“GCE”, “We”, “Us” or “Our” means GCTEA Ltd and any of its subsidiaries and related parties or entities including GCTEA Outlets Ltd, GCTEA Outlets 2 Ltd, GCTEA Outlets 2A Ltd, GCTEA Outlets 2B Ltd, GCTEA Outlets 3 Ltd and GCTEA Outlets 3B Ltd. By providing your personal information to us, you consent to it being used in accordance with this statement.
This document describes how and why we might collect, store, use and/or share (process) your information when you use our services, such as when you:
- Visit our website at https://www.gong-cha.co.uk
- Download and use our mobile app (Gong cha)
- Engage with us in other related ways, including any surveys, feedback, sales, marketing or events
- Open and transparent management of personal information
If you believe that we have breached the UK GDPRs, please contact us in writing and we will respond to you within 30 days. If you are not satisfied with our response, you may address your complaint to the Information Commissioner’s Office (ICO).
- Anonymity and pseudonymity
We will not generally ask for your personal information to be used in our retail food outlets. However, if you wish to use our other services, such as website or mobile apps, take part in promotions, it will, in most
cases, be impractical for us to provide such services to you unless you disclose your personal information.
- Collection of solicited personal information
Your ability to use our mobile app and/or receive special offers from us is dependent on you providing your information to us, including:
• date of birth
• phone number
In most cases, we will collect personal information directly from you unless you consent to us collecting it otherwise or it is unreasonable or impracticable to do so.
- Dealing with unsolicited personal information
If we receive unsolicited personal information of the type which we could or should have solicited from you, we will keep it as if we had solicited this personal information. If it is information of the type that we could not or should not have ordinarily solicited from you and this information is not contained in a government record, we will destroy or de-identify it if it is lawful and reasonable to do so.
- Notification of the collection of personal information
Sometimes we may need to collect your personal information from a third party and when this occurs we will inform you. We will also be clear about the purpose of the collection, who we might disclose this information to, whether the personal information is required under an English law or a court/tribunal order and the main consequences of not collecting this information. We will also inform you if we are likely to disclose the personal information to overseas recipients, including the countries in which the recipients are located. As our wider group’s businesses are spread out through Asia, our data systems are likely to be shared through the group in Asian countries including Singapore and Malaysia.
- Use or disclosure of personal information
We will use your personal information for purposes that relate to the provision of our services to you. These generally include:
• supplying our products and services to you;
• marketing including email marketing, promotional activities and keeping you up-to-date with new products and services;
• providing quality assurance of our products and services;
• planning, product development or research purposes;
• seeking or responding to your enquiries and feedback regarding our business, our products and services;
• monitoring the performance of our business and our products and services so we can improve on them
We work with third parties who provide services such as data analysis, targeted advertising and reporting and may give them secure access to the personal information they need. These companies may use this information to deliver advertising and promotions that are customized or more relevant to your interests.
We may also need to disclose your personal information in the following instances:
• if reasonably necessary to assist a law enforcement agency
• if required by an external service provider for the purposes of audit, peer reviews, legal advice, consultancy, outsourced administration, issuing statements or handling mail
• if required by reporting entities for the purpose of complying with the Anti-Money Laundering and Counter-terrorism Financing legislation, or
• if considered practical and is permitted by UK GDPR.
- Direct marketing
GCE may use or disclose the personal information we hold about you for the purpose of direct marketing, such as offers and/or promotions that may be of interest to you, if there is a reasonable expectation that your personal information will be used for this purpose and you have not opted out of receiving direct marketing communications from us, or where you have provided your consent.
We will not directly market to you using information that is considered sensitive unless you have provided your consent.
- Cross-border disclosure of personal information
GCE may transfer or store your personal information outside the United Kingdom as some of our businesses are based outside of the UK and as part of our standard IT practices and/or performing our services in respect of the primary purpose for which you provide your personal information to us.
If we disclose personal information to an overseas recipient without your consent, we will take reasonable steps to ensure that this recipient complies with the UK GDPR in relation to that information.
- Adoption, use or disclosure of government related identifiers
GCE will not adopt, use or disclose government agency identifiers as our primary means of identifying you.
- Quality of personal information
We will aim to keep your personal information accurate, up to date and complete. If you believe that any personal information we hold is inaccurate, incomplete or out of date, please contact us by e-mailing our DPO ([email protected]).
- Security of personal information
GCE maintains a high standard of integrity and security of our database which contains the personal information of our customers. We have implemented significant precautions to protect the personal information we hold from such risks as misuse, interference, loss, or from unauthorised access, modification or disclosure. If we no longer need your personal information, we will take reasonable steps to destroy or de-identify such information.
- Access to personal information
You may at any time request access to your personal information we hold. Where possible, we will provide you with access to that information either by providing you with copies of the information requested, allowing you to inspect the information requested or providing you with an accurate summary of the information we hold.
We may refuse to provide access to personal information in circumstances where the UK GDPR allows such refusal. In such instances, we will provide written notice of the reasons for refusal (unless unreasonable to do so).
All requests for access to personal information should be in writing to our DPO ([email protected]). We will respond to your request within no more than 30 days.
- Correction of personal information
If we hold information about you which we know to be inaccurate, out of date, incomplete, irrelevant or misleading, we will take steps to correct the information. If you request us to correct the information we will take reasonable steps to do so. If a third party is relying on this information, at your request we will also notify them, unless it is impracticable or unlawful to do so.
If we refuse to make a correction, we will let you know why and the complaint mechanisms that are available to you. If we continue to use this information, you may request us to associate a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading to notify third party users of the information.
Correction to personal information can be done via logging in to your account and updating your details. Failing which, all requests for correction to personal information should be made in writing to our DPO ([email protected]). We will respond to your request within no later than 30 days and will not charge you for making the request for the correction of personal information.
- Withdrawing consent
You have the right to withdraw your consent to our collection of your personal information at any time, by writing to our DPO ([email protected]).
We may however, retain some basic information in our databases so as to prevent fraud, troubleshoot problems, assist in any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Unit 12, Ashburton Park, Wheel Forge Way
Trafford Park, M17 1EH