Privacy Policy
Redcat Group Privacy Policy
Introduction
Redcat Group (referred throughout as “Redcat”, "we", "us", and/or "our") takes our data protection and privacy responsibilities seriously.
This Privacy Policy (policy) explains how Redcat processes, collects, uses, handles, discloses and stores your personal information in the course of our business activities. As well as applying to our interactions with you, this policy also applies to all information collected through this website and any other websites or platforms [and/or mobile apps] that we operate.
This policy applies to you, so please read it carefully.
Who is Redcat?
Redcat is the trading name of Redcat Pty Limited (ABN 88 090 409 920) (Redcat AU) and its group company member operating in the UK as Redcat UK Limited (Redcat UK) (Reg No. 14339267).
Our contact details are:
Redcat UK
63 Ocean Village Innovation Centre, Ocean Way,
Southampton, Hampshire SO14 3JZ
Website: www.redcatht.com/en-au/
Email: privacy@redcat.com.au
We are registered with the UK Information Commissioner’s Office under registration number ZB577057.
Redcat AU
Level 1/51 Stephenson St
Cremorne, VIC 3121
Website: www.redcatht.com/en-au/
Email: privacy@redcat.com.au
What does Redcat do?
Redcat is a B2B hospitality IT-platform services provider that provides, primarily, ordering, fulfilment and delivery solution services, as well as loyalty-scheme management services (Services) to our corporate customers, comprising of multi-site restaurants, quick-service-restaurants & fast-food deliveries (Customers). Our Services are provided through various solutions including, web and app ordering, POS, in-restaurant, QR code table ordering, self-service kiosks, drive through services, customer loyalty-programs, as well as integration solutions with other service -ordering and delivery partners (for example, Menulog, DoorDash and Uber Eats) (Partners).
Who does this Policy apply to?
This policy applies to you if you visit and browse any of our Redcat websites listed above (Sites), if you receive any marketing or events-related communications from us, if you apply for a role or position with us, if you make an enquiry on behalf of a business, or you otherwise engage with our Services directly as an individual user.
Redcat may process and handle order, fulfilment and/or delivery personal information, including loyalty-scheme personal information of individuals who procure the products and services of our Customers and Partners, but this is processed by Redcat solely on behalf of, and to provide our Services to, our Customers and Partners. We act under their instructions at all times. For the purpose of applicable UK data protection legislation, Redcat is a data processor of such personal information, and the relevant Customer or Partner is the data controller (or processor). You should contact the relevant Customer or Partner to whom you provided your personal information (and review their respective privacy policy) for more information on how they use and protect your personal information. We are not responsible for the privacy practices of our Customers or Partners. Our Customer and/or Partner is ultimately responsible for making sure that, respectively, its users and customers have been informed about how service providers (like us) collect and use your personal information on their behalf.
We may process your personal information as a data controller under applicable UK data protection legislation for record keeping purposes where we have a legal obligation to do so, or to defend any legal, insurance or related claims.
Contact us
If you have any questions or complaints about how your personal information is being handled by us as set out above, please kindly contact us first by sending the details of your enquiry to our Privacy Officer at privacy@redcat.com.au. We will investigate your question or complaint and respond as quickly as possible. Please note that if you are an individual user of our Customers or Partners’ products and services and you contact us directly, we may need to disclose your request to the relevant Customer or Partner.
What is Personal Information?
In general terms, personal information is information (whether fact or opinion) about an individual who is identified or reasonably identifiable from that information or other information combined with that information. The information or opinion will still be personal information regardless of whether it is true or not.
Some types of personal information are classified as 'sensitive information' or ‘special category information’ e.g. health information (including allergen data), ethnicity, racial origin etc which are subject to additional protection under applicable data protection and privacy laws.
When and how do we collect your personal information
We collect personal information directly from you, including when you:
-
access or use our Sites;
-
subscribe to or use our Services;
-
sign up to receive news and exclusive offers, promotions, or events;
-
enter surveys, competitions, promotions or request or receive promotional and marketing information or materials from us;
-
make inquiries about us or our products or services or otherwise communicate with us by email, telephone, in person, via post, a website or otherwise; and/or
-
apply for a role or position to work with us or are engaged by us as a contractor.
