Logo3 (Blue-Greendot) (1).jpg

/  Privacy

Welcome to NILA (“NILA”, “we”, “our”, or “us”), reg. no. 12099930, registered in England and Wales. We are committed to protecting the privacy and security of your personal information. The Privacy Policy describes how we collect, use, store, process and share your personal information; your privacy rights; how the law protects you; and informs our employees and staff members of all their obligations and protocols when processing data. We encourage you to read our Privacy Policy and to use it to help you make informed decision. Please note that your use of our Websites, Products and Services is additionally subject to the NILA Terms.

By continuing to use our Websites, Products and Services, you confirm that you have read and understood this Privacy Policy in its entirety. Please contact us if you have any questions regarding this Privacy Policy or general questions regarding your personal data at privacy@get-nila.com.

 

The Policy applies to visitors, users, suppliers, employees and staff members (including applicants as an employee, worker, apprentice and contractor) in accordance with the law and guidelines of the EU General Data Protection Regulation (“GDPR”).

 

We will never use your personal data for any other purposes than those listed in this Privacy Policy, unless we collect your written consent or inform you prior to initiating any processing for new purposes or a purpose that is compatible with the purpose for which we collected the personal data, all in accordance with applicable laws and regulations.

 

We will not share personal data with third parties for them to use for their own marketing purposes without ensuring that there is a lawful ground to do so.

 

We will not sell your personal data to third parties.

What information do we collect and use?

“Personal Information” is data that identifies, relates to, describes, can be used to contact or could reasonably be linked directly or indirectly to you. Any reference to “information’ or “data” in this policy is a reference to personal information about a living individual.

 

Categories of personal data we process are:

Although many of our Products and Services require some personal information to operate and provide you with a particular Service or feature of that Service, you may choose not to provide some of the information described above. In such cases, you may not be able to use that Service or feature.

Where do we get our information from?

Directly from you

 

As you use our Products and Services, we generate certain personal information about you, including through automatic data collection and by inferences based on the information we collect about you and your activity. We may automatically collect information about your interactions with our Products, Services, communications you receive (such as email) using certain technologies such as Cookies, web beacons and other technologies (see our Cookie Policy).

Device information

 

When you visit or use our App, Platform, Website and other Services, we automatically collect certain information about your device (e.g. your mobile location, computer or tablet) including information about your hardware and software, device configuration and nearby networks. Such data may include data about your device identifiers, including region and language settings and information about domain servers and wireless or network access points near your device.

Usage and performance

 

We automatically collect information about your usage, searches, interactions with features of our Services, sites or restaurant pages you visited, booking path, access times and performance of our Services.

Behavioural and tracking information

 

When you use our Products and Services, we automatically collect generic location information about you (such as city or neighbourhood) or, with your consent, precise geographic location data from your mobile device when the app is running and when it is not running, depending on the choices you make when you are asked to consent to our collection of location information. We also collect your behavioural patterns, personal preferences, IP-number, cookie identifiers, unique identifier of devices you use to access and use our Services and other features. For example, we may receive this information when you select restaurant search locations, enter your local dining city in your account profile, when you are in proximity to certain beacons, choose to publish your location in reviews you leave for restaurants on our Services, or in your comments or other communications with us.

Inferences

 

We combine the information we collect, generate, or otherwise obtain to draw inferences about your preferences and interests in order to provide and personalise our key Product features and other related Services as well as tailor the offers we and our partners provide to you.

Third parties

 

We may also receive certain categories of personal information from third parties which include third-party websites, applications, social media networks, analytics providers such as Google, advertising networks, third-party publicly-available platforms, restaurants, including individuals who have added you as a guest to their reservation. If you are an existing NILA customer, we will combine this information with information we collect through our Services and use and share it for the purposes described below.

 

The categories of personal information we may obtain from third parties include;

  • Contact information

  • Preference information

  • Social media data

  • Purchase information, including from restaurants operating with NILA point-of-sale devices

  • Information from restaurants.

Application and recruitment process

 

We collect your personal information, including information under “Special Categories” through the application and recruitment process, either directly from the medium of your application on our career portal, or from an employment agency or background check provider. We may sometimes collect additional information from third parties including from your formal employers, credit reference agencies and other background check agencies.

What do we use your information for?

We use your personal information for;

Contractual obligations

 

We require certain personal information to authenticate your account credentials and identify you as necessary to log you into the services and ensure security of your account. We also use your personal data to provide Services to you in order to fulfil our contractual obligations and provide you with the promised service. 

