2. Collection and Use of Personal Data
We have set out below the various methods of data collection, and the purposes and legal bases on which, we collect, use and may share your personal information, collected though your use of our website and/or app, when you visit us in person, and when you otherwise interact with us.
4. Contact details
Full name of legal entity: Moto Hospitality Limited
Email address: email@example.com.
Postal address: Data Controller, Toddington Service Area, Junction 11/12, M1 Southbound, Toddington, Bedfordshire, LU5 6HR
5. Third-party links, including on-line purchasing of food and drink
When you purchase food and drink via our website and/or app, you will be required to enter your Payment Card details during the check-out process, and you may choose to store these details in connection with your account. Please note that you are supplying these Payment Card details to a third party secure payment processor and Moto will not have access to your actual payment card details.
6. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). All your personal data will be processed in accordance with applicable data protection law, including the Data Protection Act 2018 and the UK GDPR.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender and vehicle identity data (e.g. registration).
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details. Please note that Moto does not store your full payment card details; however, following any transactions, Moto may have access to a securely tokenised form of the payment card number, which may be used for the purposes of transaction analysis (see below) but Moto will not be able to identify the actual payment card number from this).
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us, including dates and times and location of purchase, and whether a discount has been used, and if so, what type (e.g. discounts available to certain types of customers, depending upon their occupation, or marketing discounts etc.) .
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website and/or app.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences (e.g. brand and location preferences), customer type (e.g. leisure, business, HGV or coach) and feedback and survey responses.
- Usage Data includes information about how, where and when you use our website, app, products and services, (including use of our car parks).
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
7. Aggregated Data
We also collect, create, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data could be derived from your personal data but may not be considered personal data in law, where this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or app feature or site location; or we may aggregate your encrypted payment card data to work out the percentage of return customers at our sites.
8. Special Category Data
We do not intentionally collect any Special Categories* of personal data or information about criminal convictions relating to you via our website or otherwise, unless this is specified in a separate policy or notice, for example in relation to our employees and/or to those who self-exclude from our adult gaming centres. (*This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
9. Circumstances in which data may be collected about you:
Data may be collected about you in the following circumstances:
- Where you provide details to us, for example in order to participate in promotions or complete customer surveys, or give feedback, which may include your title, name, address, telephone number, and information about your use of Moto services;
- When you contact us directly, (e.g. telephoning, writing to or emailing us, buying goods or services from us or participating in promotions);
- When you interact with us, for example, to supply services;
- When you open an account for making purchases from us, and/or make a purchase using credit or debit card;
- When you visit our sites CCTV footage featuring your image may be captured, and audio/audio-visual interactions may also be recorded where you enter an AGC and/or forecourt and a conflict management system is activated by our employees;
- When you drive on to our sites, and/or park at our sites, your vehicle registration number and details are captured by the company which operates the car parks;
- When you visit our sites and our wi-fi system connects to your mobile device’s MAC address;
- When you interact with us on social media platforms;
- When you access our website and/or app;
- Where you visit our sites and we need to collect your data, for example for the government’s “Test and Trace” initiative.
10. Website and App data
In general, when you visit our web sites and apps to access information you remain anonymous. Before we ask you for information, we will explain how this information will be used. We will not provide any of your personal information to other companies or individuals for marketing purposes without your express permission. There are occasions where we will ask for additional information although we will always explain why and give the details required by law. We do this to be able to better understand your needs, and provide you with services that we believe may be valuable to you and/or that you have requested.
When you visit our website and/or app you may provide us with two types of information:
- personal Information you provide to us on an individual basis such as during registration for a My Moto account or an Order and Collect account; when opting in to receive marketing; or when submitting feedback, completing a survey and/or entering a prize draw;
- website or app use information collected as you and others browse our website and/or open our app.
There are specific Moto terms which apply:
- to any feedback you may give us and communications you may have with us, where you give your contact details, including via the website form, via the Chatbot on our website or app, or where you contact our customer services;
- to your My Moto account, and
- to our email Marketing updates and NPS Surveys and Prize Draws database, which you can find here.
We strive to maintain the highest standards of security; however, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your information, we cannot ensure the security of your data transmitted to our website and/or app. Any information you submit is sent at your own risk. Once we have received your information we will use strict procedures and security features to prevent unauthorised access.
