OUR PRIVACY PROMISE (UK)
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA
The restaurant is the data controller of your personal data (including name, address, telephone number, email, and other data which could identify you – together defined as “personal data”), which you provide in connection with your purchase of items (as defined in the “website terms and conditions”) through the Service. Hereafter, the terms “we”, “us” or “our” are each intended as reference to the restaurant.
Our information and contact details are provided to you at our website and/or through the Service.
We outsource the Service to OrderYOYO Ltd (“OrderYOYO”). As a result, OrderYOYO acts as a data processor on behalf of explicit instructions given by us. These instructions are ruled in their totality by a separate data protection agreement (DPA).
WHAT INFORMATION DO WE COLLECT
|Specific Data Type
|Name, address, telephone number, email address
|Order data, purchase history, payment information, payment card token
|Consent for marketing purposes, device tokens
|Name, email address
HOW AND WHY WE USE YOUR PERSONAL DATA
We process personal data:
- To manage your orders and provide our Service to you
- To personalise and improve your customer experience
We may use your information to let you know about our other products and services (including vouchers and offers) that may be of interest to you including services that may be the subject of direct marketing. We may contact you to do so by SMS and email, oﬀers presented within the app and if you use our mobile application via push notiