Personal Data Protection Notice

1. PRIVACY AND YOUR PERSONAL DATA

1.1 PizzaExpress Singapore Pte Ltd is committed to protecting the privacy of our users and customers. This Personal Data Protection Notice (“Notice”) is intended to inform you on how we collect, use and disclose your Personal Data; as defined below.

1.2 It applies to Personal Data collected by us, or provided by you, whether in one of our restaurants, over our Website (including the mobile optimised version of the website accessible from your portable hand-held device) or in any other way (such as over the telephone). “Personal Data” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include name, residential address, email address and telephone number.

1.3 All your personal Information shall be held and used in accordance with the PDPA (Personal Data Protection Act). If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in Section 9 below, please write to us at the below address or via email at:

Email Address: dpo@pizzaexpress.sg

Mailing Address: 21 Merchant Road, #04-01 Singapore 058267

2. COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA

2.1 We generally do not collect your personal data unless

(a) it is provided to us voluntarily by you directly or via a third-party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after

(i) you (or your authorised representative) have been notified of the purposes for which the data is collected; and

(ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes; or

(b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

2.2 We may collect and use your personal data for any or all of the following purposes:

(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;

(b) verifying your identity;

(c) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;

(d) managing your relationship with us;

(e) processing payment or credit transactions;

(f) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

(g) any other purposes for which you have provided the information;

(h) transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes;

(i) for purposes specified under Section 3 and 4 below; and

(j) any other incidental business purposes related to or in connection with the above.

3. WHAT INFORMATION DO WE COLLECT ON OUR WEBSITE?

3.1 When you visit our website (including the mobile optimised version of the website accessible from your portable hand-held device) you may provide us with personal information such as name, postcode, email address, mobile phone number, photos, credit or debit and information about other members of your family who might be interested in our services ("Personal Data").

You may provide us with information in a number of ways:

a) by supplying us with the Personal Data as listed above, on an individual basis by subscribing to receive updates or offers from us or through access our public wi-Fi services.

b) You may also provide us with additional information if you choose to do so:

1. by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;

2. by booking a table, ordering a takeaway online or Delivery service, downloading our offers, purchasing a gift card, purchasing or applying for a job with us;

3. through any preferences and areas of interest as advised by you on subscribing to our online services;

4. by Personal Data provided when you use our mobile optimised website from your portable hand-held device including details of your physical location, where you have agreed to it being used;

5. through written correspondence, in which case we may retain the content and contact details

3.2 From time to time we may give you the option to provide us with Personal Data about other people in your life, for example you may tell us you are booking a birthday party for a child, you have the option to tell us whether you have any children and if so their gender and the month and year of their birth. We use this Personal Data to tell you about offers that may be relevant to your friends or family members in accordance with their age.

3.3 We may collect information about your computer, including where available your IP address, operating system, browser type and the geographical location of your computer, for system administration purposes. We may also report aggregate information to our advertisers. This is statistical data about browsing actions and patterns and does not identify you as an individual.

4. WHAT INFORMATION DO WE COLLECT IN OUR RESTAURANTS?

4.1 When you are in one of our restaurants, we may collect the following Personal Data when you use the PizzaExpress Wi-Fi service:

a) your name and contact details, date of birth, email address, postcode and mobile telephone number;

b) your physical location, whilst you are in the restaurant only.

5. HOW WE USE YOUR PERSONAL DATA?

5.1 We will hold, use and disclose your Personal Data for our legitimate business purposes including:

a) to direct-market products and services (including push notifications), advise you of news and industry updates, events, promotions and competitions and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;

b) to apply profiling technology which analyses our customers’ engagement with our direct marketing communications, activity and interests so that we can send you content that is relevant to you;

1. performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;

2. verifying your identity;

3. responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;

4. managing your relationship with us;

5. processing payment or credit transactions;

6. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

7. any other purposes for which you have provided the information;

8. transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and

9. any other incidental business purposes related to or in connection with the above.

5.2 We may disclose your personal data:

a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or

b) to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the abovementioned purposes.

5.3 The purposes listed in the above Sections may continue to apply even in situations where your relationship with us (for example, pursuant to your employment contract should you be hired) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under a contract with you).

6. WITHDRAWING YOUR CONSENT

6.1 The consent that you provide for the collection, use and disclosure of your Personal Data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided above.

6.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 10 business days of receiving it.

6.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in Section 1 above.

6.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

7. HOW LONG WE HOLD YOUR INFORMATION

7.1 We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Personal Data through a competition entry, we will retain your data for as long as is necessary to administer the competition.

7.2 We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

8. PROTECTION OF PERSONAL DATA

8.1 To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, and disclosing personal data both internally and to our authorised third-party service providers and agents only on a need-to-know basis.

8.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

8.3 The disposal of physical personal data is completed through secure third-party document destruction companies or inhouse via a shredder. Electronic personal data that is stored in cloud document file structures is permanently deleted.

