Your personal information is collected and processed by Euro Garages Limited, we’re known as a data controller because we decide why your information is collected and how it’s processed.
There's a fair bit of information in this privacy notice, and although we know it’s not as interesting as a freshly baked Cinnabon, we think it's all relevant and worth detailing properly. We've provided links below so that you can click or tap on a link that sparks your interest.
Firstly, here are some introductions
Our company registration details are:
Euro Garages Limited is a company incorporated in England and Wales.
Registration number 09826582
Waterside Head Office,
Information Commissioner Registration.
Euro Garages Limited is registered as a data controller with the Information Commissioner’s Office.
The data controller registration details are:
Data Controller Name: Euro Garages Limited
Registration Number: Z3248731
Date Registered: 03 October 2012
Data Protection Officer.
Waterside Head Office,
Telephone: 01254 582111
Personal data provided by you and others
We at Euro Garages Limited, are committed to respecting your privacy and protecting any personal information that we have about you. In this Policy Privacy, which we might just refer to simply as “Policy”, Euro Garages Limited might be referred to as “EG”, or “we” or “us”, in any case, we’re referring to Euro Garages Limited.
In this Policy, we describe how we collect, use, share or otherwise process information and personal information that we obtain about the people that use our website. We tend to refer to people that use the website as “users”, or sometimes “you”, because you’re here reading it. When we refer to our website, we might call it “site” and when we talk about our social media network pages or the other services that are available on our site, we might just refer to them as “services.”
What is personal data?
The EU’s General Data Protection Regulation (GDPR) describes personal data as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
You can voluntarily provide personal data.
We collect personal data that you voluntarily provide to us. The personal data we collect will often depend on the purposes for which the personal data are collected and what you have chosen to provide.
You always have the choice not to provide us with personal data.
If you have provided your consent for us to process your personal data, you also have the right to withdraw your consent by contacting our Data Protection Officer. However, if you do so, it may not be possible for us to fulfil the specific purposes for which we were given consent, including processing your transactions or providing you with the products and services you requested.
You may choose to provide personal data belonging to others.
If you provide the personal data of anyone other than yourself (e.g. your family members, friends, colleagues), you are responsible for informing him/her of the specific purposes for which we are collecting his/her personal data and to ensure that he/she has provided valid consent, where appropriate, for your provision of his/her personal data to us.
Accuracy and completeness of personal data.
It is important that the personal data we hold about you is accurate and up to date. We would ask you to inform us if there are any inaccuracies with the personal data that we have recorded about you and we will act to update your personal data as required.
In some situations, you will have the ability to update your own information (e.g. when using a customer account on our website. We see it as your responsibility to ensure that all personal data that you provide is accurate and complete, and to inform us of relevant changes to your personal data.
Personal data belonging to children.
Our website and our services are not specifically intended for children and we do not knowingly collect data relating to children. If you are under the age of 16, please obtain consent from your parent or guardian before you submit any personal data to us. If you are a parent or guardian of a minor and you have reason to believe your child or ward has provided us with their personal data without your prior consent, please contact us to request the erasure of their personal data or for the minor to be unsubscribed from our mailing lists.
Categories of personal data we may collect.
We may collect, use, store and transfer different kinds of personal data about you which we have categorised as follows: -
We don’t collect too much information here, just your first name and last name.
Contact information includes, your email addresses, your postal address is you write to us, and any social media handles that you might use to interact with us.
In this technical age, there’s quite a bit of technical data around, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. Our website also gives us information about how you use our website.
Marketing and Communications Data.
We make it our business to develop lasting relationships and to help with this we will be processing data about your preferences in receiving marketing from us and your communication preferences. But don’t worry, it’ll just be timely and relevant information about our delicious Cinnabon products.
How we may collect personal data
Personal data you voluntarily provide to us.
We collect personal data that is relevant to our relationship with you. Your personal data may be collected by us, directly or indirectly, for instance:
transaction & financial information (if you make a purchase), such as information about the products you buy, billing address, method of payment, and payment details;
location data, if you choose to use our store locator function,
when you subscribe to our mailing list;
when you attend events or meetings organised by us, or conducted at our stores, for example, sales events, promotional and marketing events, training sessions and social events;
when your images are captured by us via CCTV cameras while you are within our stores;
when photographs or videos of you are taken when you attend events, meetings or training sessions organised by us;
when you use our services or enter into transactions with us, or express an interest in doing so;
when you communicate with us by telephone, email, via our website or through other communication channels, for example, through social media platforms; and/or
when you submit your personal data to us for any other reason
You can of course always browse our Site without registering or submitting your personal information to us, and we fully support and respect that.
Further information about engagement with us
We collect information from you when you submit a review, comment or other content to our Site or on our social networking pages, and when you contact us. In addition, we track when you like us or share our content through Facebook, Twitter, Instagram or other social networking platforms.
Our Site may access and collect your geolocation information in order to facilitate our Services, such as enabling the functionality of our Site to provide you with information about stores near you. We may also use information about the location of the device you are using to help us understand how our Site and other Services and functionality are being used and to deliver more relevant advertising.
How We Use Your Information
We process and use your personal information only when we have a lawful basis for doing so. Below is an overview of the lawful bases for processing your personal information, and why we use your personal information.
Performance of a Contract / Entering into a Contract.
Processing your personal information is necessary in some cases to fulfil a contract with you or take steps to enter into a contract at your request. This might include: -
Providing Support and Services - to provide our support and Services to you, to communicate with you, to respond to your inquiries, to provide you with documentation or communications which you have requested from us, to provide after-sales support, and for other customer service purposes.
General Business Operations - to process your orders or purchases.
We process your personal information in some cases because you have consented to that processing:
To publish your User experience on our Site, or social networking pages.
To make recommendations to you about our Services; to tailor the information that we send or display to you; to offer customisation, based on your location; and to otherwise personalise your experiences based on your purchase history and your interactions with the Site, and social networking pages.
To send you targeted advertising on our Site, or on third-party websites.
Marketing and Promotions
To send you news and newsletters, special offers and promotions, or to otherwise contact you about information we think may interest you.
Analytics and Improvement
To better understand how you access and use our Site and Services, in order to improve them, respond to your preferences, and for other research, marketing and analytical purposes; to conduct research and analytics; to evaluate transactions involving our Site and social networking pages; to operate, evaluate, maintain, improve and develop the Site and social networking pages (including by monitoring and analysing trends, access to, and use); and to evaluate, improve, and develop our Services generally by tracking User interaction and review of our Services.
Our Legitimate Interest
Processing your personal information is in our legitimate interests, which are not overridden by your interests and fundamental rights. When the justification for processing your personal information is our legitimate interests, those interests are to use your personal information to conduct and develop our business activities with you and with others in order to support our reputation and increase our revenues, while limiting the use of personal information to those purposes that strictly support the conduct and development of our business within the reasonable expectation of the individuals concerned.
Protect Our Legal Rights and Prevent Misuse
To respond to claims asserted against us, comply with legal process or enforce or administer our agreements and terms; to conduct fraud prevention, risk assessment, or investigations; to protect our rights, property, or safety and those of Users, or others; and to protect our confidential and proprietary information.
Corporate Reorganisation – to share your personal information with third parties in connection with potential or actual sale of our company or any affiliate, or of any of our assets or those of any affiliated company, in which case personal information held by us about our Users may be one of the transferred assets.
Comply with Legal Obligations – to comply with the law, a judicial proceeding, court order, or other legal process.
When we might have to share your personal data
We do not sell or rent your personal information for monetary compensation. We may share your information, including personal information, as follows:
Any information, including personal information, that you post on public areas of our Site, such as reviews, comments, and photos, may be available to, and searchable by, all Users of the Site. Reviews may also be viewable by non-registered visitors to our Site.
We may disclose the personal information we collect from you to our affiliates or subsidiaries to help us facilitate our relationship with you. If you sign up to receive information or updates from one of our affiliates, we may send you information from other affiliates. If you would like to opt-out of receiving marketing communications, please email us at firstname.lastname@example.org
We may disclose the personal information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf, such as payment processors, hosting providers, auditors, advisors, consultants, customer service, and support providers.
In the event that we are involved in a potential or actual bankruptcy, merger, acquisition, reorganization, sale of assets, or similar event, your personal information may be sold or transferred as part of that transaction or anticipation of a possible transaction. This Policy will apply to your personal information as transferred to the new entity.
In Response to Legal Process
We may disclose the personal information we collect from you to a court, legal authority, legal counsel, and other advisors in connection with a judicial proceeding, court order, or other legal process.
To Protect Us and Others
We may disclose the personal information we collect from you to a court, legal authority, government agency, adverse litigation party, legal counsel and other advisors, where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the rights, property, and safety of Euro Garages Limited or any other person; to enforce or administer this Policy, or another Euro Garages Limited policy; or as evidence in litigation in which we are involved.
We or our third-party providers may share information that does not identify you. For example, we may share anonymous, aggregated statistics about Users with third parties for marketing, advertising, research, or similar purposes.
We need to talk about Cookies…
Now, although we’re all about delicious Cinnabon here, we do need to talk about Cookies. Cookies are small text based files that can collect personal information, usually technical information, helping us understand how our site has performed, how you use our site, and how we can improve the way you engage with our site. Some of the Cookies we use are necessary and they are activated automatically, but others require your consent, which we’ll always obtain before deploying those Cookies.
uniquely identify you or your device;
allow you to access and use our Site, where without them, our Site may not work properly;
improve our products and Site;
help us monitor the performance of our Services;
help us customize your experience;
market to you through targeted advertising; and
Clear GIFs, pixel tags and other technologies
Clear GIFs are tiny graphics with unique identifiers, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Site to, among other things, help us manage content, and compile statistics about usage. We and our third-party service providers use clear GIFs in HTML e-mails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Advertising and Analytics
We use the third-party analytics tool, Google Analytics, to collect, monitor, and analyse information we collect from you in order to improve functionality and user-friendliness of our Site, and to better tailor our Site to our visitors’ needs.
Our Site contains links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites. Please read their respective privacy policies for information about how these third parties handle the processing of personal information and other information.
Data being transferred outside of the EEA
In the provision of our Site and services to you, we use data processors that are outside of the European Economic Area (EEA). The General Data Protection Regulation has strict rules about data transfers to international organisations and we use approved data transfer mechanisms, and use contracts with model clauses to safeguard the information that we may transfer.
We take extra steps to ensure comprehensive due diligence of the data processing activities of our data processors.
If you would like any more information, please get in touch by contacting our Data Protection Officer, details can be found at the start of this Privacy Notice.
The security of your personal data
The security of personal data is really important to us.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees, agents, contractors and other third parties who have been authorised to access your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the supervisory authority of a breach where we are legally required to do so.
However, we cannot guarantee that our systems or applications are invulnerable to security breaches, nor do we make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities.
We also cannot guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
How long we keep personal data
Our retention schedules.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You have rights when it comes to your personal data
As a customer or employee, you may at any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain and we have provided a specific section on this below.
As the Data Controller, we take responsibility for your information, and we make sure that these rights apply where we have shared your information with other organisations.
Gaining access to your personal data
At your request, we can confirm what information we hold about you and how it is processed. If we hold personal data about you, you can request the following information:
Identity and the contact details of the person or organisation that has determined how and why to process your data.
Contact details of the data protection officer, where applicable.
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of our business or a third party, information about those interests.
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
If we intend to transfer personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority.
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide to access my data?
We accept the following forms of ID when details of your personal data are requested:
Passport, driving licence, birth certificate, utility bill from the last 3 months.
What to do when things don't go as planned
In the event that you wish to make a complaint about how your personal data is being processed by us or third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our Data Protection Officer.
Data Protection Officer.
Waterside Head Office,
Telephone: 01254 582111
UK’s Supervisory Authority.
The UK’s supervisory authority is the Information Commissioners Office.
Information Commissioners Office
Telephone: 0303 123 1113
Ask us a privacy related question
Do get in touch if you'd like more information about this privacy notice
If you have any queries about this Policy, please feel free to get in touch with our Data Protection Officer and we will do our best to answer your questions.