Privacy Policy & Terms of Use

1. Introduction

Your privacy is genuinely important to us. Dines App Ltd (“Dines,” “we,” “our,” or “us”) are committed to safeguarding your data in line with current data protection and privacy laws, including the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018.

The data we collect depends on the context of your interactions with us. Unless otherwise defined below, “you” or “your” refers to any person authorised to use dines.co.uk, its subdomains, our mobile applications, or other services we provide (the “Services”).

“Personal Data,” as defined by the UK GDPR, means any information relating to an identified or identifiable natural person.

We also comply with any other applicable laws or regulations in the countries and territories we operate.

Dines will generally act as a Data Controller (as defined by the UK GDPR) for the personal data we collect in connection with our Services. In certain situations, we may also act as a Data Processor if we process personal data strictly under the instructions of a partner business (“Business” or “Businesses”) that uses our software platform (the “System”).

If you have questions about how a specific Business handles your data, please consult that Business's privacy policy.

Should we ask you to provide certain information by which you can be identified when using our Services, you can be assured that it will only be used in accordance with this Privacy Policy.

2. Terms of Use of the Dines Platform

2.1 Acceptance of Terms

By accessing or using the Services, you confirm that you accept these terms and agree to comply with them. If you do not agree, you must not use our Services.

2.2 Eligibility

You must be at least 18 years old to use our Services. By using the platform, you confirm that you meet this requirement.

2.3 Use of the Services

You agree to use the Services only for lawful purposes. You must not:

• Use the platform in any way that breaches applicable laws or regulations.
• Attempt to gain unauthorised access to systems, networks, or data.
• Interfere with or disrupt the integrity or performance of the Services.
• Use the Services to transmit harmful, fraudulent, or malicious content.

We reserve the right to suspend or terminate access if misuse is suspected.

2.4 Orders and Transactions

When placing an order through the Dines platform:

• You confirm that all information provided is accurate and complete.
• Orders are fulfilled by the relevant Business, not Dines.
• Dines acts as a technology provider facilitating the transaction between you and the Business.

Once an order is placed, it may not be possible to amend or cancel it. Any issues regarding preparation, quality, or fulfilment should be directed to the Business.

2.5 Payments

Payments made through the platform are processed securely via third-party payment providers.

• You agree to provide valid payment details.
• You authorise us and our payment partners to charge the full amount of your order.
• Dines does not store full payment card details.

Refunds, where applicable, are handled in accordance with the relevant Business's policies.

2.6 Pricing and Availability

All prices, menus, and availability of items are set by the Business and may change without notice. Dines is not responsible for:

• Incorrect pricing displayed by a Business
• Unavailable items
• Menu inaccuracies

2.7 Delivery and Collection

Where applicable:

• Estimated delivery or preparation times are provided by the Business and are not guaranteed.
• Dines is not responsible for delays caused by the Business or external factors.

2.8 Allergies and Dietary Requirements

If you have allergies or dietary requirements:

• You are responsible for informing the Business directly where necessary.
• Dines does not guarantee that menu information is accurate or that food is free from allergens.

2.9 Device Security and Unauthorised Use

You are responsible for maintaining the security of any device (including mobile phone, tablet, or computer) you use to access the Services.

As the Dines platform operates on a guest access basis and does not require user accounts, any activity carried out on your device will be treated as authorised by you. You agree that:

• You are responsible for ensuring your device is kept secure and not accessible to unauthorised persons.
• You are responsible for any orders placed through your device, whether authorised by you or not.
• Dines shall not be liable for any loss, cost, or damage arising from unauthorised access to or use of your device.

If you believe your device has been compromised or used without your permission, you should contact the relevant Business directly regarding any orders placed.

2.10 Intellectual Property

All content, trademarks, logos, and software on the Dines platform are owned by or licensed to Dines. You may not:

• Copy, reproduce, or distribute any content without permission
• Reverse engineer or attempt to extract source code

2.11 Limitation of Liability

To the fullest extent permitted by law:

• Dines is not liable for any indirect, incidental, or consequential damages arising from use of the Services.
• We are not responsible for acts or omissions of Businesses using our platform.
• Our liability is limited to the amount paid (if any) for the relevant transaction.

Nothing in these terms excludes liability for death, personal injury, or fraud where it would be unlawful to do so.

2.12 Termination

We may suspend or terminate your access to the Services at any time if:

• You breach these terms
• We reasonably believe your use may harm the platform or other users

2.13 Third-Party Services

The Services may include integrations or links to third-party services. We are not responsible for:

• The content, policies, or practices of third parties
• Any loss or damage arising from their use

2.14 Changes to the Services

We may update, modify, or discontinue parts of the Services at any time without notice.

2.15 Governing Law

These terms are governed by the laws of England and Wales. Any disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.

3. Data Collection

3.1 Personal Data We Collect

We may collect personal data about you in the following circumstances:

1) When you interact with Dines directly:

• Placing an online order through our website or app.
• Filling in a form or survey on our website or app.
• Contacting us by email, telephone, or social media.
• Applying for a job as part of our recruitment process.

2) When you use a Business that utilises the Dines System:

• Placing an order for food or services, where we collect your name, email address, order details, and payment information on behalf of the Business to facilitate the transaction.

3) When we receive data from third-party sources:

• Marketing partners
• Publicly available sources
• Technical Data (IP address, device identifiers, cookies, etc.)