9. YOUR RIGHTS RELATING TO YOUR INFORMATION

9.1 You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.

9.2 If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided.

9.3 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

9.4 We will respond to your access and correction request within thirty (30) days after receiving your request. Should we not be able to respond to your request within the said thirty (30) days, we will inform you via telephone or in writing within ten (10) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

9.5 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.

10 ACCURACY OF PERSONAL DATA

10.1 We generally rely on Personal Data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

11 COOKIES ON OUR WEBSITE

11.1 Similar to other commercial websites, our Website uses a technology called "cookies" and web server logs to collect information about how our Website is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site's computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies.

11.2 Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website.

11.3 Cookies, in conjunction with our web server's log files, allow us to calculate the aggregate number of people visiting our Website and which parts of the website are most popular. This helps us gather feedback so that we can improve our Website and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.

11.4 We use ‘session’ cookies which enable you to carry information across pages of the Website and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Website is being used and to improve its structure.

11.5 We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Website, tailoring the content of certain areas of the Website to offer you content that match your preferred interests.

11.6 For more details of how we use Cookies, if any, on our websites or apps, please refer to our Terms and Conditions at https://www.pizzaexpress.sg/terms-and-conditions

12. TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

12.1 We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

13. CHANGES TO NOTICE

13.1 We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Updated on 1 February 2020

Privacy & Accessibility Policy

1. Privacy and Your Personal Data

1.1 Pizza Express (Restaurants) Limited is committed to protecting the privacy of our users and customers. This privacy policy ("Privacy Policy") is intended to inform you on how we gather, define, and utilise your Information (as defined below).

1.2 It applies to Information collected by us, or provided by you, whether in one of our restaurants, over our Website (including the mobile optimised version of the website accessible from your portable hand held device), our Pizza Express App, or in any other way (such as over the telephone). It is also intended to assist you in making informed decisions when using our Website, App and our products and services. Please take a minute to read and understand the policy.

1.3 All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in section 9 below, please write to us at the below address or via email at legal@pizzaexpress.com:

FAO: Legal Department

Pizza Express (Restaurants) Limited

Hunton House,

Highbridge Estate,

Oxford Road,

Uxbridge,

Middlesex,

UB8 iLX

1.4 Pizza Express (Restaurants) Limited is the controller of your Information for the purposes of the GDPR and is a company registered under number 02805490 and whose VAT number is GB 627 0767 30.

2. What Information Do We Collect on our Website?

2.1 When you visit our Website (including the mobile optimised version of the website accessible from your portable hand-held device) you may provide us with personal information such as name, postcode, email address, mobile phone number, date of birth (month and year only), credit, debit, or PayPal account details and information about other members of your family who might be interested in our services ("Information"). You may provide us with Information in a number of ways:

a) by supplying us with the Information as listed above, on an individual basis by registering as a registered user or subscribing to receive updates or offers from us. To become a registered user you must provide us with your name, postcode, date of birth (month and year only), and email address, but you may also provide us with additional information if you choose to do so.

b) by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;

c) by booking a table, ordering a takeaway online using our Click & Collect or Delivery service, downloading our offers, purchasing a gift card, purchasing Pizza Express Live tickets, or applying for a job with us;

d) through any preferences and areas of interest as advised by you on subscribing to our online services;

e) by Information provided when you use our App (see below); and

f) by Information provided when you use our mobile optimised website from your portable hand-held device including details of your physical location, where you have agreed to it being used.

2.2 From time to time we may give you the option to provide us with Information about other people in your life, for example as a registered user, you have the option to tell us whether you have any children and if so their gender and the month and year of their birth We use this Information to tell you about offers that may be relevant to your friends or family members in accordance with their age.

2.3 We may collect Information about your computer, including where available your IP address, operating system, browser type and the geographical location of your computer, for system administration purposes. We may also report aggregate information to our advertisers. This is statistical data about browsing actions and patterns and does not identify you as an individual.

3. What Information do we collect on our App?

3.1 When using our App, you may provide us with the following Information:

a) your name and contact details (email address and mobile telephone number), if you use the App to book a table at one of our restaurants;

b) further information (mobile phone number, date of birth (month and year only), favourite restaurants, details about other members of your family who might be interested in our services, if you use the App to register as a registered user or subscribe to receive updates or offers from us. To become a registered user you must provide us with your name, postcode, email address, and date of birth (month and year only), but you may also provide us with additional information if you choose to do so;

c) information which allows us to identify your credit or debit account details to complete a transaction with you, should you elect to pay for your takeaway or pay your restaurant bill using the ‘Pay at Table' function via the App;

d) your physical location, where you have agreed to it being used for the restaurant locator feature on the App or where you allow the App to access your location settings; and e) other Information that may be provided by you when adding content to our App, or to our social network pages such as Facebook.

4. What Information do we collect in our restaurants or elsewhere?

4.1 When you are in one of our restaurants, we may collect the following Information when you use the Pizza Express Wi-Fi service:

a) your name and contact details (date of birth), email address, postcode and mobile telephone number) b) your physical location, whilst you are in the restaurant only

5. How we use your Information

5.1 We will hold, use and disclose your Information for our legitimate business purposes including:

a) to keep you up to date about important changes to our business;

b) to direct-market products and services (including push notifications), advise you of news and industry updates, events, promotions and competitions and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;

c) to apply profiling technology which analyses our customers' engagement with our direct marketing communications, activity and interests so that we can send you content that is relevant to you;

d) to answer your queries;

e) to provide further services to you by sharing your Information with other companies within our group of companies, as well as trusted third parties. Further details about this are set out in the section 8 below on Sharing your Personal Information;

f) to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.

5.2 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health in booking requests. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.

6. The legal basis for processing your Information

6.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:

a) Necessary for compliance with a legal obligation - we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;

b) Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your Information for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries

from you or a third party, fulfilling takeaway, gift card or Pizza Express Live ticket sales, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;

c) Consent - in some circumstances, we may ask for your consent to process your Information in a particular way.

7. How we share your Information

7.1 In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it.

a) Other parties within our group of companies: Your information may be shared with our UK affiliates including our parent company, as certain processing functions within Pizza Express are centralised. Your information will not be shared with any of our international affiliates.

b) Trusted third parties: In order to provide certain services, we will share your information with third party service providers such as IT infrastructure companies and email logistics providers. We will not share your data with any third party where it is not necessary to do so to provide a service to you.

c) Regulatory and law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies. d) New business owners. If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, you will be sent notice of such event.

8. How long we hold your Information

We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information through a competition entry, we will retain your data for as long as is necessary to administer the competition. If we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application, and maintain application statistics. We will not directly market to you for longer than three (3) years, unless you consent to receive direct marketing by opting in again before the expiry of that three (3) year period. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.

9. Your rights relating to your Information

a) Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.

b) Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.

c) Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.

d) Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.

You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.

e) Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.

This right exists in respect of Information that:

• you have provided to us previously; and

• is processed by us using automated means.

While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to Information of others without their consent.

9.2 You can exercise any of the above rights by contacting us at the address or email address set out above. You can exercise your rights free of charge.

9.3 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.

10. Consent

To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address or email address set out above.

11. Cookies

11.1 Similar to other commercial websites, our Website uses a technology called "cookies" and web server logs to collect information about how our Website is used. A cookie is a very small text document, whichoften includes an anonymous unique identifier. When you visit a website, that site's computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies

11.4 We use `session' cookies which enable you to carry information across pages of the Website and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Website is being used and to improve its structure.

11.5 We also use 'persistent' cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Website, tailoring the content of certain areas of the Website to offer you content that match your preferred interests.

12. Website Accessibility

12.1 Pizza Express recognises the importance of providing a website that is accessible to everyone and is easy to use. This section outlines our ongoing commitment to making our online services accessible and explains some of the accessibility features of this Website.

12.2 Website accessibility means that people with disabilities can use the website. More specifically, Website accessibility means that people with disabilities can perceive, understand, navigate, and interact with the Website, and that they can contribute to the Website. Website accessibility also benefits others, including older people with changing abilities due to aging. (Quote from https://www.w3.org/WAI/intro/accessibility.php)

12.3 This Website contains the following features which should help users make the website more accessible:

a) providing a sitemap;

b) every content and decorative image has the ability to have alternative text added so if images are disabled or not appearing the user can see read what the image is displaying;

c) tabbing through the Website is organised in a logical top down left to right order;

d) clearly defined visible hover and focus (tab) state for each link;

e) the ability to jump to the main content on the page by bypassing the top menu when you use the keyboard;

f) HTML for lists, tables and quotes being coded correctly; g) the ability to navigate around the site and access all functionality by only using the keyboard;

h) all fields and labels within forms including error messages, are clearly labelled and have the correct notations;

i) the visual contrast combination of text and background colours meet the correct ratio so all text is easily read; and

j) the Website is readable when large size text is used in Internet Explorer

12.4 At Pizza Express we are committed to making our Website accessible to as many abled and less abled people as possible. We will continue to review, test and modify our Website for usability and accessibility issues using a combination of both manual and automated testing tools. These tools and techniques help us to aim towards meeting (where possible) the W3C guidelines as part of our ongoing commitment towards an accessible Website.

13. Changes to our Privacy Policy

This privacy policy can be changed by us at any time. If we change our privacy policy in the future, wewill advise you of material changes or updates to our privacy policy by email, where we are holding your email address.

14. Complaints

If you are unhappy about our use of your Information, you can contact us at the address or email address above. You are also entitled to lodge a complaint with the UK Information Commissioner's Office using any of the below contact methods:

Telephone: 0303 123 11113

Website: https://ico.org.uk/concerns/

Post: Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Personal Data Protection Notice

Privacy & Accessibility Policy

Menu

Bookings

Connect

Explore