GLOBAL PRIVACY NOTICE
Effective date: 06 July 2026
I. Who we are
Quick guide
Meet the organisations behind this notice.
This section explains which Applegreen Group company may act as controller and how to contact the relevant privacy team.
This Global Privacy Notice is issued on behalf of the Applegreen Group (“Applegreen”, “we”, “us”, “our”).
The Applegreen Group includes a number of companies operating customer-facing services across Ireland, the United Kingdom and Northern Ireland, and the United States. This includes:
-
Petrogas Group Limited and Applegreen Electric IRL Service Areas Limited: Block 17, Joyce Way, Park West Business Park, D12 F2V3, Dublin, Ireland;
-
Welcome Break Limited and Applegreen Electric UK Service Areas: 2 Vantage Court, Tickford Street, Newport Pagnell, MK16 9EZ, UK;
-
Petrogas Group US Inc: 208 Harristown Road, Glen Rock, NJ, 07452, USA
Each of these entities may act as a data controller depending on the service you are using. References to “Applegreen”, “Welcome Break”, “we”, “us” or “our” in this Notice should be understood as referring to the relevant Applegreen Group company (or companies) responsible for the processing of your personal data in the context of the relevant service.
Contact details
Republic of Ireland and United States: dpo@applegreen.com
Please use this form for exercising privacy rights for Ireland: here
If you are a resident of Connecticut, Delaware, New Hampshire, New Jersey or Indiana, please use this form for exercising privacy rights for the USA: (here)
United Kingdom and Northern Ireland: dpo@welcomebreak.co.uk
Please use this form for exercising privacy rights: (here)
Please use this form for submitting privacy complaints if you are not satisfied with our answer to your privacy rights request: (insert the link here)
II. Purpose of this Privacy Notice
Quick guide
This section explains why the notice exists and when it applies - from website and apps to hotels, EV charging, loyalty programmes and more.
This is a global privacy notice which explains how we collect, use, share and protect personal data (or personally identifiable information) in connection with our customer-facing activities.
This Notice applies when you interact with us in any of the following contexts:
-
visiting our premises, including service stations, travel plazas, retail sites, EV charging locations, hotels and other customer facilities;
-
using our websites, mobile applications or other digital platforms;
-
creating or using a customer account across our services, including EV charging, Wi-Fi access, loyalty programs and fuel card services;
-
making hotel bookings, including individual and corporate/group bookings, purchases or using our services;
-
enrolling in and participating in our loyalty and rewards programs, including legacy programs and partner programs such as Wyndham Rewards;
-
using EV charging services, including initiating and completing charging sessions;
-
using fuel card services, including account management, transactions and billing;
-
receiving, accessing or redeeming personalized offers, promotions and vouchers;
-
contacting our customer service teams or interacting with us via email, phone or social media;
-
participating in surveys, promotions, prize draws, games rooms or customer feedback activities;
-
interacting with our marketing communications, including newsletters and promotional messaging;
-
visiting our sites where CCTV, vehicle monitoring or similar security systems are in operation; and
-
interacting with our websites or services through cookies and similar technologies.
III. Sources of personal data
Quick guide
Here you can see where personal data comes from: directly from you, automatically through services, from trusted third parties and, where relevant, from public sources.
We collect personal data:
-
directly from you, when you visit our premises, make a purchase or booking, sign up to newsletters or loyalty programs, contact us, or otherwise interact with our services;
-
automatically when you use our services, including through our websites, apps, Wi-Fi services and EV charging infrastructure;
-
from third parties, including booking platforms, EV charging providers, Wi-Fi providers, survey providers, parking providers and other Applegreen Group companies; and
-
from publicly available sources, where relevant.
IV. How we use your personal data
Quick guide
This is the core section of the notice. It introduces the data categories we process and explains the main processing activities, purposes and lawful bases.
We use your personal data depending on how you interact with us. The categories below are the standard category names used in the processing activity tables in this section.
