Introduction
This is the Test & Trace privacy notice of Compass Group, UK & Ireland Limited, a company incorporated in England & Wales under number 02272248 whose registered office is at Parklands Court, 24 Parklands, Birmingham Great Park, Rubery, Birmingham B45 9PZ together with all its subsidiary companies and trading divisions (“Compass”). Please read this Privacy Notice in conjunction with our groupwide notice published at https://www.compass-group.co.uk/about/privacy-notice/
Compass respects your privacy and is committed to protecting your personal data. This privacy policy informs you of who we are, how we collect, share, use and protect your personal data, however you provide it to us, (including via various Compass websites regardless of from where you visit them) and tells you about your privacy rights and legal protections.
Recording customer details: how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing. You can choose whether to use our service or the NHS COVID-19 app. This official app can be downloaded from your app store.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer/visitor of Compass you will be asked to provide some basic information and contact details. The following information will be collected:
- the names of all customers or visitors, or if it is a group of people, the name of one member of the group
- a contact phone number for each customer or visitor, or for the lead member of a group of people
- date of visit and arrival time and departure time
The venue/establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time. If you use the NHS COVID-19 app, they are the data controller.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2- day period).
We may require you to pre-book appointments for visits, or to complete a form on arrival.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.
Contact details
You can contact the DPO at:
Data Protection Officer
Compass Group, UK & Ireland Limited Parklands Court
24 Parklands
Birmingham Great Park
Rubery
Birmingham
B45 9PZ
or by e-mailing DPO@compass-group.co.uk
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO; so please contact us in the first instance.
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page.
This privacy notice was last updated on 24 September 2020.