Privacy Policy

Moto Privacy Policy

Your privacy is very important to us. We recognise that when you choose to provide us with information about yourself you trust us to act in a responsible manner. We believe this information should only be used to help us provide you with better service. That’s why we have put policies in place to protect your personal information. Our Privacy Policy is intended to inform you how we gather, and use your personal information. It is also intended to assist you in making informed decisions when using our website and our products and services. Please take some time to read and understand the policy.

Privacy Policy

Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how Moto Hospitality Limited (“Moto”) collects and processes your personal data through your use of this website, when you visit us in person, and when you otherwise interact with us. Our website is intended for use only for those who can access it from the UK. It is not intended for children and we do not knowingly collect data relating to children from it. (If you are a Moto employee you should refer to the Moto Privacy Notice for Employees and Workers, or if you are a job applicant to the Candidate Privacy Notice, as additional terms govern the use of your data which are not covered in this Privacy Policy.)

It is important that you read this Privacy Policy together with our website terms and conditions, and any other privacy policy we may provide on specific occasions when we are collecting or processing personal data about you (e.g. Visitors CCTV and Monitoring Privacy Notice) so that you are fully aware of how and why we are using your data and also your obligations. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.  

We keep our privacy policy under regular review. This version was last updated June 2020.

Collection and Use of Personal Data

We have set out below the various bases on which we collect, use and may share  your personal information, collected though your use of our website, when you visit us in person, and when you otherwise interact with us.

We reserve the right to update this Privacy Policy, and our other privacy notices, at any time. Where we update them, we will post the updated versions on our website.

Controller  

Moto Hospitality Limited is the controller responsible for your personal data (collectively referred to as “Moto” “we”, “us” or “our” in this Privacy Policy). If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details set out below.

Contact details  

If you have any questions about this Privacy Policy or our privacy practices, please contact:

Full name of legal entity: Moto Hospitality Limited

Email address: dataprotection@moto-way.co.uk.

Postal address: Data Controller, Toddington Service Area, Junction 11/12, M1 Southbound, Toddington, Bedfordshire, LU5 6HR

Third-party links, including on-line purchasing of food and drink

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

When you purchase food and drink via our website, you will be required to enter your Payment Card details during the check-out process, and you may choose to store these details in connection with your account.  Please note that you are supplying these Payment Card details to a third party secure payment processor and Moto will not have access to your details.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). All your personal data will be processed in accordance with applicable data protection law, including the Data Protection Act 2018 and the E.U. General Data Protection Regulation 2016/679.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender and vehicle identity date (e.g. registration).
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us, including dates and times and location of purchase.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, and feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services, (including use of our car parks).
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not intentionally collect any Special Categories* of personal data or information about criminal convictions relating to you via our website, unless this is specified in a separate policy or notice. (*This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

Circumstances in which data may be collected about you:

Data may be collected about you in the following circumstances:

  • Where you provide details to us, for example in order to participate in promotions or complete customer surveys, or give feedback, which may include your title, name, address, telephone number, and information about your use of Moto services;
  • When you contact us directly, (e.g. telephoning, writing to or emailing us, buying goods or services from us or participating in promotions);
  • When you interact with us, for example, to supply services;
  • When you open an account for making purchases from us, and/or make a purchase using credit or debit card;
  • When you visit our sites CCTV footage featuring your image may be captured;
  • When you drive on to our sites, and/or park at our sites, your vehicle registration number and details are captured by the company which operates the car parks;
  • When you interact with us on social media platforms;
  • When you access our website;
  • Where you visit our sites and we need to collect your data, for the government’s “Test and Trace” initiative.

Website data

In general, when you visit our web sites and access information you remain anonymous. Before we ask you for information, we will explain how this information will be used. We will not provide any of your personal information to other companies or individuals for marketing purposes without your express permission. There are occasions where we will ask for additional information although we will always explain why and give the details required by law. We do this to be able to better understand your needs, and provide you with services that we believe may be valuable to you and/or that you have requested. When you choose to sign up via this website for our latest news, offers and promotions further details in relations to the data you chose to give us are given on the sign up page.

When you visit our website you may provide us with two types of information:

  • personal Information you provide to us on an individual basis during registration;
  • website use information collected as you and others browse our website.

We strive to maintain the highest standards of security; however, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your information, we cannot ensure the security of your data transmitted to our website. Any information you submit is sent at your own risk. Once we have received your information we will use strict procedures and security features to prevent unauthorised access.

Like other commercial websites, our website uses a technology called “cookies” (see below, “Cookies”) and web server logs to collect information about how our website is used. As you interact with our website, information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Cookies

For information about our use of cookies and how to manage them, visit the ‘Read about how we use our cookies‘ section.

How do we use information we collect from cookies?

As you browse on our website, the website uses cookies to differentiate you from other users to prevent you from seeing unnecessary advertisements or requiring you to log in more than is necessary for security. Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our website and which parts of the website are most popular. This helps us gather feedback so that we can improve our website and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal information that you provided to us in your cookies.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). If we are unable to proceed,  we will let you know at the time.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where it is necessary in the public interest.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending marketing communications to you via email or text message and to transfer any of your information to third parties for marketing purposes. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal datasummary

We have set out below, in a table format, a broad summary of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Not all of these will apply to you, as this will depend on the nature of your interactions with us, and we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using it.

Purpose / activity

 

Type of data

 

Lawful basis for processing including basis of legitimate interest

 

To register you as a new customer

  1. Identity
  2. Contact

Performance of a contract with you

To process your purchases including:

  1. Manage payments, fees and charges, including to allow secure payment authentication
  2. Retain details of your previous purchases in your account
  3. Collect and recover money owed to us
  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Profile
  1. Performance of a contract with you

  2. Necessary for our legitimate interests (to recover debts due to us)

  3. Necessary for the legitimate interests of a third party (in authentication of payments, to permit their compliance with industry standards and legal obligations)

To manage our relationship with you which will include:

  1. Notifying you about changes to our terms or privacy policy
  2. Asking you to leave a review or take a survey or provide feedback
  3. keeping records of your transactions if you have an account
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary to comply with a legal obligation
  3. Necessary for our legitimate interests (for example, to keep our records updated; to study how customers use our products/services; and to offer a good standard of service, or to improve our services, such as by keeping your account up-to-date with your previous orders)

To enable you to partake in a prize draw, competition or complete a survey

  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
  3. consent, where applicable

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

 

  1. Identity
  2. Contact
  3. Technical
  4. Financial
  5. Transaction
  6. Profile Data
  7. Usage Data

 

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical
  1. Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
  2. Consent, where applicable (e.g. in relation to cookies)

 

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

  1. Technical
  2. Usage
  3. Financial
  4. Transaction
  1. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
  2. Consent, where applicable (e.g. in relation to cookies)

To make suggestions and recommendations to you about goods or services that may be of interest to you

  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
  6. Marketing and Communications
  1. Consent
  2. Necessary for our legitimate interests (to develop our products/services and grow our business)

 

To monitor and protect our premises, staff and visitors

 

  1. Identity (e.g. CCTV images)
  2. Contact
  3. Transaction
  4. Financial
  5. Usage

 

  1. Necessary for our legitimate interests and those of other third parties, including  to combat crime and improve customer services;
  2. Necessary for compliance with a legal obligation;
  3. Necessary for the performance of a task carried out in the public interest.

Promotional offers from us  

We may use your information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us only if you have requested information from us and you can ask us to stop sending you marketing messages at any time.   We will not share your personal data with any third party for marketing purposes unless you consent for us to do so.

Direct marketing – how to opt out

You may at any time ask us to stop sending you details of our offers and promotions, either by unsubscribing to any email we send you, or by contacting: dataprotection@moto-way.co.uk. Please note that you must clearly specify in your email the purpose of your email to us, in order for action to be taken. We take your online privacy very seriously, so if you need any assistance in unsubscribing to future communications please contact us. We will promptly take action to ensure that you are “opted-out” from receiving any further mailing or other information. Although we will remove your name from our e-mail list as quickly as possible, there may be a period of time after you unsubscribe during which you may still receive e-mails from us. Additionally, in order to ensure you do not continue to receive correspondence from us, we may retain your Personal Data on a suspension list.

Covid-19 – “Test and Trace”

In order to comply with government guidance, and to support NHS Test and Trace, we are required to record details of customers in certain situations. We will therefore record details of customers (including Identify and Contact Data, as well as date, time and location of visit) who are seated for 15 minutes or more at our sites and will retain this temporary record for 21 days, (as required by the guidance) after which it will be deleted.

Where we store your personal data

We do not currently transfer or store any information that we collect from you at a destination outside the European Economic Area (“EEA”) , unless this is specified in a separate policy or notice, (which may be a third party notice) in which case appropriate details will be set out in such policy or notice).

However, if at any time we transfer your data to, or store your data in, a location outside the EEA we will use reasonable endeavours to ensure that appropriate safeguards are in place.

Who we disclose your personal data to 

We may disclose your personal data to any of the following (in any country within the EEA, or outside the EEA where appropriate safeguards are in place), to the extent necessary to fulfil the purpose for which your data was collected:

  • Our staff;
  • Our shareholders;
  • Our group companies and their staff;
  • Suppliers and service providers, who may access your personal data when providing products or services to us, in particular providers of platform, data storage, marketing and data security services;
  • Purchasers or potential purchasers of our business or any part of it;
  • Government and/or local authority bodies, law enforcement agencies and other related or similar parties, to combat crime, and/or in response to legal or regulatory requests, including, for example, to assist the NHS Test and Trace scheme, HMRC and other agencies;
  • Our third party data processors (which may include CCTV monitoring services and IT and communications services providers) who may process data on our behalf, with an appropriate data processing agreement in place);
  • Third party payment processors, who may require information in order to enable additional secure payment authentication; and
  • Our insurers and our auditors or other advisers auditing, assisting with or advising on any aspect of our business, including our external legal advisors.

We may also share information or statistics with third parties in an aggregated or anonymised form that does not directly identify you, e.g. we may share aggregated information about your interests and geographic preferences and/or location (if given) with advertisers and third party deal sites for marketing purposes.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law and subject to appropriate contractual terms. We do not allow our third-party data processors to use your identifiable personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

If you interact with us on social media platforms, (for example, if you ‘Like’ our Facebook Page or post on our Facebook timeline, or if you follow us or mention us in a tweet on Twitter) we can interact with you and send you information via these platforms.

The personal data we have access to through social media platforms will depend on your personal settings on these platforms. We will have access to all public information on these platforms. We may also be able to access personal data that others share about you (because they control how that is shared, not you). We will interact with you through social media platforms in accordance with each platform’s rules but we are not responsible for how the platform owners collect and handle your data. We are not responsible for what third parties post on our social media accounts.

If you download or use our app(s) we will collect personal data from you, in accordance with this Privacy Policy. If you delete our app(s), we may still store your personal data for a period of time prior to deletion.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent to future collection of data (where we are relying on consent as the legal basis for collection of your data).

If you wish to exercise any of the rights set out above, please contact :Data Controller, Moto Hospitality Limited, Head Office, Toddington Service Area, Junction 11/12, M1 Southbound, Toddington, Bedfordshire, LU5 6HR.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

In addition, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so that we have the chance to address any concerns, so please contact us in the first instance.

Moto in the Community Privacy Policy

How we respect privacy when we deal with personal information collected by our organisation.

This Privacy Policy applies to information Moto in the Community Trust collect about individuals who interact with our organisation.  It explains what personal information we collect and how we use it.

If you have any comments or questions about this notice, please contact us at motocharity@moto-way.co.uk

  1. Personal Data that we process

The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.

PurposeData (key elements)Basis
Enquiring about our organisation and its workName, email, messageLegitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect.
Benevolent GrantName, email, address, medical details, personal circumstancesLegitimate interests – It is necessary for us to use these details to process your application for consideration by the Trustees who will make the decision on payment and then to be able to respond to your request appropriately
Community GrantName, email, telephone numberLegitimate interest – it is necessary for us to share your details with the Trustees of MITC for consideration of a grant and to be able to respond to your request appropriately
Making a DonationName, email, address, payment amountLegitimate interest – This information is necessary for us to fulfil you intention of donating money and your expectation of receiving a confirmation/thank you message
Adopted SchoolName, email, telephone number

 

Legitimate interest – it is necessary for us to share your details with the Trustees of MITC for consideration of a grant and to be able to respond to your request appropriately we will also contact you with appropriate information relating to the your relationship with your local site eg Books to Schools
Community PartnerName, email, telephone number

 

Legitimate interest – it is necessary for us to share your details with the Trustees of MITC for consideration of a grant and to be able to respond to your request appropriately we will also contact you with appropriate information relating to the your relationship with your local site eg Charitable site activity
  1. How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table above.

For example we may use your personal information to:

Reply to enquires you send us

Handle donation or other transactions that you initiate

Where you have specifically agree to this send you communications by email relating to our work which we think may be of interest to you.

  1. Where we share data

We will only pass your date to third parties in the following circumstances:

  • You have provided your explicit consent for us to pass data to a named third party
  • Photos – for use in the promotion of the charity and in our Annual Report

To encourage further donations and to publicise the aims and purpose of the charity

  1. Circumstances in which data may be collected about you
  • Where you provide details to us in order to apply for a grant or access more information from MITC
  • When you interact with us on social media platforms
  • When you access our website
  1. Website data

In general when you visit our websites and access information you remain anonymous.  Before we ask you for information we will explain how this information will be used.  We will not provide any of your personal information to other companies or individuals without your express permission. There are occasion where we will ask for additional information although we will always explain why and give the details required by law.  We do this to better understand your needs.

When you visit our website you may provide us with two types of information

  • Personal information you provide to us on an individual basis if you apply for a grant
  • Website use information collected as you and others browse our website

Cookies

For information about our use of cookies and how to manage them, visit the Read about how we use cookies in our cookies section.

Disclosure of your personal data

Where we store your personal data

We do not currently transfer or store any information that we collect from you at a destination outside the European Economic Area (EEA).

Who do we disclose your personal data to:

  • Our staff
  • Government bodies and law enforcement agencies and others to combat crime or in response to legal or regulatory requests
  • Auditors or other advisers auditing, assisting with or advising on any aspect of our Charity including external advisors.
  • Our Trustees

We may also share information or statistics with third parties in an aggregated or anonymised form that does not directly identify you eg we may share aggregated information about your interests and geographic preferences.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law and subject to appropriate contractual terms.  We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes. And in accordance with our instructions.

If you interact with us on the Moto Hospitality social media platforms (for example, if you ‘Like’ our Facebook page to post on our Facebook timeline, or if you follow us or mention us in a tweet on Twitter) Moto Hospitality can interact with you and send you information via these platforms.

The personal data Moto Hospitality has access to through social media platforms will depend on your personal settings on these platforms.  Moto Hospitality will have access to public information on these platforms and may also to be able to access personal data that others share about you (because they control how that is shared, not you).  Moto Hospitality will interact with you through social media platforms in accordance with each platform’s rules but they are not responsible for how the platform owners collect and handle your data.  We are not responsible for what third parties post on Moto Hospitality’s social media accounts.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we will limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

How long will you use my personal data for?

We will only retain your personal data for a long as reasonably necessary to fulfil the purposes we collected it for, including  for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purpose through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data to:

  • Request access to your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing your personal data
  • Request transfer of you personal data
  • Right to withdraw consent to future collection of data (where we are relying on consent as the legal basis for collection of your data)

If you wish to exercise any of the rights set out above, please contact Moto in the Community Trust, Toddington Service Area, Junction 12 Southbound, M1, Toddington, Bedfordshire, LU5 6HR

You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However we may charge a reasonable fee if you request is clearly unfounded, repetitive or excessive.  Alternatively we could refuse to comply with your request in these circumstances.

Time Limit to Respond

We try to respond t all legitimate requests within one month.  Occasionally it could take us longer than a month if you request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

In addition, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues (www.ico.org.uk).  We would however, appreciate the chance to deal with your concerns before you approach the ICO so that we have the chance to address any concerns, so please contact us in the first instance.

Sign up for all the latest news, offers and promotions straight into your inbox