Last update: 9th January 2023
Thanks for using one of our platforms. Whether it was visiting one of the Nando’s websites, downloading and installing the Nando’s App or for using one of our services which requires you to provide us with your Personal Information (as defined below). We want to make sure you feel comfortable about what happens when you browse our website or give us any of your information. Formal’s not our style, so we’ve made this as easy to read as we can (but we can’t help it being so long, sorry).
Our websites in the UK and the Republic of Ireland are:
We’ll refer to these websites, our App and other services which require you to provide us with your Personal Information collectively as the “Service” in the rest of this policy (it just saves time).
For the purpose of the Data Protection Act (the “Act”), the Data Controller of our Services for both UK and Irish customers is Nando’s Chickenland Limited (UK). Data Controller is just a legal term that means we have responsibilities of your Personal Information under the Act. Our registered company number is 02580031. We are registered with the UK Information Commissioner's Office (Registration Number: Z9462934).
All information will be held and used in accordance with the Act. If you want to read more about the Act, have a look here:
United Kingdom: ico.org.uk/your-data-matters/
1. What information will Nando’s collect about me?
When you visit our Service (in a restaurant, on a mobile device, tablet or desktop) or download and use our App, you may provide us with information personal to you including for example your name, your address, your postcode, your email address, your mobile phone number and your date of birth, whether you are a student, and the other information outlined below (your "Personal Information"). You may provide additional Personal Information if you wish.
You may provide us with Personal Information in a number of ways:
1) by registering your Nando’s Card (either online or using our App) or by subscribing to receive email, SMS or Push communications from us. To become a registered Nando’s Card holder you must provide us with your name, email address, date of birth and postcode, but you may provide us with additional information if you choose to do so.
2) when using one of our Eat In services, such as table reservation, virtual queue management or completing an order at your table you may be asked to provide basic registration details such as your name, email address and a contact phone number.
3) by ordering a takeaway using our online ordering service or by using our App. When you place a takeaway order online we may collect information such as what items you’ve browsed, your favourite and past orders, restaurant locations, if you’ve applied any dietary filters and order values.
4) by inputting your payment details – but only in order to complete a transaction.
5) by allowing us to collect your physical geolocation through our App (if you have enabled Location Services and agreed to allow Nando’s to send you Push messages) or website (e.g. to determine your nearest location for an online order fulfilment).
6) by registering a Nando’s Gift Card online (in order to protect or spend any of your balance).
7) by registering to use our in-restaurant WiFi services.
8) by signing up for promotions or competitions.
9) by corresponding with our Customer Experience team by email, live chat, in writing, on social media or telephone, in which case we may retain the content of your emails, letters or conversations together with your title, name, email address, the social media username that you’re using, telephone number and our responses.
10) by registering your NHS email address to enable your entitlement to Emergency Services discount online.
11) by registering your student email address to enable your entitlement to student discount online
We may also collect information about your device, including (where available) your IP address, operating system and browser type, the geographical location of your device, how you use our Service, and the date and length of your visit. This information is collected automatically. This information is aggregated and it does not identify you as an individual. We do this to help improve your experience on our Service.
2. How will you use my Personal Information:
We use your personal information for:
1) allowing you to create a Nando’s account and to use any of the services we provide to account holders
2) allowing you to make a table reservation, be alerted to table availability and/or to process and pay for an order at your table
3) processing an order for collection or delivery
4) allowing you to register your Nando’s Loyalty or Gift Cards with us and to respond to any correspondence (emails, letters, post by owls…);
5) contacting you with information about Nando’s products, services, news and special offers, if you’ve given your consent (signed up to it) when you registered with us;
6) making sure you get the best experience from our Service - depending on what computer or device that you’re using;
7) if you’re using the App (and you have given us permission to do so by enabling this on your device), sending you ‘Push’ notifications containing information about our products and services and to provide you with information in the App;
8) notifying you about changes or updates to any of our Services;
9) carrying out market research and product development;
10) meeting legal, regulatory and compliance requirements;
11) investigating any complaints about the Service;
12) investigating any safety or security incidents or breaches;
13) allowing you to verify your NHS email address against your Nando's account so that you can use the Emergency Services discount online.
14) allowing you to verify your student email address against your Nando’s account so that you can use the student discount online.
15) For fraud prevention purposes
16) For the protection of our employees, customers and property via the use of CCTV in our restaurants
We always want to make sure you’re in control of the information you give us, so we will ensure only the data we really need for the services being used is processed.
3. What is the lawful basis for processing my Personal Information?
We will only use your personal information when the law allows us to. In most cases, we will use your personal information in the following circumstances:
1) Where we need to perform the contract we have entered into with you, e.g. in the processing of an online or eat in order, making a table reservation etc.
2) Where it is necessary for our legitimate interests, e.g. to gather feedback from you on our products and services or for the prevention of fraud
3) Where we have your explicit consent to do so, e.g. if you have signed up to receive our regular newsletter emails
4. Do you share my Personal Information with anyone else?
We only share information with companies that we use to help us better understand and serve you. We never sell or give your Personal Information away to anybody.
We may share your Personal Information with:
We’ll share your “Personal Information” with people or departments within Nando’s but only if they have a need to access it.