A. Categories of personal data we process
Category of personal data | Description / examples |
Account and membership data | Customer account IDs, usernames, account identifiers, authentication data, login details, account status, linked services, membership IDs, program participation, linked users, and other account administration details |
Address information | Billing, correspondence, postal and service addresses, including address details used for account administration, bookings, billing, delivery of services, or communications |
Adult gaming access and alert data | Access alerts, attendance indicators, age-verification outcomes, self-exclusion indicators, access-control records and staff intervention alerts relating to adult gaming areas |
Aggregated or de-identified insights | Aggregated, anonymized, pseudonymized or de-identified outputs, analytics and reports derived from personal data, including customer trends, usage insights and business planning information |
Billing and payment information | Billing details, invoices, payment history, transaction records, bank or payment details, refunds, financial records, VAT information where applicable, and other payment administration data |
Biometric and facial pattern data | Facial image data, facial pattern data, biometric templates or video-derived facial data used for age estimation, access control, limited identification, demographic estimation, visitor analytics or responsible gambling controls where applicable |
Booking and stay information | Booking dates and times, booking source or channel, booking status, hotel ID and name, check-in and check-out dates, stay history, visit history, last visit date and location, and related hotel service details |
Business information | Company name, business details, VAT information and other information used to verify eligibility, manage corporate or business accounts and administer business services |
Charging and session data | EV charging session details, including charger ID, site location, charging start and end time, energy consumption, total cost, service usage and charging records |
Communication and correspondence data | Emails, phone calls, social media messages, online form submissions, support communications, inquiry content, complaint correspondence, response records and customer service interactions |
Complaint, investigation and outcome data | Complaint details, investigation notes, suspicious activity flags, internal notes, evidence, resolution records, outcome records, control records and dispute-related information |
Contact details | Email address, mobile or telephone number, postal address and other contact information used to communicate with you about accounts, bookings, services, support, marketing or legal requests |
Cookie and online identifiers | Cookie IDs, IP addresses, online identifiers, device/browser identifiers, consent management identifiers and similar technologies used on websites, apps and digital platforms |
CCTV and video footage | CCTV footage, video recordings, video-derived data and imagery captured at sites, including footage of individuals, vehicles, incidents, site activity and security events |
Demographic and profile data | Date of birth, approximate age range, broad gender categories, postcode, travel reason, customer profile information, stay preferences, interests and other profile information provided or estimated where applicable |
Device and technical information | Device type, operating system, browser type and version, app or website log data, login timestamps, technical usage data, IP address, page response times, account security data and troubleshooting information |
Feedback and survey data | Survey responses, customer comments, ratings, sentiment, satisfaction scores, NPS data, review data, service-specific feedback and survey participation information |
Fuel card and account data | Fuel card number, fuel card account status, linked users, authorized user details, fuel card usage records and related account management information |
Gaming session and intervention data | Session-level gaming machine data, duration and usage patterns, on-site observational data, intervention records and responsible gambling monitoring records |
Identity information | First name, last name, surname, title, customer ID, account ID, identity details and other identifiers used to recognize, verify or administer customer relationships |
Incident and security data | Security monitoring data, fraud-related data, risk flags, incident records, unauthorized activity records, evidence, misuse indicators and security investigation information |
Location and movement data | Site location, redemption location, EV charger location, location-based app data, entry and exit times, vehicle movement data, heat mapping data and movement or attendance information |
Loyalty and rewards data | Points, balances, tier level, benefits, reward activity, loyalty status, membership details, loyalty program participation and partner program data, including legacy and partner schemes |
Marketing and advertising data | Marketing opt-ins and opt-outs, campaign interactions, advertising interaction data, email opens and clicks, push notification preferences, SMS preferences and marketing engagement information |
Preferences and consent data | Communication preferences, cookie choices, consent records, saved settings, app preferences, opt-ins, opt-outs, interests and engagement preferences |
Promotion, voucher and redemption data | Promotion IDs, voucher issuance and redemption records, voucher values, items purchased, offer eligibility, redemption date/time/location and campaign engagement data |
Request and verification data | Privacy request details, type and scope of requests, proof of identity documentation, verification documentation and records needed to respond to legal or data subject rights requests |
Service-related and contextual data | Information about the service you used or contacted us about, including booking, EV charging, hotel, fuel card, Wi-Fi, account, support and contextual details needed to provide or improve services |
Transaction and usage data | Purchases, stays, visits, service use, booking activity, charging sessions, fuel purchases, transaction date/time/location, spend, voucher redemptions, account activity, app use and operational usage records |
Vehicle information | Vehicle registration numbers, vehicle type, make, model, year, vehicle usage patterns, fuel usage patterns and vehicle-related records linked to EV charging, fuel cards, parking, access or site security |
Wi-Fi and access data | Wi-Fi login details, access details, basic session data, connectivity records and technical access data required to provide and secure internet access and other on-site services |
B. Processing activities
1. Digital interactions
Quick guide
Covers websites, cookies, app and digital platforms - including analytics, functionality, security and online preferences.
1.1 When you visit our website
When you visit our website, we automatically collect certain information about your device and browsing activity to ensure the website functions properly, remains secure, and provides an optimal user experience.
