Our mission is to help Subway® Franchisees be more profitable and competitive – today and for the future.

IPC Europe Privacy Policy & Confidentiality Notice


At European Independent Purchasing Company Limited (“IPC Europe”, “we”, “our” or “us”) we care about you and your privacy. We are transparent in the way we process your Personal Data.

When it comes to your Personal Data you are in control. We want to make sure that you understand why we ask you for some Personal Data, what we do with that information, and the rights and choices you have over how we use your data.

This Privacy Notice explains how we process your Personal Data including your Personal Data held in “Extra” our website (the “Site”) http://www.ipceurope.org/

Therefore, if we have a contract with you, you are a Franchisee (defined below) or you register in the Site, you agree to the collection, use, storage and transfer of your information under the terms of this Notice.

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.


1. Data Controller

IPC Europe is comprised by Subway® franchisees.

We are a company registered in England and Wales at 40 Oxford Road, High Wycombe, Buckinghamshire HP11 2EE, UK under the registered number 04267249 and data protection registration number Z9356412.

We are Controllers in common with Subway® Group (defined below in section 11 “Who has access to your Information?”).

As Controllers in common we have both IPC Europe and Subway® Group access to your Personal Data, however we process your Personal Data independently which means that each company processes your Personal Data for different purposes. Therefore, you should view Subway® Group’s privacy statement for further information about how they process your Personal Data, please visit their website http://www.subway.com/en-gb/legal/privacystatement-fsb. We strongly recommend you read their privacy statement.

NOTE: This Privacy Notice is only related to how IPC Europe processes your Personal Data.

If you have any questions about us or the way we process your data, please contact our Support Desk, see section 24 “Contact Us”.


2. Definitions

  • “Data Subject” is an individual who is the subject of Personal Data.
  • “Employee” staff members, any Franchisee employee working at the Store (defined below)
  • “Franchisee” Subway® franchisees are the store owners, who may be an individual (sole trader) or an organisation, in this latter case you represent that you have the authority to bind such organisation.
  • “Personal Data” means any information relating to an identified or identifiable natural person that is processed as a result of, or in connection with, the provision of services; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Store” Subway® franchisee stores in the Territory
  • “Territory” any Store located within Europe and adjoining countries.


3. Our legal basis for collecting and processing your data

a. Contractual basis:
We process your Personal Data where the processing is necessary for the performance of a contract. For this reason, we may send you notifications or we may call you regarding relevant provisions in relation to the performance of the contract between us and to manage our relationship with you which may include processing your data prior to us entering into a contract with you.

Please see the section below “How we use your information” for a detail list of the Purposes 

You are unable to opt out of receiving notifications from us where we process your Personal Data on the basis of it being necessary for the performance of our contractual relationship. If you do not want to receive our notifications on this basis you will need to terminate the contract with us by sending an email to support@ipceurope.org 

If you have any query, please send an email  support@ipceurope.org

b. Legitimate interest:
We may collect, hold and process your Personal Data on the basis of legitimate interest where it is necessary for us to fulfil our needs as a business and to be able to provide you with our services.

Please see the section below “How we use your information” for a detail list of the Purposes

NOTE: We may contact you by email or by phone for the Purposes stated below. REMEMBER If you do not want to be contacted, you can opt-out at any time, please contact Support Desk, details in section 24 “Contact Us” 

c. Vital interest:
We may use your Personal Data to contact you if we reasonably believe that there is any urgent safety or product issue that we need to communicate to you because the processing of your Personal Data will prevent or reduce any potential harm to you. This type of notification will be sent in your vital interest.

d. Legal Obligation:
We may use and process your Personal Data to comply with our legal obligations such as local authority requirements.

e. Consent: means your express opt-in consent


4.  How we use your information 

IPC Europe may use information held about you for the following purposes (“Purposes”):

Purposes

Lawful bases

To carry out obligations arising from any contract entered into between IPC and you

