FASGRO Privacy Policy

  1. Contact Details

1.1 This is the privacy policy for the FASGRO app and website (together, our “Platform”) operated by HPASIA LTD (“we” or “us” or “HPASIA”), incorporated and registered in England and Wales, whose registered office is at Titchfield House, 69-85 Tabernacle Street, EC2A 4BD. Our Company registration number is 12552272.

1.2 If you have any queries or requests concerning this privacy policy or how we handle your data more generally, please contact our general customer services team at: service@FASGRO.co.uk

This policy, together with the Terms and Conditions, sets out

  • How we collect your information
  • How & why we use your information
  • Our promotional updates and communications
  • Retention of your information
  • Disclosure of your information
  • International data transfers
  • Payment processing
  • Security
  • Your rights
  • Changes to our privacy policy

1.3 Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1.4 By using our services you acknowledge you have read and understood this policy.

1.5For the purposes of European Economic Area data protection law, (the “Data Protection Law”), the data controller is: HPASIA Ltd.

  1. How we collect your information

2.1 As part of our commitment to the privacy of our customers and visitors to our Platform more generally, we want to be clear about the sorts of information we will collect about you.

2.2 We collect your personal information when you interact with us or use our services, such as when you use our Platform to place an order. We also look at how visitors use our Platform, to help us improve our services and optimise customer experience.

We collect information:

(a)when you create an account with us or you change your account settings;

(b)when you place an order with us and during the order process (including for payment and order delivery);

(c)when you contact us directly via email, phone, post, message or via our chat function; and

(d)when you browse and use our Platform (before and after you create an account with us).

2.3 Information that we collect from you

(a)When you visit the Platform or make an order through the Platform, you are asked to provide information about yourself including your name, contact details, delivery address, order details and payment information such as credit or debit card information, any further information you provide when placing an order.

(b)We also collect information about you from any messages you post to the Platform or when you contact us or provide us with feedback, including via e-mail, letter, phone or chat function. If you contact us by phone, we may record the call for training and service improvement purposes and make notes in relation to your call.

(c)We process health information about you, on the basis of your consent, only where you volunteer this information when placing an order, for example if you specify any food allergies. This will be visible to the restaurant when fulfilling your order but will not be used for any further purposes.

2.4 Information we automatically collect

(a)We collect technical information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Platform.

(b)We also collect technical information about your use of our Platform through a mobile device, for example, carrier, location data and performance data such as mobile payment methods, interaction with other retail technology such as use of NFC Tags, QR Codes and/or use of mobile vouchers.

(c)Unless you have elected to remain anonymous through your device and/or platform settings, this information may be collected and used by us automatically if you use the service through your mobile device(s) via any FASGRO mobile application, through your mobile’s browser or otherwise.

  1. How & why we use your information

3.1 We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information:

(a)if we need to process your information in order to provide you with the service you have requested or to enter into a contract;

(b)we have your consent;

(c)we have a justifiable reason, which is in our legitimate interests, for processing your data; or

(d)we are under a legal obligation to do so.

3.2 Where we need to in order to provide you with the service you have requested or to enter into a contract, we use your information:

(a)to enable us to provide you with access to the relevant parts of the Platform;

(b)to supply the services you have requested;

(c)to enable us to collect payment from you; and

(d)to contact you where necessary concerning our services, such as to resolve issues you may have with your order.

3.3 We may process your date with your consent (or, in certain circumstances, in our legitimate interests) to:

(a)send you direct marketing to promote our service to you and keep you updated with information about our services,

(b)including delivering relevant content on topics we think may be of interest to you, and letting you know about new functionalities or services.

3.4 We also process your data where we have a justifiable reason, which is in our legitimate interests, for doing so — for example personalisation of our service, including processing data to make it easier and faster for you to place orders. We have listed these reasons below:

(a)to improve the effectiveness and quality of service that our customers can expect from us in the future;

(b)to tailor content that we or our third-party restaurant or advertising partners display to you, for example so that we can show you restaurants which are in your area based on where you tell us you are;

(c)to enable our customer support team to help you with any enquiries or complaints in the most efficient way possible;

(d)to contact you for your views and feedback on our services and to notify you if there are any important changes or developments to the Platform or our services, including letting you know that our services are operating in a new area, where you have asked us to do so;

(e)to analyse your activity on the Platform so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud;

(f)to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect the rights of FASGRO, restaurant partners, riders, or others (including to prevent fraud); and

(g)if you submit comments and feedback regarding the Platform and the services, we may use such comments and feedback on the Platform and in any marketing or advertising materials. We will only identify you for this purpose by your first name and the city in which you live.