Personal data category | Purpose of processing | Lawful basis |
Device and technical information | Website security, fraud prevention, and basic functionality | Legitimate interests |
Device and technical information | Ensure compatibility and optimize website performance | Legitimate interests |
Transaction and usage data | Analyze website usage and improve content and structure | Legitimate interests |
Transaction and usage data | Maintain logs, troubleshoot issues, and ensure system integrity | Legitimate interests |
Transaction and usage data | Improve usability and user experience | Legitimate interests |
1.2 Cookies and tracking technologies
We use cookies and similar technologies on our website and applications to enhance your browsing experience, analyze traffic, support functionality and, where applicable, marketing activities.
Personal data category | Purpose of processing | Lawful basis |
Cookie and online identifiers | Enable essential website functionality | Legitimate interests |
Preferences and consent data | Record and manage your cookie choices | Legal obligation |
Aggregated or de-identified insights | Analyze traffic and improve website performance | Consent (for non-essential cookies); legitimate interests (for essential cookies) |
Marketing and advertising data | Deliver and measure advertising effectiveness (where applicable) | Consent (UK/EEA); applicable law (US jurisdictions) |
Device and technical information | Ensure proper functioning and security of digital services | Legitimate interests |
1.3 When you use our apps or digital platforms
When you use our mobile applications or other digital platforms, such as EV charging apps or customer accounts, we collect and process personal data to provide functionality, manage your account and support service delivery.
Personal data category | Purpose of processing | Lawful basis |
Account and membership data | Create and manage your account | Performance of a contract |
Contact details | Communicate with you about services or support | Performance of a contract |
Transaction and usage data | Monitor performance and improve functionality | Legitimate interests |
Device and technical information | Ensure compatibility, security, and troubleshooting | Legitimate interests |
Location and movement data | Provide location-based services (e.g. nearby EV chargers) | Performance of a contract; consent (where required) |
Preferences and consent data | Personalize your experience and remember choices | Legitimate interests; consent (where applicable) |
1.4 Social media links
Our websites may include social media links to our official social media channels, including LinkedIn, Instagram and Facebook.
These are links to third-party platforms. They do not, by themselves, mean that we collect personal data from those platforms while you are browsing our website. If you click a social media link, you will leave our website and be directed to the relevant third-party platform.
When you visit or interact with our social media pages or content on those platforms, the relevant platform may collect and use personal data about you in accordance with its own privacy notice, cookie policy and account settings. This may include information about your account, device, browser and interactions with our page or content.
We do not control how these third-party platforms process your personal data. We encourage you to review their privacy notices before interacting with them:
· Facebook / Meta Privacy Policy
Where you interact with us through our social media pages, for example by sending us a message, commenting on our posts, liking or sharing our content, tagging us or mentioning us, we may process information relating to that interaction to respond to you, manage our social media presence, understand engagement with our content, and protect our rights and reputation.
Personal data category | Purpose of processing | Lawful basis |
Social media interaction data; Communication and correspondence data | Manage and respond to comments, messages, tags, mentions or inquiries through our social media pages | Legitimate interests; performance of a contract where the inquiry relates to a service |
Social media interaction data | Manage our social media presence and understand engagement with our pages and content | Legitimate interests |
Communication and correspondence data; Complaint, investigation and outcome data | Investigate and respond to complaints, issues or service-related concerns raised through social media | Legitimate interests |
Aggregated or de-identified insights | Review platform-provided aggregated insights about engagement with our social media content and improve our communications | Legitimate interests |
2. Creating and managing your account and loyalty programs
Quick guide
Explains how we set up and manage accounts, authenticate users, administer memberships and operate loyatly and rewards schemes.
2.1 Creating and managing your account
When you create and use an account across our services, including EV charging, Wi-Fi, hotels or other digital services, we process personal data to set up your account, provide access to services and manage your ongoing relationship with us.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Create and register your account | Performance of a contract |
Account and membership data | Authenticate access and manage account security | Performance of a contract |
Address information; Billing and payment information | Support account administration and service delivery | Performance of a contract |
Preferences and consent data | Manage communication choices and consent records | Legal obligation; legitimate interests |
Transaction and usage data | Manage your account and provide services | Performance of a contract; legitimate interests |
Device and technical information | Ensure account security and detect unauthorized access | Legitimate interests |
2.2 Loyalty programs and rewards schemes
When you enroll in and participate in our loyalty or rewards programs, including legacy programs and partner programs such as Wyndham Rewards, we process personal data to administer your membership, provide benefits and enhance your experience.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Register and administer your loyalty membership | Performance of a contract |
Account and membership data | Manage your participation in the program | Performance of a contract |
Transaction and usage data | Track purchases, stays, and engagement | Performance of a contract; legitimate interests |
Loyalty and rewards data | Allocate points, rewards, and benefits | Performance of a contract |
Preferences and consent data; Marketing and advertising data | Personalize offers and improve program experience | Legitimate interests |
Marketing and advertising data | Send relevant communications and manage opt-ins/opt-outs | Consent; legitimate interests (where permitted) |
Aggregated or de-identified insights | Analyze program performance and customer engagement | Legitimate interests |
3. Core business services
Quick guide
Covers the services customers use most often, including fast charging, hotels on-site amenities, fuel cards, marketing offers, and surveys.
