This document was updated on: 9th July 2025
These changes reflect our ongoing commitment to transparency and your data protection rights.
What's changed?
We are Ello Group Limited, the owner of tastecard and Coffee Club (Taste Marketing Limited), Gourmet Society (Simard Limited) and hi-life (Hi-Life Diners Club Limited).
We provide services on behalf of Vue Services Limited and Vue Entertainment Limited.
We also provide products and services to our partners for use as rewards or benefits to their customers/employees.
To comply with Article 4(1) of the GDPR the following table show you the types of personal data we may collect, and the purpose of processing that personal data.
| Type of Personal Data | Purpose of processing |
| Contact information (Name, email address, postal address, phone number) | Digital Account creation, log-in profile, provide memberships, provide products, respond to queries, send updates, verify identity, verify eligibility, only show you relevant offers, send product updates, or request feedback |
| Payment information (payment details, billing address) | Process payments, and fulfil orders |
| Shipping Address (if different to Billing) | Fulfil Orders |
| Company information | As part of provision of services on behalf of an employer, third-party benefit provider or reward provider |
| Unique identifiers (username, Membership Code, Redemption Code) | To verify your identity and provide access to a product or service. |
| Preference Information (order history, membership usage, marketing preferences) | Provide updates with regards to your use of the product, and products that may be of interest |
We may also collect.
| Type of Personal Data | Purpose |
| Communication information (comments, posts, feedback, email, chats, calls) | To enable us to improve services, and respond to your queries |
| Location information, Usage information | To make recommendations about services in your area |
| IP Addresses (including geographical location), Mobile/Web usage | For system administration, recommendations and service improvements |
| Other Online Identifiers (EG. Cookie identifiers, Device identifiers, Pixel tags, Advertising IDs) | Security & integrity of systems, improve experience, analytics, deliver relevant content |
| Date of Birth (in certain contractual circumstances) | Validate eligibility for products or services |
| Legal documents (in scenarios of lasting power of attorney [LPA]) | Validate a person can act on your behalf |
If you contact us through a social media platform, you will have read and provided consent to their own Terms and Conditions and been provided with their Privacy Notice. We will not contact you directly through social media for customer query management, we will only respond to a message you have posted or sent to us.
We may send you push notifications through our mobile apps to provide you with updates, alerts, and other relevant communications. You can manage your push notification preferences through our mobile app.
It could be because you provide it to us directly to make use of a product or service we provide directly or on behalf of a partner.
Or it is through a 3rd party, for example.
a third-party benefit provider, to provide membership, product or service to you.
a reward provider, to provide membership, product or service to you.
you may provide personal information, freely given, where you’ve input information to learn more about our products, or you’ve taken part in a survey we may send you.
The lawful bases we rely on for processing this information are either:
The following link provides information on data recipients who we use to provide the service we offer. The document will explain which processors we work with on each brand and what safeguards we have in place, Recipients of Personal Data
We may disclose your Personal Data to any member of Ello Group Limited, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We will not disclose your information to any of the third parties (Recipients of Personal Data) for marketing purposes.
All information you provide to us is stored securely. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access our mobile app(s) or website(s), you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The transmission of information via the internet may not be completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
We store your information securely and take all relevant technical and organisational measures required.
In compliance with Article 26 of the UK GDPR, as Joint Controllers of the Personal Information collected, accessed, and stored as part of delivering the VuePass voucher sales platform in the UK (and equivalent in applicable European territories) we have jointly determined through our agreement the purposes for which data we collect can be used, ensuring it is lawful, transparent and proportionate. This may include Contact details, transaction or interaction history, and preferences or consent information. Your rights as an individual can be exercised with either Joint Controller.
Ello Group may work with third parties that require them to store, access or process Personal Data in a third country. Controls are in place to ensure that the level of protection is not undermined and that security controls are at a level commensurate with the type of information being transferred.
We also use an external IT service provider, to assist us with the management of our IT systems and ensuring that our systems are secure. We do not transfer data to this organisation however they will have access to our systems to enable them to complete maintenance and IT support.
