Make sure you’re doing the right things
On 25th May, 2018 important new data legislation called the GDPR (General Data Protection Regulation) is coming into effect. It will apply to all businesses and organisations that handle the personal data of any person who lives within Europe – and that includes us at Just Eat, as well as restaurants like your own.
Why do you need to know about GDPR?
As you know, your restaurant handles a huge amount of customer personal data every day through Just Eat and other orders to deliver tasty takeaways. You have access to customers’ data such as their names, address and phone numbers, and this means that the GDPR legislation will apply to you and your restaurant, as well as Just Eat.
You need to understand the basic legal requirements, and your responsibilities, when handling the customer data that you receive from Just Eat. And we’re here to help you avoid making basic but potentially serious and expensive errors.
Unfortunately, if there is a data breach under GDPR, then you could be fined as much as 4% of your annual turnover.
What personal data do I handle?
Personal data is any information which relates to a living individual, Every time you receive an order from Just Eat on your Orderpad or JCT you handle (and process) the following types of customer personal data:
- Telephone number
- Order details
- (And sometimes) special religious or dietary/health related order instructions
We want to help you, and ensure you know all the facts. You should ensure that you comply with data protection legislation and our guidance every time you receive and process an order from Just Eat. It’s in all of our interests that we do the right things and do right by our customers. That’s why we’re looking to help you, by sharing information and best practices where data handling is concerned.
What can I do to get ready for this change?
- Read about, and understand what you must, and must not do, with customer data.
- Brief your staff and make sure they also understand how to handle customer data – and what they should and shouldn’t do (see details listed out below).
- At all times, follow the rules of data protection and do not misuse customers data.
Here’s a short guide to help you.
Customer Contact Information
Never contact customers for personal reasons. You, your staff and drivers should only contact them in relation to fulfilling their takeaway order, and for no other reason.
Never text, message or add a customer on social media. This is an invasion of privacy and will be taken very seriously. If it comes to your attention that any unauthorised contact has been made with a customer you should email the Just Eat compliance team immediately to email@example.com.
Receipts and print outs
Securely destroy all receipts and print outs which contain Just Eat customer personal data after a successful delivery. If you need to retain them for any reason, keep them securely locked away until you are ready to destroy them.
DO NOT dispose of receipts with your general waste or in public bins If disposed of insecurely and a customer’s personal data gets into the wrong hands, this could lead to a complaint against both you and Just Eat, as well as potential fines and bad publicity for your Restaurant.
Drivers and delivery staff
It is the restaurant’s responsibility to ensure that its drivers and delivery staff understand how to handle customer data securely, responsibly and transparently. Check that the right order goes to the right driver and that it does not contain the data of another customer.
DO NOT assume that your drivers know how to do the right thing with customer personal data. It is important you share this guidance with your drivers and get in touch with Just Eat if you need us to explain anything. You can contact us at firstname.lastname@example.org.
Marketing and promotions
Your customers have a right to privacy. If you don’t respect it you are likely to lose their custom, and maybe a lot more. So, DO NOT send marketing or promotional messages to Just Eat customers by SMS, phone call or post. This is a breach of the Restaurant Agreement you have with Just Eat; it is also a breach of the law which may expose you to large financial penalties.
Just Eat’s Customer Service team is always on hand for customers to get in touch with you should they need to, whilst the Just Eat Marketing investment ensures that customers keep ordering from you. It’s part of what makes our community the world’s greatest food community.
Sharing and security
Always keep anything containing Just Eat customer personal data safe, secure and away from harm. If you need to hold onto receipts or print outs keep them locked away until you are ready to securely destroy them.
What happens if these data rules are not followed?
If you, your staff or your delivery drivers breach the new rules on data privacy there could be serious consequences for both you and Just Eat. For example:
- Not managing customers data as we set out in this guidance could result in Just Eat seeking to recover any legal costs incurred as a result of you breaching data protection rules under our Restaurant Agreement.
- prosecution and fines against you from the Data Protection Authorities
- customers could take your business to court to receive financial compensation for misusing their data;
- your restaurant could receive negative media attention in the press or on social media;
- Just Eat could take you offline temporarily or terminate our Restaurant Agreement with you;
Do the right things
GDPR legislation is complex, but compliance is relatively simple if you follow the guidelines we’ve outlined in the sections above. Most of the things you need to be doing (and they are your responsibilities) are covered by our Restaurant Agreement. But you should take some time to familiarise yourself with our guidance on data protection and ensure that your restaurant has the right processes in place.
Call our customer services team