This section explains how we process personal data when you use our core services, including Fast Charge services, hotel services, amenities and fuel card services.
3.1 Fast Charge services
When you use Applegreen Fast Charge or other EV charging services, we process personal data to provide charging functionality, manage your account, process transactions and operate the service efficiently.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Account and membership data | Create and manage your EV charging account | Performance of a contract |
Contact details | Communicate with you regarding your account, charging sessions, and support | Performance of a contract |
Charging and session data | Deliver charging services and maintain usage records | Performance of a contract |
Billing and payment information | Process payments and manage financial transactions | Performance of a contract |
Vehicle information | Associate charging sessions with vehicles and ensure service functionality | Performance of a contract; legitimate interests |
Location and movement data | Enable charging services and location-based features (e.g. nearby chargers) | Performance of a contract; consent (where applicable) |
Device and technical information; Transaction and usage data | Maintain, troubleshoot, and improve service performance | Legitimate interests |
Preferences and consent data | Manage communication preferences and marketing choices | Consent; legitimate interests (where permitted) |
3.2 Hotels (bookings, stays and related services)
When you make a booking, stay at one of our hotels, including walk-ins and group bookings, or interact with our hotel services, we process personal data to manage your reservation, provide your stay and support service delivery and operations.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Create and manage bookings and customer records | Performance of a contract |
Booking and stay information | Manage reservations, stays and operational delivery | Performance of a contract |
Billing and payment information | Process payments, refunds and financial records | Performance of a contract |
Request and verification data | Verify identity and comply with legal requirements (where applicable) | Legal obligation; performance of a contract |
Preferences and consent data | Personalize your stay and improve service experience | Legitimate interests |
Communication and correspondence data | Provide customer support and respond to inquiries | Performance of a contract; legitimate interests |
Account and membership data | Manage participation in loyalty programs and allocate rewards | Performance of a contract; legitimate interests |
Marketing and advertising data | Manage opt-ins/opt-outs and deliver marketing communications | Consent; legitimate interests (where permitted) |
Booking and stay information; Aggregated or de-identified insights | Analyze trends, improve services, and support business operations | Legitimate interests |
3.3 Amenities and on-site services
When you use our on-site amenities and services, such as Wi-Fi, feedback surveys, games rooms or newsletter sign-ups, we process personal data to provide access to services, understand customer needs and improve your experience.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Provide access to amenities (e.g. Wi-Fi), manage registrations, and enable follow-up where required | Performance of a contract; legitimate interests |
Wi-Fi and access data; Device and technical information | Enable and manage internet access, ensure network security, and maintain service functionality | Performance of a contract; legitimate interests |
Demographic and profile data | Understand customer profiles and improve services and offerings | Legitimate interests |
Transaction and usage data | Analyze customer behavior and improve site experience and operations | Legitimate interests |
Feedback and survey data | Collect customer feedback, measure satisfaction (e.g. NPS), and improve services | Legitimate interests |
Service-related and contextual data; Feedback and survey data | Understand usage of specific services and improve offering (e.g. EV infrastructure) | Legitimate interests |
Marketing and advertising data | Record and manage consent for communications and marketing | Legal obligation; consent |
Marketing and advertising data | Send marketing communications where you have opted in or where permitted by law | Consent; legitimate interests (soft opt-in, where applicable) |
Aggregated or de-identified insights | Perform analytics and improve customer experience and service delivery | Legitimate interests |
3.4 Fuel card services
When you apply for, use or manage a fuel card with us, we process personal data to provide fuel card services, manage accounts, process transactions and ensure secure and compliant operation of the service.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Onboard customers and create fuel card accounts | Performance of a contract |
Business information | Verify eligibility and manage business accounts | Performance of a contract; legitimate interests |
Account and membership data | Issue and manage fuel cards and associated accounts | Performance of a contract |
Transaction and usage data | Record fuel purchases and monitor usage | Performance of a contract |
Billing and payment information | Process payments and manage invoicing and financial records | Performance of a contract |
Transaction and usage data | Associate transactions with vehicles and monitor usage | Performance of a contract; legitimate interests |
Incident and security data | Detect and prevent fraud, misuse and unauthorized transactions | Legitimate interests; legal obligation |
Communication and correspondence data | Provide customer support and resolve issues | Performance of a contract; legitimate interests |
Marketing and advertising data | Manage communication preferences and send marketing communications | Consent; legitimate interests (where permitted) |
Transaction and usage data; Aggregated or de-identified insights | Analyze usage, improve services, and support business operations | Legitimate interests |
3.5 Marketing communications
We use your personal data to send marketing communications about our products, services, offers and updates, where you have chosen to receive them or where permitted by law.
