Privacy Policy

Caterite Food and Wineservice Limited (referred to as "Caterite", "we", "us" or "our" in this privacy policy) takes its data protection and privacy responsibilities seriously. 

This privacy policy sets out how we collect, use, protect and share personal information in the course of our business activities. 

 

1. IMPORTANT INFORMATION (paragraph 1)

2. TYPES OF PERSONAL DATA WE COLLECT (paragraph 2)

3. HOW IS YOUR PERSONAL DATA COLLECTED? (paragraph 3)

4. HOW WE USE YOUR PERSONAL DATA (paragraph 4)

5. WHEN WE SHARE YOUR PERSONAL DATA (paragraph 5) 

6. INTERNATIONAL TRANSFERS (paragraph 6) 

7. DATA SECURITY (paragraph 7)

8. DATA RETENTION (paragraph 8)

9. YOUR RIGHTS (paragraph 9)

10. CONTACT US (paragraph 10)

11. COMPLAINTS (paragraph 11)

12. AUTOMATED DECISION MAKING (paragraph 12)

13. UPDATES TO THIS PRIVACY POLICY (paragraph 13)

14. THIRD PARTY LINKS (paragraph 14)

This privacy policy gives you information about how Caterite collects and uses your personal data through your use of this website, when you register with us, purchase a product or service or otherwise engage with us as described in paragraph 3 below.

Caterite Food and Wineservice Limited is the controller and responsible for your personal data.

Caterite or its ultimate parent company, Metro AG and/or any subsidiaries of Metro AG (collective "Metro Group") may have to access and process your data for legitimate purposes as highlighted below.

If you have any questions about this privacy policy, including any requests to exercise your legal rights (paragraph 9), please contact the us using the information set out in paragraph 10.

We may process the various types of personal data about you which have been grouped as follows:

  • Identity Data includes first name, last name, any previous names, title, date of birth and gender.
  • Contact Data includes job title, company details, billing and delivery addresses, email address and telephone numbers.
  • Financial Data includes (non corporate) bank account, credit rating information and payment card details.
  • Customer Data includes delivery instructions, call recordings, meeting notes and information on complaints and feedback.
  • Transaction Data includes payment details and information about the products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type, time zone, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data includes information about how you interact with and use our website, products and services. We may process aggregated data which does not reveal your identity. For example, we may aggregate Usage Data to calculate the number of users accessing a specific website feature. This helps us analyse general trends and improve our website and services.
  • Marketing and Communications Data includes your marketing and communication preferences.

We may collect information about you through the following means:

  • Your interactions with us. You may give us your personal data directly by communicating with us by post, phone, email or otherwise engaging with our website through online forms. 
  • Automated technologies or interactions. As you interact with our website, we may automatically collect information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy https://www.caterite.co.uk/cookie-policy for further details.
  • Third parties sources. We may receive personal data about you from various third parties as described below:

     o    Technical Data collected from analytics providers and advertising networks when you use our website; and

     o    As mentioned in section 5, we may receive personal data about you from other members of the Metro Group.

 

Note that certain information is required from you in order to conduct our business. If you do not provide this information, then we may not be able to proceed with the relationship/your request. 

 

We also collect personal information through recording telephone calls. The purpose of recording calls is to train staff and to quality control/monitor our activities. The general retention period for call recordings is 90 days, however this is subject to some exceptions, for example where a recording is the subject of an ongoing complaint or claim.

Data protection law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases when doing so:

 

  • Performance of a contract with you. When it is necessary for Caterite (or a third party) to perform the contract we are about to enter or have entered into with you.
  • Legitimate interests. We may use your personal data to conduct our business and pursue our legitimate interests, such as preventing fraud and providing you with a secure customer experience. Before processing your personal data for these purposes, we carefully consider and balance any potential impact on you and your rights.
  • Legal obligation. We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to.
  • Consent. When we ask you to actively indicate your agreement to our use of your personal data for a certain purpose, for example if you subscribe to receive marketing communications.

We have set out in the table below the ways we plan to use the various categories of your personal data alongside the relevant legal bases:

