By accessing or using the Dines App Ltd (“Dines”) web site or smartphone app, you agree to the terms of this Online Privacy Policy, as outlined below. If you do not agree to these terms, please do not access or use this site or our services.
Your privacy is genuinely important to us. Dines App Ltd (“Dines,” “we,” “our,” or “us”) are committed to safeguarding your data in line with current data protection and privacy laws, including the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018.
The data we collect depends on the context of your interactions with us. Unless otherwise defined below, “you” or “your” refers to any person authorised to use dines.co.uk, its subdomains, our mobile applications, or other services we provide (the “Services”).
“Personal Data,” as defined by the UK GDPR, means any information relating to an identified or identifiable natural person. We also comply with any other applicable laws or regulations in the countries and territories we operate.
Dines will generally act as a Data Controller (as defined by the UK GDPR) for the personal data we collect in connection with our Services. In certain situations, we may also act as a Data Processor if we process personal data strictly under the instructions of a partner business (“Business” or “Businesses”) that uses our software platform (the “System”). If you have questions about how a specific Business handles your data, please consult that Business’s privacy policy.
Should we ask you to provide certain information by which you can be identified when using our Services, you can be assured that it will only be used in accordance with this Privacy Policy.
We may collect personal data about you in the following circumstances:
When you interact with Dines directly:
Placing an online order through our website or app.
Filling in a form or survey on our website or app.
Contacting us by email, telephone, or social media.
Applying for a job as part of our recruitment process.
When you use a Business that utilises the Dines System:
Placing an order for food or services, where we collect your name, email address, order details, and payment information on behalf of the Business to facilitate the transaction.
When we receive data from third-party sources:
Marketing partners: Trusted service providers that supply us with contact details or aggregated demographic information.
Publicly available sources: Public social media posts, public databases, or other readily available public information.
Technical Data: IP addresses, device identifiers, browsing history, or referral information automatically collected via cookies, pixels, or web beacons.
The types of personal data you voluntarily provide may include:
Name, address, and telephone number.
Email address.
Payment details (for example, partial card information when you place an order).
Communications preferences (for example, opting into marketing emails from Businesses that utilise the Dines system).
We use cookies and similar technologies to automatically collect:
IP address and browser type/version.
Device IDs or other unique identifiers.
We do not intentionally collect Special Categories of personal data (e.g., race, religion, sexual orientation, or trade union membership). If you provide health-related data (for example, allergies or dietary preferences) while placing an order through a Business that uses the Dines System, we act as a Data Processor on the Business’s behalf. In those cases, please refer to the relevant Business’s privacy policy regarding how they handle your personal data and any Special Category data.
Our Services are not intended for individuals under the age of 18. We do not knowingly collect data from children under 18. If you believe we have inadvertently collected personal data from a child, please contact us immediately so we can delete the information.
If you are a staff member or representative of a Business, we may collect information such as your name, job role, and business contact details as part of providing services to that Business.
Providing personal data is not mandatory. However, if you choose not to disclose certain personal data, you may be unable to access or use parts of our website, app, or features of the Dines System.
We use your personal data for legitimate business purposes, including:
Order Fulfillment: To process and manage your food order when using a Business that utilsises our System.
Service Delivery for Businesses: Providing and maintaining our Services, including Bussiness Account management and Business Customer Support.
Communications: Sending information about our services, responding to inquiries, or delivering marketing communications (with your consent or in line with our legitimate interests).
Security: Detecting, investigating, and preventing fraudulent or unauthorised activities.
Job Applications: Evaluating suitability for roles, conducting pre-employment screenings, or processing HR paperwork.
Under UK GDPR, our lawful bases for processing personal data include:
Consent: Where you explicitly opt in (e.g., for certain marketing communications).
Contract: Where processing is necessary to fulfill a contract with you or provide a service you requested.
Legal Obligations: When required by law, such as responding to lawful requests from public authorities.
