1. Privacy and Your Personal Data
1.2 It applies to Information collected by us, or provided by you, whether in one of our restaurants or over our Website (including the mobile optimised version of the website accessible from your portable hand-held device), or in any other way (such as over the telephone). It is also intended to assist you in making informed decisions when using our Website and our products and services. Please take a minute to read and understand the policy.
1.3 All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in section 9 below, please write to us at the below at firstname.lastname@example.org
1.4 For the purpose of the Data Protection Regulation 2016/679, the data controller is Rack & Bone, [add address].
2. What Information Do We Collect on our Website?
2.1 When you visit our Website (including the mobile optimised version of the website accessible from your portable hand-held device) you may provide us with personal information such as name, postcode, email address, mobile phone number or date of birth (month and year only). You may provide us with Information in a number of ways:
- by supplying us with the Information as listed above, on an individual basis by registering as a registered user or subscribing to receive updates or offers from us. To become a registered user you must provide us with your name and email address, but you may also provide us with additional information if you choose to do so.
- by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;
- by booking a table using the booking form on the website or ordering a takeaway online using Deliveroo;
- by using the contact form to get in touch with us, in which case we may retain the content of your enquiry together with your email address and our responses.
2.2 We may collect Information about your computer, including where available your IP address, operating system, browser type and the geographical location of your computer, for system administration purposes. We may also report aggregate information to our advertisers. This is statistical data about browsing actions and patterns and does not identify you as an individual.
3. How we use your Information
3.1 We will hold, use and disclose your Information for our legitimate business purposes including:
- to keep you up to date about important changes to our business;
- to direct-market products and services (including push notifications), advise you of news and industry updates, events, promotions and competitions and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
- to apply profiling technology which analyses our customers’ engagement with our direct marketing communications, activity and interests so that we can send you content that is relevant to you;
- to answer your queries;
- to provide further services to you by sharing your Information with trusted third parties. Further details about this are set out in section 6 below;
- to release Information to regulatory or law enforcement agencies if we are required or permitted to do so.
3.2 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health in booking requests. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
4. The legal basis for processing your Information
4.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
- Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
- Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your Information for the purposes of our(or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries from you, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
- Consent – in some circumstances, we may ask for your consent to process your Information in a particular way.
5. What personal information do we collect and how we use it?
We collect and use your personal information in a variety of ways, for example, to provide you with the Services that you have requested from us such as making a table booking or to send you marketing.We have set out below the ways in which we collect your personal information and the reasons why we use it.
Marketing – we carry out the following marketing activities using your personal information:
Our email marketing will include personalised and non-personalised email marketing. Personalised email marketing is marketing which has been specifically tailored to you. For example, our personalised email marketing will feature our products and services that we think are most likely to appeal to you.
Non-personalised marketing is marketing about our products and services generally and is not tailored to any particular individual.
We will only send you marketing communications via email where you have consented to receive such marketing communications, or where we have an alternative lawful right to do so.
Online and social media advertising. We use your email address to serve you with online advertising (including on social media channels) operated by Facebook, Instagram and Google where you are a registered user of such services.
Our online and social advertising will include personalised and non-personalised remarketing. Personalised advertising is marketing which has been specifically tailored to you. For example, our personalised remarketing will feature our products and services that we think are most likely to appeal to you. Non-personalised advertising is marketing about our products and services generally and is not tailored to any particular individual.
Where we are undertaking personalised online advertising, we will also use information that we observe about you from your interactions with our Site, and our email communications to you and/or with our products and services in our restaurants.
Your browsing and interaction on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies.
We do not monitor, control, or endorse the privacy practices of any third parties.
We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices.
Google Analytics – Google Analytics cookies collect information on how website visitors use the site and the applications on it. That information helps us to improve the site and the customer experience. Cookies collect information in an anonymous form which includes information of numbers of visitors, where they’ve come from and which pages on the site they’ve visited as well as how long they’ve spent on those pages.
Customer services – Our Site allow you to request information about our products and Services or make a complaint about any of the Services through a contact form or direct email address. Your name and contact information may be requested in each case, together with details of other personal information that is relevant to your customer service enquiry. This information is used in order to enable us to respond to your request or complaint.It is in our legitimate interest to use your personal information in such a way to ensure that we providethe very best customer service we can to you.
Reviews and Feeds – Our social media feed has been embedded into the website to provide a snapshot of what’s happening. The feeds come directly from our Facebook, Twitter and Instagram accounts.
Regulatory and law enforcement agencies – As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
6. Third Parties
7. How long we hold your Information
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information through a competition entry, we will retain your data for as long as is necessary to administer the competition. If we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application, and maintain application statistics. We will not directly market to you for longer than three (3) years, unless you consent to receive direct marketing by opting in again before the expiry of that three (3) year period. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
8. Your rights relating to your Information
8.1 You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
- Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
- Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.
- Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
- Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.
- This right exists in respect of Information that:
- – you have provided to us previously; and
- – is processed by us using automated means.
- While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
8.2 You can exercise any of the above rights by contacting us at the address or email address set out above. You can exercise your rights free of charge.
8.3 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address or email address set out above.
The above rights are provided in summary form only and certain limitations apply to many of these rights. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Information Commissioner’s Office