Privacy Policy

Last updated: 28/06/2022

Who are we?

We are Nando’s Chickenland Limited (Nando’s). Our registered company number is 02580031. We are registered with the UK Information Commissioner's Office (Registration Number: Z9462934). You can contact our Data Privacy Officer by emailing dataprotection@nandos.co.uk

What is our Role?

When you use our Firestarters Community Platform, Nando’s is the Controller of any personal data you enter into the system. That means we are trusted to look after and to process your personal information in accordance with the UK GDPR and Data Protection Act 2018. We determine the ways and means of processing and must therefore be accountable for it.

What Data do we collect and why?

When you are a member of the Firestarters Community, there is a certain amount of data that we need to process as part of the service. This data and its use is set out below.

Process

Data Processed

Lawful Basis we rely on for processing

Invitation to the Firestarters Community Platform – previous platform users

Name and email address

Legitimate interest (You were already a member of our old platform and are moving across from our previous platform)

Invitation to the Firestarters Community Platform – New participants

Name and email address

Consent – you have consented for your contact details to be used for marketing purposes.

Creation of a profile

Name, gender, date of birth, marital status, user name and password

Legitimate interest (We use this data to enable you to join the Community Platform and share enough data about yourself to fully participate in the hub)

Participation in the forum social hubs, surveys, social rooms, diaries

Responses to surveys. Anything you add to the open forums.

Legitimate interest – this is the purpose of the platform

Ensuring relevance of the surveys you receive

Address, gender, age, marital status, number of people in your household, age range of household, employment status

Legitimate interest - we want to make sure everything is relevant for you

Customer support

Name, email address, contents of communication

Legitimate interest – we want to make sure that you have the best experience possible and we are able to resolve any issues for you

Internal Nando’s use of the data for driving improvements and sharing of feedback

Responses to surveys. Anything you add to the open forums.

Legitimate interest – making sure we take on board your views

Ensuring the Firestarters Community Platform displays correctly on your device

Operating system, Browser, Mobile OS

Legitimate interest – these are collected by necessary cookies

Fraud prevention and security

User name, password, IP address

Legitimate interest – these are collected by necessary cookies

Analytics cookies (– see cookie policy)

Consent

Marketing cookies (– see cookie policy)

Consent

Prize draw entry

Name, email address and other details as per the individual prize drawer requirements

Consent

Email Marketing

Consent

Do we share your data with anyone else?

Like most companies, we use other companies to process data on our behalf, for example cloud services and technology services. This means we are still accountable for protecting your data. We have Data Processing Agreements in place with these processors. Our main processor for the Firestarters Community is STRAT7 Researchbods, a division of STRAT7 Limited, who assist us with hosting the data, creating research activities and for any technical issues you may have.

Where data is transferred outside of the UK or EEA, by us or our processors, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

How do we ensure your data is protected?

We have implemented reasonable technical and organisational measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration or disclosure. We’ll continue to maintain and improve these security measures in line with legal and technological developments.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long do you hold the data?

We continue to process your data for 2 years after your last interaction on the platform, or if you ask us to delete the data at any time.

What rights do I have?

As a member of the Firestarters Community you have rights over how your data is processed. These rights are:

Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it;

Right to rectification:  You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;

Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;

Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;

Right of data portability:  In certain circumstances, you can ask us to transfer the data we hold about you to another organisation. This would be sent in a structured, commonly used, electronic form;

Right to object: You can object to us using your personal data for particular purposes; and automated decision making: You have a right not to be subjected to automated decision making and profiling in certain situations.

If you have any cause to complain about our use of your personal data, please contact us by emailing dataprotection@nandos.co.uk

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/

Changes to this Privacy Notice

From time to time, we may revise this Privacy Policy to reflect new company initiatives, services, changes in the law or technology. Any changes we make to this Privacy Policy will be posted on this service so that you are always informed of the latest version. We’ll also include the date of the most recent revisions at the top of this page.