(h)Where we rely on legitimate interest as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests. You can find out more information about these balancing tests by contacting us using the details above.

3.5 Where we are under a legal obligation to do so we may use your information to:

(a)Create and store a record of your order(s);

(b)comply with any legal obligation or regulatory requirement to which we are subject.

  1. Our promotional updates and communications

4.1 Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications about our products or services.

4.2 You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you.

  1. Retention of your information

5.1 We will not retain your information for any longer than we think is necessary.

5.2 Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘How & why we use your information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.

5.3 When determining the relevant retention periods, we will consider factors including:

(a)our contractual obligations and rights in relation to the information involved;

(b)legal obligation(s) under applicable law to retain data for a certain period of time;

(c)statute of limitations under applicable law(s);

(d)our legitimate interests where we have carried out balancing tests (see section on ‘How we use your personal information’ above);

(e)(actual or potential) disputes;

(f)the establishment, exercise or defence of any (actual or potential) legal claim; and

(g)guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information where we no longer require your information for the purposes collected.

  1. Disclosure of your information

6.1 The information we collect about you will be transferred to and stored on our servers located within the EU. We are very careful and transparent about who else your information is shared with.

6.2 Sharing your information internally

We share your information with other FASGRO group companies only where necessary for the purposes set out in section 4.

6.3 Sharing your information with third parties

We share your information with third party service providers. The types of third party service providers whom we share your information with includes:

(a)Payment providers (including online payment providers and fraud detection providers): for the purposes of providing services to us, for example when they process information such as credit card payments for us, provide support services to you or carry out fraud checks for us;

(b)IT service providers (including cloud providers): for the purposes of data storage and analysis;

(c)Restaurant partners: that you have placed your order with so that they can fulfil your order, be made aware of any food allergies you have volunteered to tell them about, resolve issues, or improve their services;

(d)Riders: so they can deliver your order to you;

FASGRO will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy when it is transferred to third parties.

6.4 If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.

6.5 We may also share your information:

(a)if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement. This includes exchanging information with other companies and other organisations for the purposes of fraud protection and prevention;

(b)in order to enforce our contractual terms with you and any other agreement;

(c)to protect the rights of FASGRO, restaurant partners, riders, or others, including to prevent fraud.

  1. Where we store your data & international data transfers

7.1 The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) that may not be subject to equivalent Data Protection Law.

7.2 Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy.

7.3 We may transfer your personal information outside the EEA:

(a)in order to store it.

(b)in order to enable us to provide goods or services and fulfil our contract with you or the company you work for. This includes order fulfilment, processing of payment details, and the provision of support services.

(c)where we are legally required to do so.

(d)as part of normal application operation and processing.

(e)in order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

  1. Payment processing

8.1 Payment details you provide will be encrypted using secure sockets layer (SSL) technology before they are submitted to us over the internet. Payments made on the Platform are made through our payment gateway provider(s), Alipay, Worldpay, Stripe Connect or such other FCA-regulated third-party payment gateways as HPASIA may work with from time to time through our Platform (“Payment Gateway(s)”). You will be providing credit or debit card information directly to a Payment Gateway(s) which operates a secure server to process payment details, encrypting your credit/debit card information and authorising payment. Information which you supply to any Payment Gateway(s) is not within our control and is subject to each Payment Gateway(s)’s own privacy policy and terms and conditions.

  1. Security

9.1 We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected. Any payment transactions will be encrypted using SSL technology.

9.2 We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.

9.3 Where you have chosen a password that allows you to access certain parts of the Sites, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.

9.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  1. Your rights

10.1 Under data protection law, you may in certain circumstances have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our Data Protection Officer using the contact details set out above. For additional information on your rights please contact your data protection authority and see below:

(a)The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.

(b)The right of access. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (see Contact Details).

(c)The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (see Contact Details).

(d)The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us (see Contact Details).

(e)The right to restrict processing. You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.

(f)The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (see Contact Details).

(g)The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.

(h)The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.

(i)The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences as set out above.

10.2 If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.

  1. Contact Us

We welcome your feedback and questions. If you would like to contact us, please send us an email at service@FASGRO.co.uk.

  1. Changes to our privacy policy

Any changes to our privacy policy will be posted to the Sites and APPs. This privacy policy was last updated: 20th Jan 2021