Privacy Policy

This privacy privacy policy (together with our terms and conditions www.flypay.co.uk/terms) provides information on how Flypay Limited (referred to in this notice as "Flypay", "we" or "us") uses personal data relating to users (referred to in this policy as "you") of the Flypay application (the "Application") or any Flypay website ("Website") and related services and website (together referred to in this policy as the "Services").

Please read this privacy policy carefully to understand our practices regarding your personal data and how we will treat it.


This notice is version 1.1 and was last updated on 26th January 2016.

1. Who are we?

2. What personal data do we collect and why?

a: Registration details

If you install the Application or access the Website, you will be asked to provide us with certain registration information in order to create a GBK profile and receive the related Services.
Registration information may include:

As an alternative to registering directly with GBK, you can register using your Facebook account login, from which we may obtain your Facebook username and password, along with the same registration information set out above (see also the paragraph entitled "Facebook Information" below). Your registration information may be used to:

b: Device and Technical Information

We may collect information about the device you use to download the Application or access the Website, including, where available, the device's unique device identifiers, operating system and mobile network information, for system administration purposes. We may also collect information about the computer you use to visit the Website, including session data and your IP address. We may associate this kind of device information with the registration information referred to in the sections above for customer services and system administration purposes and will treat the combined information as personal data in accordance with this policy for as long as it is combined.

c: Your payment card details

In order to pay a venue bill using the Application or order online via the Website, you will need to input credit or debit card details. Payment processing services are provided by third parties, including VeriFone and Adyen. The Application or Website will transfer payment details directly from VeriFone, Adyen or other PCI compliant verified payment processing companies to the venue's point of sale system. By inputting payment card details, you are consenting to use of such details by these third party payment providers, the venue and us for the purpose of paying your bill and processing your payment.

The use of your payment card details by third party payment providers and the venue is not governed by this privacy policy and will be governed by the third party payment providers and the venue's own terms of use and privacy policy. We recommend that you access and review any such terms and policies prior to providing your payment card details.

Your card details will be securely stored by PCI compliant third party payment providers (including Verifone and Adyen) for ease of use in future transactions using the Application or Website. However, your CSC/CVV number is not stored and must be entered each time you use a card for authentication. GBK does not have access to your card details nor does it store your card details on its systems, although it holds a payment processing 'token' which retains some of the card number digits only. This enables you to identify the appropriate card in future transactions and on your payment receipt. You may remove payment card details from the Application or Website at any time. Payment transactions are between you and the relevant venue. Whilst the Services seek to facilitate the payment procedure, GBK does not receive your payment and is not responsible for subsequent use of your card or payment details by or on behalf of the venue.

d: Your venue visits or online orders

In order to pay a venue bill using the Application, you may need to scan the restaurant provided QR code, or tap it with an NFC equipped phone, type in the five digit code for your table or other methods of interaction, which will link your Application to the bill within the relevant venue's point of sale or 'POS' system. The details of your bill will be used to deliver the Services and generate your payment receipt.

We may also collect POS data relating to your venue visits or orders placed online via the Website, including:

We may use POS data for the following purposes: We collect POS data through the Application, the Website and directly from the venue's point of sale system. We may also collect additional data relating to your venue visits and the surrounding areas, for example: This additional data is used for analysis and statistical purposes (see further below).

e: Facebook information

If you provide us with your Facebook account login, we may collect additional information from your Facebook profile for analysis and statistical purposes (see below). If you would prefer that we not to do this, you can register with your email address and date of birth, rather than using your Facebook account login.

f: Contacting us or visiting our website

If you contact us (via email, webform, telephone, post or otherwise), we may collect and retain your contact details and your communication for the purpose of handling and responding to your query, keeping records of communications and improving our customer services.

g: Geolocation

With your permission, we may also collect information about your geo-location through the Application to enable us to provide location based services and tailor the offers/promotions you receive through the Application.

h: Log Information

When you use the Application or Website, we may also automatically collect and store certain information in our server logs to get a better understanding of how people use the Application and Website, for system administration purposes, and to ensure we provide a good user experience and customer service. This type of information includes "clickstream" data (i.e. information about when, how, and what parts of the Application or Website you use), viewed and exit pages as well as date or time stamps.

i: Contacts

The Application allows you to contact friends via SMS, Twitter, Facebook or Google Plus to invite them to try the Application. In order to use this feature, you must select the option which allows the Application to access your mobile phone contacts or Twitter, Facebook or Google Plus account (as applicable) and your contacts listed within that account. Please only use this feature to send an invitation to a friend who you know would be happy to receive one.

j: Analysis and statistics

We may use the data we collect about you, on an anonymous basis only, for analysis and statistical purposes, for example to analyse how many users are visiting or ordering from particular venues at particular times, food preferences, and the characteristics of such users, for example their age or gender. If you have provided your Facebook login, we may combine data collected from the Application or Website and the restaurant with information from your Facebook profile for these purposes.