When you place an order with us for delivery, we will only share the personal information required by our partners to fulfil your order.
Likewise, if you use reserve a table at one of our restaurants or process an order at your table our carefully selected partners will only collect and process the personal information needed to deliver that service.
We engage third party payment processors to process the payment of your online order. These third party processors may store your payment card details, if you want them to, to speed up your transaction time. If you do not want to take advantage of this, please do not select this function.
We may also share Personal Information with third parties for marketing, advertising and strategic development purposes to help us understand customer trends and patterns and to make sure that Nando’s is talking to you about the most relevant things. We have Agreements in place that define what third parties can and cannot do with your Personal Information. We also conduct periodic reviews of third parties to ensure compliance. However we will only send marketing to you where you have previously consented to receiving marketing materials from us.
We may also share such details with auditors or legal professionals to obtain professional advice. If we do this, your statutory data protection rights will be preserved.
You should be aware that if we’re requested by the police, a regulatory or government authority in the investigation of suspected illegal activities to provide your Personal Information, then we are entitled do so.
Occasionally, we’ll ask to share your Personal Information with third parties for marketing purposes. We’ll only do this when we have your explicit consent to do so (for example, when you enter a competition we’ll ask for your consent). If you don’t give your consent, it won’t prejudice your chances in any competitions. Promise.
We are using customer insight tools to improve our websites and app. These services may record the screens you visit on our website and some high-level device information. They do not collect personally identifiable information and do not track your browsing habits across apps or websites.
5. What security measures are in place to protect my “Personal Information”?
The transmission of information via the internet is not completely secure. Although we take steps to protect your information, we can’t guarantee the security of your data transmitted to the Service; any transmission is at your own risk. We have implemented reasonable technical and organisational measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration or disclosure. We’ll continue to maintain and improve these security measures in line with legal and technological developments.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. How and where will Nando’s store my Personal Information?
Where you’ve chosen a password which allows you to access certain parts of our Service, please keep this confidential – this one’s on you! We recommend that you don’t share your password with anyone else (even your Mum). We recommend that your password is unique to your Nando’s account. We will not be liable for any unauthorised access or transactions entered into using your name and password where it has been shared with your permission or if you haven’t taken adequate steps to prevent it on either a desktop computer or another device. If you access our Service using a public computer, we advise you not to store your password and to log out of any parts of our Service. If you’re using a mobile phone or tablet to use our Service, we advise that you have an appropriate passcode (not the easiest one possible… you know the drill).
7. Links, advertisers, third party sponsors & ad-servers
8. Is my data used for any Automated decision making?
We use fully automated decision making as part of our web and app online ordering system, to help in the prevention of fraud. It will not have a legal or significant impact on you, but may prevent you from placing an order immediately. If this happens, please contact us on email@example.com so we can review it with human eyes.
9. What rights do I have?
As a data subject you have rights in respect of our processing of your personal data.
- Your right of access - you have the right to ask us for copies of your personal information.
- Your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - you have the right to object to our processing your information if the legal basis is legitimate interests.
- Your right to data portability - this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract, or in talks about entering into one, and the processing is automated.
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
If you have any questions about what we do with your Personal Information, ask us to make any changes to your account or to make a complaint please contact us using one of the methods below:
Speak to our Customer Experience team by telephoning 020 3974 2182 (Monday-Friday 9:00 – 17:30)
Chatting to us using the live chat function on our website
Emailing us at firstname.lastname@example.org
Writing to us at Nando’s Customer Experience, Erico House, 93-99 Upper Richmond Road, Putney, London SW15 2TG
Messaging us on Facebook or Twitter (if you’re sending us your number or anything else personal to you then please only do this via a direct message).
Or contact our Data Privacy Officer by emailing email@example.com
We hope we can answer any questions or resolve any problems but if you are still unhappy then you can contact the:
United Kingdom: Information Commissioner’s Office via their webservice www.ico.org.uk
Republic of Ireland: Information Protection Commissioner via their webservice http://www.dataprotection.ie
10. How long will Nando’s keep my information for?
We won’t keep your Personal Information for longer than is necessary for legitimate business purposes or than is required by law.
When required to do so we will always ensure the data retained and, where applicable, shared, is always proportionate and limited to what is necessary.
11. The use of our service by under 14s
Our Services are not intended for children and are therefore only to be used by anyone aged 14 or over and those under the age of 16 should have their parents or guardians’ permission. We encourage the supervision of children's online activities. For example, parental control tools which are available online to help provide a child-friendly online environment. These tools can also prevent children from disclosing their name, address, and other Personal Information online without parental permission. Your child's privacy is important to us and we are committed to safeguarding children's Personal Information collected online. Users of our Service may participate in many activities without providing any Personal Information. However, if you’d like to participate in certain interactive features on our Service, we’ll ask you to provide us with certain information, such as your email address and age. Nando’s will not send any marketing communications to anyone who has disclosed that they are aged under 16.
13. How can I contact Nando’s?
Nando’s Customer Experience, Erico House, 93-99 Upper Richmond Road, Putney, London SW15 2TG.
If you’re reading this and you made it through all that, we’re pretty impressed right now.