Contractual relationship

To carry out the due diligence or the necessary steps prior entering into a contract with you because you requested it

Contractual relationship

To use or permit selected third-parties (see section 11. Who has access to your Information) to use your data to provide you with information which may be of interest

Legitimate interest

To carry out any obligation we have agreed with you

Contractual relationship

To seek your view or comments on the services IPC Europe or any Affiliate provides

Legitimate interest

To notify you of any changes to our services

Contractual relationship
Legitimate interest

To notify you about any changes in our terms and conditions, privacy notice or other arrangements with you

Contractual relationship

To respond to your request or queries

Contractual relationship
Legitimate interest

To administer the Site and for internal operations including troubleshooting, data analysis testing research statistical and survey purposes (anonymised operations)

We do not consider this to be Personal Data

To improve the Site to ensure that the content is presented in the most effective manner for you

Contractual relationship
Legitimate interest

To allow you to participate in interactive features of our services when you choose to do so

Legitimate interest

To keep our site safe and secure

Contractual relationship
Legitimate interest

To make suggestions and recommendations to you and other users of the Site about goods or services that may interest you or them

Legitimate interest

To contact you about any IPC Europe governance activity such as but not limited to elections, voting

Contractual relationship
Legitimate interest

To send you information that may be of you interest

Legitimate interest

To send you information about our new deals and/or services

Contractual relationship
Legitimate interest

To provide you information about suppliers or distributors

Contractual relationship
Legitimate interest

To facilitate you to buy new services obtaining better prices

Contractual relationship
Legitimate interest

Manage your relationship including communications and customer services, distributors and suppliers

Contractual relationship
Legitimate interest

We may use and analyse the information we collect so that we can manage, administer, support, improve and develop our business.

Contractual relationship

Legitimate interest

We may collect use and analyse your Personal Data for surveys and/or research orientated to improve the services provided by us.

Legitimate interest

We may use your Personal Data to send you direct marketing communications

Consent

To comply with statutory requirements and/or requirements of local authorities in relation to the services we provide to you

Legal Obligation

To communicate any potential health and safety issues connected to our products/services

Vital interests


5. How we collect your Personal Data

IPC Europe obtains information about you when you access and/or register on our Site.

When you contact Support Desk/TechNet either by email of by phone.

When Subway® Group send us your details because you have become a Franchisee in the Territory.

Because you are an Employee and either the Franchisee provided us with your details (with your previous consent), or you contacted us directly.

We may also collect Franchisee data from suppliers and distributers 

When you provide us with your Personal Data for the Purpose of entering into a contractual relationship with us. 


6. Personal Data we collect

IPC Europe collects and process the following Personal Data:

Information you give us: 
name, surname, address, telephone number, mobile number, personal email address, date of birth (if required)

Store and/or commercial details: store number, address, phone number, email where such information may identify a Data Subject”

Employee details: name, surname, mobile number, personal email address

Details regarding the contracts and arrangements you have entered into with suppliers and/or distributors sourced by IPC Europe including but not limited to commercial details such as but not limited to deals with services providers and trading history where such information may identify a Data Subject.

Bank details (if required) when such information may identify a Data Subject.

When you contact us through Support Desk regarding any query or complaint, we may keep a record of that correspondence. Please, do not supply any extra Personal Data information unless we prompt you to do so, we shall not be responsible for the information that you voluntarily send us without being required to do so. 

Information we collect about you: 
With regard to each of your visits to the Site we will automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from the site (including date and time), products you viewed or searched for’, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our Support Desk.
  • we collect data on visits and the visitors to the Site and we track visitors using ‘cookies’ (see online section below and our cookies policy for more details). 

Your views and opinions
  • from time to time we may carry out market research or surveys. Any answers to market research surveys that you give will be anonymised. Participation in research is entirely voluntary. 