We do not sell or rent your personal data to third parties. However, we may share data under the following circumstances:
With Your Consent: When you have given us permission to share information for a specific purpose.
Within Our Affiliates: To support internal operations (e.g., data processing, providing you with services).
Compliance and Protection: When required by law, court order, or for legal proceedings, or to protect our rights, safety, or property, or that of our users.
Business Transfers: If Dines is acquired, merges with another company, or sells assets, we may transfer user data to the new entity, subject to the same or a similarly protective privacy policy.
Third-Party Service Providers:
Cloud Hosting: AWS or similar providers that host our infrastructure.
Payment Processors: (e.g., Stripe) for secure transaction processing.
Delivery Services: If you order from a Business that offers delivery.
Marketing or Analytics Partners: Entities helping us with marketing campaigns or usage analytics, under strict confidentiality arrangements.
Businesses Using Our System: For facilitating orders if you have placed an order via the System for items sold by the Business.
We may transfer personal data outside the UK or EEA when necessary (e.g., to a global cloud provider or sub-processor). In such cases, we ensure that any transfer meets legal requirements (e.g., Standard Contractual Clauses or adequacy decisions) and that your personal data remains subject to the same level of protection as within the UK/EEA.
We apply administrative, logical, and physical measures to protect your personal data:
Encryption: HTTPS/TLS in transit, plus encrypted storage for sensitive records.
Access Controls: Only authorised personnel with a business need can access personal data, under strict confidentiality.
PCI DSS Compliance: Payment data is processed through PCI DSS-compliant gateways.
Monitoring: We use automated alerts to monitor for suspicious activity or data breaches.
No data transmission over the internet can be guaranteed 100% secure. We cannot warrant the security of information you send electronically. In the event of an actual or suspected data breach, we will notify you and the relevant authorities as legally required.
We retain personal data only as long as necessary for the purpose it was collected. Broadly, we adhere to:
Order Data: Typically retained for 12 months for refund or dispute purposes, unless law requires a longer retention period (e.g., up to 6 years for certain financial records).
Contact or Business Account Data: Retained while Businesses maintain an account or communicate with us. Business Accountholder data may then be securely deleted or anonymised after 12 months of inactivity (unless we have a legitimate reason or legal obligation to keep it longer).
We take reasonable measures to securely delete or anonymise data after its retention period expires.
Under the UK GDPR and EU GDPR (where applicable), you have certain rights regarding your personal data, including:
Right to Withdraw Consent (if processing is based on consent).
Right of Access (Data Subject Access Request).
Right to Rectification (correcting inaccurate data).
Right to Erasure (“right to be forgotten”).
Right to Object (particularly for direct marketing or processing under legitimate interests).
Right to Restrict Processing (temporarily limit processing under certain circumstances).
Right to Data Portability (request a copy in a structured format).
Right not to be subject to automated decisions with significant effects, unless necessary for a contract.
If you wish to exercise any of these rights, please contact us by emailing dpo@dines.co.uk. We will respond within one month unless the request is particularly complex, in which case we will inform you of any necessary extension.
If you opt in to receive marketing from a Business through the Dines System after placing an order with them, that Business controls the marketing relationship. You can opt out by following that Business’s unsubscribe process or contacting them directly.
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact:
Data Protection Team
Dines App Ltd
20-22 Wenlock Road
London
N1 7GU
United Kingdom
Email: dpo@dines.co.uk
We may request additional information to confirm your identity and ensure your personal data is not disclosed to unauthorised parties.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). If you reside in another country, you may contact your local supervisory authority. However, we would appreciate the chance to address your concerns first. Please contact us using the details in the “Contacting Us” section above.
We may update this Privacy Policy periodically to reflect changes in our practices or the law. When we make material changes (such as processing your data for new, incompatible purposes), we will notify you in a manner consistent with the significance of the changes, for example by posting on our website or emailing you. Your continued use of our Services after the publication of any updated Privacy Policy indicates acceptance of those changes.