Privacy Notice
This notice tells you what we do with the information you give with us, where and how we collect it, how we keep it secure and your rights in relation to this information.
Data Controller
'Greene King', ‘we’, ‘us’ and ‘our’ are references to Greene King Brewing and Retailing Limited, who is the data controller in respect of this website and the processing described in this notice. Our ICO registration number is ZA054235. We have appointed a data protection officer whose contact details are provided at the end of this notice.
About Greene King
As the country's leading pub retailer and brewer, Greene King welcomes customers into our 3,000 pubs, restaurants and hotels across the UK and brews a range of award-winning ales. Our products and services trade under a wide range of well-known brands, including Wacky Warehouse, Greene King, Hungry Horse, Farmhouse Inns, Chef & Brewer, Flaming Grill, Greene King Inns, Greene King IPA and Old Speckled Hen. More information about our brands can be found on here.
We will only use your personal information to make our products and services better for you. We keep your information safe and secure and we will not sell it to third parties. Please click on the sections below to learn more about the purposes for which we process your personal data, who we share your data with and how to get in touch with us if you have any queries.
Why we process your data
We will process your personal data whenever:
1. When you use our websites
2. you book a play session or party
3. you make a payment, request a refund or redeem a voucher
4. you use our Wi-Fi service
5. you subscribe to newsletters or direct marketing
6. we carry out profiling
7. you use a gift card or participate in a loyalty scheme
8. you submit queries, compliments or complaints
9. you take part in a survey
10. you take part in a promotion
11. we record promotional videos or interviews or take photos
12. we record CCTV images or emergency phone calls
13. we record phone calls to our offices
14. an accident occurs
15.we ask for other people’s personal data
More information about each of these scenarios follows next.
1 - When you use our websites
We use information about our website visitors and their visits to learn more about what our customers like and dislike and to target our direct marketing and advertising. We retain this data for 25 months from your last known interaction with us. See the profiling section of this notice and the cookie policy of the website you are visiting for more details.
2 - When you book a play session or party
We will use the information you provide to make and confirm your booking. If you book online, we will record your IP address so we can check if the booking is likely to be genuine.
If you make a group booking and provide us with the contact details of other people in your party, we will use these to communicate important information about the booking. Please ask their permission first.
If you tell us about dietary preferences, allergies, food intolerances or special access needs, we will use this information to help us look after you and anyone in your party during your visit or stay with us.
If you provide us with information about birthdays, anniversaries or other celebrations that you want to commemorate during your visit, we will use this information to help make your celebration as special as possible. If you give us permission to do so, we will use this information to send you a reminder to book again when your next birthday or anniversary is almost due.
Booking information that you provide directly to a venue is normally held for 1 year from the end date of the booking. Some of our venues use a booking diary, which is retained for 2 years from the end of the calendar year.
Contractual paperwork relating to bookings is kept for 2 years after the contract has concluded.
When you make a booking online, we keep booking information for 12 months from the date of your last booking. However, if you opt in to receive direct marketing, this period is extended.
3 - When you make a payment, request a refund or redeem a voucher
We will use the information you provide to process your payment or refund. We retain this data for 6 years from the date of the transaction.
4 - When you use our Wi-Fi service
We will use the information you provide to register you for and connect you to the service. When you first register, and each time that you connect to the service, we obtain additional information from your device and from the equipment used to provide the Wi-Fi service. This information describes where, when, and how you registered or connected. We use this information to provide and maintain your connection to the service and will retain your information for 13 months from the date you last used our Wi-Fi, however if you opt-in to receive direct marketing, this period is extended.
Please take these steps to prevent information sharing when you are not actively using the service:
• Don't select the ‘connect automatically’ option if you want to avoid connecting and sharing information automatically whenever you are in range of our or another partner's Wi-Fi service
• If you chose to automatically connect to the service but have since changed your mind, either delete then recreate the Wi-Fi connection, or turn off Wi-Fi on your device whilst you are not using it
• Check you have not saved your Greene King Wi-Fi connection settings before you let anyone else use your device
5 - When you subscribe to newsletters or direct marketing
If you permit us to do so, we will use the information you provide to select and send you messages containing special offers, discounts, promotions or any other type of information you have requested. We retain this data for 13 months from your last known interaction with us, or for as long you remain opted-in to marketing then for a further 25 months from your last known interaction with us.