3.2 Personal Data Collected Directly from You

Includes:

• Name, address, telephone number
• Email address
• Payment details (partial card data)
• Communication preferences

3.3 Technical Data Collected Automatically

• IP address and browser type/version
• Device identifiers

3.4 Special Categories of Personal Data

We do not intentionally collect Special Categories of personal data. Where allergy or dietary data is provided, we act as a Data Processor on behalf of the Business.

3.5 Children

Our Services are not intended for individuals under 18.

3.6 If You Are Acting on Behalf of a Business

We may collect business contact details.

3.7 If You Choose Not to Provide Data

You may be unable to access certain features.

4. Use of Data

4.1 Why We Collect Your Personal Data

We use your personal data for legitimate business purposes, including:

• Order Fulfillment: To process and manage your food order when using a Business that utilises our System.
• Service Delivery for Businesses: Providing and maintaining our Services, including Business Account management and Business Customer Support.
• Communications: Sending information about our services, responding to inquiries, or delivering marketing communications (with your consent or in line with our legitimate interests).
• Security: Detecting, investigating, and preventing fraudulent or unauthorised activities.
• Job Applications: Evaluating suitability for roles, conducting pre-employment screenings, or processing HR paperwork.

4.2 Lawful Basis

Under UK GDPR, our lawful bases for processing personal data include:

• Consent: Where you explicitly opt in (e.g., for certain marketing communications).
• Contract: Where processing is necessary to fulfill a contract with you or provide a service you requested.
• Legal Obligations: When required by law, such as responding to lawful requests from public authorities.

5. Disclosure of Data

We do not sell or rent your personal data to third parties. However, we may share data under the following circumstances:

1. With Your Consent: When you have given us permission to share information for a specific purpose.
2. Within Our Affiliates: To support internal operations (e.g., data processing, providing you with services).
3. Compliance and Protection: When required by law, court order, or for legal proceedings, or to protect our rights, safety, or property, or that of our users.
4. Business Transfers: If Dines is acquired, merges with another company, or sells assets, we may transfer user data to the new entity, subject to the same or a similarly protective privacy policy.
5. Third-Party Service Providers:
   • Cloud Hosting: AWS or similar providers that host our infrastructure.
   • Payment Processors: (e.g., Stripe) for secure transaction processing.
   • Delivery Services: If you order from a Business that offers delivery.
   • Marketing or Analytics Partners: Entities helping us with marketing campaigns or usage analytics, under strict confidentiality arrangements.
6. Businesses Using Our System: For facilitating orders if you have placed an order via the System for items sold by the Business.

6. Data Transfers

We may transfer personal data outside the UK or EEA when necessary (e.g., to a global cloud provider or sub-processor). In such cases, we ensure that any transfer meets legal requirements (e.g., Standard Contractual Clauses or adequacy decisions) and that your personal data remains subject to the same level of protection as within the UK/EEA.

7. Data Security

7.1 Security Measures

We apply administrative, logical, and physical measures to protect your personal data:

• Encryption: HTTPS/TLS in transit, plus encrypted storage for sensitive records.
• Access Controls: Only authorised personnel with a business need can access personal data, under strict confidentiality.
• PCI DSS Compliance: Payment data is processed through PCI DSS-compliant gateways.
• Monitoring: We use automated alerts to monitor for suspicious activity or data breaches.

7.2 Data Breach

No data transmission over the internet can be guaranteed 100% secure. We cannot warrant the security of information you send electronically. In the event of an actual or suspected data breach, we will notify you and the relevant authorities as legally required.

8. Data Retention

We retain personal data only as long as necessary for the purpose it was collected. Broadly, we adhere to:

• Order Data: Typically retained for 12 months for refund or dispute purposes, unless law requires a longer retention period (e.g., up to 6 years for certain financial records).
• Contact or Business Account Data: Retained while Businesses maintain an account or communicate with us. Business Accountholder data may then be securely deleted or anonymised after 12 months of inactivity (unless we have a legitimate reason or legal obligation to keep it longer).

We take reasonable measures to securely delete or anonymise data after its retention period expires.

9. Your Rights

9.1 UK/EU Residents

Under the UK GDPR and EU GDPR (where applicable), you have certain rights regarding your personal data, including:

• Right to Withdraw Consent (if processing is based on consent).
• Right of Access (Data Subject Access Request).
• Right to Rectification (correcting inaccurate data).
• Right to Erasure (“right to be forgotten”).
• Right to Object (particularly for direct marketing or processing under legitimate interests).
• Right to Restrict Processing (temporarily limit processing under certain circumstances).
• Right to Data Portability (request a copy in a structured format).
• Right not to be subject to automated decisions with significant effects, unless necessary for a contract.

9.2 Exercising Your Rights

If you wish to exercise any of these rights, please contact us by emailing dpo@dines.co.uk. We will respond within one month unless the request is particularly complex, in which case we will inform you of any necessary extension.

10. Business's Marketing Communications and Opting Out

If you opt in to receive marketing from a Business through the Dines System after placing an order with them, that Business controls the marketing relationship. You can opt out by following that Business's unsubscribe process or contacting them directly.

11. Contacting Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact: Data Protection Team, Dines App Limited, 20-22 Wenlock Road, London, N1 7GU, United Kingdom. Email: care@dines.co.uk

12. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). If you reside in another country, you may contact your local supervisory authority. However, we would appreciate the chance to address your concerns first. Please contact us using the details in the “Contacting Us” section above.