Personal data category | Purpose of processing | Lawful basis |
Contact details | Send marketing communications and updates | Consent; legitimate interests (soft opt-in where applicable) |
Marketing and advertising data | Record and manage consent and communication choices | Legal obligation; consent |
Identity information | Personalize communications (e.g. addressing you by name) | Legitimate interests |
Marketing and advertising data | Measure campaign effectiveness and improve communications | Legitimate interests |
3.6 Personalized offers and promotions
We use personal data to provide tailored offers, promotions and vouchers, and to manage their issuance and redemption.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Account and membership data | Identify you and link offers to your account | Performance of a contract; legitimate interests |
Transaction and usage data | Determine eligibility for offers and personalize promotions | Legitimate interests |
Promotion, voucher and redemption data | Issue, manage, and track promotions and vouchers | Performance of a contract |
Location and movement data | Validate and process voucher redemption | Performance of a contract |
Marketing and advertising data; Promotion, voucher and redemption data | Analyze engagement with offers and improve campaigns | Legitimate interests |
Marketing and advertising data | Ensure offers are sent in line with your choices | Consent; legitimate interests (where permitted) |
3.7 Customer surveys and feedback
We use personal data to collect feedback and understand customer experience, including through surveys, reviews and satisfaction metrics.
Personal data category | Purpose of processing | Lawful basis |
Contact details | Send survey invitations and follow-up communications | Legitimate interests; consent (where required) |
Feedback and survey data | Understand customer satisfaction and improve services | Legitimate interests |
Feedback and survey data | Measure performance and customer experience | Legitimate interests |
Service-related and contextual data; Feedback and survey data | Improve specific services (e.g. EV charging, hotels) | Legitimate interests |
Transaction and usage data | Monitor engagement with surveys and feedback activities | Legitimate interests |
4. Customer support, inquiries and complaints
Quick guide
Explains how we handle support contacts, general enquiries, complaints and privacy rights requests.
This section explains how we process personal data when you contact us, request support, submit a complaint or exercise your privacy rights.
4.1 Customer support and general inquiries
When you contact us for support or with general inquiries, for example by email, phone, social media or online forms, we process personal data to respond to your request and provide assistance.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Identify you and respond to your inquiry | Performance of a contract; legitimate interests |
Communication and correspondence data | Manage and respond to support requests | Legitimate interests |
Service-related and contextual data | Investigate and resolve issues relating to our services | Performance of a contract; legitimate interests |
Account and membership data | Provide accurate and tailored support | Legitimate interests |
4.2 Complaints handling
When you submit a complaint, we process personal data to investigate the matter, respond appropriately and maintain records for compliance and quality assurance purposes.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Identify you and manage the complaint | Legitimate interests |
Communication and correspondence data | Investigate and respond to complaints | Legitimate interests |
Service-related and contextual data; Transaction and usage data | Understand the circumstances of the complaint | Legitimate interests |
Complaint, investigation and outcome data | Maintain records and improve services | Legitimate interests |
4.3 Privacy requests
When you exercise your rights under data protection law, such as requesting access to your personal data or asking for it to be corrected or deleted, we process personal data to handle and respond to your request.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Identify you and communicate regarding your request | Legal obligation |
Request and verification data | Process and fulfil your data subject rights request | Legal obligation |
Request and verification data | Confirm your identity before processing the request | Legal obligation |
Communication and correspondence data | Maintain records of requests and responses for compliance | Legal obligation |
5. Physical environment and security
Quick guide
Describes how we keep our locations secure through CCTV, vehicle monitoring and certain analytics tools used to improve safety and operations.
This section explains how we process personal data to ensure the safety and security of customers, employees, sites and services, including through CCTV, vehicle monitoring and advanced monitoring technologies at certain locations.