Every marketing message we send includes an unsubscribe link or similar opt-out mechanism.
6 – When we carry out profiling
We use customer profiles to keep track of our customer interactions and learn more about their likes and dislikes. This helps us target our advertising and marketing and improve our products, brands and services.
The personal data we use in our profiles includes:
• Demographic information, such as your age, gender, address and postcode
• Purchase information, such as what you bought, how you paid and whether or not you took advantage of a discount
• Your likes and dislikes, such as what you drink, what you eat, whether or not you take advantage of special offers and whether or not you like what we post on our websites and our social media pages
• Information about family events and special occasions, such as the dates of birthdays, weddings and anniversaries
• Information about your visits to our pubs, restaurants, hotels and websites, such as which ones you visit, when, how often and how long you stay for
• Information about your use of our services and whether or not you participate in our promotions, such as our Wi-Fi service, email clubs, loyalty schemes and any competitions you enter
• Information about how you respond to our marketing and advertising campaigns, such as whether or not you read our marketing messages, see our adverts on social media or take up any of our special offers
If we get our profiling right, you will enjoy our products, services and brands more and more as we make improvements to them based on what we learn about you. And if you have signed up to receive direct marketing, you will get the special offers that we think will most appeal to you.
If you don’t want us to use your personal data this purpose, you can let us know using the contact details at the end of this notice.
7 - When you use a gift card or participate in a loyalty scheme
When you buy a gift card, we will use the information your provide to personalise, activate and send the gift card to you or the person you bought it for.
If you join one of our loyalty schemes, we will use the information you provide to enrol you and to provide confirmation of this and other necessary information about your membership.
When you redeem your gift card and whenever you present your loyalty scheme membership number during payment, we will use information about your visit, purchases and use of our services to update your gift card balance, credit your account with any loyalty points you have earned and update your profile.We will retain this data for 6 years from the date of your last purchase or refund.
8 - When you submit queries, compliments or complaints
We will use the information you provide to deal with your enquiry and keep you informed about its progress. If you compliment a person or a team for their service, we will pass your compliment on to them and their manager, so that their achievement can be recognised.
Most complaints can't be resolved without discussing the matter with other people, so we may need to share information about your complaint with: the team at the pub you visited, or their area or regional manager; the management team of a contractor we have engaged; or other types of third party organisation. We will only share information with others when it's necessary to do so to investigate and resolve your complaint. We will retain any information relating to your contact with us for 1 year from the last date of correspondence on the matter.
9 - When you take part in a survey
Please read the survey's privacy notice before you participate.
10 – When you take part in a promotion
We process your data so we can administer our promotions fairly. We will use your data to confirm that your have complied with the terms of the promotion, to confirm if you have won a prize, to communicate with you in relation to any prize you may win and to deal with any enquiries you may have. If you are a winner or runner up, we may use your data for publicity purposes as explained in the competition terms and conditions. We keep this data for 4 months following the closing date of a promotion. If you enquire about a promotion, data is retained for 3 months following our reply to you
11 - When we record promotional videos or interviews or take photos
We display signage at our venues to notify visitors whenever these activities are taking place. If you don’t want to be involved, please let a member of staff know on your arrival so that they can ensure your wishes are respected.
12 - When we record CCTV images and emergency phone calls
We use CCTV and emergency audio recording technology to help keep our guests and staff safe and to help us investigate any potentially criminal or unsafe incidents which occur. Please refer to the signage on arrival at any of our venues to find out what else these recordings could be used for.
If we need to carry out an investigation, we will review these recordings to determine if they contain relevant information. If this is the case, the recording may be shared with members of our management team, our own or third party insurers, suppliers, contractors, licensing authorities or the police. Recordings may also be used in any insurance claim or other type of legal claim or proceeding that follows.