Information we receive from other sources:
  • This is information IPC Europe may receive about you if you use our Affiliates (meaning any person, partnership, joint venture, company, corporation, subsidiary or other form of enterprise, domestic or foreign, directly or indirectly controlling, or controlled by or under common control of us) websites or the websites of IPC Europe’s service providers. We may even receive data when you use another website.
  • We may receive information about you from Subway® Group (defined below in section 11. “Who has access to your Information?”)  
  • We may receive Personal Data from a franchisee or a Development Agent (“DA”) when they contact us.


7. Third party links

The Site includes links to other website, these third-parties links are not owned, managed or controlled by IPC Europe and they have not been reviewed by IPC Europe. The information in these other third-party links are not our responsibility, therefore, we advise you to read the third-party’s terms and conditions and privacy notice in their websites because it will be your sole responsibility if you decide to use them. They may share your Personal Data with us but that sharing of information is governed by that third-party ‘s privacy notice not ours. In situations where your Personal Data is shared with us, we are classed as the “processor”, as defined by the relevant data protection legislation in place, thus we will comply with our legal responsibilities as a “processor”.


8. Anonymous information that we collect 

We may use and share aggregate information relating to groups of customers, without identifying individuals, to learn more about your behaviour and find ways of enhancing our service. We consider that this type of information is not included in the definition ‘Personal Data’ because the individuals are not traceable, and any personal details are kept. 


9. Minors

This Site is for a general audience that is not designed or intended to collect Personal Data from children below the minimum employment age in the Territory.  IPC Europe does not knowingly collect Personal Data from anyone below the minimum employment age. 

If you believe a child has provided IPC Europe with Personal Data without consent, please contact our Support Desk details are set out below in section 24 “Contact Us”. 


10. Where we store your Personal Data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) as long as it is in a country which has been assessed by the European Commission and/or ICO as ensuring an adequate level of protection for persona data.

We may store and process your Personal Data through third parties that we use to operate the service that we provide.  

Personal Data may also be processed by staff operating outside the EEA who work IPC Europe, its Affiliates or Subway® Group. This would include staff who, for example, are engaged in the provision of support services, prior to any transfer of Personal Data to or from IPC Europe to any third party, they will take all reasonable steps to ensure that such parties have adequate security protections in place for the protection and secure transmission and storage of any Personal Data including but not limited to being certified under the EU-US privacy shield for parties situated in the United States of America. Where third parties are not situated within the EEA, IPC Europe will check their procedures, safeguards and security measures to ensure they are adequate pursuant to the data protection legislation before transferring and/or exporting any Personal Data to them.

IPC Europe will take all steps reasonable necessary to ensure that Personal Data is treated securely and in accordance with this Privacy Notice and as permitted by data protection legislation and related legislation .

By submitting your Personal Data, you agree to its transfer, storing and processing as it is described above. We take all reasonable steps to ensure that your information is accurate, up-to-date, complete, relevant and not misleading.


11. Who has access to your Information? 

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes other than as set out in the “Purposes” section of the table above, unless we have your prior consent. 

We may pass your information to our third-party Affiliates, Subway® Group and our processors as detailed below 
Subway® Group comprises the following affiliated entities: Franchise World Headquarters, LLC (“FWH”), SFAFTBV-EUROPE and Subway IP LLC. FWH is licensed to use the SUBWAY® trademark. FWH Technologies, LLC (“FWHT”), the owner and licensor of the Subway POS™ software, which has been approved for use in Subway® restaurants worldwide. The Subway® franchisors: Doctor’s Associates LLC. (“DAI”); Subway® International B.V. (“SIBV”); Subway Systems Australia Pty Ltd (“SSA”); Subway Franchise Systems of Canada, Ltd. (“SFSC”); Subway Partners Colombia C.V. (“SPCCV”); Subway Systems do Brasil Ltda. (“SSB”); Sandwich and Salad Franchises of South Africa Pty Ltd. (“SSFSA”); Subway Systems India Private Limited (“SSIPL”); and Subway Restaurant Management (Shanghai) Co. Ltd. (“SRMS”). The Subway® advertising affiliates: Subway Franchisee Advertising Fund Trust, Ltd. (“SFAFT”); Subway Franchisee Advertising Fund Trust, B.V. (“SFAFT BV”); Subway Franchisee Advertising Fund of Australia Pty. Ltd. (“SFAFA”); Subway Franchisee Canadian Advertising Trust (“SFCAT”); Subway Systems do Brasil Ltda. (“SSB”); Subway Partners Colombia C.V. (“SPCCV”); Subway International B.V. (“SIBV”) (Taiwan Branch); and Sandwich and Salad Franchises of South Africa Pty Ltd. (“SSFSA”), administers national and local advertising funds and activity for Subway® restaurants and Subway® franchisees worldwide. Subway® Loyalty Affiliate. If you want more information about Subway® please read their Privacy Statement clicking in the following link http://www.subway.com/en-gb