5.1 CCTV and security monitoring
When you visit our sites, we may use CCTV systems to monitor and record activity for safety, security and operational purposes.
Personal data category | Purpose of processing | Lawful basis |
CCTV and video footage | Ensure safety and security of customers, staff, and property | Legitimate interests |
CCTV and video footage | Prevent and detect crime and anti-social behavior | Legitimate interests |
CCTV and video footage; Incident and security data | Investigate incidents and support law enforcement | Legal obligation; legitimate interests |
Vehicle information | Monitor site usage and investigate incidents | Legitimate interests |
5.2 Vehicle monitoring
At certain locations, we may monitor vehicle movements, including ANPR where applicable, to manage site access, prevent misuse such as unauthorized parking, and support security.
Personal data category | Purpose of processing | Lawful basis |
Vehicle information | Manage site access and prevent misuse | Legitimate interests |
Vehicle information | Monitor site usage and operational efficiency | Legitimate interests |
Vehicle information; Incident and security data | Investigate incidents and support enforcement actions | Legitimate interests; legal obligation |
5.3 Advanced analytics technologies
At selected sites, we may use advanced technologies, including facial recognition, demographic estimation and heat mapping, to analyze visitor patterns and improve site operations and customer experience. These technologies are primarily used to generate aggregated statistical insights. Where possible, processing is carried out using anonymized or pseudonymized data, and data is often processed locally to minimize retention of personal data.
Personal data category | Purpose of processing | Lawful basis |
CCTV and video footage | Count visitors and distinguish new vs returning visits | Legitimate interests |
Biometric and facial pattern data; Aggregated or de-identified insights | Generate visitor statistics and insights | Legitimate interests |
Demographic and profile data | Understand customer trends and improve site layout and services | Legitimate interests |
Location and movement data | Analyze how visitors move around sites to improve layout and operations | Legitimate interests |
Additional safeguards: facial data is transformed where appropriate, such as being blurred, masked or converted into templates, to reduce identifiability. Data is not used to identify individuals for marketing purposes. Outputs are typically aggregated and not linked to identifiable individuals. You may object to this type of processing at any time by contacting us.
6. Adult gaming areas and responsible gaming controls
Quick guide
Explains age checks, self-excursion controls, and responsible gambling interventions used in the adult gaming areas at relevant locations.
At certain Welcome Break locations, we operate adult gaming areas. We process personal data in these environments to ensure compliance with legal obligations, protect customers and promote responsible gambling.
6.1 Age verification and access control
We use facial recognition technology in adult gaming areas to help ensure that only individuals aged 18 or over access these areas.
Personal data category | Purpose of processing | Lawful basis |
Biometric and facial pattern data | Estimate age to prevent access by individuals under 18 | Legal obligation; legitimate interests |
Biometric and facial pattern data | Identify individuals who may require intervention (e.g. self-excluded individuals or known risks) | Legal obligation; substantial public interest (where applicable) |
Adult gaming access and alert data | Notify staff to take appropriate action (e.g. deny entry) | Legal obligation; legitimate interests |
Important information: facial images are analyzed in real time and are not retained for general age estimation purposes. Processing is limited to short-term analysis to determine access eligibility. Data is not used for marketing or unrelated purposes.
6.2 Self-exclusion and intervention measures
To comply with our obligations under the Gambling Commission Licence Conditions and Codes of Practice (LCCP), we implement controls to support individuals who have self-excluded or may require intervention.
Personal data category | Purpose of processing | Lawful basis |
Adult gaming access and alert data | Enforce self-exclusion requests and prevent access | Legal obligation |
Vehicle information | Identify when self-excluded individuals may be on site | Legal obligation; legitimate interests |
Vehicle information | Support enforcement of self-exclusion measures | Legal obligation |
Adult gaming access and alert data | Enable staff to intervene where required | Legal obligation; legitimate interests |
6.3 Responsible gambling monitoring and interventions
We may use limited data from gaming machines to support responsible gambling practices and identify when an intervention may be appropriate.
Personal data category | Purpose of processing | Lawful basis |
Gaming session and intervention data | Identify patterns indicating a need for intervention | Legal obligation; legitimate interests |
Gaming session and intervention data | Support real-time staff intervention | Legal obligation |
Gaming session and intervention data | Record that an intervention occurred (without linking to identifiable individuals where possible) | Legal obligation; legitimate interests |
Important safeguards: gaming machine session data is not linked to identifiable individuals on a continuous basis. Identification may only occur at the point of staff interaction, where necessary. We do not maintain records linking individuals to specific gaming sessions beyond what is required for compliance. Records focus on interventions rather than tracking individual behavior over time.
