XB.

    If you are a resident of EU, please contact GRCI Law. We have appointed GRCI Law to act as our EU Representative. All requests, questions and comments should either be emailed to grcilaw@grcilaw.com or addressed to c/o Head of Data Privacy Manager Service for GRCI Law, IT Governance Europe, Third Floor, The Boyne Tower, Bull Ring, Lagavooren, Drogheda, Co. Louth, A92 F682

  2. The type of personal information we collect & the purpose of processing

    We currently collect and process the following information to enable us to provide the service to you, and for general administration:

    Type of personal information Purpose of processing
    Contact information (Name, email address, postal address, phone number) Provide memberships, respond to queries, send updates, verify identity (EG. Terms & condition, Privacy Notice, customer queries)
    Payment information (payment details, billing address) Process payments, and fulfil orders
    Shipping Address Send products to you Company information As part of provision of services on behalf of an employer, third-party benefit provider or reward provider
    Unique identifiers (username, account number, password) To verify your identity and provide access to a product or service
    Preference Information (order history, membership usage, marketing preferences) Provide updates with regards to your use of the product, and products that may be of interest

    We may also collect:

    Type of information Purpose
    Communication information (comments, posts, feedback, email, chats, calls) To enable us to improve services, and respond to your queries
    Location information To make recommendations about services in your area
    IP Addresses (including geographical location) For system administration, and service improvements
    *Date of Birth (in certain contractual circumstances) Validate eligibility for products or services
  3. How we get the personal information and why we have it

    Most of the personal information we process is provided to us directly by you through our mobile app(s), our website(s) or one of our landing pages, for the one of following reason(s):

    • to provide and administer a membership,
    • to provide access to a product,
    • to provide and administer a service to you.

    We may also receive personal information indirectly, from the following sources in the following scenarios:

    • your employer, to provide a membership to you
    • a third-party benefit provider, to provide a membership to you
    • a reward provider, to provide a membership to you

    How we use that information is detailed in section 2.0 The type of personal information we collect & the purpose of processing.

    Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are either:

    • Your consent. You can remove your consent to marketing communications at any time by unsubscribing.
    • We have a contractual obligation.
    • We have a legitimate interest.
  4. Recipients of Personal Data

    Ello Group is required to transfer the personal information provided by its customers to third parties to fulfil contractual obligations. The following link provides information on data recipients who we use to allow us to provide the service we offer. The document will explain which processors work on which brand and what safeguards we have in place: https://www.ellogroup.co.uk/footer-pages/recipients-of-data

    All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access our mobile app(s) or website(s), you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

    Unfortunately, the transmission of information via the internet may not be completely secure.

    Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

    We may disclose your personal information to any member of our group (Ello Group Limited), which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

    We will not disclose your information to any of the third parties (recipients of personal data) for marketing purposes.

    1. For members of VuePass

      Where it is necessary to fulfil your order for VuePass products and services or any query that you have in relation to those products and services, we will share your personal data with Vue Entertainment Limited (Vue). Vue is a controller of any personal data that we collect and share with them in connection with your VuePass order. To find out more about how and why Vue processes your personal data, please read Vue’s privacy policy which is available at https://www.myvue.com/privacypolicy

  5. Details of transfers to third countries and safeguards

    Ello Group may work with third parties that requires them to transfer personally identifiable information to a third country, controls are in place to ensure that the level of protection is not undermined and that security controls are at a level to commensurate with the type of information being transferred.

    We also use an external IT service provider, who is located outside of the EEA, to assist us with the management of our IT systems and ensuring that our systems are secure. We do not transfer data to this organisation however they will have access to our systems to enable them to complete maintenance and IT support.

    Where we transfer personal data to third countries, we will always ensure that we have the appropriate safeguards in place:

    • EU/UK Standard Contractual Clauses and/or
    • IDTA (International Data Transfer Agreement) or IDTA addendum (used to support EU SCCs we have in place)
  6. How we store your personal information

    Your information is securely stored.

    Ello Group retain all customer information for 5 years after expiry and 18 months after the last interaction with us. Where there has been a period of 5 years after the end of a membership and there has been no interaction for 18 months between Ello Group and the customer, within that time, the customer information is erased and securely disposed of.

    If your membership is through a corporate channel, the retention period is 5 years from the membership expiry or as per the contract agreed with the client, at which time the customer information is erased and securely disposed of.

  7. Your data protection rights

    Under data protection law, you have rights including:

    Your right of access - You have the right to ask us for copies of your personal information.

    Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

    Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

    Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

    Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

    Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

    You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

    This can be done by contacting us using the details in the ‘Contact’ section.

    As a Data Subject (individual) which Ello Group process information on behalf of, you have the right to withdraw consent from our marketing at any given time. You can exercise the right at any time by contacting us using the details in the ‘Contact’ section. However, we will still be required to notify you of changes to the privacy policy, terms and conditions and any other legal requirement.

    Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

  8. Profiling

    Profiling covers information about how decisions are made and the significance of the consequences.

    We use location services through our mobile apps, and our websites for us to tailor our marketing material to your specific behaviour and activities, e.g. the types of restaurants which you regularly visit. We use email monitoring services to monitor the emails which we send to users. We also collect usage data using card usage, systems, and membership apps. In doing this, we obtain information such as but not limited to:

    • Time of receipt;
    • Time of opening;
    • Device used;
    • Location;
    • Purchases made;
    • Savings made;
    • Venue visited;
    • Which parts of the website and communications you interacted with;
    • Instances of app crashes

    We use third party providers of analytics and similar services to track statistics and user demographics, understand usage of our mobile apps and identify and resolve the root causes of app crashes.

    We use systems that enable us to link your social media accounts to your account if registered with the same email address. This enables us to tailor our promotions and products as best as possible.

    Where you have provided us with a mobile number, we may market to you using SMS and Push notification interactions.

    Our systems are set up to enable us to collect information on your usage, interactions, and spending history inclusive of savings made, we link this data to your profile so that we can determine what other deals or informational emails may be of interest to you.

    We work with third parties to help us create a profile to ensure that we are sending relevant information.

    You can stop this profiling activity by contacting us using the details in the ‘Contact’ section.

    Please be aware that by objecting to some of this data collection we may not be able to provide the product to you.

  9. Cookies & Tracking

    To enable our systems to recognise your device and to provide features to you, we use cookies.

    For more information about cookies and how we use them, please read our Cookie Policy which is available on the website.

    Mobile Applications may use tracking technologies to record how you interact with them. This is used to help improve services.

  10. Marketing Communications

    We regularly send out email communication to keep you up to date with all the latest discounts and offers from the Ello Group brands and our chosen partners. If you wish to unsubscribe from these emails, you can do so at any time by simply clicking either of the links in the footer and you will be removed from all promotional emails. To unsubscribe from SMS marketing follow the instructions in the SMS received or contact us. Please note that even if you decide not to subscribe to, or to unsubscribe, from promotional email messages, we may still need to contact you with important transactional information related to your account and your purchases. For example, even if you have unsubscribed from our promotional email messages, we will still send you confirmations when you make purchases on the Site or provide updates to the privacy policy.

  11. Changes to our Privacy Notice

    We may change this Privacy Notice from time to time.

    If we make significant changes in the way we treat your personal information, or to the Privacy Notice, we will notify you, so that you are able to review the changes.

    If you wish to alter your Privacy settings or opt-out, you can do this by contacting us using the details in the ‘Contact’ section.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at DPO@ellogroup.co.uk

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

Contact information

Office address:
Gourmet Society
Birkby Grange
Huddersfield
HD2 2XB