13 - When we record phone calls to our offices
We record some of the telephone calls we receive, including all calls to our Guest Relations team. If we intend to record your call, a recorded message will be played to inform you of this before recording commences. Your options for avoiding the call being recorded will also be explained.
We retain calls for 3 months from the date of the recording and use suitable recordings anonymously, to train call handlers. We may review a recording if you or we are disputing a matter that the recording deals with.
14 - If an accident occurs
If you are unfortunate enough to be involved in an accident on our premises, we will use the information you or others present at the time provide to record the incident in an accident book. We may also use this information to conduct an investigation and to make or defend an insurance or other type of legal claim. We retain this information for 6 years from the date of the accident, or 3 years from the age at which a child involved in the accident becomes an adult, or 3 years from the date of a settlement of a claim, whichever occurs last.
15 - If we ask for other people’s personal data
Please refer them to this notice and ask for their permission to share their information first.
LAWFUL BASES
The lawful bases we rely on for our processing are:
Purpose | Lawful basis |
---|---|
When you use our websites | It is in our legitimate interests to provide a fully-functioning, accessible and useful website to our customers. |
When we need to verify your age | We process this data to satisfy our legal obligation to not sell alcohol to anyone under the age of 18. It is in our legitimate interests to ensure that we do not market alcohol to anyone under the age of 18. |
We need to verify or record information about your identity | This is sometimes due to a legal obligation imposed under the Licensing Act |
When you make a booking, payment, request a refund, use a loyalty card, use a gift card, use our Wi-Fi or when we send you service-related communications |
We process data to set up the contract, provide the services to you and notify you of any important changes to them. We process booking data to send service messages (such as confirmations, notifications of change and reminders) to you and other people whose contact details you may provide as it is in yours, theirs and our legitimate interest. |
When you subscribe to newsletters or direct marketing |
We send marketing information to people who consent to receive it.
|
When we carry out profiling | This helps our business to develop by targeting our advertising and marketing and understand more about our customers like and dislikes, which are legitimate interests for us. |
When you use a gift card or participate in a loyalty scheme | To provide the benefits you are due under the contract. |
When you submit queries, compliments or complaints | Sometimes our processing will be necessary for us to meet the terms of the contract we have with you. Otherwise, it we will have a legitimate interest in dealing fully with the matter you have raised. |
We record promotional videos or interviews or take photos | It is in our legitimate interests to take photos and video and recordings to promote our businesses positively via our marketing and press releases. |
When we record CCTV images or emergency phone calls | We may be required to do so by a licensing authority (legal obligation) or choose to do so for the purposes stated on the signage (legitimate interest). |
When we record phone calls to our offices | It's in our legitimate interest to be able to use suitable recordings to train call handlers and to be able to refer to recordings when that can help resolve a dispute. |
When an accident occurs | We record accidents primarily for compliance with our legal obligations and to support and defend claims (legitimate interest). |
When we impose a ban | We may impose a ban on visiting our premises, to protect our customers and staff (legitimate interest). |
Data Sharing
Other companies in the Greene King group
Whenever other companies in the Greene King group help us to provide our products or services, we may need to share some of your personal information with them. These companies are:
Company | Role | Registered Office |
---|---|---|
CK Asset Holdings Limited | The ultimate holding company of the Greene King group | 8th Floor, Cheung Kong Centre, 2 Queen’s Road Central, Hong Kong |
Greene King Limited | The holding company in the Greene King Group | Westgate Brewery, Bury st Edmunds, Suffolk, IP33 1QT |
Greene King Retailing Limited | Operating companies that own pubs within the group | |
Spirit Pub Company (Managed) Limited | ||
Spirit Pub Company (Trent) Limited |
||
Greene King Services Limited | Companies that employee the group's employees | |
Greene King Retail Services Limited |
Each of these companies is bound by the terms of this privacy notice and they are required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
Other organisations who help us to provide our products and services
We work with a number of third-party suppliers and service providers. Many of these organisations process personal data to provide products or services to us, or on our behalf.