7. Operations, fraud prevention and compliance
Quick guide
Covers fraud prevention, legal compliance, internal controls, analytics and the administration needed to run the business responsibly.
This section explains how we process personal data to protect our business, customers and services, meet legal and regulatory obligations, and improve how we operate.
7.1 Fraud prevention and security
We may process personal data to help prevent, detect and investigate fraud, misuse, unauthorized activity or other behavior that could harm our customers, employees, services or business.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Account and membership data | Verify customers and detect suspicious activity | Legitimate interests |
Transaction and usage data | Prevent, detect, and investigate fraud, misuse, or unauthorized activity | Legitimate interests |
Billing and payment information | Identify irregular or fraudulent transactions | Legitimate interests; legal obligation |
Device and technical information; Incident and security data | Protect our systems, websites, apps, and customer accounts | Legitimate interests |
Vehicle information; Incident and security data | Investigate misuse of services or site-related incidents | Legitimate interests |
Complaint, investigation and outcome data | Support internal investigations and evidence gathering | Legitimate interests; legal obligation |
7.2 Legal and regulatory compliance
We may process personal data where necessary to comply with applicable laws, regulations, legal processes, industry requirements or requests from public authorities.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Contact details | Respond to legal, regulatory, or official requests | Legal obligation |
Transaction and usage data | Meet record-keeping, compliance, and statutory obligations | Legal obligation |
Billing and payment information | Comply with financial, tax, and audit requirements | Legal obligation |
Communication and correspondence data | Demonstrate compliance and handle regulatory inquiries | Legal obligation |
CCTV and video footage; Vehicle information; Incident and security data | Support investigations and legal or law enforcement requests | Legal obligation; legitimate interests |
Request and verification data | Meet identity verification and compliance requirements | Legal obligation |
7.3 Auditing, reporting and internal controls
We may use personal data for internal governance purposes, including auditing, quality assurance, financial control, risk management and business reporting.
Personal data category | Purpose of processing | Lawful basis |
Transaction and usage data | Maintain internal records and support audits | Legitimate interests; legal obligation |
Billing and payment information | Conduct internal financial reporting and controls | Legal obligation; legitimate interests |
Transaction and usage data | Monitor service delivery and business performance | Legitimate interests |
Complaint, investigation and outcome data | Review quality, controls, and risk management processes | Legitimate interests |
Complaint, investigation and outcome data; Request and verification data | Evidence governance and accountability measures | Legitimate interests; legal obligation |
7.4 Analytics and service improvement
We may use personal data to understand how our customers use our services, identify trends, improve customer experience and develop or enhance our products, services and operations.
Personal data category | Purpose of processing | Lawful basis |
Transaction and usage data | Understand how customers use our services | Legitimate interests |
Transaction and usage data | Improve service delivery, performance, and business processes | Legitimate interests |
Feedback and survey data | Improve customer experience and service quality | Legitimate interests |
Preferences and consent data; Marketing and advertising data | Tailor and refine services and customer journeys | Legitimate interests |
Aggregated or de-identified insights | Produce reports, identify trends, and support business planning | Legitimate interests |
7.5 Business administration and corporate operations
We may process personal data as part of the day-to-day administration of our business, including record management, corporate governance, insurance, dispute handling and business continuity.
Personal data category | Purpose of processing | Lawful basis |
Identity information; Account and membership data | Maintain business records and administer customer relationships | Legitimate interests |
Transaction and usage data | Support governance, insurance, and dispute resolution | Legitimate interests |
Communication and correspondence data | Manage claims, disputes, and business continuity issues | Legitimate interests; legal obligation |
Service-related and contextual data | Support internal administration and corporate governance | Legitimate interests |
V. Who we share your data with
Quick guide
This section lists the types of recipients who may receive personal data, such as group companies, suppliers, partners, advisers, authorities and fraud prevention organisations.
We may share your personal data with third parties where necessary for the purposes described in this Privacy Notice. We only share personal data where there is a lawful basis to do so and appropriate safeguards are in place.
We may share your personal data with the following categories of recipients:
-
Group companies: We may share your personal data within the Applegreen Group, including Welcome Break and other affiliated entities, where necessary for group operations, service delivery and internal administration.
-
Service providers and data processors: We engage third-party service providers to support our business operations. These may include providers of IT systems and hosting, cloud services, customer relationship management (CRM) systems, payment processing, booking systems, loyalty program platforms, EV charging infrastructure, fuel card services, marketing and communications platforms, data analytics and survey tools. These providers process personal data on our behalf and are subject to contractual obligations to protect it.
