All the boring legal bits!

Privacy Policy

PRIVACY POLICY

We are committed to protecting and respecting your privacy rights. This Privacy Policy explains how we use your personal data when you use our website https://servedup.theup.co/or the servedUp and brandUp mobile applications, or when you contact us by telephone or email.

For the purposes of this Privacy Policy, both the website and applications shall be referred to as the “Platform”.

  1. IMPORTANT INFORMATION AND WHO WE ARE

Who we are

Innovate Energy Solutions Ltd. (referred to in this Privacy Policy as “ServedUp”, “we”, “us” and “our”) operate as a data controller and data processor of your personal data depending on how you use our Platform. 

In simple terms, this means that we: (i) control your personal data, including making sure that it is kept secure; and (ii) make certain decisions on how to use and protect your personal data, but only to the extent that we have informed you about the use or are otherwise permitted by law or iii) process your data based on your instructions in order to perform a service for you.

If you have any concerns or questions regarding our use of your personal data you can contact us at 229 Shoreditch High Street, London E1 6PJ, United Kingdom

ADD IN

It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during your relationship with us.

  1. PERSONAL DATA THAT WE COLLECT ABOUT YOU

The types of personal data we collect, use and store about you will depend on the product or service you have requested from us and/or the nature of your interaction with us on our Platform.  

Data Collected as Data Controller

Purpose

Lawful basis

Business Users

   

Business contact details, phone, email address, physical address, names of key contacts

To register to use ServedUp and BrandUp

Performance of contract

Business ownership details, directors, shareholders 

Anti-money laundering regulations and and Know Your Customer regulations

Legal requirement

Your communication and marketing preferences

Business contact preferences

Consent

Other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

General business information 

Legitimate business interest

Other personal data that you submit to us, such as information you provide to register for email alerts or correspond with us in relation to inquiries

Communication with Us

Consent


Legitimate business interest

General User data (when browsing website)

   

Cookie data – such as technical information (including the type of mobile device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the device’s wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use and time zone setting

To monitor Platform usage


To improve the Platform and products and services that we offer, including recognising when there is a higher demand for our services; tailoring our Platform to the needs of all users; recommending options that match any stated preferences; and notifying you about changes to our services

Legitimate business interest


Consent

Other personal data that you submit to us, such as information you provide to register for email alerts or correspond with us in relation to inquiries

Communication with Us

Consent


Legitimate business interest

Your communication and marketing preferences

Contact preferences

Consent

     

Data Collected as a Data Processor

Purpose

Lawful basis

Business Users

   

Bank sort code, account, identifier, business name, address and contact details

To process payments to you for ServedUp or BrandUp

Performance of Contract

     

ServedUp Users

   

Name, phone number, table number, order information and notes

To process your order or refund

Performance of Contract

Card number, expiry date, CVV

To process your order or refund

Performance of Contract

     

Who we share your data with (as Data Processors)

Purpose

Lawful basis

Mobile phone number verification eg. Twilio


Card fraud verification


Bank to Bank fraud verification

To verify your identity and to identify and prevent fraudulent transactions 

To process your order securely

Performance of contract

Payment processing providers eg. Hyperwallet, checkout.com, Banked

To process your order (users) and process your payments (business users)

Performance of contract

Hosting company – Amazon Web Services

To host our Platform securely

Performance of contract

No automated decision making, including profiling, is used when processing your personal data.

The Platform is not intended for children and we do not knowingly collect or solicit personal data from anyone under the age of 16.

We do not collect any special category personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

 

  1. HOW WE OBTAIN YOUR PERSONAL DATA

We collect information about you directly that you provide to us via the Platform in online forms and conversations and in other correspondence (including via email and telephone).

We will automatically collect data from you accessing the services via the Platform (including if you register as a user of the Platform, subscribe to any service or upload or submit any material via the Platform). 

We also work closely with and may receive information about you from third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies). We also collect personal data from publicly available sources.

We may combine personal data that you provide to us with information that we collect from, or about you, in some circumstances. This will include information collected in an online or offline context.

You will receive marketing communications from us if you have requested information from us or purchased products or services from us, or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have expressly consented to receiving that marketing.

We will get your express opt-in consent before we share your personal data with any company outside ServedUp for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by contacting us at ADD IN.

  1. WHO WE SHARE YOUR PERSONAL DATA WITH

We will disclose your personal data with third parties if required to do so by law or regulation.

We will also share your personal information with the parties set out below:

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. 
  • Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

Data Processors

We use specific third party providers to deliver our range of services, such as business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Third parties must implement appropriate technical and organisational measures to ensure the security and confidentiality of your data.

  1. PROTECTING YOUR DATA

We take the security of your data seriously and take measures to ensure your data is protected against accidental loss or disclosure, destruction and abuse. 

We only use payment processing providers who have Payment Card Industry Data Security Standard levels of security in place often in addition to SOC1, SOC 2 and ISO27001 certifications.

As part of our ongoing compliance with data protection regulations, we have implemented technical and operational measures to protect your data and will continue to monitor the effectiveness of these on an ongoing basis. 

  1. INTERNATIONAL TRANSFERS

Some of our payment processing providers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or alternatively have in place specific contracts approved by the European Commission which give personal data a similar level of protection. 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

  1. RETENTION PERIODS

We only keep your data for as long as we need it for and in line with legal requirements, which will be at least for the duration of the contract for products and services as outlined in the table above.  

  1. YOUR RIGHTS 

You have the following rights, with some restrictions, in relation to the personal data we hold on you:

  1. a) the right to be informed about the data we hold on you and what we do with it
  2. b) the right of access to the data we hold on you
  3. c) the right for any inaccuracies in the data we hold on you to be corrected (rectified)
  4. d) the right to have data deleted in certain circumstances (erasure)
  5. e) the right to restrict the processing of the data
  6. f) the right to transfer the data we hold on you to another party (portability)
  7. g) the right to object to the inclusion of any information;
  8. h) the right to regulate any automated decision-making and profiling of personal data.

You have the right to ask for a copy of the personal data that ServedUp holds about you free of charge, however we may charge a ‘reasonable fee’ if we think that your request is excessive, to help us cover the costs of locating the information you have requested. We will respond to your request as soon as possible and (save for in certain circumstances) within one month.

How to contact us or make complaints

If you have any concerns or questions regarding our use of your personal data (including any requests to exercise your legal rights) or this Privacy Policy please contact hello@theup.co.

We make every attempt to ensure you are satisfied with the handling of your data queries or requests and appreciate the chance to deal with your concerns.  You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk/). 

 

  1. COOKIES

Our Platform uses cookies. A cookie is a small file of letters and numbers stored by computer after being sent to your computer when you visit a website. Whenever you visit the same website again, the information stored in the cookie can be retrieved to notify the website of your previous activity. We use cookies to facilitate website navigation, maintain quality of online service, provide additional security, allow the customisation of your access to the website and remember you when you return to the website.

A cookie cannot give us access to your computer or to information beyond what you provide us and we don’t store personally identifiable information such as your name or address in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the website. If you don’t wish to enable cookies, you’ll still be able to browse the website and use it for research purposes.

You can use our Cookie Consent Management tool to manage your Cookie preferences. 

  1. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is regularly reviewed and was last updated on 12th April 2021. We may amend or update our Privacy Policy from time to time.