The Premier Inn’s InnBusiness Pay Scheme is referred to in this privacy notice as the Scheme.
Worldline IT Services UK Limited, 1 Technology Drive, Beeston, Nottingham, England, NG9 1LA (Worldline / we / us) is the controller of your personal data, and this notice sets out how your personal data is collected and used by Worldline when you apply for an account on, and use, the Scheme. The term GDPR in this privacy notice shall refer to both the UK GDPR and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Our representative in the EU is equensWorldline SE, Hahnstraße 25, 60528 Frankfurt am Main, Germany (T +49 (0)69 2565 55111).
In order to apply to join and use the Scheme, we will need to collect some personal data about you and/or about your cardholders. This personal data may include:
- Identity Data including title, first name, last name, job title, any previous names, date of birth and gender.
- Contact Data including correspondence and/or billing address, email address and telephone numbers.
- Financial Data including bank account details, and SEPA direct debit mandate.
- Transaction Data including details about payments to and from you and other details of the services you have obtained from Whitbread Group.
- Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
Your cardholders are individuals authorised by you to use the Scheme. If you have provided us with cardholder names or other personal information relating to cardholders or any other individual , you should ensure that you have obtained their consent to process this data.
Your personal data (and that of your cardholders) will be used for the following purposes and on the basis of the following legal bases:
- to provide you with an account under the Scheme, which involves processing your data in order to set up, administer and maintain your account and all records relating to it (Article 6(1)(f) GDPR);
- to communicate with you about your account (Article 6(1)(f) GDPR);
- to obtain your views and feedback on the services that we provide in order to improve them in the future (Article 6(1)(f) GDPR);
- for the performance of technical, logistical or other functions to support the Scheme and the technical and management systems upon which it relies (Article 6(1)(f) GDPR);
- to carry out credit checks and to manage and enforce any debts that are due to us (Article 6(1)(f) GDPR);
- to carry out identity checks and fraud prevention checks to help prevent fraud and money laundering and to verify your identity (Article 6(1)(f) GDPR) in order to protect our business and to comply with laws that apply to us (Article 6(1)(c) GDPR). We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime (Article 6(1)(c) GDPR). You may be refused certain services, finance or employment as a result of this;
- to obtain insurance in relation to your account (Article 6(1)(f) GDPR); and
- for monitoring website use and traffic patterns and carry out data analysis with regard to the accounts we operate in order to improve our services and for our internal business analysis (Article 6(1)(f) GDPR).
If you apply for an account for another similar scheme that is operated by Worldline, Worldline may use the financial information it has about you in relation to the Scheme to evaluate whether to accept your application for such other scheme (Article 6(1)(f) GDPR).
There is no statutory or contractual requirement for you to provide any personal data to us, but without it, we will not be able to create an account for you.
In order to process your application for and to operate your account, we may need to pass on your data to other companies within the Worldline group of companies who help us operate the Scheme.
Your personal data may also be shared with companies outside of the Worldline group as follows:
- Insurers;
- Credit reference agencies to obtain your credit rating;
- Printers and suppliers who supply account cards and welcome packs;
- Payment processors who may take payments from you;
- Third party legal advisors and debt collection agents to assist in the collection of debt and resolution of any complaints;
- Document storage companies who hold records of your account;
- Fraud prevention agencies; and
- Law enforcement agencies.
Worldline will also share personal data with Whitbread Group plc, Whitbread Court, Houghton Hall Business Park, Porz Avenue Dunstable, Bedfordshire, LU5 5XE who will use that personal data in accordance with its privacy policy which is available here: https://www.premierinn.com/de/de/bedingungen/datenschutz.html.
Worldline uses third-party cloud hosting providers in the UK to host the systems on which it stores personal data.
When you apply for an account under the Scheme and periodically while you hold an account, your data will be passed to a credit reference agency who will use it to provide a credit rating to us. The credit rating is produced by an automated process and our decision regarding your eligibility for a business account card and the credit limit that may be applied from time to time to your account may be determined by that rating. You can obtain more information on how credit ratings are produced and used by clicking on this link https://www.creditsafe.com/gb/en/blog/credit-and-risk/what-is-a-business-credit-score.html.
Since Worldline operates globally, your data may be transferred to affiliates and third parties outside of the European Economic Area (EEA) to countries that do not have as strong data protection laws as may be in place within the EEA. This is in order that we can provide services to you.
In any such cases we will ensure that adequate safeguards are in place, for example, Standard Contractual Clauses published by the EU Commission.
Once your application is approved, we will retain your data until your account is closed. We will keep invoices we have issued to you for seven years from when they were issued, to enable us to comply with our legal obligations.
Incomplete applications will be retained for 3 months and declined applications for 12 months.
We may retain personal data for a longer period of time if it is necessary for us to defend ourselves against claims or to enforce our rights.
At the end of the relevant retention period, the data will be deleted or anonymised.
You have the following rights with regard to the processing of your personal data by us:
- to obtain information whether personal data relating to you are being processed by us or not, and if they are being processed, to access your personal data;
- to request the correction of inaccurate or incomplete data;
- to request the erasure of your personal data;
- to request restrictions on the processing of your personal data;
- to request the transfer of your personal data to another controller;
- to object to the processing of your personal data.
You may exercise these rights by contacting us at DPO-RBUB@worldline.com.
If you believe that your personal data has been unlawfully processed or your rights have been violated, you have the right to lodge a complaint with a supervisory authority of your choice. Details of all supervisory authorities within the EEA can be found at https://www.edpb.europa.eu/about-edpb/about-edpb/members_de.
If you have any questions on this notice, please contact our Data Protection Officer at DPO-RBUB@worldline.com.
We may update this notice from time to time and would encourage you to revisit it regularly to check you are happy with any changes. This notice is effective from March 2025.