We also collect your personal information from our Customers and/or Partners who share your information with us when you subscribe to or purchase products or services, including loyalty products from them. Your personal information is only shared with us in order that we can provide our Services to them.
Other than as set out above, where it is reasonable and practicable to do so, we will only collect personal information about you from you directly and not from third parties.
If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you acknowledge that you have the right to authorise us to process it on your behalf in accordance with this policy.
In limited circumstances, we may collect personal information about you from publicly available sources (e.g. such as social media sites) and from third parties (such as mutual contacts, or if someone makes a purchase on your behalf, or from your referees during the recruitment process if you apply for a job with us). We may also collect personal information through third parties such as our third party service providers. Whilst we will always maintain robust privacy practices, we are not responsible for the privacy practices of third parties, so you should review their relevant privacy policy to satisfy yourself as to how they protect and handle your personal information.
Cookies
Through your use of our Sites, we will also collect technical information - such as IP address and browser generated information (browser type, operating system), as well as information about your browsing session. We do not use this information to identify you as an individual, but in order to tailor or enhance your browsing experience, to enable our systems to recognize your browser or device or, in aggregate with data of other users, for statistical purposes. We and approved third parties also use cookies and other identifiers when you browse our Sites. For more information about cookies and how we use them, please read our Cookies Policy.
You may also opt out of targeted advertising by using the links below:
Additionally, if you are located in Australia, you can opt out of some of these services by visiting the Australian Digital Advertising Alliance’s opt-out portal.
Can you choose not to disclose your personal information?
You do not have to identify yourself or provide any personal information if you contact us. You can also notify us that you wish to deal with us using a pseudonym.
However, if we cannot collect personal information about you or if you use a pseudonym, we may not be able to provide you with the information or assistance you require. For example, we will not be able to send you information you have requested if you have not provided us with a valid email address or telephone number.
Types of personal information we collect
Depending on the purpose for which we use your data, we may collect and use certain personal information that you provide or that is disclosed to us by our Customers or Partners, including:
-
an employee or individual staff member at our Customers and Partners who has administration privileges to operate the Redcat Platform ‘in-house’ – your business contact details (name, work email address, phone number);
-
an individual consumer or user signing up for a Customer or Partner loyalty-scheme account – your name, alias (if applicable), email address, postal address, contact number and password (which is hashed and salted);
-
an individual consumer or user downloading our Customers’ or Partners’ products and/or services App – your name, alias (if applicable), email address, postal address, contact number and password (which is hashed and salted); geo-location information may also be collected if the user permission settings on your device are set to do so;
-
in the case of online ordering, fulfilment and delivery services – your work or home location, delivery address and any information you may provide in the free text field when ordering via the Customer or Partner App, further instructions on your food or drinks order, such as specific dietary or allergen requirements;
-
in the case of Customers or Partners using the Redcat Delivery Optimiser (RDO) – personal information of drivers, including drivers name, contact details and vehicle registration information;
-
any prospective employee or contractor – information contained in your application or resume, recorded during any interview, or obtained through any pre-employment checks, including your name, address, Government-issued identifiers such as tax file numbers (TFN) (for Australian customers/users only) or Unique Taxpayer Reference (UTR) (for UK customers/users only);
-
if you have requested to receive news about exclusive offers, promotions or events from us – your name, mailing or street address, email address and telephone number(s);
-
your marketing preferences and other demographic information, as may be provided by the use of Google Analytics (see below); and
-
any other personal information you provide in correspondence with us, for example where this is relevant to a complaint or enquiry.
Your personal credit or debit card information may be processed in accordance with our online payment gateway providers Stripe and Adyen. You can find Stripe’s privacy policy here, and Adyen’s privacy policy here.