Consent

 

We collect your Personal Data when you opt in to relevant Services and features to;

 

  • Communicate with you about your account or use of our Services, Products and/or functionality; respond to, or follow-up on, your comments and questions; and otherwise provide customer service

  • Send you marketing communications such as, contests, offers, promotions, rewards, upcoming events and other news about Services and/or Products offered by NILA, or our business partners and other marketing communications that we believe you would be interested in 

  • Process and manage your rewards and loyalty programs

  • Tailor your experiences with our Services, such as by making inferences or combining different pieces of information we have collected about you to suggest restaurants, meal choices, payment modes, etc you may be interested in

  • Provide you more relevant advertising on-and-off our Services, including near field loyalty programs.

Legal compliance

We are required by law to collect and process certain types of data such as, fraudulent activity or other illegal actions.

Legitimate interests

We might need to collect certain information from you to be able to meet our legitimate interests – this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests.

 

We aggregate personal information collected directly from you, information generated about you by us, and information obtained from our third-party partners (with your consent, where required) with personal information collected about other users in order to produce general statistics that cannot be lined to your or any other specific user. We also process information that cannot be linked to you or any other specific user using any means available to us, either because it was collected anonymously or has been subsequently anonymised. Information that is anonymous or has been anonymised or can be aggregated is no longer considered “personal information” and maybe subsequently used for any purpose.  

Who do we share your information with?

We will only use your personal information when the law allows us to do so. More specifically, we share your personal information we collect, or otherwise generate or obtain as follows;

 

  • With restaurants and their affiliates to provide Services such as connecting diners with their preferred restaurants, online reservations, sharing dining activity, history, preferences, requests, restrictions (including health-related dietary restrictions)

 

  • With business partners for executing geo-targeted near field customer value management programs, marketing purposes including sharing with online advertisers or advertising technology (“ad tech”) companies to provide you with targeted advertising and marketing communications where permitted under law

 

  • With social networking services to connect and share your information publicly or with friends or when you use our Services to connect with us on share on, or use third-party social networking platforms and services

 

  • With restaurants when you submit reviews of your restaurant visits, your dining experiences, any messages and other communications you submit to restaurants

 

  • With third-party payment processors when you make payments at certain restaurants via our payment gateways, secure reservations, purchase tickets or other products and services via our services

 

  • With third-party vendors, consultants and other service providers who perform services or functions on our behalf

 

  • With corporation if we sell, transfer, divest or disclose all or portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding

 

  • With third-parties to protect our rights, our property, the integrity of the Services we offer, personal safety or the interest of you or any other person, and to detect, prevent and/or otherwise address fraud, risk management, security or technical issues

 

  • With authorities to the extent we are under a statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcement authorities and supervisory authorities in relevant countries. We may also be required to provide competent authorities information about your use of our services, e.g. revenue or tax authorities, as required by law, which may include personal data such as your name, address and information regarding card transactions processed by us on your behalf through your use of our services.

When the third-parties we share data are

  • Data processors:

Some of the third parties that we share personal data with are data processors. A data processor is such a party that processes personal data on our instructions and on our behalf. We collaborate with selected suppliers, which include processing of personal data on behalf of us. Examples include suppliers of IT development, maintenance, hosting and support but also suppliers supporting us with marketing.

 

When we share your personal data with data processors we only share them for purposes compatible with the purposes for which we have collected the data (such as performance of a contract). We always control all data processors and ensure that they can provide adequate guarantees as regards security and confidentiality of personal data. We have written agreements in place with all data processors through which they guarantee the security and confidentiality of personal data that they process on our behalf and limitations as regards third country transfers.

 

  • Data processors:

Some of the third parties that we share personal data with are independent data controllers. This means that we are not the ones that dictate how the data that we provide shall be processed. Examples are authorities, credit bureaus, acquirers and other financial institutions. When your data is shared with independent data controllers their data policies and personal data processing principles apply.

Who is your data controller?

