It provides information on what personal data we collect, why we collect the personal data, how it is used and the lawful basis on which your personal data is processed, and what your rights are under the applicable data protection and privacy laws, including the General Data Protection Regulation (“GDPR”) which are applicable to us and you as of 25 May 2018.
We will review this policy from time to time to make sure it's up-to-date. If we make changes, we will post the latest version here. When we make significant changes, we will let you know when you next access our services, or by other communications.
3.What personal data we collect
Information collected voluntarily: Personal details you choose to give when corresponding with us by phone or e-mail, participating in user/customer/guest surveys or otherwise visiting and interacting with this Site or any other websites we operate, and personal data that you provide to us when you visit one of our restaurants and bars. We can also combine personal data that you provide to us with other information we collect about you when you make a reservation through third-party services as necessary to process your requests.
Information collected automatically: We generate or collect some information from your computer or device automatically as you use our sites. This includes stuff like your IP address (from which we understand the country you are connecting from at the time you visit the Site), information about the device and browser you are using to access our services, the website URL you visited us from and the third party sites you visit when you click on links to exit the site and the date and time of your request. It also includes details of the bookings you have made.
Information received from third parties
Sometimes we are given information about you from third parties, depending on how you choose to interact with us. For example, when you come to our website via a promotional partner, or when you log into your account using our social network login feature, we might collect information from them about, what you booked and whether your booking was successful. We may also collect information about you from fraud prevention services providers we cooperate with to prevent misuse of your personal data.
Our services are not intended for children under 16 years of age, and no one under the age of 16 should provide any information to, on or via our services. We don't knowingly collect personal data from children under 16, and will delete any that we learn we have collected or received that was not provided by, or with express consent on behalf of, the child's parent or legal guardian.
4. Why and how do we use your personal data?
By giving your consent, we only use your information which is necessary to deliver the services you've requested, to exercise or comply with legal rights or obligations, or for normal business purposes of the kind set out in this policy. And when we need to do so to deliver our services or facilitate the performance of a contract you've entered, or are entering into, such as making a booking with us.
We use your personal data in the following ways:
To acknowledge, confirm and deal with your reservation (and where necessary put you on our waiting list). Such use of your data is necessary in order to implement your request to make a reservation with us.
To complete and fulfil your reservation, for example to process your payment and provide you with related customer service, including sending confirmations or pre-arrival messages, events or celebrations. Such use is necessary for the performance of the contract between you and us.
To contact you in connection with user/customer surveys and use any information you choose to submit in response, provided that you gave us your consent to being contacted in this way at the time you provided us with the personal data.
We may provide you, or permit selected third party service providers to provide you, with information about goods or services, events and other promotions we feel may interest you as a guest. We (or such third party providers) will contact you by email only with your consent, which was given at the time you provided us with the personal data.
As necessary for certain legitimate business interests, which include the following:
where we are asked to deal with any enquiries or complaints you make;
to administer our Site, to better understand how visitors interact with our websites and ensure that our Site is presented in the most effective manner for you and for your computer/device;
to conduct analytics to inform our marketing strategy and enable us to enhance and personalise the experience we offer to our guests and our communications, including by creating customer or guest profiles to enable personalised direct marketing communications;
to provide postal communications which we think will be of interest to you.
if you ask us to delete your data or to be removed from our marketing lists and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing;
to share personal data among our affiliated businesses for administrative purposes, for providing guest services and in relation to our sales and marketing activities;
we may make the data that we collect anonymous, aggregated and unidentifiable and use such anonymous, aggregated and unidentifiable data for our own internal business purposes, including sharing it with our current and prospective guests, business partners, our affiliated businesses, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyse patterns among groups of people, and conducting research on demographics, interests and behavior;
for internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Site, network and information systems secure; and
to (i) comply with legal obligations, (ii) respond to requests from competent authorities; (iii) protect our operations or those of any of our affiliated businesses; (iv) protect our rights, safety or property, and/or that of our affiliated businesses, you or others; and (v) enforcing or defending legal rights, or preventing damage.
Security and fraud-prevention purposes, for example by storing a subset of your payment information such as last 4 digits of your credit card and IP address to record where a payment may have originated from, or to protect our services against misuse of our APIs or from automated software agents. For those purposes we might make automated decisions about you, which may result in us blocking the purchase/reservation, for which we will inform you immediately.
Identifying and correcting faults with our services or areas for improvement through use of information like browser type, operating system, locale and language information and general site activity alongside any specific feedback you may provide to us from time to time.
We may use your personal data for other purposes, which you have consented to at the time of providing your data.
5.Sharing of information with third parties
We share your information only where you ask us to, where it's a necessary part of doing business with you and providing you with the services, or where we need to for legal reasons. Also, companies that help us deliver our services will collect and use your data on our behalf.
We share your personal data with third parties in the following situations:
Service Providers: like many businesses, hires selected third parties who act on our behalf to support our operations, such as (i) card processing or payment services (see the section below headed “Payment Information”), (ii) credit reference agencies to protect against possible fraud, (iii) IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide membership services and other goods/services available on this Site or to guests, (iv) web analytics providers, (v) providers of digital advertising services and (vi) providers of CRM, marketing and sales software solutions. Pursuant to our instructions, these parties may access, process or store your personal data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
We require any Third Party Processor which handles information on our behalf to do so pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor's own purposes (unless you have explicitly consented to them doing so).
Third Party Processors may be located in, or process your information, outside of the country in which you are based. Where appropriate we will take steps to ensure that recipients outside your country comply with your country's privacy laws.
Business Transfers: if we sell our business or our company assets are acquired by a third party personal data held by us about our guests or customers may be one of the transferred assets.
Administrative and Legal Reasons: if we need to disclose your personal data (i) to comply with a legal obligation and/or judicial or regulatory proceedings, a court order or other legal process and to prevent, detect or prosecute illegal or suspected illegal activities, including fraud, or to prevent other damage or where necessary in response to legally binding requests, legal action against us, or to enforce our rights and claims. (ii) to enforce our Terms & Conditions or other applicable contract terms that you are subject to or (iii) to protect us, our guests, or contractors against loss or damage. This may include (without limit) exchanging information with the police, courts or law enforcement organisations.
We may arrange that card or payment data you submit in support of a reservation, purchase or subscription fee is stored for the purpose of collecting your subscription fee and any purchases or reservations made.
We store and use this card or payment information for the purpose of processing any future payments that you make as a guest for additional goods and services. We will store this data in accordance with our legal obligations under applicable law and only for so long as legally permitted.
You may choose to opt out of us holding your card or payment data although this means that you will need to re-supply us with card/payment details to initiate your subscription fee or for the purpose of making any future purchases or reservations.
7.How do we keep your personal data secure?
Keeping your personal data secure is our highest priority. We limit access to only those group employees who have to come into contact with your information to do their jobs and deliver our services.
Unfortunately, no website or app can guarantee complete security but We will take appropriate technical and organizational security measures to protect the personal data that you submit to us against unauthorised/unlawful access or loss, destruction or damage, although we cannot 100% guarantee the security of personal data that you provide to us online.
8. Your legal rights
Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights in relation to your personal data:
You have the right to ask us for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you have provided to us in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don't have to process the data to meet a contractual or other legal requirement, or where we are using your personal data for the purposes of direct marketing).
You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
If you have unresolved concerns, you have the right to complain to a data protection authority.
If you wish to exercise any of these rights please contact us as described in the “Contact” section below. We may also need to ask you for further information to verify your identity before we can respond to any request.