Generally, we will not collect sensitive information or ‘special category‘ data about you. However, in certain circumstances such as when you access our Services via our Customer or Partner, we may need to collect limited sensitive information about you. For instance, if you disclose details of disabilities, medical condition, or other specific dietary or allergy requirements to us.
Why do we collect your personal information (the purpose and legal basis of the processing)?
Your personal information will be used only for the purposes for which we collect it or for other related (or directly related) purposes that you would reasonably expect, or you provide your consent, or we are otherwise authorised or required by law. In all cases, Redcat will only collect, use and share your personal information where it is reasonably necessary for our business functions or activities and it is fair and lawful to do so.
For the purposes of applicable UK data protection legislation, we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We have described the primary legal bases on which we rely in this table. The legal basis we rely upon will impact which rights you have in relation to your personal information (see section below for more details):
How we use your information |
What is the legal basis for our use of your information |
To deliver our Services to our Customers or Partners |
This processing is necessary to perform the contract we have in place between us and our Customers or Partners. We consider that we have a legitimate interest in providing our Customers and Partners with products and services which they have requested, as this is central to our business. |
To enable the proper operation and functionality of our Services, Sites and systems |
We consider that we have a legitimate interest to enable the proper operation and functionality of our Services, Sites and systems, as this is central to our business, helping us to preserve our business operations and grow our business |
To correspond with you in relation to our Services. |
Where there is a contract in place between you and us, this processing is necessary to perform the contract between you and us. Where there is no contract in place, or where there is a contract but this is between us and the Customer (for example), this processing is necessary for our legitimate interests. We consider that we have a legitimate interest in conducting business with our Customers, as this is central to our business, helping us to preserve our business operations and grow our business |
For record keeping purposes
|
This processing is necessary to comply with our legal obligations. Where there is no legal obligation, we consider that we have a legitimate interest in processing the personal information to ensure the safety and quality of all services we provide. |
To monitor your use of our platform in order to make improvements to the Site and the user experience. |
This processing is necessary for our legitimate interests. We consider that we have a legitimate interest in ensuring that we are continually improving our Services in order to preserve our business operations and grow our business, and ensuring that you are provided with information of relevance to you. However, where this activity is carried out using cookies which are not strictly necessary (see our cookie policy for further information) we will, where it is required by applicable laws, obtain your consent to such processing. Where such consent has been obtained, we will rely on this as our basis for processing. |
To monitor, maintain and improve our IT environment, including security of our systems and Sites (including to detect fraud or other illegal activity), and the applications that our customers’ use and that we use to manage our Services. |
This processing is necessary for our legitimate interests. We consider that we have a legitimate interest in ensuring that we are continually improving our Services in order to preserve our business operations and grow our business, and ensuring that you are provided with information of relevance to you. We consider that we also have a legitimate interest in ensuring that we are monitoring and improving the security of our Sites. |
In order to enable us to comply with any legal or regulatory requirements. |
Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have. |
To market to you about our products and services, and otherwise to identify goods and services which we believe may be of interest to you. |
This processing is necessary for our legitimate interests. We consider that we have a legitimate interest in ensuring that our customers are kept up to date with information about our products and services, as this helps us to preserve our business operations and grow our business. However, where required by applicable laws, we will obtain your opt-in consent before sending you such information. In any case, if you tell us that you do not wish to receive such marketing communications from us, we will respect your wishes. |
Direct marketing communications
We will only send you direct marketing communications (either through mail, SMS or email), including any news and exclusive offers, promotions, or events, where you have given us permission to do so.
You may opt-out of receiving direct marketing communications at any time by contacting us or by using opt-out facilities or the ‘unsubscribe’ function provided in the relevant direct marketing communication.
To whom do we disclose your personal information?
We may disclose your personal information to third parties in connection with the purposes described above (see the "Why do we use your personal information?" section).
This may include disclosing your personal information to the following types of organizations and individuals:
-
our related companies;
-
our Partners, where permitted to do so;
-
our employees, contractors, agents and third party service providers who assist us in performing our functions and activities e.g. payment systems operators and financial institutions, cloud service providers, data storage providers, shipping companies, telecommunications providers and IT support services providers;
-
organisations authorised by us to conduct promotional, research or marketing activities (e.g. Hubspot);
-
any potential or actual third party acquirer of our business or assets, and advisors to that third party;
-
third parties to whom you have authorised us to disclose your information (e.g. referees or account nominees);
-
our professional advisers (such as lawyers, accountants or auditors) and insurers;
-
to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
-
any person in connection with any legal proceedings or prospective legal proceedings, including in order to establish, exercise or defend our legal rights; and
-
any other person as required or permitted by law.
We may also share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates or advertisers.
Cross-Border Data Transfers
Redcat operates on an international basis and we may disclose your personal information to overseas recipients, such as to our affiliated company and third party service providers located outside of the location in which you may be located, in order for them to provide their products and services, and to obtain services connected with our business.
If you are located in the UK, your personal information may be disclosed, processed and/or stored outside the UK, including to Europe (Germany), Australia and the US. We may need to transfer your information in this way to carry out our contract with you and/or provide our Services, to fulfil a legal obligation, to protect the public interest and / or for Redcat’s legitimate interests.
If you are located in Australia, your personal information may be disclosed, processed and/or stored outside Australia, including to the UK, US, Canada and Europe (Germany).
When we transfer your personal information overseas, we ensure it has an appropriate level of protection and that the transfer is lawful. For example, when we send personal data to a third party service provider located in the US, we ensure that the relevant third party has been certified under the UK-US Data Bridge, forming part of the EU-US Data Privacy Framework, as ratified in the UK on 10 October 2023 (DPF), or that another lawful method of transfer is in place. Further, where we send your information outside of Australia, and we believe that the laws of the overseas country do not protect personal information in a way that is at least substantially similar to the protection afforded under Australian privacy laws, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient complies with applicable Australian privacy laws in their handling of such information.
In some situations, overseas recipients may be required to disclose information which we share with them under a foreign law. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it. Where this occurs, we will not be responsible for such disclosure, though we will take reasonable steps to ensure your personal information is protected.
You can obtain more details of the protection given to your information when it’s transferred outside of Australia by contacting us using the below.
Automated Decision making
“Automated decision making” means decisions made about a person without any human involvement. We make use of automated decision making through automated workflows, to connect users to a Redcat Salesperson in their location, for example the UK. Many of our website tools (for instance signing up to emails) will also be supported by electronic systems.
How long do we keep your data?
We endeavour to ensure that personal information is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. However, some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for our other legitimate business reasons.
We will generally retain your personal information only so long as it is required for purposes for which it was collected, or in accordance with the time periods set down in our data retention policy. This will usually be the period of your relationship with us plus the length of any applicable statutory limitation period following the end of such relationship, although some data may need to be kept for longer. For example, where required to comply with a legal obligation, resolve a dispute or maintain security.
Where your personal information is no longer required, we will take reasonable steps to delete the personal information from our systems or de-identify the personal information.
How do we keep your data safe and secure?
Redcat are committed to protecting the security of the personal information you share with us. We implement industry standard measures to protect and safeguard your personal information from misuse, loss, theft and unauthorised access, modification or disclosure.
We maintain physical security over paper and electronic data stores, such as through locks and security systems at all of our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our Services and systems.
Redcat’s platform relies on cloud-based web servers hosted by our third-party service providers. Redcat engages Amazon Web Services to host your data via secure cloud servers located in Australia. Our partners, customers and third-party service providers may store information located outside of Australia, including US and Canada.
However, particularly for electronic data stores and due to the fact that the Internet is inherently insecure, we cannot guarantee the security of transmission of personal information disclosed to us online. Accordingly, you transmit your personal information to us online at your own risk and are encouraged to exercise care in sending personal information via the Internet. Please notify us or the Customer from whom you procured products/ services immediately if you know or reasonably suspect that your personal information has been subject to any data breach, breach of security or other unauthorised activity.
We are not in any way responsible for the security or content of, and this policy does not cover the processing of your personal information by any third party or third party services used in conjunction with our Services.
Your Rights
Subject to certain exemptions, and in some cases dependent upon the data processing activity we are undertaking and where you are located, you have certain rights in relation to your personal information.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information to fulfil your request.
Right to access and correct personal information
You may request access to any personal information we hold about you at any time by contacting us at privacy@redcat.com.au.We will provide access to that information in accordance with applicable privacy and data protection laws, subject to any exemptions that may apply. We may ask you for additional information to confirm your identity and, for security purposes, before disclosing any personal information requested to you. We reserve the right to charge a fee where permitted by applicable laws to do so, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it by contacting us at privacy@redcat.com.au . Where we agree that the information needs to be corrected, we will update it. If we do not agree, you can request that we make a record of your correction request with the relevant information.
You can also ask us to notify any third parties to whom we may have provided incorrect information about the correction. We’ll try and help where we can - if we can’t, then we’ll let you know.
If you are located in the UK you have the following additional rights:
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of, inter alia, (a) the source of your personal information; (b) the purposes / legal basis of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
Subject to certain exemptions, and in some cases dependent upon the data processing activity we are undertaking and where you are located, you can also request that we erase your personal information in limited circumstances where:
-
it is no longer needed for the purposes for which it was collected; or
-
you have withdrawn your consent (where data processing was based on consent – please note that we do not normally rely on ‘consent’ as the legal basis for processing data – the legal basis relied upon are set out in the relevant sections above); or
following a successful right to object (see right to object to the processing of your personal information); or
it has been processed unlawfully; or
the personal data have to be erased for compliance with a legal obligation to which Redcat is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
-
for compliance with a legal obligation; or
-
for the establishment, exercise or defence of legal claims.
Right to restrict the processing of your personal information
Subject to certain exemptions, and in some cases dependent upon the data processing activity we are undertaking and where you are located, you can ask us to restrict your personal information, but only where:
-
its accuracy is contested, to allow us to verify its accuracy; or
-
the processing is unlawful, but you do not want it erased; or
-
it is no longer needed for the purposes for which it was collected, but you still need it to establish, exercise or defend legal claims; or
-
you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
-
we have your consent; or
-
to establish, exercise or defend legal claims; or
-
to protect the rights of another natural or legal person.
Right to transfer your personal information
Subject to certain exemptions, and in some cases dependent upon the data processing activity we are undertaking and where you are located, you can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
-
the processing is based on your consent or on the performance of a contract with you; and
-
the processing is carried out by automated means.
Right to withdraw your consent
Subject to certain exemptions, and in some cases dependent upon the data processing activity we are undertaking and where you are located, where we process your personal information based on your consent, you have the right to withdraw your consent at any time for the future, without affecting the lawfulness of processing based on your consent before its withdrawal.
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis at any time on grounds relating to your particular situation.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal information for direct marketing purposes
You can object at any time to processing of personal data concerning you for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
Alternatively you can request that we change the manner in which we contact you for marketing purposes. You can also request that we simply not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the UK.
We may redact data transfer agreements to protect commercial and commercially sensitive terms.
How to complain?
You have a right to lodge a complaint with your local privacy regulator or supervisory authority if you have concerns about how we are processing your personal information.
In the UK, the supervisory authority is the UK Information Commissioner, whose contact details are set out below:
Information Commissioner’s Office
Phone: 0303 123 1113
Online: www.ico.org.uk
In Australia, the regulator is the Office of the Australian Information Commissioner, whose contact details are set out below:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Online: www.oaic.gov.au
Email: enquiries@oaic.gov.au
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority or regulator at any time.
Our contact details are set out under the ‘contact us’ section above.
Changes to this Policy
We may change or update this Privacy Policy from time to time to keep up-to-date with legal requirements and the way we operate our business. An up-to-date version of this Privacy Policy is available at any time on this page. You are responsible for reviewing this Privacy Policy periodically and informing yourself of any changes. We suggest that you check back regularly. If we make significant changes to our Privacy Policy, we will seek to inform you by notice on our website or by email.
Last updated: March, 2024.