I was just given my first Article 14 from tastecard.co.uk that links to their GDPR privacy policy (tastecard.co.uk/privacy-policy/). its safe to say, its completely wrong. I mean, its the exact opposite of a privacy policy:
The Dining Club Group (DCG) have a legitimate interest in further processing the information which is provided by customers at the point of sale for marketing purposes.
We may also use your data, or permit selected third parties, such as but not limited to; participating restaurants or Livebookings Holdings Limited, trading as Bookatable, to use your data to provide you with information about goods and services which may be of interest to you and may contact you about these by post or telephone.
So, what they are saying is, we'll give your data to anyone, anywhere, without your explicit consent because, um, we want to.
There is a spanking coming soon, and its going to be epic. *popcorn*