Consumer Privacy Policy

1. Introduction

Fuller, Smith & Turner P.L.C. (Fuller’s) is committed to protecting the privacy of all customers in the group irrespective of your relationship  with us. This Privacy Policy applies to the personal data that we collect and use for our retail customers (in our pubs, restaurants and hotels). 

By providing your personal data to us you acknowledge that it may be processed in accordance with this Privacy Policy.

Personal data that is captured for our employees or trade customers (Tenants, Free Trade and Nectar Imports customers) is covered separately in our Trade and Employee privacy policies.

2. Who is responsible for your data

“Fuller’s” (referred to in this Privacy Policy as “we”, “us” or “our”) is a trading name of:
Fuller, Smith & Turner P.L.C
Pier House
86-93 Strand on the Green
London
W4 3NN

Company Number: 00241882
ICO Registration Number: Z6912169

We have appointed a Data Protection Officer, who can be contacted in the following ways should you have any questions, complaints or feedback about your privacy: 

Mail: Data Protection Officer
 
          Fuller, Smith & Turner P.L.C
          Pier House
          86-93 Strand on the Green
          London
          W4 3NN

Email: [email protected]

3. Personal data we collect about you

We collect personal data for a variety of purposes as outlined in this section 3. You will provide much of this data to us directly by completing online forms or through engagement with one of our team members (through phone, email or otherwise) but we also gather some data via the digital interactions that you have with us. 

 

 

 

 

Name and contact details (email address, telephone number and postal address)

 

 

 

When you book a table/function/hotel room/ticket.

When you opt in to receive marketing communication.

When you provide us with feedback or submit an enquiry.

When you sign up to use our WiFi.

Nationality / Passport Number

When you are an overseas visitor and book a hotel room.

Date of birth

To confirm that you are over 18 in order to receive licensed goods and services.

When you choose to provide it for marketing personalisation.

Personal interests

When you choose to provide it for marketing personalisation.

Dietary and special needs requirements

When you choose to provide it when booking a table / function / hotel room.

Information about other guests on your booking including details of any children

When you provide them on behalf of others as part of making a table / function / hotel booking.

The correspondence that you have with us (eg emails, letters, calls, online chat service)

When you contact us or we contact you. This may include telephone call recording.

Your location / visit information

When you use our WiFi.

When you make a booking.

When you stay in one of our hotels.

CCTV recording

When you visit Fuller’s locations (including pubs & hotels).

Information about how you use our websites including IP address and Google Analytics.

When you browse our websites.

Device information and vicinity information (if consented to)

When you use our WiFi or leave us feedback.

Your food / drink transaction details and payment

When you place an order and pay for food or drink in a Fuller’s pub / hotel via our website.


Special Category Personal Data 

The General Data Protection Regulation (GDPR) is the privacy law implemented across the United Kingdom and the European Union (EU) which includes increased protection relating to Special Category Personal Data such as health and religious beliefs. As a result of you telling us that you have an allergy or a specific dietary requirement you may reveal medical conditions or religious beliefs. Special Category Personal Data will only be processed in order to deliver the products / services that you purchase from us.


4. How and why we use your personal data

We use your personal data to provide the following services:

To ensure the performance a contract for a service we have with you:

● To deliver your bookings. When you book with us, we will use your information to confirm your booking process your payment, and to send a follow up email for your valued feedback.

When we have a legal obligation to process your data: 

● To meet our legal obligations. We are required to keep certain records for legal reasons – for example receipts that we issue. We will keep and use this data in line with our legal requirements. 

When you give us your consent to:

● To keep you informed of our products, services, offers and promotions. We may send you marketing communications about our food, drink, hotel rooms, events and unique Fuller’s experiences if you have indicated that you are happy to receive these (e.g. when you opt in to receive marketing communications when you book from us). 

● To offer you personalised offers and promotions via pubs you have attended previously, if you consent to this marketing communication. 

● For market research and to deliver business insight to help us ensure that our products and services remain relevant.

Processing your data to further our legitimate interests:

We have a number of lawful reasons that we can use (or ‘process’) your personal data. One of these lawful reasons is called ‘legitimate interests’ whereby we can use your personal data if we have a genuine and legitimate reason and we are not harming any of your rights and interests.

We use legitimate interests in the following circumstances:

● We will monitor opens/clicks and offer redemption on marketing emails to assess engagement. 

● To personalise and improve your customer experience. We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience. 

● To optimise the performance of our websites. We may also collect information on how you use our websites including the pages that you visit and the search criteria that you perform in order to optimise the performance of the website and personalise content that you see.

● We use CCTV to deter and detect crime and civil offences, to support court action and comply with our legal licensing requirements. We also use CCTV to provide a safe environment for our staff and customers. We use CCTV to facilitate entry / exist from buildings and improve customer service.

When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law)

5. Sharing your personal data.

● We are reliant on a number of 3rd party providers in order to provide our products and services. Where this is the case we will remain in control of the data and we will ensure that the 3rd parties comply with high security standards for the protection of your personal data.  The 3rd parties will not have any rights to use the data for their own purposes. Our 3rd party providers include:

○ Website hosting companies. 
○ Cloudflare Content Delivery Network 
○ Pub Booking System Provider. 
○ Hotel Booking System Providers. 
○ CRM and Customer Feedback providers.
○ WiFi provider. 
○ Online food and drink orders. 
○ Online food and drink order payments. 