11. Location Data
Website and app users may be asked for permissions to know their current location in order to provide location-specific details e.g. distance to closest services and estimated drive time. Location data will not be stored in the My Moto account or on the user’s device, but the permission to use location services will be stored on the device where the app is used.
Like other commercial websites, our website uses a technology called “cookies” to collect information about how our website is used. As you interact with our website, information gathered through cookies may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. Cookies identify the device you use but do not allow us to gather any personal Information which can identify you.
We have three types of cookies on our website:
(i) strictly necessary cookies, which are required to be enabled at all times. These essential cookies are required for functions such as saving your cookies preferences, remembering notifications you have already seen so you are not shown them again and remembering your progress through a form;
(ii) insight and analytics cookies, which you must consent to before they are enabled. These cookies allow us to calculate anonymous information, such as the aggregate number of people visiting our website and which parts of the website are most popular. This helps us gather feedback, so that we can improve our website and better serve our customers; and
(iii) marketing cookies, which you must consent to before they are enabled. These cookies are used to help us improve the relevancy of advertising campaigns you may receive.
You can choose whether to accept insight and analytics cookies and/or marketing cookies on the Moto website, but strictly necessary cookies, required for the operation of the site, will be set automatically. You can change your settings in relation to the insight and analytics cookies and the marketing cookies at any time via our website. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse certain cookies, please note that some parts of this website may become inaccessible or not function properly.
13. If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). If we are unable to proceed, we will let you know at the time.
14. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights and freedoms do not override those legitimate interests.
- Where we need to comply with a legal obligation.
- Where it is necessary in the public interest.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent in relation to cookies which are not considered to be “necessary” cookies and before sending marketing communications to you via email or text message and to transfer any of your information to third parties for marketing purposes. Where we process your personal data on the basis of consent, for example in relation to marketing, you have the right to withdraw your consent at any time by contacting us.
15. Purposes for which we will use your personal data – summary
We have set out below, in a table format, a broad summary of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Not all of these will apply to you, as this will depend on the nature of your interactions with us, and we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using it.
|Purpose / activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity|
|Performance of a contract with you|
|To process your purchases including: |
(a) Manage payments, fees and charges, including to allow secure payment authentication and to provide receipts (which may include e.g. your vehicle registration number)
(b)Retain details of your previous purchases in your account
(c) Collect and recover money owed to us
|(a) Performance of a contract with you |
(b) Necessary for our legitimate interests (to recover debts due to us and/or as evidence of payment for specified goods or services)
(c) Necessary for the legitimate interests of a third party (in authentication of payments, to permit their compliance with industry standards and legal obligations)
|To manage our relationship with you which may include: |
(b) Asking you to leave a review or take a survey or provide feedback
(c) keeping records of your transactions if you have an account
(d) Marketing and Communications
|(a) Performance of a contract with you |
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (for example, to keep our records updated; to study how customers use our products/services; and to offer a good standard of service, or to improve our services, such as by keeping your account up-to-date with your previous orders)
|To enable you to take part in a prize draw, competition or complete a survey||(a) Identity|
(e)Marketing and Communications
|(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)|
(c) consent, where applicable
|To administer and protect our business and this website and/or app (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity|
(f) Profile Data
(g) Usage Data
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)|
(b) Necessary to comply with a legal obligation
|To deliver relevant website and app content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity|
(e) Marketing and Communications
|(a)Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
(b) Consent, where applicable (e.g. in relation to cookies)
|To use data analytics to improve our website, app, products/services, marketing, customer relationships and experiences||(a) Technical |
|(a)Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website and app updated and relevant, to develop our business and to inform our marketing strategy).|
(b) Consent, where applicable (e.g. in relation to cookies)
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity |
(f) Marketing and Communications
|(a) Consent |
(b) Necessary for our legitimate interests (to develop our products/services and grow our business)
|To monitor and/or protect our premises, staff and visitors, including compliance with premises licences||(a)Identity (e.g. CCTV images and audio interactions)|
|(a)Necessary for our legitimate interests and those of other third parties, including to combat crime and improve customer services;|
(b) Necessary for compliance with a legal obligation (including Gambling Commission and alcohol licence regulations);
(c) Necessary for the performance of a task carried out in the public interest;
(d) Potentially necessary to protect the vital interests of the data subject or another person (i.e. Moto staff or other visitors, where conflict management systems in use).
