Caring for customer data
Make sure you’re doing the right things
GDPR (General Data Protection Regulation) came into effect in 2018. It applies to all businesses and organisations that handle data which can be used to identify a person. Your restaurant handles Just Eat customers’ personal data every day. This means that the GDPR rules apply to you and your restaurant, as well as Just Eat.
Take time to understand the legal requirements, and your responsibilities, when handling the customer data that you receive from Just Eat.
Why is it important?
GDPR and the correct handling of customer data is important in protecting people’s privacy. Failure to comply with GDPR can be costly, both financially and for the reputation of your business. For example, if there is a data breach, under GDPR you could be fined as much as 4% of your annual turnover.
What personal data do I handle?
Personal data is any information which relates to a living individual. Every time you receive an order from Just Eat on your Orderpad you handle (and process) the following types of customer personal data:
- Name
- Address
- Order details
- (And sometimes) special religious or dietary/health related order instructions
You should ensure that you comply with data protection rules every time you receive and process an order from Just Eat. It’s in all of our interests that we do the right things by our customers.
What can I do?
- Read about, and understand what you must, and must not do, with customer data.
- Brief your staff and make sure they also understand how to handle customer data – and what they should and shouldn’t do (see details listed out below).
- At all times, follow the rules of data protection and do not misuse customers data.
Here’s a short guide to help you.
Customer Contact Information
Never contact Just Eat customers for personal reasons. You, your staff and drivers should only contact them in relation to fulfilling their Just Eat takeaway order, and for no other reason.
Never text, message or add a Just Eat customer on social media. This is an invasion of privacy and will be taken very seriously. If it comes to your attention that any unauthorised contact has been made with a customer you should email the Just Eat compliance team immediately to [email protected].
Receipts and print-outs
Securely destroy all receipts and print outs which contain Just Eat customer personal data after a successful delivery. If you need to retain them for any reason, keep them securely locked away until you are ready to destroy them.
DO NOT dispose of receipts with your general waste or in public bins. If disposed of insecurely and a customer’s personal data gets into the wrong hands, this could lead to a complaint against both you and Just Eat, as well as potential fines and bad publicity for your Restaurant.
Drivers and delivery staff
It is the restaurant’s responsibility to ensure that its drivers and delivery staff understand how to handle customer data securely, responsibly and transparently. Check that the right order goes to the right driver and that it does not contain the data of another customer.
DO NOT assume that your drivers know how to do the right thing with customer personal data. It is important you remind your drivers of their responsibilities around personal data. You can also share this guidance with your drivers and get in touch with Just Eat if you need us to explain anything. You can contact us at [email protected].
Marketing and promotions
Your customers have a right to privacy. If you don’t respect it you are likely to lose their custom, and maybe a lot more. So, DO NOT send marketing or promotional messages to Just Eat customers by SMS, phone call or post. This is a breach of the Restaurant Agreement you have with Just Eat. It is also a breach of the law which may expose you to large financial penalties.
Just Eat’s Customer Service team is always on hand for customers to get in touch with you should they need to, whilst the Just Eat Marketing investment ensures that customers keep ordering from you. It’s part of what makes our community the world’s greatest food community.
Sharing and security
Always keep anything containing Just Eat customer personal data safe, secure and away from harm. If you need to hold onto receipts or print outs keep them locked away until you are ready to securely destroy them. You must not share this data with anyone outside of your business.
What happens if these data rules are not followed?
If you, your staff or your delivery drivers breach the new rules on data privacy there could be serious consequences for both you and Just Eat. For example:
- Not managing customers data as we set out in this guidance could result in Just Eat seeking to recover any legal costs incurred as a result of you breaching data protection rules under our Restaurant Agreement.
- Prosecution and fines against you from the Data Protection Authorities
- Customers could take your business to court to receive financial compensation for misusing their data
- Your restaurant could receive negative media attention in the press or on social media
- Just Eat could take you offline temporarily or terminate the Restaurant Agreement with your restaurant
Do the right things
GDPR legislation is complex, but compliance is very important. Most of the things you need to be doing (and they are your responsibilities) are covered by our Restaurant Agreement. But you should take some time to familiarise yourself with your responsibilities under data protection law and ensure that your restaurant has the right processes in place. You can find further information about your data protection responsibilities on the ICO website
Any questions?
Please send us a message here