Subway® Group is deemed to have adequate security measures in place for the receipt and transmission of Personal Data in line with European Union standards to transfer Personal Data to and from the EEA and are both certified under the EU-US Shield.

We may also share your Personal Data with other Franchisees, DA (development Agents), suppliers and/or distributors for business and commercial purposes in relation to the Purposes set out above.  

Third Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purpose of completing tasks and providing services to you on our behalf. We eventually may change services provider, but we will notify you, if required. If you need a full detail of the sub-processors, please send an email to support@ipceurope.org

We may transfer your Personal Data to a third party as part of a sale of some or all of the business and assets to any third party or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of users of the Site. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected. 

We would disclose your Personal Data in the unusual circumstances of being legally obliged to do so e.g. as part of a police investigation or if we are required to do so by a governmental authority. 

In addition to the specific disclosures of Personal Data set out in this Privacy Notice, we may disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.


12. Retention of Personal Data

IPC Europe reviews its retention periods for Personal Dataon a regular basis. IPC Europe will only retain your Personal Data as long as is deemed necessary for the Purposes including satisfying legal, accounting or reporting requirements in accordance with any applicable laws or regulations and/or a contractual relationship.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.  We may retain your basic information for longer periods if so required by law.

We will not retain your Personal Data indefinitely.

After you requested it or in accordance with the deletion policy IPC Europe will delete your account and anonymise your personal detail. The anonymisation process is irreversible which means that your Personal Data will be lost. 

For further information, please contact Support Desk details in section 24 “Contact Us” 


13. Security Precautions

IPC Europe has appropriate security measures in place to protect against the loss, misuse and alteration of the Personal Data under its control. Our policies and procedures incorporate appropriate measures of security for Personal Data including: 
  • Physical and technological security; and
  • Management and organisational security.

It is your responsibility to keep your password confidential. We ask you not to share the password with a third party. 

Unfortunately, the transmission of information via the internet is not completely secure. Although IPC Europe does its best to protect your Personal Data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


14.  Site content and availability

IPC Europe does not warrant or represent that content of the Site or the materials provided or available to you on or through the Site are suitable for your requirements, or that they are accurate, complete or current.

The Site is provided free of charge and IPC Europe does not make any guarantee that the functions contained in the Site will be uninterrupted or error or virus free or that the Site or its server will be free of viruses or other harmful components, or that defects will be corrected even if IPC Europe is aware of them. IPC Europe may modify, suspend or withdraw the whole or any part of the Site or any of its content and or materials at any time without notice and without incurring any liability.

You are responsible to upload accurate and correct information and it is your responsibility to provide accurate and up-to-date information at all times.

While we make all reasonable efforts to provide accurate information you should not assume that the information is always up to date, that the Site contains all the relevant information about the new deals or that the information posted is 100% accurate.


15. Disclaimer

Be aware that you as a franchisee will be responsible and liable for any breach of the Privacy notice by any of the Employee’s accounts acting on your behalf. IPC Europe will not be liable for any damage or negligence caused by a user of the Site acting on your behalf.


16. What to do if you have a concern or complaint about our use of your Personal Data


We strive to act in accordance with all relevant data protection legislation, at all times.