For purposes of European Union law and similar data protection regimes, we generally act as a data controller, meaning we determine the purposes and means of processing your personal information through our Services. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights surrounding your Personal Information, please contact the Data Protection Officer (“DPO”) using details below;

 

Full name: Dr. Yogesh Gupta

Email: privacy@get-nila.com

Postal address: 1 Wright Close, Bushey WD23 2FH

In discharging the responsibilities of the Data Controller, we have Processors who deal with your data on behalf of the Data Controller. Therefore, the responsibilities described below may be assigned to an individual, or may be taken to apply to the organisation as a whole. The Data Processor has the following responsibilities:

  • Ensure that all processing of personal data is governed by one of the legal bases laid out in the GDPR

  • Ensure that persons authorised to process personal information  have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality

  • Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of personal information

  • Obtain the prior specific or general written authorisation of the Controller before engaging another Processor

  • Assist the Controller in the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights

  • Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller

  • Maintain a record of all categories of processing activities carried out on behalf of a Controller

  • Cooperate, on request, with the supervisory authority in the performance of its tasks

  • Ensure that any person acting under the authority of the Processor who has access to Personal Data does not process them except on instructions from the Controller

  • Notify the Controller without undue delay after becoming aware of a Personal Data Breach

  • Designate a data protection officer where required by the GDPR, publish their details and communicate them to the supervisory authority

  • Support the data protection officer in performing their tasks by providing resources necessary to carry out those tasks and access to Personal Data and processing operations, and to maintain his or her expert knowledge

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

How long do we store your personal data?

We will not process personal data for a longer period than is necessary for fulfilling the purpose of such processing, as set out in this Privacy Policy. We only retain your personal data to ensure compliance with our legal and regulatory requirements. Your personal data will be anonymised or deleted once it is no longer relevant for the purposes for which it was collected.

In cases when we keep your data for other purposes than those of the performance of a contract, such as anti-money laundering purposes, bookkeeping and regulatory capital adequacy requirements, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.

 

The data retention obligations will differ subject to applicable local laws.

 

See below for examples of the retention periods that we apply:

  • Preventing, detecting and investigating money laundering, terrorist financing and fraud: minimum five (5) years after termination of the business connection

  • Bookkeeping regulations: seven (7) years

  • Details on performance of an agreement: up to ten (10) years after end of customer relationship to defend against possible claims

  • Recorded telephone calls to our support: up to ninety (90) days from telephone call to support.

The above is only for explanatory purposes and the retention times may differ from country to country.

What are your choices and rights?

We might be the ones in the driver's seat on the processing of your personal data when you use our websites or services. But that doesn’t mean that you can’t do anything about it. You have rights and they are important to us!

Generally, we believe you have the right to have your data processed only in accordance with your expectations. But you also have rights laid down by applicable law. Below you can read more about your rights, in the order we believe might be most relevant for you.

The rights we believe most relevant for you are;

  • You have the right to be informed about certain details on the processing of your personal data. We provide this information through this Privacy Policy

  • You have the right to receive a copy of the personal data we process about you. Please contact us on the details provided below to receive this data from us

  • You have the right to correct the personal data we process about you if you see that it is inaccurate

  • You have the right to object to our processing of your personal data. Please note that there are exceptions to the rights below, so access may be denied, for example where we are legally prevented from making a disclosure.

Right to be informed

You have the right to be informed about how we process personal data about you. We do this in this Privacy Policy. You may however always contact us if you have any further questions.

Right of access

You have the right to access the personal data that we hold about you. In this respect, you may receive a copy of the personal data that we hold about you. For any further copies, we reserve the right to charge a reasonable fee based on our administrative costs. To exercise this right, please contact us as set out below. Please note that much of the personal data that we process about you is available and visible for you in your personal NILA account.

 

This right means that you have a right to:

  • Receive a confirmation about what personal data that we process about you

  • Get access to your personal data, and

  • Receive such supplementary information (which corresponds to the information that is provided in this Privacy Policy).

Please note that we might have to ask you to provide further information about yourself in order for us to be able to identify you and handle the request in an efficient and secure way. This may mean that we may require you to send in a copy of a valid ID, which we will also require you to sign.

Right to rectification

We ensure that inaccurate or incomplete personal data is erased or rectified. You have the right to rectification of inaccurate or incomplete personal data that we hold about you.

Right to be forgotten

You have the right to erasure if;

  • The personal data is no longer necessary for the purposes it was collected or processed for (and no new lawful purpose exists)

  • Your particular situation gives you the right to object to processing on grounds of legitimate interest (see more below) and there is no justified reason for continuing the processing

  • The lawful basis for the processing is your consent, and you withdraw your consent, and no other lawful grounds exist

  • Processing the personal data has been unlawful, or

  • There is a legal obligation for us to erase the data.

