Privacy Policy
Effective Date: 13th November 2019

1 .Introduction

1.1 In this policy, “Base”, “we”, “us” and “our” refer to Base Control Management Limited an Irish company registered in Ireland under company number 549842.

1.2 We are committed to safeguarding the privacy and personal data of our website visitors, apps and service users. Our privacy programme is governed, in part, by the rules of General Data Protection Regulation (GDPR) and the Data Protection Act of 2018.

1.3“Personal data” that we process means any information that relates to a living, identifiable person, including but limited to names, physical and email addresses, internet identifiers, phone numbers, and other information relating to that person, and either individually or combined can be used to identify that person.

1.4 “Process” or “Processing” in the context of this policy means the activities we perform on personal data, such as collection, computing, storage and disposal.

1.5 This policy applies when we are a data controller, as defined in the GDPR, with respect to the personal data of our website visitors, apps and service users. As a data controller, we determine the purpose and means of personal data processing. Our terms of service further outline data processor accountabilities, as defined in the GDPR.

1.6 Our personal data processing is consistent with the principles outlined in the GDPR:

– We process personal data lawfully, in a way that you would reasonably expect, and we are open and clear about our personal data processing practices;
– We will only collect and process personal data that we need to and when it is necessary for processing that is required by our websites, apps and services;
– We will only collect and process personal data that is optional, such as marketing, after we receive your informed, freely given consent enabled by privacy controls on our websites, apps and services; you can opt out at any time after providing consent;
– When we do, we will be clear about why and how we are doing so, and for how long we will retain the personal data;
– We will take steps to ensure the personal data is accurate and provide means to correct inaccuracies; and
– We implement appropriate, common, technical and organizational controls to safeguard personal data for integrity and confidentiality.

1.7 All credit card details are stored securely with Stripe. Neither the Store nor Base have access to your credit card number, with the exception of the last 4 digits of your card number and expiry date which is used to identify cards and orders.

2 . How we use your personal data

2.1 Here we describe:

a.the general categories of personal data that we may process;
b.the source and specific categories of that data, in case we did not obtain it directly from you;
c.the purposes for which we may process personal data; and
d.the legal reasons (known as lawful bases) for processing personal data.

2.2 We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. This includes:

a. Direct Interactions: We process personal data you provide directly to us through our website, apps and services. This could happen when you:

– correspond with us;
– enquire about our products and services;
– set up or manage a profile or account;
– verify your identity;
– purchase our products and services; or
– opt into communications and/or marketing services (by providing consent).

We process this information to provide the service you have requested. Our lawful basis for processing is legitimate interests.

b. Usage Data: We may process data about your use of our website and services. The usage data may include:

– IP address;
– geographical location;
– browser type and version;
– operating system;
– referral source;
– length of visit;
– page views;
– website navigation paths; or
– information about the timing, frequency and pattern of your service use.

The source of the usage data is our analytics tracking system. We process this information for monitoring and security purposes, and to improve our website and services. Our lawful basis for processing is legitimate interests.

c. Account data: When you set up an account with Base, we need to store some information in order to preserve your account and login details. This includes the name and email address you give us when signing up. We use account data to:

– operate our website;
– provide our services;
– ensure the security of our website and services;
– maintain back-ups of our databases; or
– communicate with you.

Depending upon the nature of the processing, the lawful basis for this processing is either our:

– legitimate interests (namely the proper administration of our service and business); or
– contract performance.

d. Profile Data: We may process your information included in your personal profile on our website. The profile data may include:

– name;
– address;
– telephone number;
– email address; or
– date of birth.

The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The lawful basis for this processing is either our:

– legitimate interests (namely the proper administration of our website and business); or
– contract performance.

e. Transaction Data: We may process information relating to transactions, including purchases of goods and services. The transaction data may include:

– contact details;
– your card details; or
– transaction details.

The correspondence data may include communication content and transmission or website forms’ data we associate with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The lawful basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.

2.3 Additionally, we may process any of your personal data identified in this policy where necessary for:

– the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The lawful basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights or the legal rights of others; or

– the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks;
compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

3. Providing your personal data to others

3.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the lawful bases, set out in this policy.

3.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

3.3 We may disclose your personal data to our suppliers, subcontractors or partners insofar as reasonably necessary for providing a service to you. For example, your contact details, location details, relevant payment information, name, phone number, email address and other details will be provided to the store/restaurant that you are placing an order with.

