privacy policy

this policy
This is the privacy policy for nez Limited trading as nez ("nez", "we","us" or "our") and our food and drink offers mobile application ("App"). Our service assists retailers in accessing a wider audience and increases their brand awareness. It also gives our end users access to exclusive offers, through the App, based on the end user's location. This is our privacy policy that explains who we are, why and how we process personal data and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.Please read the following carefully to understand our use of your personal data.

changes to this policy
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. We reserve the right to update this Privacy Policy at any time.
This policy was last updated on 2 March 2018.

personal data collection
We have compiled a table which sets out the categories of personal data we collect, the purposes for which we process such personal data and the recipients of such data.

data that we collect through the App, Beacons and other technology

End user personal data type collected
IP address from which the device accesses our server
Device ID/IDFA
Device screen size
Device model
Device operating system
Actions that the user takes inside the mobile app (e.g. deal clicked, offer selected, coupon redeemed)
Date and time of offer redemption
Latitude and longitude in relation to the location where the offer was redeemed
User’s office location (if provided by the user)

Purpose of processing
To provide our services
To administer our App
Internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes)
To ensure the proper functioning and security of our App
To optimise and personalise the user experience on the App

Categories of recipients of personal data
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries
Data centres, hosting providers, technology security providers and attribution service providers. Please see this link for more detail
Our retail partners (we only share information with the retailer whose coupon you have requested). Our retail partners are listed in full on the App

when you sign up through social media, we also collect the following data:

End user personal data type collected
Facebook ID and page URL
Email address
Facebook profile picture
Page likes on Facebook

Purpose of processing
As set out in the privacy policy of the social media business

Categories of recipients of personal data
As set out in the privacy policy of the social media business

We may provide retail partners access to further aggregated and anonymised data. This information will not contain any of our users' personal data.

how do we collect personal data?
We collect personal data in broadly three ways; (a) through our App; and (b) through Wi-Fi, mobile phone masts, beacons and other in-store technology; (c) through social media providers. We assign each user a unique identifier (nez User ID) which allows us to confirm when a user requests services through our App (including their preferences).
App. We collect information about the device you are using to connect to the services on our App or any interactive content we may provide. This includes the type of device you use, your internet browser, your location based on the unique identifier for your device such as an Internet Protocol address (IP address) or a code for an App running on your device (as set out above).
Social Media Applications. If you choose to login through your social media accounts, the social media business may provide us with certain information about you (as set out above). We do not control these third-parties and you understand and agree that any Social Media Application’s use of information collected from you (or as authorized by you), and shared with other parties, is governed by the Social Media Application’s privacy policies, terms or service and your settings on the applicable Social Media Application(s).
In store technology. When you attend a retailer premises, we may also use technologies that connect to the functionality on your mobile device (such as Bluetooth and GPS) and collect information based on Wi-Fi, mobile phone masts, beacons and other in-store technology. The information collected in-store through your mobile device using these technologies also gives us aggregated and anonymous statistics about footfall traffic in retailer premises and information about the average user but it is not used for, or available to our retailer partners at an individual user level.

legal basis on which we process personal data
The legal basis on which we process your personal data is as follows:
Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it (including in relation to location tracking and sending certain marketing material to you), we will obtain and rely on your consent in relation to the processing concerned (see below for how to withdraw your consent at any time).

Otherwise, in relation to the data obtained in the above table (excluding in relation to location data and sending you certain types of marketing material), we will process your personal data where the processing is necessary:
for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract; and/or
for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data (most circumstances in which we process your personal data in relation to a relationship that we have with the person that you work for will fall into this category).

Further processing of personal data
We take all reasonable steps, as required by law, to ensure the safety, privacy and integrity of such data and information and, where appropriate, enter into contracts with such third parties to protect the privacy and integrity of such data and any information supplied.

cookies and other technologies
When you interact with the App and our website, we try to make that experience simple and meaningful.

When you visit our website, a web server sends a cookie to your computer. When you visit our App, a web server sends a token to your mobile device.

Cookies, and other similar technologies (such as tokens), are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website and which store and sometimes track information. A number of cookies or other technologies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the website and/or App and will last for longer.

The cookies and/or other similar technologies we use collect information, such as the type of internet browser or mobile device you use, any website from which you have come to the website and/or App, your IP address and/or the operating system of your computer or mobile device.

We use cookies and/or other similar technologies, either alone or in combination with each other to:
remember that you have visited us before. This means we can identify the number of unique visitors we receive. This allows us to make sure we have enough capacity for the number of users that we get.
customise elements of the promotional layout and/or content of the pages of the website and/or App.
collect anonymous statistical information about how you use the App (including how long you spend on the website and/or App) and where you have come to the website and/or App from, so that we can improve the website and/or App and learn which parts of the website and/or App are most popular with users.

Some of the cookies and other similar technologies used by the website and/or App are set by us, and some are set by third parties who are delivering services on our behalf. A list of these third parties, and the related cookies (where available), is available here.

Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device. Please note, however, that by blocking or deleting cookies used on the website and/or App, you may not be able to take full advantage of the website and/or App.

cookies and similar technologies we use

Technology
Token

Purpose
Allow us to confirm that you have signed up to use our services and your user preferences

Type & duration
Persistent

other disclosures we may make
We may disclose a user's personal data to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.
If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of nez, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

how long do we process personal data for?
We process personal data only for as long as is reasonably necessary for the purposes set out in the table above, after which it will be deleted except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.

where do we process personal data?
Our servers are based in the UK. However some of the data that we process in relation to users may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.

Where personal data is transferred in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism which may include by entering into EC approved standard contractual clauses relevant to transfers of personal information (see European Commission Justice and Fundamental Rights) and that it is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

what are your rights?
You have the following rights in relation to personal data relating to you that we process:
You may request access to the personal data concerned (please see the section on obtaining access to your personal data, below).
You may request that any incorrect personal data about you that we are processing be rectified.
You may request that any incorrect personal data about you that we are processing be rectified.
In certain circumstances (normally where the personal data has been provided by you and it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned subject to some specific legal reasons we may have to retain certain data relating to you.
Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal compliant with the Information Commissioner.

how to withdraw your consent to processing
In relation to any processing of your personal data, that we do with your consent, you can withdraw such consent at any time:
By info@joinnez.com; and
In the case of mobile device location services, you can change your location preferences at any time by managing your device settings.

how to exercise your right of access to your personal data
You can exercise your right of access to your personal data:
By info@joinnez.com
Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.

our details – contacting us
Our full details are:

nez Limited
Floor 3
70 Wilson Street
London
EC2A 2DB
info@joinnez.com

the information commissioner
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.