Statistics and results of analysis (anonymised and without reference to your personal data) may be shared with our selected partners, including partner restaurants and their suppliers for the purpose of improving the customer experience within restaurants.

3. Cookies and similar technologies

Our Websites use cookies and similar technologies. For more information, please see our cookie policy, which is available from the Websites or via www.flypay.co.uk/cookies.

4. Other use of your personal data

We may also use your personal data for the purposes of:

5. Disclosure of your personal data to other parties

We may share statistics and results of analysis with selected third parties as described in paragraph 2.j above.
We may also disclose your personal data for the purposes outlined in paragraph 4 above to third parties, including:

We may also share your information with other selected third parties, including: strategic business partners, in connection with the purposes described in this privacy policy; advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; and analytics and search engine providers that assist us in the improvement and optimisation of the Website.

6. Storage and security of your personal data

Your personal data is stored in electronic and physical records maintained by us and/or our service providers. Whilst we are based in the UK, our service providers may have servers located overseas, where the laws may not give the same level of protection to personal data as within the UK. By submitting your personal data to us, you consent to the transfer, storing and processing of your personal data in countries outside of the UK (including countries located outside of the European Economic Area ("EEA").

Whenever we transfer your personal data outside of the EEA, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

7. Passcodes and security

If you create a user ID, a passcode or any other authentication information as part of our security procedures, you must treat such information as confidential. You must not disclose it to anyone else and must take appropriate steps to keep your information secure by not using an obvious login name and ensuring that you keep your passcode confidential and change it regularly. If you know or suspect that anyone other than you, or anyone authorised by you, knows your user ID, passcode or any other authentication information, you must promptly notify us using the contact details below. You are entirely responsible for all activities that occur through use of your user ID, even if another person was using your account at the relevant time. We are not responsible for any losses or liabilities arising out of or in connection with any unauthorised use of the Application or Website.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the Application or Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

8. Marketing

As mentioned above, we may also use your personal data to provide you with information about our products and services, which may be of interest to you. If you do not want us to use your information in this way, we will give you the opportunity to opt-out of receiving any such marketing communications at the point where you provide us with your contact details and in each subsequent marketing communication that we send to you. Please note that if you opt out from receiving marketing communications, we may still contact you about service-related issues, such as where we make any changes to the Application or Website, or the terms of this policy.

9. Third party sites and services

Your use of the Application will also be subject to the privacy policies of any app store provider and/or operator ("App Store Provider") from whom you have downloaded the Application ("App Store Policies"). The Application and Website may also contain links to other third party websites and services including through advertising and social media tools and widgets such as those provided by Facebook and Twitter ("Third Party Sites and Services"). The links to these Third Party Sites and Services are provided for your convenience only. Your use of the Third Party Sites and Services will be governed by their terms and conditions and privacy policies (if any) ("Third Party Terms"). It is your responsibility to read the Third Party Terms. You acknowledge that we have no control over the Third Party Sites and Services and are not responsible for them.

10. Removal of your details

You may request removal of your live profile at any time by sending an email to us at info@gbk.co.uk.

We may however retain certain aspects of your profile and other personal details for the purposes of maintaining records of our dealings with you, analysis and statistics.

We may remove your profile in accordance with clause 2(e)(iii) of our terms and conditions, including in the circumstances where you breach our terms or have not used our Services for a substantial period of time.

11. Access to your details

If you would like to access a copy of any personal data which we hold about you, please send a request by email or by post using the contact details in paragraph 13 below. An administration fee of £10 may be charged.

You have the right, in certain circumstances, to object to us processing your personal data or to request that your personal data is corrected or deleted. Please contact us to discuss this as required.

12. Changes to our privacy policy

We may change this policy at any time. Your continued access or use of the Application or Website after such a change signifies your acceptance of the updated or modified policy. We may email registered users about any material changes to the policy and we may notify you of a change to this policy when you next start the Application or access the Website. The new policy may be displayed on-screen via the Application or Website and you may be required to agree to it to continue your use of the Application or Website. The date this policy was last updated appears at the top of this document.

13. Queries

If you have any queries in relation to the processing of your personal data by Gourmet Burger Kitchen Limited, please contact us: