We are Nando’s Chickenland Limited (Nando’s). Our registered company number is 02580031. We are registered with the UK Information Commissioner's Office (Registration Number: Z9462934). You can contact our Data Privacy Officer by emailing dataprotection@nandos.co.uk
When you use our Firestarters Community Platform, Nando’s is the Controller of any personal data you enter into the system. That means we are trusted to look after and to process your personal information in accordance with the UK GDPR and Data Protection Act 2018. We determine the ways and means of processing and must therefore be accountable for it.
When you are a member of the Firestarters Community, there is a certain amount of data that we need to process as part of the service. This data and its use is set out below.
Process |
Data Processed |
Lawful Basis we rely on for processing |
Invitation to the Firestarters Community Platform – previous platform users |
Name and email address |
Legitimate interest (You were already a member of our old platform and are moving across from our previous platform) |
Invitation to the Firestarters Community Platform – New participants |
Name and email address |
Consent – you have consented for your contact details to be used for marketing purposes. |
Creation of a profile |
Name, gender, date of birth, marital status, user name and password |
Legitimate interest (We use this data to enable you to join the Community Platform and share enough data about yourself to fully participate in the hub) |
Participation in the forum social hubs, surveys, social rooms, diaries |
Responses to surveys. Anything you add to the open forums. |
Legitimate interest – this is the purpose of the platform |
Ensuring relevance of the surveys you receive |
Address, gender, age, marital status, number of people in your household, age range of household, employment status |
Legitimate interest - we want to make sure everything is relevant for you |
Customer support |
Name, email address, contents of communication |
Legitimate interest – we want to make sure that you have the best experience possible and we are able to resolve any issues for you |
Internal Nando’s use of the data for driving improvements and sharing of feedback |
Responses to surveys. Anything you add to the open forums. |
Legitimate interest – making sure we take on board your views |
Ensuring the Firestarters Community Platform displays correctly on your device |
Operating system, Browser, Mobile OS |
Legitimate interest – these are collected by necessary cookies |
Fraud prevention and security |
User name, password, IP address |
Legitimate interest – these are collected by necessary cookies |
Analytics cookies (– see cookie policy) |
|
Consent |
Marketing cookies (– see cookie policy) |
|
Consent |
Prize draw entry |
Name, email address and other details as per the individual prize drawer requirements |
Consent |
Email Marketing |
|
Consent |
Like most companies, we use other companies to process data on our behalf, for example cloud services and technology services. This means we are still accountable for protecting your data. We have Data Processing Agreements in place with these processors. Our main processor for the Firestarters Community is STRAT7 Researchbods, a division of STRAT7 Limited, who assist us with hosting the data, creating research activities and for any technical issues you may have.
Where data is transferred outside of the UK or EEA, by us or our processors, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).
We have implemented reasonable technical and organisational measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration or disclosure. We’ll continue to maintain and improve these security measures in line with legal and technological developments.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We continue to process your data for 2 years after your last interaction on the platform, or if you ask us to delete the data at any time.
As a member of the Firestarters Community you have rights over how your data is processed. These rights are:
Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it;
Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another organisation. This would be sent in a structured, commonly used, electronic form;
Right to object: You can object to us using your personal data for particular purposes; and automated decision making: You have a right not to be subjected to automated decision making and profiling in certain situations.
If you have any cause to complain about our use of your personal data, please contact us by emailing dataprotection@nandos.co.uk
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
From time to time, we may revise this Privacy Policy to reflect new company initiatives, services, changes in the law or technology. Any changes we make to this Privacy Policy will be posted on this service so that you are always informed of the latest version. We’ll also include the date of the most recent revisions at the top of this page.