Privacy Policy

Last Updated: 04 November 2025
Version: 2.0

1. Introduction

Welcome to TheDealDashers, a unique B2B2C marketplace for the hospitality sector, operated by Eco-Ked Limited ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, mobile applications (the "App"), and services (collectively, the "Services").

We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy is intended for:

Business Users: Representatives of hospitality businesses (e.g., restaurants, cafes, hotels) who sign up to offer deals through our platform.
End-Users: Customers who use our Services to find and redeem deals offered by our Business Users.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By using our Services, you acknowledge the practices described in this policy.

2. About Us and Our Role

For the purpose of the UK GDPR, the data controller is:

Eco-Ked Limited
Registered in England and Wales with company number 13604372.
Registered office: 20 Boston Manor Road, Brentford, Greater London, UK TW8 8DR.
Trading as: TheDealDashers

We are registered with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, under registration number ZB679199.

If you have any questions about this Privacy Policy or our data protection practices, please contact us using the details in the "Contact Us" section below.

3. The Information We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows. We collect data directly from you, automatically when you use our Services, and in some cases, from our Business Users or other third parties.

3.1. Information You Give Us (Directly Collected Data)

Identity and Contact Data: Including your first name, last name, username or similar identifier, title, email address, and telephone number. For Business Users, this also includes job title, company name, business contact details, official business email address, proof of incorporation, full trading address, and full trading name.
Profile Data: Including your username and password, profile picture, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
Marketing and Communications Data: Including your preferences in receiving marketing from us and our third parties and your communication preferences.
Enquiry Data: Information you provide when you contact us for customer support, to report a problem with our Services, or otherwise communicate with us.

3.2. Information We Collect Automatically

Technical Data: Including your Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Services.
Usage Data: Including information about how you use our website, App, and Services. This includes your browsing patterns, the deals you view or interact with, the features you use, and the times, frequency, and duration of your visits.
Location Data: We may collect precise or approximate location data from your mobile device if you enable location services through your device settings. This helps us show you relevant deals near you. You can disable this feature at any time through your device settings.

3.3. Information We Receive From Other Sources (Indirectly Collected Data)

Business User Data: Our Business Users may provide us with aggregated and anonymized footfall data for their venues. This data is used to analyze quiet periods and suggest deals and is not typically personal data.
Analytics Providers: We may receive Technical and Usage Data from analytics providers such as Google Analytics based inside or outside the UK.
Advertising Networks: We may receive information about you from advertising networks to help us deliver more relevant advertising.
Technical Partners: We may receive Technical Data from our technical partners who help us operate and improve our Services.
Publicly Available Sources: We may collect information from publicly available sources (e.g., Companies House) for due diligence and verification purposes for our Business Users.

3.4. Information We Access with Your Permission

With your express permission, we may access certain features on your device. This access is requested "just-in-time" (i.e., only when you use a feature that requires it).

Camera Access: We will request permission to access your device's camera. This access is used solely to enable you to scan QR codes provided by our business partners to redeem Vouchers. We do not store or transmit any photos or video from your camera.

4. How We Use Your Personal Data and Our Lawful Basis for Processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances. We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose / Activity	Type of Data	Lawful Basis for Processing (including legitimate interest)
To register you as a new user (End-User or Business User) and create your account.	Identity, Contact, Profile	Performance of a contract with you.
To provide and manage our Services, including processing transactions, managing your account, and enabling End-Users to redeem deals with Business Users.	Identity, Contact, Profile, Financial, Transaction	Performance of a contract with you.
To manage our relationship with you, which will include notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey.	Identity, Contact, Profile, Marketing & Communications	(a) Performance of a contract with you. (b) Necessary to comply with a legal obligation. (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our Services).
To administer and protect our business and this website/App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).	Identity, Contact, Technical	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud). (b) Necessary to comply with a legal obligation.
To use data analytics to improve our website, App, Services, marketing, customer relationships and experiences. For Business Users, this includes analysing footfall data to suggest targeted deals.	Technical, Usage, Location, Aggregated footfall data	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website and App updated and relevant, to develop our business and to inform our marketing strategy).
To deliver relevant website/App content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.	Identity, Contact, Profile, Usage, Marketing & Communications, Technical	Necessary for our legitimate interests (to study how customers use our Services, to develop them, to grow our business and to inform our marketing strategy).
To make suggestions and recommendations to you about deals or services that may be of interest to you.	Identity, Contact, Technical, Usage, Profile, Marketing & Communications	(a) Necessary for our legitimate interests (to develop our products/services and grow our business). (b) Consent (for certain types of electronic marketing communications).
To respond to your enquiries and provide customer support.	Identity, Contact, Enquiry	(a) Performance of a contract with you. (b) Necessary for our legitimate interests (to respond to customer queries and improve our service).
To send you push notifications about new deals, account activity, and other updates related to our Services.	Identity, Profile, Usage, Marketing Communications, Technical (e.g., push notification token).	Consent. We will only send you push notifications if you have given us your express opt-in consent through your mobile device settings.
To scan a business partner’s QR code	Camera Access	Consent. We will ask for your permission before accessing your device's camera. You can grant or deny permission through your device's settings.

