tastecard logo

Ello Group Limited Privacy Notice

Last update date

This document was updated on: 9th July 2025

Change log

These changes reflect our ongoing commitment to transparency and your data protection rights.

What's changed?

  • Clearer explanations of how we collect, use, and store your personal data.
  • Updated information about your rights under the UK GDPR.
  • Enhanced details on collection & use of Online identifiers, Cookies, and communication.

Who are we?

We are Ello Group Limited, the owner of tastecard and Coffee Club (Taste Marketing Limited), Gourmet Society (Simard Limited) and hi-life (Hi-Life Diners Club Limited).

We provide services on behalf of Vue Services Limited and Vue Entertainment Limited.

We also provide products and services to our partners for use as rewards or benefits to their customers/employees.

What information do we collect about you & why?

To comply with Article 4(1) of the GDPR the following table show you the types of personal data we may collect, and the purpose of processing that personal data.

Type of Personal DataPurpose of processing
Contact information (Name, email address, postal address, phone number)Digital Account creation, log-in profile, provide memberships, provide products, respond to queries, send updates, verify identity, verify eligibility, only show you relevant offers, send product updates, or request feedback
Payment information (payment details, billing address)Process payments, and fulfil orders
Shipping Address (if different to Billing)Fulfil Orders
Company informationAs part of provision of services on behalf of an employer, third-party benefit provider or reward provider
Unique identifiers (username, Membership Code, Redemption Code)To verify your identity and provide access to a product or service.
Preference Information (order history, membership usage, marketing preferences)Provide updates with regards to your use of the product, and products that may be of interest

 

We may also collect.

Type of Personal DataPurpose
Communication information (comments, posts, feedback, email, chats, calls)To enable us to improve services, and respond to your queries
Location information, Usage informationTo make recommendations about services in your area
IP Addresses (including geographical location), Mobile/Web usageFor system administration, recommendations and service improvements
Other Online Identifiers (EG. Cookie identifiers, Device identifiers, Pixel tags, Advertising IDs)Security & integrity of systems, improve experience, analytics, deliver relevant content
Date of Birth (in certain contractual circumstances)Validate eligibility for products or services
Legal documents (in scenarios of lasting power of attorney [LPA])Validate a person can act on your behalf

If you contact us through a social media platform, you will have read and provided consent to their own Terms and Conditions and been provided with their Privacy Notice. We will not contact you directly through social media for customer query management, we will only respond to a message you have posted or sent to us.

We may send you push notifications through our mobile apps to provide you with updates, alerts, and other relevant communications. You can manage your push notification preferences through our mobile app.

How do we get your information?

It could be because you provide it to us directly to make use of a product or service we provide directly or on behalf of a partner.

Or it is through a 3rd party, for example.

  • your employer, to provide a membership, product or service to you.
  • a third-party benefit provider, to provide membership, product or service to you.

  • a reward provider, to provide membership, product or service to you.

  • you may provide personal information, freely given, where you’ve input information to learn more about our products, or you’ve taken part in a survey we may send you.

What can we do with your information?

The lawful bases we rely on for processing this information are either:  

  • we have your consent. You give us the thumbs up. If you change your mind, you can change your settings or unsubscribe (or subscribe).
  • we have a contractual obligation. We need to be able to deliver the things we have promised. It helps us keep those promises and manage your account.
  • we have a legitimate interest. Sometimes, we use your information to improve our services, improve your experience, tell you about new things, and keep everything safe. We always make sure this doesn’t affect your rights.

Who do we share your information with?

The following link provides information on data recipients who we use to provide the service we offer. The document will explain which processors we work with on each brand and what safeguards we have in place, Recipients of Personal Data

We may disclose your Personal Data to any member of Ello Group Limited, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We will not disclose your information to any of the third parties (Recipients of Personal Data) for marketing purposes.

How do we keep your information secure?

All information you provide to us is stored securely. Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access our mobile app(s) or website(s), you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the internet may not be completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

We store your information securely and take all relevant technical and organisational measures required.

What happens if I am a customer of the Vue services you provide?

In compliance with Article 26 of the UK GDPR, as Joint Controllers of the Personal Information collected, accessed, and stored as part of delivering the VuePass voucher sales platform in the UK (and equivalent in applicable European territories) we have jointly determined through our agreement the purposes for which data we collect can be used, ensuring it is lawful, transparent and proportionate. This may include Contact details, transaction or interaction history, and preferences or consent information. Your rights as an individual can be exercised with either Joint Controller.

Do we transfer your personal data to other countries?

