Dine4All Limited (Dine4All or our or we) is in the business of providing an Online Platform enabling

the purchase, redeeming, managing and storing of a variety of non-reloadable digital gift cards and

codes and associated services (Services).

This Policy governs how Dine4All will deal with your Personal Information collected in connection

with the Services.

This Policy also applies to Personal Information collected by Dine4All in connection with its website,

social media accounts, applications, software and other technological means (Online Platforms), as

well as in connection with any direct communication between you and Dine4All.

Dine4All uses third parties located both locally and overseas in addition to its own resources to

provide these Services.

Scope of this Privacy Policy

We understand that when accessing our Services, the privacy and confidentiality of Personal

Information is important to you. That’s why we fully respect your rights to privacy and are

committed to protecting the personal and financial details you provide us in line with this

Services or whose Personal Information is processed by Dine4All.

We are committed to protecting the privacy of everyone who uses our Online Platforms

and/or our Services, for them to understand what Personal Information we collect and store,

and why we do so, how we receive and/or obtain that information, the rights an individual

has with respect to their Personal Information in our possession, and with complying with

the requirements of applicable privacy laws, including (without limitation) the General Data

Protection Regulations EU 2016/679 (GDPR), any laws or regulations ratifying, implementing,

adopting, supplementing or replacing the GDPR including in the UK the Data Protection Act

2018 and to the extent in force, the UK GDPR as defined in The Data Protection, Privacy and

Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, and any laws and

regulations implementing or made pursuant to EU Directive 2002/58/EC (as amended by

2009/136/EC) including in the UK, the Privacy and Electronic Communications (EC Directive)

Regulations 2003 (Privacy Laws).

The Information we Collect

We may collect Personal Information that allows us to identify who an individual is and

share Personal Information.

The type of information we may collect includes:

a) Personal Information - We may collect personal details such as an individual’s

name, location, date of birth and nationality allowing us to identify who the

individual is;

b) Contact Information - We collect information such as an individual’s email

address, Internet Protocol (IP) address, unique device identifiers, mobile

number, device model and name, operating system, browser type third-party

user names, residential, business and postal address and other information that

allows us to contact the individual. We also collect other contact information

(where you choose to import or upload that information) such as the names

and phone numbers of your contacts from your address book or contact list,

which we only use to help you quickly send gift cards to people you may know.

c) Financial Information - We collect financial information such as any bank or

credit card details used to transact with us and other information that allows us

to transact with the individual and/or provide them with our Services;

d) Statistical Information - We collect behavioural and statistical information

about an individual and businesses in connection with the Services and/or the

Online Platforms.

e) Geo-location information - We collect geo-location information to send

servicing messages and/or special offers from select retailers based on the close

proximity of the customer to that retailer.

For users of the Dine4All Restaurant App service

The Dine4All Restaurant App service requires the processing of the following data elements,

all of which we are required to collect in order for us to provide you with the service:

a) Email address

b) Name

c) Employer/organisation

d) Location/region

e) Gift card name, denomination, region

f) Slack user IDs

g) Slack workspace ID

h) Slack token to call slack APIs

i) Text content of recognition messages sent between employees

j) Microsoft tenant ID

k) Microsoft Teams ID

l) Microsoft graph API access token to interact with Graph API

Why we collect Personal Information

We collect Personal Information so that we can carry out the following actions:

a) to enable you to use our Online Platforms;

b) to provide our Services;

c) to communicate with you, including about our Services and offers which might

interest you;

d) to provide information or advice;

e) to process payments by or to you in connection with our Services;

f) to create accounts, tax invoices or receipts;

g) to provide your personal information to third parties in order for them to

supply the Services to you;

h) to consider and respond to complaints made by you.

i) to communicate with you about research opportunities relating to our products

and Services.

We may disclose additional purposes for collection of your personal information in collection

statements at the point of collection.

How information is collected

Information is collected in association with your use of the Services, an enquiry about

Dine4All or generally dealing with us directly or via our Online Platforms. If you are a Gift Card

recipient, from the person who purchased the Gift Card.

When personal information is used and disclosed

We will not use any Personal Information other than for the purpose for which it was

collected other than with the individual’s permission or as otherwise outlined in this Privacy

Policy.

