Privacy notice
Version 1 10th May 2018
This Privacy Policy contains 10 sections .
1. Introduction
Welcome to Pizza Hut Restaurants. This policy explains how we handle and use your personal information and your rights in relation to that information. Under data protection law, Pizza Hut (U.K.) Limited is the controller of that information. A separate company and its franchisees operate the Pizza Hut Delivery business and any of your personal information collected by those companies will be handled and used in the ways mentioned in their privacy policy (not ours).
Pizza Hut (U.K.) Limited (we, our or us) are committed to protecting and respecting your privacy.
This Privacy Policy explains why and how we will use the personal information that we have obtained from you or others, with whom we share it and the rights you have in connection with the information we use. Please read the following carefully.
This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us as a business, including when you visit our restaurants, social media pages or website currently located at www.pizzahut.co.uk/restaurants (Site) or when you contact us, use our Apps or take part in any of our competitions or promotions.
Pizza Hut (U.K.) Limited is the controller in relation to the processing activities described below. This means that Pizza Hut (U.K.) Limited decides why and how your personal information is processed. Please see the section at the end of this policy for our contact and legal information.
This policy was last updated on the date that appears at the top of this page.
Pizza Hut Delivery is a separate business and operated by a separate company
Please note: a separate company, Yum! III (UK) Limited, and its franchisees operate the Pizza Hut Delivery business and any of your personal information collected by those companies will be handled and used in the ways mentioned in their privacy policy (not ours). Except for the web pages available at www.pizzahut.co.uk/restaurants, all other parts of the website located at www.pizzahut.co.uk are owned and operated by Yum! III (UK) Limited and any personal information collected by that website will be received by that company and/or its franchisees. Please visit the Pizza Hut Delivery Privacy Policy to find out more.
2. Personal Information we collect about you
We receive personal information about you that you give to us, that we collect from your visits to our restaurants, Site, Apps and social media pages and that we obtain from other sources. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.
Personal information that you give to us
We collect the following information if you choose to give it to us in connection with your table reservations, your visits to our restaurants, registration on our Site, Apps or social media pages or when exercising your legal rights:
• your name, title and contact details (email address, telephone number, postal address, social media handle);
• your date of birth;
• the names and ages of your family and friends in connection with any special events;
• any information you include in correspondence you send to us or in forms you submit to us at our restaurants or when using our Site, Apps or social media pages;
• details of your orders;
• your dietary preferences and food allergies;
• your marketing and restaurant preferences;
• the opinions and other information you provide when responding to customer surveys;
• any personal information included in your entries to competitions that we run;
• the unique identification number of any vouchers you use or in relation to memberships you hold when you use these to claim discounts or offers with us. For example, if you use a student, discount or membership card, we will collect the unique identification number from that card;
• your identification information when exercising the rights that you have in relation to our processing of your personal information (see further Your rights in relation to your personal information)
• your payment card and, in relation to certain refunds, your bank account details.
Information that we collect about you
When you visit one of our restaurants we automatically collect:
• the number of individuals in your party and, for pre-booked tables, the number of children in your party;
• the location and frequency of your visits but only if you have registered with our loyalty App;
• the unique identification number for the vouchers you obtain from us;
• the frequency of your use of vouchers; and
• footage of you and your party (including your/their physical appearance) on CCTV.
When you visit our Site or use our Apps we automatically collect:
• the frequency of your table reservations and voucher downloads;
• the internet protocol (IP) address of your device and details regarding the type of device and browser software you use to access the Site;
• details of your use of our Site and Apps, namely traffic data, weblogs and statistical data, including where and when you clicked on certain parts of our Site and details of the webpage from which you visited it;
• details regarding when and how you consented to receive marketing communications from us (including the time and date you provided your consent); and
• cookie, pixels and beacon identification information (for more information please see our Cookie Policy).
When you visit our social media pages we collect:
• the information you post on those pages;
• information regarding your interactions with the content we post; and
• statistical information regarding all our followers’ activities (but from which we cannot identify you as we only have access to this information in aggregated form).