-
Payment and financial service providers: We may share personal data with banks, payment processors and other financial institutions to process transactions, manage payments and prevent fraud.
-
Business partners: We may share personal data with partners involved in delivering services such as hotel bookings, loyalty and rewards programs, including partner programs such as Wyndham Rewards, EV charging services and promotions or campaigns.
-
Marketing and advertising partners: Where permitted by law, we may share data with marketing agencies, advertising platforms and analytics providers to deliver and measure marketing campaigns and promotions, in accordance with your preferences.
-
Professional advisers: We may share personal data with professional advisers such as lawyers, auditors, insurers and consultants where necessary for legal, compliance or business purposes.
-
Regulators, authorities and law enforcement: We may share personal data with regulators, supervisory authorities, police, courts and law enforcement agencies where required to comply with legal obligations or respond to lawful requests.
-
Fraud prevention and security organizations: We may share personal data with organizations that assist with fraud prevention, risk management and security monitoring.
-
Third parties in connection with business transactions: If we are involved in a merger, acquisition, restructuring or sale of assets, personal data may be shared with relevant third parties, subject to appropriate safeguards.
We require all third parties to respect the security of your personal data and to process it in accordance with applicable data protection laws. Where third parties act as our processors, they are only permitted to process your personal data in accordance with our instructions.
VI. International transfers of personal data
Quick guide
Explains when personal data may be transferred internationally and the safeguards used to protect those transfers.
We are an international organization and may transfer, store or access your personal data outside the European Economic Area (EEA) and the United Kingdom. This includes transfers within the Applegreen Group, as well as to service providers and partners located in other countries, where necessary to support our services and global operations.
Where such transfers take place, they are carried out in accordance with applicable data protection laws, including where the destination country benefits from an adequacy decision or where appropriate safeguards and recognized transfer mechanisms are in place.
VII. How long we keep your personal data
Quick guide
This section explains our retention approach - we keep data only as long as needed for the purpose, legal requirements or legitimate business needs.
We will only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to meet legal, regulatory or business requirements.
The length of time we retain personal data depends on the type of data and how it is used. In some cases, we may need to retain it for longer to comply with legal obligations, resolve disputes or protect our business.
Once personal data is no longer required, we will securely delete it or anonymize it so that it can no longer be used to identify you.
VIII. Your privacy rights
Quick guide
Here you can find the privacy rights available to individual and how those rights can be exercised in different jurisdictions
USA
Quick guide
Meet the organisations behind this notice.
This section explains which Applegreen Group company may act as controller and how to contact the relevant privacy team.
We operate in a number of U.S. states that have their own privacy laws, including Connecticut, Delaware, New Hampshire, New Jersey and Indiana.
This section applies to residents of those states. Your privacy rights may vary depending on the state in which you reside, and we will update this Privacy Notice as additional state privacy laws become applicable to our business.
Residents of the states listed above may have some or all of the following rights under applicable state privacy laws:
-
the right to confirm whether we are processing your personally identifiable information (PII);
-
the right to access your PII;
-
the right to correct inaccuracies in your PII;
-
the right to delete your PII, subject to certain exceptions;
-
the right to obtain a copy of your PII in a portable format; and
-
the right to opt out of the processing of your PII for targeted advertising or the sale of personal data.
We do not sell personally identifiable information.
You can exercise your rights by completing our privacy request web form here or by contacting us at dpo@applegreen.com. We may need to verify your identity before processing your request.
IX. Data security
QUICK GUIDE
Meet the organisations behind this notice.
This section explains which Applegreen Group company may act as controller and how to contact the relevant privacy team.
We take appropriate technical and organizational measures to protect your personal data.
These measures are designed to safeguard your personal data against accidental loss, unauthorized access, use, disclosure or alteration.
While we take security seriously, please note that no method of transmitting data over the internet or storing information electronically is completely secure. As a result, we cannot guarantee absolute security.
X. Changes to this privacy notice
QUICK GUIDE
Meet the organisations behind this notice.
This section explains which Applegreen Group company may act as controller and how to contact the relevant privacy team.
We may update this Privacy Notice from time to time to reflect changes in our practices, services or legal requirements.
Any changes will be published on this page and, where appropriate, we will notify you. We encourage you to review this Privacy Notice periodically so that you remain informed about how we use your personal data.
XI. Contact us
If you have any questions, comments or concerns about this Privacy Notice or our data protection practices, you can contact us at: dpo@applegreen.com