Our use of Personal Information may include, but is not limited to:

a) Processing and completing transactions relating to the Online Platform, we will

disclose your Personal Information to the Retailer/s that you (or the Gift Card

recipient) selects;

b) Requesting feedback in regards to your use of the Online Platform, its products

or other companies, and other news and promotions we think will be of interest

to you;

c) Responding to your emails, questions, comments, requests and complaints so

as to provide customer service;

d) To monitor and analyse Online Platform usage and trends;

e) To perform analytics and to increase the Online Platform’s functionality, market

profile and user friendliness;

f) Investigating and preventing fraudulent transactions and other illegal activities;

g) To send notifications regarding important changes to the Online Platform;

h) Use for the purpose for which the information was collected; and

i) To send you confirmations, updates, security alerts, additional information

about our products and services and support, and otherwise assist with your

use of the Online Platform.

We will retain Personal Information for the period necessary to fulfil the purposes outlined

in this Privacy Policy unless a longer retention period is required or permitted by law.

Subject to clauses 8 and 14 and where otherwise stated in this Policy, we will not sell or

otherwise provide or share an individual’s Personal Information to unrelated third parties

unless:

a) you consent to the sharing of your Personal Information; and/or

b) in connection with, or during negotiations of any merger, sale, financing or

acquisition of Dine4All assets where this information may be disclosed or

transferred as one of Dine4All business assets.

There are some circumstances in which we must disclose an individual’s information:

a) where we reasonably believe that an individual may be engaged in fraudulent,

deceptive or unlawful activity that a governmental authority should be made

aware of;

b) to enforce or apply this Privacy Policy, or our terms, conditions and policies

and/or agreements;

c) as required by any law; and/or

d) in order to sell our business (in that we may need to transfer Personal

Information to a new owner).

Sensitive Information

Sensitive information is information about you that reveals your racial or ethnic origin,

political opinions, religious or philosophical beliefs or affiliations, membership of a

professional or trade association, membership of a trade union, details of health, disability,

sexual orientation or criminal record.

It is our policy to only collect your sensitive information where it is reasonably necessary for

our functions or activities and either you have consented or we are required or authorised

under law to do so.

Opting “IN” or “OUT”

By clicking “I Agree” or any other button indicating your acceptance of this privacy policy,

you expressly consent to the collection and use of your Personal Information in accordance

with this privacy policy.

An individual may opt to not have us collect their Personal Information (for example by

unsubscribing to any marketing emails received). This may prevent us from offering them

some or all of our services and may terminate their access to some or all of the services they

access with or through us.

If an individual believes that they have received information from us that they opted out of

receiving, they should contact us on the contact details set out in clause 15.

Anonymised Information

We may use your Personal Information in anonymized form to assist us in running our

business. We may also provide, including by way of sale, anonymised information in

aggregated form, to third parties.

When your Personal Information is included in anonymised, aggregated data, it is not

possible to identify you or anything about you from that data.

We may use temporary (session) cookies or permanent cookies when you access our Online

Platforms and/or Services. This allows us to recognise your browser and track the web

pages you have visited.Some of these cookies also help improve your user experience on our

websites, assist with navigation and your ability to provide feedback , and assist with our

promotional and marketing efforts.You can switch off cookies by adjusting the settings on

your web browser.

The Safety and Security of Personal Information

a) We may hold your personal information in either electronic or hard copy form.

b) If you provide information to us electronically we retain this information in our

computer systems and databases. If you provide information to us in hard copy (paper)

this information is normally retained in our files and a copy is made to our electronic

files.

c) We use industry standard security measures to safeguard and protect your information.

d) We may disclose your personal information to third parties and service providers

located overseas in connection with any purpose, including to overseas cloud

computing hosts. We take reasonable steps to ensure that the overseas recipients of

your personal information do not breach the privacy obligations relating to your

personal information.

e) We are not responsible for the privacy or security practices of any third party, including

Retailers and third parties that we are permitted to disclose an individual’s Personal

Information to in accordance with this policy or any applicable laws. The collection and

use of an individual’s information by such third parties may be subject to separate

privacy and security policies.

f) If an individual suspects any misuse or loss of, or unauthorised access to, their Personal

Information, they should let us know immediately.

g) Where we become aware of any breach to our security systems that breaches or is

likely to result in a breach of your rights or freedoms with respect to your Personal

Information, we will notify you and any supervisory authority as required.

h) We are not liable for any loss, damage or claim arising out of another person’s use of

the Personal Information where we were authorised to provide that person with the

Personal Information

How to access and/or update information

If you would like us to update or amend your personal information, please contact us on the

contact details set out in clause 15 and we will make the requested amendments.

We may ask you to verify your identity to ensure that personal information we hold is not

improperly accessed.

Connecting via Social Networks

You can log-in to the service by signing into social networks such as Facebook or an Open ID

provider. Providers such as Facebook provide the option of posting and sharing information

with others within your social network. If you stop using the network from which you signed

in to use the Service, you agree that we will still retain the personally identifiable

information from the social network that you provided us access to in accordance with this

policy.