3. Use of Your Personal Information
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited marketing communications from us if you have consented and can opt-out of receiving them at any time. We do not share your personal information with companies that would send their marketing to you.
3.1 Where you have provided CONSENT
We may use and process your personal information for the following purposes where you have consented for us to do so:
• to contact you via email or SMS (as you have indicated) with marketing information about our products and services (see Marketing for further details);
• if you or another person falls ill or are injured in or near one of our restaurants and you give us your permission to use your personal information so that we can help; and
• to collect and use information about your dietary preferences and food allergies, for which we will always obtain your explicit consent.
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Your rights over your personal information for further details.
3.2 Where necessary to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations:
• to keep a record relating the exercise of any of your rights relating to our processing of your personal information;
• to take any actions in relation to health and safety incidents required by law; and
• to handle and resolve any complaints we receive relating to the services we provide.
3.3 Where necessary for us to pursue a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns
• for analysis and insight conducted to inform our marketing strategies, and to enhance your visitor experience;
• to tailor and personalise our marketing communications based on your attributes;
• to supply your details to social media and other online platforms operated by other companies for them to contact you with our targeted advertising online, unless you object.You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us;
• to identify and record when you have received, opened or engaged with our website or electronic communications (please see our Cookie Policy for more information).
Processing necessary for us to support our visitors and guests with their enquiries
• to respond to correspondence you send to us and fulfil the requests you make to us.
Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors
• to analyse, evaluate and improve our products and services so that your visit and use of our Site, Apps, social media pages, guest services and restaurants are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);
• to undertake market analysis and research (including contacting you with customer surveys) so that we can better understand you as a guest;
• for product development purposes (for example to offer new toppings or crusts).
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
• to administer our Site, Apps and our social media pages and for internal operations, including troubleshooting, testing, statistical purposes;
• for the prevention of fraud and other criminal activities;
• to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
• for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
• to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
• for the purposes of corporate restructure or reorganisation or sale of our business or assets;
• for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
• to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
• to inform you of updates to our terms and conditions and policies; and
• for other general administration including managing your queries, complaints, or claims, and to send service messages to you.
3.4 Where necessary for us to carry out PRE-CONTRACT STEPS you have requested or for the performance of our CONTRACT
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:
• to fulfil your table reservations, food orders and event requirements;
• to process your payment card or bank details when taking payment for your orders or when providing a refund; and
• to run our competitions and promotions that you enter from time to time and to distribute prizes.
3.5 Where processing is in your VITAL INTERESTS
We will use your personal information where this is in your vital interests for the following purposes:
• to notify you of any food safety or product recall issues; and
• if you or another person falls ill or are injured in or near one of our restaurants and you are physically or legally unable to give us your permission to use your personal information so that we can help.
Marketing communications: If you give your consent, we may use your personal information to contact you by email or SMS (as you indicate) to send you newsletters or to notify you of special offers, promotions, competitions or new products and services. We try to adapt any marketing material that we send to you, for example by notifying you of special offers or promotions that apply to your interests and in your location. If you do not wish to receive communications from us, please inform us by using the unsubscribe link inside the email or code within the SMS, by using our comments form or, if you have a registered account on one of our Apps, by changing your profile settings from within your account.
If you opt-out of receiving marketing communications from us, we keep your email address on our suppression list for a defined period to ensure that we comply with your wishes. Please see further The periods for which we retain your personal information.
4. Disclosure of your personal information by us
We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.
