Becoming a franchisee
Order now

Confidentiality and Personal Data

 

1. Introduction

This Data Protection Policy (the «Policy») describes the methods that Heiko, on its own behalf and on behalf of its subsidiaries («Heiko» or «we»), employs in the collection, use, protection, and sharing of personal data of individuals who visit its restaurants, use its websites and/or mobile applications, and/or interact with us in any other way, including but not limited to through our customer service, our loyalty or relationship programmes, and/or on social media.

Committed to fostering innovation while building a lasting trust-based relationship founded on shared responsible social values and respect for individuals' rights and freedoms, Heiko is dedicated to the protection of personal data.

This Policy applies to France. Its main objective is to describe how Heiko, as the data controller, collects, uses, protects, and shares the personal data of its contacts. It consolidates, in a concise, transparent, understandable, and easily accessible format, information concerning the data processing operations implemented to allow contacts to understand under what conditions their data is processed, what their rights are in this regard, and to present Heiko's commitments as the data controller.

This Policy is independent of any other document that may apply within the contractual relationship we may have with our contacts (cookies, commercial or partnership agreements, etc.).

We draw the attention of our contacts to the fact that many of our restaurants are operated by licensees or franchisees, i.e. independent traders responsible for their own operations. This Policy does not apply to our licensees and/or franchisees, nor to their third-party websites or third-party mobile applications. To find out how our licensees and/or franchisees use the personal information of their contacts, please consult their own privacy and personal data protection policies.

For a good understanding of this Policy, it is clarified that:

  • «Client(s)», «contact(s)» or «candidate(s)» refers to any natural or legal person in relation with Heiko or its subsidiaries (clients, candidates, partners, etc.); ;
  • «data controller» means any natural or legal person who determines the purposes and means of the processing of personal data as defined in this Policy; ;
  • «subcontractor» means any natural or legal person who processes personal data on behalf of the controller (this typically refers to service providers with whom we work and who process the personal data that they handle); ;
  • « recipients » refers to natural or legal persons who receive communication of personal data, who may therefore be both internal recipients and external organisations.

2. About the personal data you provide to us

Depending on how you interact with us, we may ask you to provide the following data:

  • personal information (names, postal and email addresses, telephone numbers, date of birth, etc.), when you register for our online services, connect to our Wi-Fi network, participate in one of our games or through our online services; including when you apply as a franchise applicant or for an employee position;
  • information about your transactions (products purchased, prices, payment methods, payment data, etc.); ;
  • information about the account you use to access our online services, purchase or use our products and services (username, password or other identification details); ;
  • information about your profile (preferred products and services, best times to visit us, etc.); ;
  • any other personal data that you agree to provide to us when you interact with us.

3. About the personal data we collect through automated means

We use automated technologies to collect data from your computer or mobile device (phone or tablet) when you visit our restaurants and use our online or in-restaurant services. These automated technologies include, but are not limited to, cookies, local shared objects, and web beacons. Further information is available in section 6 below.

We are thus likely to collect the following data

  • your Internet Protocol (IP) address; ;
  • the dates and times you access our online or in-person services; ;
  • the names and URLs of files accessed using our online services; ;
  • the type of operating system and browser of the computer or mobile phone used; ;
  • the type of mobile device used and its settings; ;
  • el identificador único del dispositivo (UDID) o el identificador de equipo móvil (MEID) asociado con su teléfono móvil; ;
  • the serial number of the device used and its components; ;
  • advertising identifiers (IDFA and IFAex.) or other similar identifiers; ;
  • the reference application or website (i.e. the site that led you to ours) and; ;
  • your use of our online services (pages viewed on our sites or in our mobile apps, for example).

 

Our online and on-site services allow us to collect precise information about the location of your mobile device (phone or tablet) or computer using a geolocation feature and technologies such as GPS, Wi-Fi, Bluetooth or nearby cell towers. For most mobile devices and computers, you will be asked to authorise Heiko to process this information.

For most mobile devices and computers, you will be asked to allow Heiko to process this information. You have the option to revoke this permission by changing your device or browser settings. If you wish to know how to prevent us from collecting precise location information, we recommend contacting your mobile device provider, its manufacturer, or your browser provider. Some of our online or on-site services may not function properly without location information. If you wish for us to delete the information we hold that can identify your location, please contact the Data Protection Officer whose contact details are provided further down this page.

The law may require us to retain certain information.

 

4. How we use the personal data we collect

We may collect data about you from other companies and entities, including public databases, social networks, and third-party partners such as analytics or marketing service providers. We may also collect publicly accessible information, for example about your profile, when you interact with us on social media. These platforms also allow us to collect communications addressed to us or concerning us.

We can combine the data you provide with data collected through automated means and from other sources.

 

5. How we use your personal data

We may use the personal data we collect for the purposes described below:

  • To provide our services and establish a contractual relationship with you; ;
  • To respond to your requests, honour orders placed, and process payments relating to our products and services online; ;
  • Communicating with you about orders, purchases or accounts you make or hold with us, your requests, our loyalty programme (external site Zerosix), your questions (contact);
  • To provide you with our online services (including websites and mobile applications); ;
  • Provide customer assistance,
  • Contact us if you have applied as a licensee and/or franchisee or employee.