Social media features such as Facebook Like and Share buttons and widgets and interactive

mini-programs which run within the service may collect your IP address and set a cookie to

enable the feature to function properly. Your interaction with these features is under the

The right to be forgotten, deleting your account or personal data

You have the right to delete your account or request the deletion of your personal data,

subject to certain exceptions.Dine4All gives you the ability to permanently delete your

account or personal data at any time.

You may notify us about your wish to delete your personal data or your account at the

contact details in this Privacy Policy or follow in-app prompts. All requests must be in

writing.

What happens when I delete my account or personal data?

When your account and/or personal data is deleted, it is permanent and the information

cannot be restored or reactivated. This means that:

a) If you want to continue to use your Gift Cards, you must print them before you

delete your account.

b) We may not be able to assist you if you require customer service, including if

you lose your Gift Card or experience issues with your Gift Card.

How long will it take to delete my account or personal data?

When a request to delete your account or personal data has been received, we will delete

(and direct our third party service providers to delete) your account and personal data

unless we are required to retain that information for regulatory or compliance purposes.

Some personal data may be retained by Dine4All or our third party service providers after an

account deletion request to enable Dine4All (or our third party service providers) to:

a) Maintain a record that an account deletion request was made and actioned;

b) Comply with applicable laws and legal obligations, including anti-money

laundering and counter-terrorism financing laws;

c) Comply with internal security, fraud and anti-money laundering policies;

d) Detect security incidents, or protect against malicious, deceptive, fraudulent, or

illegal activities; or

e) Cooperate with investigations or directions from law enforcement or

regulators; or

f) Make other internal and lawful uses of that information that are compatible

with the context in which you provided it.

While most account or personal data deletion requests will be actioned within ten days, it

may take up to 35 days for all personal data to be deleted.

Links

Links from our Online Platforms or via our Services to third party services that we do not

operate or control are provided for your convenience. We are not responsible for the

privacy or security practices of services that are not covered by this Privacy Policy. Third

party services should have their own privacy and security policies which we encourage you

to read before supplying any personal information to them.

Direct Marketing

We and/or our carefully selected third party business providers may contact you with direct

marketing communications and information about the Services or other products and

services offered by us via telephone, email, SMS, or regular mail.

If you have indicated a preference for a method of communication, we will endeavor to use

that method wherever practical to do so.

You may opt out of receiving marketing communications at any time by responding via the

channel in which you received the marketing communication, or by contacting us on the

contact details set out in clause 15. You can unsubscribe from emails by clicking the

unsubscribe link on the footer of the email communication you have received.

Complaints and Disputes

If an individual needs to contact us or has a complaint about our handling of their Personal

Information, they should address their communication in writing to the details below:

Dine4All Privacy Officer

53 Fleet Road,Rochester,Kent ME12PX ,UK

hello@dine4all.com

If we have a dispute regarding an individual’s Personal Information, we both must first

attempt to resolve the issue directly between us.

If we become aware of any unauthorised access to an individual’s Personal Information we

will inform them and any supervisory authority as required, at the earliest practical

opportunity once we have established what was accessed and how it was accessed.

Location-based Data

To the extent that Dine4All provides any location based feature as part of the Services, it

may collect, use, and share precise location data, including the real-time geographic location

of your computer or device. Where available, location-based services may use GPS,

Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower

locations, and other technologies to determine your devices’ approximate location. Unless

you provide consent, this location data is collected in a de-identified form that does not

personally identify you.

We provide a geo-push notification feature to customers using a mobile app to send

servicing messages and/or special offers from select retailers based on the close proximity of

the customer to that retailer. The app requires access to the location services on the mobile

device in order to utilise this feature and must be manually enabled by the customer

firstly.Dine4All does not retain real time location data of the customer and does not use

location services and data for any other purpose.

GDPR

If you are accessing our Online Platforms or receiving our Services from within the European

Union or the United Kingdom then Dine4All is required to comply with the GDPR respect to

your Personal Information.

Any reference to Personal Information in this Privacy Policy is also a reference to Personal

Data (as defined under the GDPR).

Dine4All takes the security and privacy of your Personal Information seriously and has

prepared this privacy policy and taken measures to collect, process and hold all Personal

Information in compliance with Privacy Laws and GDPR regardless of the user. Therefore, no

additional terms for GDPR users are required.

Additions to this Policy

If we decide to change this Privacy Policy, we will post the changes on our website. Please

refer back to this Privacy Policy to review any amendments.

Children

Children under the age of 13 are not permitted to use the Services.