We may also provide services using SaaS platforms, which are cloud hosted applications made available to you over the internet.
Where we transfer Personal Data to third countries, we will always ensure that we have or use the appropriate transfer mechanism. This includes Data Protection Agreements, Standard Contractual Clauses, or International Data Transfer Agreements.
We only keep your personal information for as long as it’s needed for administrative, legal, financial, or operational purposes. We aim to retain only what is relevant and necessary, and we define maximum retention periods to guide this.
Once the retention period ends, we securely delete or dispose of your information.
As an example,
| Type of Record | Maximum Retention Period |
| Direct Membership (your membership has ended) | Up to 5 years after expiry, and 18 months after your last interaction with us |
| Corporate Membership (provided through a client) | Up to 5 years from expiry, or as defined in the contract with the client |
| Guest Checkout (purchase without an account) | Up to 2 years, depending on the product type |
Under the GDPR (General Data Protection Regulation), you have the following data rights,
Right to Be Informed
You have the right to know how your data is being collected, used, stored, and shared.
Right of Access
You can request access to your personal data and obtain a copy of it.
This is often referred to as a Subject Access Request (SAR).
Right to Rectification
You can ask for inaccurate or incomplete personal data to be corrected.
Right to Erasure ("Right to Be Forgotten")
You can request deletion of your data in certain circumstances, such as when it's no longer necessary or if you withdraw consent.
Right to Restrict Processing
You can limit how your data is used, for example, while a dispute over accuracy is being resolved.
Right to Data Portability
You can receive your data in a structured, commonly used format and transfer it to another service provider.
Right to Object
You can object to data processing for direct marketing, research, or legitimate interest purposes.
Rights Related to Automated Decision-Making and Profiling
You have the right not to be subject to decisions made solely by automated means, including profiling, that significantly affect you.
Yes, we may use profiling and automated decision-making in limited ways to enhance your experience. For example,:
We collect information such as your location and usage patterns to recommend venues or experiences that may be of interest to you.
We may also work with trusted third-party partners to help us build a profile of your preferences. This allows us to send you more relevant updates, offers, or suggestions.
However, please note:
All automated decisions involve human oversight. We do not make decisions that have legal or similarly significant effects on you without human involvement.
You have the right to object to profiling or request human intervention in any decision made using automated processes. This can be done by contacting [email protected]
To enhance your experience and provide tailored features, we use cookies or similar tracking technologies to recognise your device. These technologies help us understand how you interact with our services and allow us to improve functionality and performance.
For full details on the types of cookies we use, their purposes, and how you can manage your preferences, please refer to our [Cookie Policy].
Our mobile applications may also use tracking technologies to monitor usage patterns. This information helps us improve our services and deliver a better user experience.
You have the right to choose whether to accept non-essential cookies. You can manage your cookie preferences at any time through our cookie settings.
We may send you updates about the latest offers, discounts, and news from Ello Group brands, Vue, and selected partners. These communications are sent based on your preferences and, where required, your consent.
To ensure our communications remain relevant and respectful of your preferences, we regularly review and maintain our email marketing database, including practices to monitor engagement to assess interest and relevance.
You can opt out of receiving marketing emails at any time by clicking the unsubscribe link in any of our messages. To stop receiving SMS marketing, follow the instructions provided in the message or contact us directly.
Please note: Even if you opt out of marketing communications, we may still contact you with important service-related messages, such as purchase confirmations, membership updates, or essential account information.
We may change this Privacy Notice from time to time.
Changes will be posted online, and in our Mobile Applications. We may notify you through communications we send from time to time.
If you wish to view or alter your Privacy settings this can be done in the Mobile Application, or you can contact us through the online Contact form.
If you have any concerns about our use of your Personal Data, you have the right to make a complaint.
You can also complain to the relevant supervisory authority if you are unhappy with how we have used your data.
For UK residents:
Please come and speak to us first, if you are still unhappy you can then contact the
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk
For EU residents:
You need to refer to your National Supervisory Authority for details on how and where to submit your complaint.