● We also use 3rd party booking websites (e.g. Booking.com / Expedia) to take hotel bookings and sites such as Opentable and Design My Night to take table bookings. Customers that choose to use these sites will be doing so under the terms and conditions and privacy policy of these sites. In order to deliver the booking the 3rd party will share your data with us and once they have done so we will use the data in accordance with this Privacy Policy.

● Where relevant we may share your booking data with catering contractors who operate a small number of our restaurants.

● Legal authorities and legal advisors. 

6. Transfer of Data outside the EEA

All of the Fuller’s operations covered by this Privacy Policy are based in the EEA. However, the technical infrastructure of some of our providers is located in data centres outside the EEA. 
If we transfer your personal data outside the EU we have to tell you. Limited personal information that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal information will only be transferred on one of the following bases:  

• The country that we send the information is approved by the UK Government as providing an adequate level of protection for personal information; or
• The recipient has agreed with to standard contractual clauses (SCC’s) approved by the European Commission, obliging the recipient to safeguard the personal information; or
• The recipient has Binding Corporate Rules (BCR’s) approved by the European Commission in place, obliging the recipient to safeguard personal information

The data will be transferred outside the EEA as follows: 

● Online Hotel Bookings. Siteminder (https://www.siteminder.co.uk) route hotel bookings that are made on Fuller’s websites and 3rd party providers (eg Booking.com) to the relevant Fuller’s hotels. Siteminder’s systems are located in the United States and the transfer takes place in accordance with SCC’s.

7. Retention and Security of your Data

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:

● Any statutory or legal obligations
● The requirements of the business
● The purposes for which we originally collected the personal data
● The lawful grounds on which we based our processing
● The types of personal data we have collected
● The amount and categories of your personal data
● Whether the purpose of the processing could reasonably be fulfilled by other means

After such time, we will securely delete or destroy your personal data. In most instances the personal data processed by us will be securely destroyed within 6 years from when we collected your data. We only hold CCTV data for a period of up to 30 days. We will view consent to receive marketing communication as revoked if the marketing communication has not been engaged with (opened or clicked) within 24 months.

We ensure that we use appropriate technical and organisational security measures in order to ensure that your data remains secure. These measures include internal policies, procedures  and employee training, as well as ensuring we have appropriate contracts with 3rd party suppliers and only allowing access to data on a need-to-know basis.

8. Your Rights

Right to be Informed

We will always be transparent in the way we use your personal data. You will be fully informed about our processing activities through relevant privacy notices. 

Right to Access

You have a right to request access to the personal data that we hold about you and this should be provided to you, under the GDPR and the Data Protection Act 2018. If you would like to request a copy of your personal data, please contact the Data Protection Officer as detailed in section 2 of this Privacy Policy. 

Right to rectification

We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.

Right to erasure

You have the right to have your data ‘erased’ in the following situations:

• Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed.
• When you withdraw consent.
• When you object to the processing and there is no overriding legitimate interest for continuing the processing.
• When the personal data was unlawfully processed.
• When the personal data must be erased in order to comply with a legal obligation.

If you would like to request erasure of your personal data, please contact the Data Protection Officer as detailed in section 2 of this Privacy Policy. Please note that each request will be reviewed on a case by case basis and where we have a lawful reason to retain the data, it may not be erased.

Right to restrict processing

You have the right to restrict processing in certain situations such as:

• Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data.
• Where you have objected to processing and we are considering whether our legitimate interests override your legitimate interests.
• When processing is unlawful, and you oppose erasure and request restriction instead.
• Where we no longer need the personal data, but you require the data to establish, exercise or defend a legal claim.

Right to data portability

You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file. If you would like to request portability of your personal data, please contact us. This only applies:

• To personal data that you have provided to us;
• Where the processing is based on your consent or for the performance of a contract; and
• When processing is carried out by automated means.

Right to object

You have the right to object to us processing your data in these circumstances: 

• Where the processing is for direct marketing. Remember you can opt-out of email communication at any time via the unsubscribe feature on our emails;
• Where the processing is based on legitimate interests; or
• Where the processing is for purposes of scientific/historical research and statistics.
Proof of identity may be required before we can action some requests. If you choose to exercise any of your rights as set out above, we will contact you to verify your identity.

9. Cookies

Like many other business we use cookies on our website. Cookies are small pieces of information that are stored on your computer or mobile device that record how you use the site. For more detailed information on how we use cookies, please review our Cookie Policy which you can read here.

10. Updates to our Privacy Policy

We may make changes to this Privacy Policy from time to time and if we  the changes will be updated on this page.

11. Contact Information

If you have any questions about this Privacy Policy or how your data is processed, please contact us at Fuller, Smith & Turner P.L.C., Pier House,86-93 Strand on the Green, London, W4 3NN,  via phone on 020 8996 2000 or via email to [email protected]

You can unsubscribe from our marketing communication at any time by clicking the unsubscribe link at the bottom of any of our marketing communications. Alternatively, you can email [email protected]

Should you have any concerns about this Privacy Policy or the way that we are processing data you have the Right to Lodge a Complaint with the Information Commissioner’s Office. Please look at https://www.ico.org.uk for more detail.

 

 

 

GDPR Version 1.3. This policy was last updated on 23 June 2021.