3.4 Financial transactions relating to our services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds and protecting us from fraudulent transactions.

3.5 We may disclose your enquiry data, if you provide consent prior by opting into marketing and communications, to one or more of those selected third-party suppliers of goods and services for the purpose of enabling them to contact you so that they can offer, market and sell to you relevant goods and/or services. Each such third party will act as a data controller in relation to the enquiry data that we supply to it; and upon contacting you, each such third party will supply to you a copy of its own privacy policy, which will govern that third party’s use of your personal data.

3.6 Additionally, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

4. International transfers of your personal data

4.1 We and our group companies have offices and facilities in Ireland. We use technical computing facilities in Ireland.

4.2 We contract with third parties outside of the European Economic Area (EEA): India, Chile, USA, Canada and other countries. We may transfer personal data to these providers for the processing and lawful reasons described in this policy. We perform international data transfers in compliance with the GDPR’s rules for those transfers, including the safeguarding of personal data.

4.3 For the USA and Canada, we rely on the European Commission’s recognition that those countries outside the EU offer an adequate level of data protection (an adequacy decision). We apply technical and organizational safeguards for the protection of personal data.

4.4 For the other countries not covered by the European Commission’s adequacy decision, we employ appropriate safeguards to protect international data transfers. These safeguards include the use of standard contractual clauses, for data transfers to data controllers or processors, adopted or approved by the European Commission.

4.5 You may request more information about the safeguards that we have in place for the transfer of personal data by contacting us at [email protected]

5. Retaining and deleting personal data

5.1 We keep personal data that we process for any purpose or purposes for the least amount of time that is necessary. Personal data may be retained for up to six (6) years following your most recent access of our service or platform.

5.2 In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the maximum period of retention based on our legitimate needs to retain data.

5.3 Additionally, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

6. Your rights

6.1 Your principal rights under the GDPR are the:

a. right to access;
b. right to rectification;
c. right to erasure;
d. right to restrict processing;
e. right to object to processing;
f. right to data portability;
g. right to complain to a supervisory authority; and

6.2 You have the right to confirmation as to whether we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. All requests are subject to clauses 6.13 – 7.16.

6.3 You have the right to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.

6.4 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent- based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

6.5 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

6.6 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the lawful basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

6.7 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

6.8 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

6.9 To the extent that the legal basis for our processing of your personal data is:

consent; or
that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract; and

such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

6.10 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

6.11 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

6.12 You may exercise any of your rights in relation to your personal data by written notice to us by email to [email protected] or other means of communication.

6.13 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:

– that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request;
– sufficient information to allow us to locate your personal data, such as your mobile phone number;
– number or relevant order IDs; and
– the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

6.14 We may withhold personal information that you request to the extent permitted by law.

6.15 We may withhold personal information that you request if the requests are deemed vexatious, manifestly unfounded, excessive or repetitive.

6.16 You may instruct us at any time not to process your personal information for marketing purposes.

7.You may instruct us at any time not to process your personal information for marketing purposes.

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie.

Cookies are useful because they allow a website to recognise a user’s device, preferences and generally help to improve your online experience.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Please be aware that some of areas of our website may not function if your web browser does not accept certain cookies.

You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu

7.2 We use cookies for the following purposes and periods of time:

7.3 Managing your cookies:

By using our website, you agree that we can place the strictly necessary cookies on your device. If you want to restrict or block any of the third-party cookies that we do not control, you should do this through the web browser settings for each browser you use and on each device you use to access the internet.

Here are links to managing your cookies for common browsers:

a. Chrome: https://support.google.com/chrome/answer/95647?hl=en
b. Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
c. Opera: http://www.opera.com/help/tutorials/security/cookies/
d. Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage- cookies
e. Safari: https://support.apple.com/kb/PH21411
f. Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

If you block all or some cookies, you will not be able to use all the features on our website, some functions may not operate as intended, and may not be able to place orders.

8. Amendments

8.1 We may update this policy from time to time by publishing a new version on our website.

8.2 We may notify you of changes to this policy by email or through the private messaging system on our website, apps or services.

9.Our details

9.1 This website and service is owned and operated by Base Control Management Limited

9.2 We are registered in Ireland under registration number 549842

9.3 You can contact us:

a. using our website contact form; or
b. by email at [email protected]