To inform you, improve our services, and pursue the following legitimate business interests:

  • To inform you about our products and services, offers, new arrivals, promotions or events that we believe may be of interest to you; ;
  • To offer you a customer experience in our restaurants and with our online services; ;
  • Managing our activities, which includes developing new products and services, conducting research on consumers and operations, and evaluating the effectiveness of our sales and marketing activities. ;
  • Maintain, manage and improve our products, offerings, promotions, online services and other technologies. ;
  • Ensuring the security of our network and systems.

To comply with applicable legislation:

  • To identify, prevent, and protect us against fraud and all other offences, claims and liabilities; ;
  • Comply with our legal obligations and policies; ;
  • To ascertain, exercise or defend rights in court; and
  • Monitor and report non-compliance issues.

Provided you authorise us to do so (where applicable legislation requires it), we may use the personal data we collect for the following purposes:

  • We send emails or text messages via mobile regarding our products and services, as well as games, offers, promotions, or events that we believe may be of interest to you. ;
  • Provide services using geolocation ;
  • Enable cookies and similar technologies; ;
  • To provide you with our online services (including websites and mobile applications soon).

We may use the information we collect about you in other ways. In such cases, we will inform you at the time of collection or ask for your permission.

Our terms for sharing personal data collected

We do not sell any of your personal data and only share it as stipulated in this Personal Data Protection Policy.

We may share your personal data within the Heiko group, which includes our subsidiaries, licensees, franchisees and subcontractors authorised to process your personal data.

We may share your personal data with service providers who provide us with services such as: fulfilling orders, handling deliveries, providing data processing and other IT-related services, managing promotions, competitions, sweepstakes and lotteries, conducting research and analysis, and offering a personalised experience to each Heiko customer. We prohibit them from using or sharing this information for any purpose other than providing services on our behalf.

For strategic or other professional reasons, we may decide to sell or transfer all or part of our business. As part of such a sale or transfer, we may transmit the information we have collected and stored (including personal data) to any person or entity involved in the transaction in question.

We may share information without allowing you to be identified directly, such as anonymous aggregated statistics relating to your use of our online services. We may also combine information about you with that of other customers and share it in such a way that it cannot be associated with a particular customer.

We are entitled to use or share personal data as necessary to comply with any law, regulation, or legal requirement, to protect our online and on-site services, to initiate legal proceedings or defend a legal right, to protect the rights, interests, and safety of our organisation, our employees, our franchisees, or the general public, or as part of an investigation into fraud or any other breach or violation of our policies.

 

6. Privacy Policy Regarding Children, and Notice to Parents and Guardians

Protecting children's privacy is important to us. We believe that children's use of the internet and email raises certain privacy and security issues relating to personal data.

We recommend that all parents check and monitor their children's online activities.

 

7. Your choices

Communications marketing

If you have agreed to receive marketing communications from Heiko, you have the option to change your mind later by following the instructions contained within the communications themselves. You may also adjust your preferences in your phone's settings or opt out of receiving these communications by contacting us.

Even if you opt out of receiving marketing communications from us, we may continue to send you communications regarding your transactions, the accounts you hold with us, and any games, contests, sweepstakes, or lotteries you have entered. Opting out of one type of communication does not constitute opting out of other types of communication. For example, even if you opt out of receiving marketing emails, you will continue to receive marketing text messages (SMS) if you have subscribed to this option through our partners, for instance. Please note that if you receive communications from a Heiko licensee and/or franchisee, and/or an external service provider, and/or an external service (loyalty programme), you will need to contact them directly to stop these communications.

We do not share any personal data with third parties for their own direct marketing purposes.

 

8. Terms of Use for Our Online Services and Other Technologies

Our service providers and we ourselves use cookies, web beacons and other similar technologies as part of our online services and in other areas related to our business (such as online advertising) for the purpose of collecting information and providing you with the services or products you have requested. Cookies and other technologies

A «cookie» is a small text file that may be saved on your computer, smartphone, tablet or any other device when you visit our website to collect information about your browsing.

A cookie allows its issuer to identify the computer or application in which it is saved, for the duration of the cookie's validity. Only the issuer of a cookie can read or modify the information contained within it.

It is specified that cookies do not collect any information from your personal files or documents on your computer. Furthermore, cookies cannot transmit any viruses to your applications.

A «web beacon» refers to a small object or image embedded in a webpage, application, or email, which allows user activity to be tracked. It is also referred to as a «pixel» or «tag».

Please take note of the following:

  • A cookie may be sent to you when you use our online services.
  • Some of the features we offer require the use of cookies and other similar technologies.
  • The cookies and other tracking technologies we use can be either session-based (for the duration of your visit) or permanent (for a determined period).
  • Our online services and other areas related to our activities may be accompanied by web beacons.

We use cookies, web beacons, and other similar technologies to collect information for the purposes set out in this privacy policy. We may also combine information collected using these technologies with information about you collected by us through other means described in this privacy policy.