We may disclose your information to our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site, Apps and social media pages. Our Suppliers can be categorised as follows:
| Recipient / relationship to us | Industry sector (& sub-sector) |
|---|---|
| Advertising, PR, digital and creative agencies | Media (Advertising & PR) |
| Banks, payment processors and financial services providers | Finance (Banking & Payment Processing) |
| CCTV administration and monitoring service providers | Surveillance (CCTV) |
| Cloud software system providers, including database, email and document management providers | IT (Cloud Services) |
| Customer care/services providers | Customer Services (Support) |
| Delivery and mailing services providers | Logistics (Delivery Service) |
| Facilities and technology service providers including scanning and data destruction providers | IT (Data Management) |
| Gift card service providers | Customer Services (Support) |
| Health and safety claims administrators and consultants | Health & Safety (Claims) |
| Insurers and insurance brokers | Insurance (Underwriting & Broking) |
| Legal, security and other professional advisers and consultants | Professional Services (Legal & Accounting) |
| Market and customer research providers | Media (Market Research) |
| Social media platforms | Media (Social Media) |
| Website and data analytics platform providers | IT (Data Analytics) |
| Website and App developers | IT (Software Development) |
| Website hosting services providers | IT (Hosting) |
| Wifi and other communication service providers | IT (Telecommunications) |
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information safe and secure.
We may disclose personal information to other third parties as follows:
- to our franchisor, Yum! III UK Limited, for auditing and administration purposes;
- to any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and
if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, courts, tribunals or regulators.
5. Transfers of your personal information outside of Europe
Except in a limited number of cases, we do not transfer your personal information outside of Europe. Where we do, we take measures to protect your personal information.
Some of the information you provide to us may be transferred to countries outside the European Economic Area (EEA). For example, we transfer your personal information to the USA when using our email marketing services provider, certain data analytics providers and most social media platforms.
Where we transfer your information outside of the EEA in this way, we take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected in the ways required by data protection law as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy or access to the relevant documents.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
6. Security and links to other websites
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our Site may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password or pin allowing you access to certain parts of the Site or our Apps, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
Our Site, Apps and social media pages may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites‚ so we encourage you to read their privacy policies. We are not responsible for the privacy policies and practices of other websites (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.
In addition, if you linked to our Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
7. The periods for which we retain your personal information
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. For certain purposes we retain your personal information for a very short period (e.g. CCTV footage) whilst for others we retain it for a period of 10 years after the information is no longer required for business reasons so that we can deal with any legal proceedings that could arise.
We retain your personal information for the following periods:
|
Type of personal information |
When do we receive your personal information? |
How long do we keep your personal information after we receive it? |
|
Name, email address, telephone number, postal address, date of birth, names and ages of your friends and family, your marketing and restaurant preferences |
When you book a table |
Up to 3 years from the date of your last booking unless at the time of your booking you sign up to receive marketing.
|
|
Name, email address, telephone number, postal address, date of birth, your marketing and restaurant preferences |
When you register on our website for email offers |
2 years from the date you last register or the last time you open one of our emails. |
|
Name, email address, telephone number, postal address, date of birth, your marketing and restaurant preferences |
When you download a voucher from our website |
2 years from the date of your last download or the last time you open one of our emails. |
|
Details regarding when you have consented to receiving marketing from us |
When you complete the consent form |
2 years from the date you complete the form or the last time you open one of our emails. |
|
Social media handles |
When you follow our social media account or page |
Until you stop following our social media account or page. |
|
Name, email address, telephone number, date of birth, marketing and restaurant preferences, location and frequency of your visits |
When you sign up for our loyalty app |
5 years from the last time you use the app. |
|
The frequency of use of your vouchers |
The date you redeem your voucher |
If you have registered with our loyalty app, 5 years from the date you sign up if you are an inactive app user, indefinitely if you are an active app user.
If you haven’t registered with our loyalty app, 2 years from the date you redeem the voucher, unless you continue to subscribe to our email marketing list. |
|
Information included in any correspondence to our restaurants, to our Customer Care team or via our apps or social media pages |
When we receive the correspondence |
1 year, but up to 10 years to bring, establish or defend legal claims. |
|
Food allergies |
When you inform us of the allergy |
Up to 10 years from the date you inform us to bring, establish or defend legal claims. |
|
Details of your orders (including no. of people in party) |
When our systems record your order |
3 years |
|
Your identification information in relation to the processing of your personal info – e.g. unique IDs for processing vouchers, loyalty app IDs |
When we receive a submitted loyalty application or voucher redemption from you |
3 years |
|
Any third party account information held to obtain a discount (e.g. Student ID, Tastecard ID) |
When your card is used to obtain a discount |
3 years |
|
Opinions /other information you give via customer surveys (including dietary preferences) |
When you submit your form online |
2 years if you have completed a post-meal questionnaire, then archived on our system.
Up to 2 years for all other research. |
|
Information you give to us when entering a competition |
When we receive your completed entry form |
5 years. |
|
Payment card information |
When the payment is processed via restaurant card terminals (or in unusual circumstances by our Head Office, Customer Care team or our card processor) |
We hold physical truncated payment card information at the restaurant at which payment was taken for 12 weeks.
Information obtained in electronic form is held for 3 years . |
|
CCTV Footage of you and your party |
From when you enter the restaurant until you leave |
28 days or less after the footage is recorded, except in respect of a small number of restaurants which store the footage for up to 90 days after recording. If we are required to download footage for the purposes of litigation or police investigations we will keep it for as long as required for the litigation/investigation. |
|
IP addresses and type of device |
When you use any of our websites or apps |
1 month from the date of collection. |
|
Details of your use of our website, including cookies, pixel and beacon information |
When you click on pizzzahut.co.uk/restaurants |
Various periods - please see our Cookies Policy for details of individual expiry periods of cookies. |
|
Telephone call recordings |
From when a your call is answered by our Customer Care team until the call ends (except when discussing financial information ) |
6 months |
The only exceptions to the periods mentioned above are where:
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Your rights in relation to your personal information);
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Your rights in relation to your personal information);
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
- we archive the information, in which case we will delete it in accordance with our deletion cycle; or
in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
8. Your rights in relation to your personal data
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request.
You have the following rights, some of which may only apply in certain circumstances:
• to be informed about the processing of your personal information (this is what this statement sets out to do);
• to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
• to object to processing of your personal information;
Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use the unsubscribe link on our emails.
• to withdraw your consent to processing your personal information;
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using unsubscribe link in our emails. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
• to restrict processing of your personal information;
You may ask us to restrict the rocessing your personal information in the following situations:
- where you believe it is unlawful for us to do so,
- you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
• to have your personal information erased;
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
• to request access to your personal information and information about how we process it;
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
• to electronically move, copy or transfer your personal information in a standard, machine-readable form; and
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
• rights relating to automated decision making, including profiling.
You may also contest a decision made about you based purely on automated processing by contacting our Data Protection Officer by email at dpo@phr.co.uk.
To exercise these rights, please contact us using the details at the end of this policy.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website, where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
9. Changes to our Privacy Policy
Please check this page regularly for changes to this policy. We will email you with changes if we hold a valid email address for you.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and/or by contacting you by email. Any changes will take effect 7 days after we post the modified terms on our Site or after the date we notify you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.
10. Contact and legal information
You can contact us with your queries in relation to this policy or for any other reason by post, email or by phone.
To contact us in relation to this policy, including to exercise any of your rights in relation to your personal information, please contact Data Protection Officer, by post at One Imperial Place, Elstree Way, Borehamwood, Herts, or by email at dpo@phr.co.uk.
For anything else, including general enquiries, please contact us by post at Pizza Hut Restaurants, 34 Walker Avenue, Wolverton Mill, MK12 5TW or via our comments form (including to update your marketing preferences), or by phone using a number on our Contact Us page.
Pizza Hut (U.K.) Limited’s company registration number is 01072921 and registered office address is Building 1, Imperial Place, Elstree Way, Borehamwood, Herts, WD6 1JN.
The sale of this gift card is facilitated by Orion Security Print Ltd on behalf of Pizza Hut Restaurants. Your personal information (name, email address, postal address & telephone number) is collected and stored solely for the purposes of the fulfilment of your order by Orion Security Print Ltd and will be retained for up to two years. Pizza Hut Restaurants have access to the data from gift card orders but we will not send any marketing communication to you unless you sign up to receive these from the newsletter sign-up button shown in the footer of the website (or have already signed up via other means). For further information on how Orion and Pizza Hut handle your personal information please see (https://www.pizzahut.co.uk/restaurants/about/privacy-policy/) and Orion’s privacy policy (https://www.orionprint.com/data-privacy-policy/).