Ello Group may work with third parties that require them to store, access or process Personal Data in a third country. Controls are in place to ensure that the level of protection is not undermined and that security controls are at a level commensurate with the type of information being transferred.

We also use an external IT service provider, to assist us with the management of our IT systems and ensuring that our systems are secure. We do not transfer data to this organisation however they will have access to our systems to enable them to complete maintenance and IT support.

We may also provide services using SaaS platforms, which are cloud hosted applications made available to you over the internet.

Where we transfer Personal Data to third countries, we will always ensure that we have or use the appropriate transfer mechanism. This includes Data Protection Agreements, Standard Contractual Clauses, or International Data Transfer Agreements.

How long do we keep your information for?

We only keep your personal information for as long as it’s needed for administrative, legal, financial, or operational purposes. We aim to retain only what is relevant and necessary, and we define maximum retention periods to guide this.

Once the retention period ends, we securely delete or dispose of your information.

As an example,

Type of RecordMaximum Retention Period
 Direct Membership (your membership has ended) Up to 5 years after expiry, and 18 months after your last interaction with us
 Corporate Membership (provided through a client) Up to 5 years from expiry, or as defined in the contract with the client
 Guest Checkout (purchase without an account) Up to 2 years, depending on the product type

What are your rights regarding your information?

Under the GDPR (General Data Protection Regulation), you have the following data rights,

Right to Be Informed

You have the right to know how your data is being collected, used, stored, and shared.

Right of Access

You can request access to your personal data and obtain a copy of it.

This is often referred to as a Subject Access Request (SAR).

Right to Rectification

You can ask for inaccurate or incomplete personal data to be corrected.

Right to Erasure ("Right to Be Forgotten")

You can request deletion of your data in certain circumstances, such as when it's no longer necessary or if you withdraw consent.

Right to Restrict Processing

You can limit how your data is used, for example, while a dispute over accuracy is being resolved.

Right to Data Portability

You can receive your data in a structured, commonly used format and transfer it to another service provider.

Right to Object

You can object to data processing for direct marketing, research, or legitimate interest purposes.

Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to decisions made solely by automated means, including profiling, that significantly affect you.

Do we profile or make automated decisions using your information?

Yes, we may use profiling and automated decision-making in limited ways to enhance your experience. For example,:

We collect information such as your location and usage patterns to recommend venues or experiences that may be of interest to you.

We may also work with trusted third-party partners to help us build a profile of your preferences. This allows us to send you more relevant updates, offers, or suggestions.

However, please note:

All automated decisions involve human oversight. We do not make decisions that have legal or similarly significant effects on you without human involvement.

You have the right to object to profiling or request human intervention in any decision made using automated processes. This can be done by contacting [email protected]

What you need to know about Cookies & Tracking  

To enhance your experience and provide tailored features, we use cookies or similar tracking technologies to recognise your device. These technologies help us understand how you interact with our services and allow us to improve functionality and performance.

For full details on the types of cookies we use, their purposes, and how you can manage your preferences, please refer to our [Cookie Policy].

Our mobile applications may also use tracking technologies to monitor usage patterns. This information helps us improve our services and deliver a better user experience.

You have the right to choose whether to accept non-essential cookies. You can manage your cookie preferences at any time through our cookie settings.

What you need to know about Marketing  

We may send you updates about the latest offers, discounts, and news from Ello Group brands, Vue, and selected partners. These communications are sent based on your preferences and, where required, your consent.

To ensure our communications remain relevant and respectful of your preferences, we regularly review and maintain our email marketing database, including practices to monitor engagement to assess interest and relevance.

You can opt out of receiving marketing emails at any time by clicking the unsubscribe link in any of our messages. To stop receiving SMS marketing, follow the instructions provided in the message or contact us directly.

Please note: Even if you opt out of marketing communications, we may still contact you with important service-related messages, such as purchase confirmations, membership updates, or essential account information.

How we tell you about changes that could impact you?

We may change this Privacy Notice from time to time.

Changes will be posted online, and in our Mobile Applications. We may notify you through communications we send from time to time.

If you wish to view or alter your Privacy settings this can be done in the Mobile Application, or you can contact us through the online Contact form.

If you need to make a complaint about how we use your information

If you have any concerns about our use of your Personal Data, you have the right to make a complaint.

  1. For UK residents please use [email protected]
  2. For EU residents you can contact our EU representative, [email protected]

You can also complain to the relevant supervisory authority if you are unhappy with how we have used your data.

For UK residents:

Please come and speak to us first, if you are still unhappy you can then contact the

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113    ICO website: https://www.ico.org.uk

For EU residents:

You need to refer to your National Supervisory Authority for details on how and where to submit your complaint.