If you have a concern or complaint about our collection or processing of your personal information, then please contact the Support Desk at support@ipceurope.org or, see more details in section 24 “Contact Us”.

If you are not satisfied with how IPC Europe deals with your query/complaint or believe we are processing your Personal Data not in accordance with the Data Protection Legislation you can complain to the Information Commissioners Office (ICO).
You have the right to make a complaint to the data protection regulator in your country. You can find them at:
UK - www.ico.org.uk
Republic of Ireland – www.dataprotection.ie
17. How can you access and update your Information
The accuracy of your information is important to us. If any of the information we hold becomes inaccurate or out of date, please contact our Support Desk. Or I If you wish to cancel your account in the Site, please contact our Support Desk at support@ipceurope.org for more details please go to section 24 “Contact Us”


18. Access to information (Subject Access Request)

The data protection legislation gives you the right to access Personal Data held about you.  Such a request is called a Subject Access Request (SAR). Upon making a SAR, and subject to provision of evidence of your identity, we must provide you with any Personal Data held about you.

However, we may charge a low amount as an administration charge in the event of access requests that are excessive or repetitive.  For further information go to www.ico.com and search for ‘Right of access’.


19. Your rights

A summary of your rights under the GDPR are as follows:
  • The right to insist that companies who hold your data are transparent about how they use your personal information, and fair in the way they process and use it.
  • The right to access your personal information.
  • The right to insist that companies correct any mistakes in the information they hold.
  • The right to erase or delete your Personal Datain certain situations.
  • The right to receive a copy of your Personal Data held by a company, in certain situations.
  • The right to opt-out of direct marketing.
  • The right to object to automated decision processes which significantly affect or disadvantage you, in certain circumstances.
  • The right to object to continued processing of your personal information, in certain circumstances.
  • The right to restrict the way that companies process your personal information, in certain circumstances.
  • The right to portability 

For a full explanation of your data rights, go to: 


20. Online

The Site uses tools to make the service easier for you to use: to know more about how we use cookies, you can view our cookies policy

Cookies 
A “cookie” is an element of data that a website can send to your browser, which may then store it on your system. It can then be used to provide you with tailored information. We may only use cookies if you have provided us with your consent. By registering an account on the Site, you will be providing us with your consent. Where consent is provided cookies may be used to better personalise the content that you and other users of the Site will see. We may use the information to research and understand how your habits are similar or different so that we can enhance your experience on the Site. We do not match cookie data to any personal identification. For more information about cookies please click on the following link: www.allaboutcookies.org

Disabling Cookies
If you do not wish to accept our Cookies you can decline Cookies and/or refuse access to previously stored information by using your web browser. The facilities within your web browser to allow you to do this will vary from browser to browser but they may be found in the “Privacy” or “Cookies” section of the “Properties” menu of your browser. If you require assistance in disabling Cookies you should refer to the “help” menu within your browser. Please note however, if cookies are disabled, you may not be able to use all of the interactive features of the Site and it may limit the service we are able to provide to you via the Site.

Referrers
A “referrer” is the information passed along by a web browser that references the Web URL you linked from, and it is automatically gathered by our web server. This information is used by us to identify broad demographic trends that may be used to provide information tailored to your interests.

IP address data
IP addresses are automatically gathered by our web server. Your IP address is a number that is used by computers on the network to identify your computer so that data (such as the web pages you request) can be sent to you. You will not be personally identified from this information. Your IP address may also be used to assist in the detection of fraud and we may pass this information to the Police. Environment variables we gather include time, type of web browser being used, the operating system/platform, and CPU speed. This information is used only for broad demographic information. This information is used by us in identifying broad demographic trends and may be used to provide information tailored to your interests. Additionally, the Site and extranet may contain links to other sites. IPC is not responsible for the privacy practices or the content of third party sites.  You should read those web sites’ privacy policies independently.