Purpose Category of Personal Data Legal Basis
To register you as a new customer. Identity Data, Contact Data, Customer Data, Marketing and Communications Data Performance of a contract with you.
To process and deliver products and services you order from us. Identity Data, Contact Data, Customer Data, Financial Data, Transaction Data, Marketing and Communications Data Performance of a contract with you.
To manage our relationship with you, including notifying you of changes to our terms or privacy policy. Identity Data, Contact Data, Customer Data, Marketing and Communications Data •Performance of a contract with you.
•Necessary to comply with legal obligations.
•Necessary for our legitimate interests to keep our records updated and manage our relationship with you.
To share customer and supplier data with our sister companies in the Metro Group. Identity Data, Contact Data, Customer Data, Transaction Data, Usage Data, Marketing and Communications Data Necessary for our legitimate interests to:
•Provide, maintain and improve products and services to meet customer needs.
•Facilitate the corporate strategy, planning and development of the business.
•Leverage the potential efficiencies generated by coordinating with the Metro Group.
To consider whether there are any opportunities for cross marketing of products and services between Metro Group companies and respective customers Identity Data, Contact Data, Customer Data, Marketing and Communications Data •When necessary for the legitimate interests, including to carry out marketing to inform customers about products and services.
•Where applicable, having obtained your prior consent to receiving marketing communications.
To manage and safeguard our business and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting. Identity Data, Contact Data, Transaction Data, Technical Data Necessary for our legitimate interests to:
• The running of our business, provision of administration and IT services and network security.
• Prevent fraud.
• Process information in the context of a business reorganisation or group restructuring exercise).
Necessary to comply with a legal obligation.
To use data analytics to enhance our website, products, services, customer relationships, and experiences, and to evaluate the effectiveness of our communications and marketing. Technical Data, Usage Data Necessary for our legitimate interests to:
• Define types of customers for our products and services.
• Keep our website updated and relevant, to develop our business and to inform our marketing strategy).
To send you relevant marketing communications and personalised suggestions about goods or services that may interest you. Identity Data, Contact Data, Technical Data, Usage Data, Marketing and Communications Data Necessary for our legitimate interests to:
•Carry out direct marketing.
•Develop our products and services in order to grow our business.
Where applicable, having obtained your prior consent to receiving marketing communications.
To conduct market research through your voluntary participation in surveys. Identity Data, Contact Data, Marketing and Communications Data Necessary for our legitimate interests to understand customer usage and improve our products and services.
To train staff and monitor standards of service across the workforce. Identity Data, Contact Data, Customer Data Necessary for our legitimate interests in ensuring staff are effectively trained and in ensuring a consistent and high standard of service is being maintained.
To conduct credit checks in relation to businesses Identity Data, Contact Data, Financial Data, Customer Data Necessary for our legitimate interests in ensuring the sole trader businesses who we engage with are financially reliable as required for our business continuity.

We may share your personal data where necessary with the parties described below for the purposes set out in the table above:

  • Vendors, consultants and other providers. We may share your information with third-party vendors, consultants, and service providers who work on our behalf and need access to your information to perform their tasks. These parties are authorised to use your personal data only as necessary to provide services to Caterite.
  • To comply with laws. We may disclose your information to comply with laws, enforce our policies, protect our services’ security, prevent harm or illegal activities, respond to emergencies, or as directed by you.
  • Metro Group. We may share your personal data with companies in the Metro Group for our legitimate interests as highlighted in the table above.

We require all third parties to respect the security of your personal data and comply with applicable law. We do not permit our third party providers to use your personal data for their own purposes.

We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.

Whenever we transfer your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, we always ensure that a similar degree of protection is afforded to it by ensuring that we use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK. To obtain a copy of these contractual safeguards, please contact us via the details at paragraph 10.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Caterite maintain a data retention schedule which details the applicable time each category of personal data is retained for. We decide on these timeframes by setting the period we believe is reasonably necessary to fulfil the purposes we collected it for. This will typically be for the length of our relationship plus any length of time we're required to keep the information to fulfil our legal obligations, which is often 6 years. 

We may also retain information to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot issues, assist with investigations and take other actions permitted by law.

Information connected to you that is no longer necessary and relevant to provide our services may be de-identified or aggregated with other non-personal data for research or analytical purposes.

Subject to certain exemptions, and in some cases dependent on the processing activity we are undertaking, you may have the following rights in relation to your personal information:

  • Request access to your personal data. To receive a copy of the personal data we hold about you.
  • Request correction of the personal data. To have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure. To ask us to delete or remove personal data in certain situations.
  • Object to processing of your personal data where we are relying on a legitimate interest as the legal basis for that particular use of your data. 
  • Object or opt-out at any time to the processing of your personal data for direct marketing.
  • Data portability. To receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third-party in certain situations.
  • Withdraw your consent to our processing of your personal data at any time, if the processing is based on your consent.
  • Request restriction of processing of your personal data in certain circumstances.


If you wish to exercise any of the rights set out above or want more information about them, please contact us via the details at paragraph 10. We may need to ask for ID to check we are satisfied as to your identity and we generally have one month to reply to your request. You will not normally be charged for the request. 

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact info@carterite.co.uk  

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues ( www.ico.org.uk ). We would, however, appreciate the chance to deal with your concerns and find a solution with you if you raise this using the contact details in section 10.

We do not make any automated decisions about you when processing your personal data. 

We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check this page for the latest version of this notice. 

This version was last updated on Thursday 12th December 2024.

You might find external links to third party websites on our website. This privacy notice does not apply to your use of such third party sites.