Privacy Policy

Roadside Stall

  1. 1. This document sets out the privacy rules in the Roadside Stall application.

  2. 2. For the purposes of data protection legislation, we are the data controller of your personal data. TREBORK Ltd, North Walk 9, Stoke on Tren, Staffordshire, ST3 6DB (UK), e-mail: info@roadsidestall.com.

  3. 3. We are committed to complying with the Data Protection Act 2018.

I. Personal Information

  1. 1. The Controller collects information provided voluntarily by the Application Users. However, the provision of marked personal data is a condition for placing an order.

  2. 2. Moreover, The Controller may record the information about connection parameters, like IP addresses, for technical purposes, for server administration and for collection of general, statistical demographic information (e.g., about the region from which the connection comes), and also for security purposes.

  3. 3. The Controller shall make an extra effort in order to protect privacy and information about the Application Users provided to him. The Controller shall exercise due diligence when selecting and applying appropriate technical measures, including those of programming and organizational nature, in order to protect the processed data, and in particular he shall protect the data from unauthorized access, disclosure, loss and destruction, unauthorized modification, and also from their processing with the breach of the applicable provisions of law.

  4. 4. Personal data will be:

    1. a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
    2. b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
    3. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
    4. d) accurate and, where necessary, kept up to date (‘accuracy’);
    5. e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
    6. f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

II. The Lawful Bases We Use to Process Data

  1. 1. We will only ever process your data if we have a lawful basis to do so. The lawful bases we rely on are:

    1. a) Contract – This is where we process your data to fulfil a contractual arrangement we have made with you or because you have asked us to carry out a service before entering into a contract.
    2. b) Consent – This is where we have asked you to provide permission to process your data for a particular purpose.
    3. c) Legitimate Interests – This is where we rely on our interests as a basis for processing.
    4. d) Legal Obligation –This is where we have a statutory or other legal obligation to process the data, such as to comply with regulatory requirements and/or requests.
    5. e) Vital interests – This is where the processing of personal data is necessary to protect someone’s life.

III. What Data Do We Collect?

  1. 1. The data controller processes the User's personal data in the scope of:

    1. a) username, e-mail address and password, and any other data that the User provides in the description of his profile or in any other available place in the application (company/display name, phone number, address, logo(image).
    2. b) data about the user's location while using the application. There are 3 types of navigation in the application (Google Maps, What3words, OpenStreetMap).

  2. 2. If you download our mobile application and activate or consent to the location-based service, you provide us with information about your location, as well as an identifier that can be specifically assigned to your end device.

  3. 3. The User can independently manage their personal data, which are visible to them after logging in to the User Account.

  4. 4. The mobile application collects personal data and information about users' activity, which is used to provide our services, as well as to tailor marketing content to the user's interests and needs based on the marketing consents granted by the user. Personal data is information with which we can identify our user.

IV. Your Rights

  1. 1. You have a number of “Data Subject Rights”, we have explained below what they are and how you can exercise them. You can read more about these rights on the UK Information Commissioner's Office website at https://ico.org.uk/for-the-public/.

    1. a) Right of access –You have the right to request a copy of the personal data that we hold about you.
    2. b) Right to rectification –If you think any of your personal data that we hold is inaccurate, you have the right to request it is updated. We may ask you for evidence to show it is inaccurate.
    3. c) Right to erasure– (also known as the right to be forgotten) – You have the right to request that we delete your personal data that we hold.
    4. d) Right to restriction of processing –You have the right to request we restrict or suppress the personal data we hold about you.
    5. e) Right to data portability –You have the right to ask us to electronically transfer your personal data to another organisation in certain circumstances.
    6. f) Rights with regards to automated decision making, including profiling – You have the right not to be subject to a decision that is based solely on automated processing if the decision affects your legal rights or other equally important matters and to object to profiling in certain situations, including for direct marketing.
    7. g) Right to withdraw Consent – Where we are relying on your consent for processing you can withdraw or change your consent at any time.

  2. 2. The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal data about another person, if you ask us to delete data which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your data for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.

  3. 3. We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You have the right to lodge a complaint directly with a Data Protection Authority. The Data Protection Authority in the UK, where we are based, is the Information Commissioner's Office (ICO), you can contact the ICO here: ico.org.uk/make-a-complaint.

V. Recipients of Personal Data

  1. 1. Recipients of the User's personal data may be entities performing the order at the Operator's request and handling it, such as: providers of IT solutions, companies providing marketing services, law offices, authorised state authorities.

  2. 2. We do not allow third-party suppliers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

  3. 3. In order to process your personal data for the purposes set out in this Privacy Policy, we may transfer your personal data to third parties that are based outside of the EEA or the UK. For any personal data transfers to the EEA, we will continue to follow all regulatory and legal requirements set out in the EU-UK Trade and Cooperation Agreement, and any subsequent arrangements that are agreed.

  4. 4. Whenever we transfer your personal data out of the EEA, we attach a similar degree of protection to it (as it would receive in the EEA) by ensuring at least one of the following safeguards is implemented:

    1. a) We will only transfer your personal data to countries, territories or sectors within a country that have been deemed to provide an adequate level of protection for personal data by the European Commission.
    2. b) The transfer is subject to a legally binding and enforceable commitment on the recipient to protection the personal data (e.g., through the use of European Commission approved standard contractual clauses).
    3. c) The transfer is made subject to binding corporate rules.
    4. d) The transfer is based on a derogation from restrictions on transferring personal data outside of the EEA (such as where you give your consent, the transfer is necessary for the performance of contract with you, or the transfer is necessary for the establishment, exercise or defence of legal claims).

VI. Retention Period

  1. 1. Your personal data will be stored:

    1. a) in connection with the creation of an Account or the use of other Electronic Services – for the period of the existence of the Account or the use of other Electronic Services.
    2. b) in connection with establishing contact with the Controller – for the period necessary to consider your inquiry and provide a response.
    3. c) in connection with marketing, analytical or statistical activities – for the period of existence of a legitimate interest of the Controller or a third party, or until you object to such processing.
    4. d) in connection with the maintenance of social media profiles – for the period necessary to achieve the purpose resulting from the processing, and in the case of processing based on the legitimate interest of the Controller – until its expiry or until an effective objection is lodged; in the case of processing based on consent – until it is withdrawn; in the case of processing personal data of visitors to our profile in social media for statistical purposes – for the time of availability of such data on individual websites in accordance with the storage periods provided by the providers of these services.

  2. 2. In addition, in any case, your personal data may also be processed for the time necessary to:

    1. a) performance of the Controller's obligations resulting from the applicable provisions of law.
    2. b) pursuing or defending against possible claims – for the period of limitation specified by the applicable law.

  3. 3. Depending on the scope of your personal data and the purposes for which it is processed, your personal data may be stored for different periods of time. In any case, the longer storage period of the personal data is decisive.

VII. Access Permissions on a Mobile Device

  1. 1. The mobile app can access the following permissions on your mobile device, including:

    • location
    • notifications

  2. 2. All permissions (mobile device features and information) that users give to the mobile app are visible in the settings panel of their mobile device. You can manage these settings in the settings panel.

VIII. How Can You Block Access to Device Features for Our Apps

It depends on the version of the mobile app and the type of device. Often, all you need to do is change the system settings on your device. If this is not possible, it will be necessary to uninstall our application.