Please note that due the fact that we provide such financial services which are subject to a license, we are in many cases obliged to retain personal data on you during your customer relationship, and even after that, e.g. to comply with a statutory obligation or where processing is carried out to manage legal claims. This means that we will keep any KYC data that we have about you during such time period as we are required according applicable anti-money laundering regulations.
Right to restrict the processing of your personal data

You have the right to request us to restrict the processing of your data (meaning that the personal data may only be held by us and may only be used for limited purposes) if;

  • The personal data we have about you is inaccurate 

  • The processing is unlawful and you ask us to restrict the use of the personal data instead of erasing it

  • We no longer need the personal data for the purposes of the processing, unless we still need it for the establishment, exercise or defence of legal claims, or

  • You have objected to the processing claiming that the legal basis of legitimate interest is invalid and are waiting for the verification of this claim.

 

Right to object to processing of your personal data

 

Where our lawful basis for processing your data is our legitimate interests, you have the right to object to the processing of your data if:

  • You can show that your interests, rights and freedoms regarding the personal data outweigh our interest to process your personal data, or

  • We process your personal data for direct marketing purposes, including but not limited to profiling.

 

This means that we will cease such processing unless we:

  • Demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or

  • Require the personal data in order to establish, exercise or defend legal rights. 

 

If you choose to object to our further processing of your personal data as described in this Privacy Policy, please note that we may no longer be able to provide you with the Services you have requested and may therefore terminate relevant agreements with you, see relevant terms and conditions for more information. In addition, we may continue to process your personal data for other legitimate purposes, such as to fulfil an agreement with you, to protect our interests in connection with legal proceedings and to fulfil our legal obligations.

Right to data portability

 

You have rights to data portability;

  • For personal data that you provided to us, and

  • If the legal basis for the processing of the personal data is the fulfilment of contract or consent.

We will send a copy of your data in a commonly used and machine-readable format to you or a person/organisation appointed by you, where technically feasible and where the exercise by you of this right does not adversely affect the rights and freedoms of others.
What about cookies?

Cookies are text files placed on your computer to collect standard internet log information and visitor use of the website and to compile statistical reports on website activities. You may set your browser not to accept cookies. However, in a few cases some of our website features may not function as a result.

 

Our website thus uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

What about links to third-party websites and services?

Our websites and services may from time to time contain links to third party websites that are not controlled by us. If you visit such websites or use such services, please be aware that this Privacy Policy does not apply for such third parties’ processing, and we encourage you to carefully review how such third parties process personal data before using their websites or services.

What are age limits to access our services?

Our Services are not directed at or intended for use by children. We do not knowingly collect information from, children under 16 years of age. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at using the contact details listed in the How to Contact Us section below.

How may we change the policy?

We are constantly working on improving and developing our services, products and websites, so we may change this Privacy Policy from time to time. We will not diminish your rights under this Privacy Policy or under applicable data protection laws in the jurisdictions in which we operate. If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law. Please review this Privacy Policy from time to time to stay updated on any changes.

How to contact us?

If you have any questions about this Policy or the way in which your personal information has been used, please contact us by email at privacy@get-nila.com or write to us at;

GET-NILA LIMITED

1 Wright Close

Bushey WD23 2FH

Hertfordshire

UK

Attention: Legal Department

Categories
Contact
Recruitment information
Preferences
Usage
Billing information
Promotion information
Special categories
Description
  • Name
  • Birthday
  • Email address
  • Postal address
  • Phone number
  • How to contact you
  • Account setting and passwords
  • Copies of right to work documentation, references, interview notes and opinions taken during and following interviews and other information included in a CV or cover letter or as part of the application process

  • Gender

  • National Insurance number

  • Employment records (including job titles, work history, working hours, training records and professional memberships)

  • Any test results of any tests, psychometric or other, included in the recruitment process

  • Compensation history

  • Information necessary to complete pre-employment security checks

  • CCTV footage if you attend our premises

  • Details of your professional qualifications and education history

  • Dining preferences

  • Dining restrictions due to health-related conditions, religion and specific diet plans

  • Favourite restaurants

  • Special requests

  • Activity logs

  • Special requests

  • Activity logs including frequency, restaurants, restaurant types, meal type and cancellations

  • Communications you send us

  • Reviews and content including photos you upload

  • Information provided to us via third-party platforms

  • Payment modes such as credit, debit or other payment card information

  • Information collected through your participation in contest, sweepstakes or similar campaigns of your activity according to terms provided during promotional activities

  • Profile photos

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions

  • Information about your health, including any medical condition, health records

  • Genetic information and biometric data

  • Information about criminal convictions and offences

© 2020 GET-NILA. All Rights Reserved

  • Twitter
  • Instagram

Back to Top