These organisations are bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
The categories of recipients include:
- Website and application (app) providers
- Marketing and analysis providers
- Bookings providers
- Security service operations
- Guest voucher providers
Other situations in which we may share your personal data
We will share your personal data if it is necessary to do so to comply with a legal requirement, such as to comply with a condition attached to a premises license by a licensing authority.
We will share your personal data if it is necessary to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt or defend other legal rights.
We may need to share your personal data with an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, acquisition, restructuring or insolvency of any part of our business, provided that we inform any recipient that it must use your personal information only for the purposes disclosed in this privacy notice.
We may share your personal data where there is a legitimate interest to do so, for example, for the detection or prevention of crime, fraud or money laundering; to allow a regulator or ombudsman to investigate a complaint you have submitted to them; or to protect the rights of other people or organisations.
International data transfers
Some of our third-party processors operate outside of the UK. Under these circumstances, before your personal data is transferred outside the UK, we implement at least one of the following safeguards:
- Carry out Risk Assessments to determine the levels of protection needed to ensure security of your personal data in the recipient country
- Put appropriate controls in place to ensure suitable levels of protection for your data where the recipient country is not deemed as adequate, for example standard contractual clauses
More information about this is available on the UK government website
SAFEGUARDING
We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. Our protective measures include:
- Not collecting personal data that we don’t really need
- Securely destroying or anonymising personal data when we don’t need it any more
- Only allowing our employees and our suppliers to process the personal data they need to carry out their duties
- Encrypting personal data to render it useless to anyone who is not authorised to access it
- Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
- Binding our suppliers and partners to the same standards and duty of care that we hold ourselves to
- Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
- Making periodic checks that these safeguards are working well and making improvements to them when we think we can do better.
YOUR RIGHTS
Data protection law provides you with certain rights and as a responsible data controller, we are committed to uphold these:
Name of right | Description |
---|---|
Information | You have the right to be informed what we will use your personal information for, where we obtain it, who we share it with and how long we keep it for. This is the primary reason for publishing this notice. |
Access | You have the right to access a copy of your personal data and an explanation of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’. |
Rectification | You have the right to ask us to correct or stop processing inaccurate personal data. |
Erasure ('right to be forgotten') | You have a right in certain situations to ask us to delete your personal data. |
Restriction of processing | You have a right in certain situations to ask us not to process your personal data. |
Object to processing | You have the right in certain situations to object to the fact that we are processing some of your personal data. |
Portability | You have the right in certain situations to ask us to pass some of your personal data to another data controller on your behalf. |
Complain | You have a right to submit a complaint to the UK Information Commissioner’s Office (ICO). You can find guidance on making a complaint on the ICO’s website. |
withdraw Consent | Most of the personal data processing we do is not dependent on your consent but any consent that we are relying on can be withdrawn if you wish to do so. |
Detailed information about all of these rights can be found on the ICO website.
If you notify us that you want to exercise your rights, we will acknowledge your request promptly. If we don’t already know who you are, we may need to ask you to provide us with additional information to verify your identify. In most circumstances, you will not be required to pay a charge for exercising your rights.
We will then gather relevant information to respond to your request. We will carry this work out as quickly as possible, but it may take up to one calendar month to respond to you. We may respond to your request in phases as information becomes available.
If we cannot satisfy your request within the time period, we will let you know why and when we expect to be able to provide you with either additional information, or with a full response. If we decide that we cannot satisfy your request, we will provide you with our decision and our reasons for it within one calendar month.
We retain data relating to your request for up to 3 years from the date of our last correspondence to you in relation to your request.
CONTACT US
If you want to discuss how we use your personal data, opt out of profiling, exercise your data protection rights or contact our data protection officer, you may write to: Greene King, Westgate Brewery, Bury St Edmunds, Suffolk, IP33 1QT; or send an email to: dataprotection@greeneking.co.uk.
STATUS
This version of our privacy notice is effective from 19/12/2023