21. Confidentiality

“Confidential Information” means any and all proprietary, non-public information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”) which a reasonable person would understand to be confidential including without limitation technical financial and other business information, Personal Data, sensitive data, copyrights, trademark, know-how whether or not registered.

The Receiving Party will hold the Confidential Information in confidence using at least the same degree of care it uses to protect its own confidential information, no less than reasonable care. The Receiving Party will only use Confidential Information as needed to exercise its rights or perform its obligations under these Terms and will only disclose Confidential Information to its directors, offices, employees and contractors who have a need to know such Confidential Information in connection with these Terms and who are bound by confidentiality obligations at least as restrictive as those contained herein. 

The obligation with respect of Confidential Information does not apply to information that the Receiving Party can demonstrate is in the public domain through no fault of the Receiving Party, disclosed to the Receiving Party by a third party without any breach of confidentiality obligations, known to the Receiving Party at the time of the disclosure by the Disclosing Party through no breach of any obligation of confidentiality or other restriction on disclosure, or developed independently by the Receiving Party, without use of or reference to any Confidential Information of the Disclosing Party. 

The Receiving Party may disclose Confidential Information to the extent necessary to comply with a valid legal or government order or requirement, provided that it will provide the Disclosing Party with reasonable prior notice and cooperate with the Disclosing Party (at the Disclosing Party’s sole expense) with any reasonable effort to challenge or limit the ordered or requested disclosure save where they may be prevented from doing so by law.  

A use of the Site shall ensure that any third party that has access to the Site are informed of the confidential nature of the Site and the Users commit to undertake appropriate training in the data protection laws (as described in the Privacy Notice below) in relation to handling the Personal Data and that the users of the Site are aware of their responsibilities and obligations under the data protection laws and these Terms.


22. Prohibited use

You may NOT use the Site for any unlawful purpose such as but not limited to acts of discrimination, harassment, libel, abuse, and threatening, harmful, vulgar, obscene or otherwise objectionable behaviour. 

You cannot either, transmit any type of material that encourages a criminal offence or breaches any applicable law, regulation, code or practice including infringement of other individual’s use of the Site and any copyright infringement without the owners’ permission. 

You undertake not to post anything which may be consider illegal, defamatory offensive, fraudulent, violent, discriminatory, obscene or sexually explicit and it may affect our reputation or the reputation of other users of the Site. 

Therefore, you agree to use the Site in good faith, impartial. You also agree that any abuse of the Site can result in the cancellation of the account.


23. Changes to our Privacy Notice

 This Privacy Notice may be reviewed by IPC Europe from time to time, and IPC Europe shall be entitled on giving reasonable notice to you to effect any change to these provisions. 

We will notify you whether by email or any electronic means such as by way of notice in the Site or otherwise as required by the applicable law. We encourage you to review the terms and conditions and the Privacy Notice of this Site from time to time as they are binding, Thus, the continued use of the Site after the posting or notice of any amendment in the Terms or in the Privacy Notice shall constitute your agreement to be bound by any changes.  


24. Contact us

All comments, queries and requests relating to our use of your information are welcomed, please see below the following contact details: 

To speak with our Privacy Officer Ben Norris: 
  • by telephone on: +44 (0)1494 511620
  • by post at: The Privacy Officer, IPC Europe, 40 Oxford Road, High Wycombe, Buckinghamshire. HP11 2EE. United Kingdom
  • Or sending an email to Support Desk support@ipceurope.org  


25. Jurisdiction

These Terms are governed by the Laws of England and Wales and any dispute arising from them shall be resolved exclusively in the Courts of England and Wales.

IPC Europe does not make any representation that the materials or content of the Site are appropriate or lawful or available for use in other locations.  If you access the Site from outside the Territory, you do so at their own risk and you are responsible for compliance with the laws of the jurisdiction where you are in.

Version number: 1.0 May 2018
Site Map | Privacy Policy | Terms and Conditions © Copyright 2020 IPC Europe. All rights reserved.

Scheduled Event