16. Promotional offers from us
We may use your information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us only if you have requested information from us and you can ask us to stop sending you marketing messages at any time. We will not share your personal data with any third party for marketing purposes unless you consent for us to do so.
17. Direct marketing – how to opt out
You may at any time ask us to stop sending you details of our offers and promotions, either by unsubscribing to any email we send you, or by contacting: firstname.lastname@example.org. Please note that you must clearly specify in your email the purpose of your email to us, in order for action to be taken. We take your online privacy very seriously, so if you need any assistance in unsubscribing to future communications please contact us. We will promptly take action to ensure that you are “opted-out” from receiving any further mailing or other information. Although we will remove your name from our e-mail list as quickly as possible, there may be a period of time after you unsubscribe during which you may still receive e-mails from us. Additionally, in order to ensure you do not continue to receive correspondence from us, we may retain your Personal Data on a suspension list.
18. Covid-19 – “Test and Trace”
In order to comply with government guidance, and to support NHS Test and Trace, we encourage customers visiting our sites to scan the NHS QR code posters which will record data via the NHS COVID-19 app.
19. Facial Recognition Technology at AGCs
In relation to any age verification system in the adult gaming centres that uses facial recognition (“FR”) technology, an algorithm within the smart FR camera is used to evaluate the age of customers. Where a customer appears to be underage, the AGC barrier will not open and age verification will instead be conducted either by our employees, or by our age verification system operators (acting as data processors for Moto) using a live CCTV link. Please note that facial images analysed by these smart FR cameras are not stored by these systems or by our operators.
20. Where we store your personal data
In some cases we may transfer your personal data to data processors who may store this data outside the UK and/or the EEA. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data, including by ensuring that there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you.
Where you open a My Moto account, submit customer reviews and/or feedback to Moto, opt to join our marketing list and/or enter a Moto prize draw, your personal data will be stored by our data processor Hubspot, which may process some data outside the EEA/UK. The data processing agreement that applies between Hubspot and Moto can be found here: https://legal.hubspot.com/dpa.
21. Who we disclose your personal data to
We may disclose your personal data to any of the following (in any country within the EEA, or outside the EEA where appropriate safeguards are in place), to the extent necessary to fulfil the purpose for which your data was collected:
- Our staff;
- Our shareholders;
- Our group companies and their staff;
- Suppliers and service providers, who may access your personal data when providing products or services to us, in particular providers of platform, data storage, marketing and data security services;
- Purchasers or potential purchasers of our business or any part of it;
- Government and/or local authority bodies, law enforcement agencies and other related or similar parties, to combat crime, and/or in response to legal or regulatory requests, including, for example, to assist the NHS Test and Trace scheme, HMRC and other agencies;
- Our third party data processors (which may include CCTV and audio/audio-visual monitoring services, such as conflict management centres; IT and communications services providers; and/or data analysts) who may process data on our behalf, with an appropriate data processing agreement in place);
- Third party payment processors, who may require information in order to enable additional secure payment authentication; and
- Our insurers and our auditors or other advisers auditing, assisting with or advising on any aspect of our business, including our external legal advisors.
We may also share information or statistics with third parties in an aggregated or anonymised form that does not directly identify you, e.g. we may share aggregated information about your interests and geographic preferences and/or location (if given) with advertisers and third party deal sites for marketing purposes.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law and subject to appropriate contractual terms. We do not allow our third-party data processors to use your identifiable personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you interact with us on social media platforms, (for example, if you ‘Like’ our Facebook Page or post on our Facebook timeline, or if you follow us or mention us in a tweet on Twitter) we can interact with you and send you information via these platforms.
The personal data we have access to through social media platforms will depend on your personal settings on these platforms. We will have access to all public information on these platforms. We may also be able to access personal data that others share about you (because they control how that is shared, not you). We will interact with you through social media platforms in accordance with each platform’s rules but we are not responsible for how the platform owners collect and handle your data. We are not responsible for what third parties post on our social media accounts.
22. Data security
We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
23. Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
24. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent to future collection of data (where we are relying on consent as the legal basis for collection of your data).
If you wish to exercise any of the rights set out above, please contact: Data Controller, Moto Hospitality Limited, Head Office, Toddington Service Area, Junction 11/12, M1 Southbound, Toddington, Bedfordshire, LU5 6HR.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
25. What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
26. Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In addition, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so that we have the chance to address any concerns, so please contact us in the first instance.