We can use these technologies for the following purposes:

  • You are unequivocally identified, either yourself or your device; ;
  • Allow you to access and use our online services smoothly (which would not necessarily be the case in their absence); ;
  • Strengthen system security where applicable; ;
  • To statistically measure the use of our websites and mobile applications; ;
  • Improve our products and services ;
  • Monitor the performance (traffic, errors, page load times, popular sections, etc.) of our online services; ;
  • You are recognised when you access our online services, to facilitate your browsing; ;
  • Attract your attention through targeted advertising; and
  • The other purposes stated in the section of this privacy policy entitled «Our use of the information collected».

You can configure your browser so that you do not receive cookies or are alerted each time you receive one. Simply click on the «Help» section of your browser to learn how to change your preferences on this matter. If you disable all cookies, you may not be able to access all the features of a website.

Targeted advertising

When you use our online services, we may (and our service providers may) collect information about your activities that enables us to offer you personalised advertisements.

As we are part of several advertising networks, you may see ads on other websites. Through these networks, we can target the information we send you based on your interests, other information about you, and contextual means. These networks track your online activity over time by collecting information using cookies, web beacons, and web server logs. They use this information to show you ads that may be of interest to you. The networks we are part of collect information about the websites you visit (such as the pages or ads you view or how you use these sites) when these are also part of the networks in question. We use this information to offer you personalised ads – both through our online services and on the websites of third parties belonging to advertising networks – and to evaluate the effectiveness of our marketing efforts.

 

9. Links to other websites and social media

Our online services may contain links to websites operated by third parties and not by Heiko. If you visit one of these sites, we recommend that you consult its privacy policy, terms and conditions, and other policies. We are not responsible in any way for the policies and practices of third parties. The information you provide to them is processed in accordance with their own privacy policies, terms and conditions, and other policies.

Our online services may also include applications, tools, widgets, and plug-ins from other providers. These may also use automated means to collect information about how you use these features. They process your information in accordance with their own policies.

 

10. Sharing of your personal data

This section supersedes the sharing terms set out in Heiko's personal data protection policy. The personal data that you provide to us may be shared with our subcontractors who provide us with services in the context of managing our websites, your loyalty programme and our online ordering tools, including:

  • To the providers responsible for the hosting and development of our websites and application; ;
  • To the service providers responsible for the online launch of Click & Collect: DOOD
  • To the Stripe or Paygreen provider in charge of managing the payment module to enable payments to be processed
  • To the service provider in charge of managing our loyalty programme: Zerosix
  • To the service providers responsible for segmentation, email campaigns, and push notifications
  • To the service providers responsible for managing our prize draws...

11. Banking Details

This section supersedes the sharing terms set out in Heiko's personal data protection policy. The personal data that you provide to us may be shared with our subcontractors who provide us with services in the context of managing our websites, your loyalty programme and our online ordering tools, including:

  • To the providers responsible for the hosting and development of our websites and application; ;
  • To the service providers responsible for the online launch of Click & Collect: DOOD
  • To the Stripe or Paygreen provider in charge of managing the payment module to enable payment processing; ;
  • To the service provider in charge of managing our loyalty programme: Zerosix
  • To the service providers responsible for segmentation, email campaigns, and push notifications; ;
  • To the service providers responsible for managing our prize draws...

12. Home delivery

If you choose the delivery service when placing your online order, we will share certain personal data (first name, last name, phone number, address) with the delivery provider Uber Direct, as well as with the delivery drivers, for the sole purpose of delivering your order, in accordance with the delivery provider's data sharing terms.

 

13. Protection of personal data

We are committed to taking adequate steps to protect your personal data. Our technical, organisational and physical procedures are aimed at protecting personal data against any accidental, unlawful, or unauthorised access or loss, disclosure, use, alteration, or destruction. Despite our efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the Internet or any other public network can be guaranteed to be completely secure.

 

14. Data Retention

We retain your information for as long as necessary to carry out the activities set out in this policy and to comply with our personal data retention rules (unless longer or shorter retention periods are required by law).

These rules comply with applicable laws. We will retain and use your data to the extent necessary to fulfil our legal obligations (such as the obligation to retain your information in accordance with applicable tax laws), resolve disputes, enforce our agreements and carry out any other activity provided for in this policy.

Your personal data is hosted by us with our hosting provider ovh.com on servers located in France and the European Union.

Exceptionally, and for certain functionalities, your personal data may be transferred to a subcontractor located outside of Europe. In this case, we will favour subcontractors recognised as «adequate» by the European Union, who will be required to comply with our instructions and only use your data for the purposes of the processing.

 

15. Changes to our Personal Data Protection Policy

This privacy policy takes effect from the date indicated at the top of this page. It may be updated from time to time. By continuing to use our Services after the publication of changes, you agree to comply with them. We invite you to consult the Policy regularly to be informed of any potential changes.

 

16. Contact us

If you have any questions whatsoever regarding our personal data protection practices, you can contact us at any time.

By post: SODEV – HEIKO, 15 rue Lafaurie Monbadon 33000 Bordeaux

By email: hello@heiko-poke.com

Online: via the «Contact Us» form»

Order now
For your dose of good humour and great tips, it's this way!