Marketing and Your Choices

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising via email, push notifications, and message. Unless another legal basis applies, we will get your express opt-in consent before we send you direct marketing communications via email or text message. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us directly. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service purchase or other transactions (service communications).

We will also get your express opt-in consent before we share your personal data with any third party for their own marketing purposes.

We may ask for your permission to send you push notifications with alerts about new deals and other promotions. If you grant permission, we will process your device's push token to send these messages. You can opt out of receiving these notifications at any time by adjusting the notification settings on your mobile device (in your iOS or Android settings menu).

5. Data Sharing and Disclosure

We may have to share your personal data with the parties set out below for the purposes set out in the table in section 4.

Business Users: When an End-User purchases or redeems a deal, we share necessary information with the relevant hospitality business to allow them to verify and the deal. This will include your full name, the Voucher unique code, the Voucher Qr code and the deal details. We do not share your contact details with them for their own marketing purposes without your explicit consent.
Third-Party Service Providers: We engage third-party companies and individuals to perform services on our behalf (e.g., data analytics, IT and system administration services, cloud hosting services such as Digital Ocean, location services via Google Maps API, email services via MailerLite, and customer support). These third parties have access to your personal data only to perform these tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose.
Professional Advisers: Including lawyers, bankers, auditors, and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance, and accounting services.
Regulators and Other Authorities: HM Revenue & Customs, regulators, and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances or to whom we may be required to disclose personal data to comply with a legal obligation.
Business Transfers: We may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We will inform you before your personal data is transferred and becomes subject to a different privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. International Data Transfers

Some of our external third-party service providers may be based outside the United Kingdom (UK), so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. This includes the UK's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU's Standard Contractual Clauses.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

7. Data Security

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption to protect sensitive data in transit and at rest, and we implement access controls to limit who can access personal data.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law, for tax purposes, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers.

In some circumstances you can ask us to delete your data: see the "Your Legal Rights" section below for further information. In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. Your Legal Rights

Under data protection law, you have rights in relation to your personal data. These rights include:

The right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
The right of access: You have the right to obtain access to your information (if we’re processing it). This is known as a "data subject access request" and enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
The right to rectification: You are entitled to have your information corrected if it’s inaccurate or incomplete. You can review and change your personal information by logging into the App/website and visiting your account profile page.
The right to erasure: This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further.
The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer your personal data easily from our IT environment to another in a safe and secure way.
The right to object: You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).
Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. We do not currently conduct such processing, but we will inform you if this changes.
The right to withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time. Withdrawing consent will not, however, make unlawful our use of your information while consent had been apparent.

If you wish to exercise any of the rights set out above, please contact us using the details in section 14. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

10. Cookies and Tracking Technologies

Our website and App use cookies and similar technologies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website or use our App, allows us to improve our Services, and helps us to personalize content and ads. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Notice.

11. Children's Privacy

Our Services are not intended for and we do not knowingly collect data from children under the age of 16. If you are under 16, please do not use our Services or provide any information to us. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information from our servers.

12. Links to Other Websites

Our Services may contain links to other websites or services that are not operated by us (third-party websites). If you click a third-party link, you will be directed to that third party's site. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

13. Changes to This Privacy Policy

We keep our privacy policy under regular review. This version was last updated on the date stated above. We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and, where appropriate, by notifying you through the App or by email. You are advised to review this Privacy Policy periodically for any changes.

14. How to Contact Us and Your Right to Complain

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your legal rights, please contact our Data Protection Officer in the following ways:

Full name of legal entity: Eco-Ked Limited
Email address for DPO/Privacy Team: support@thedealdashers.com
Postal address: 20 Boston Manor Road, Brentford, Greater London, UK TW8 8DR

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.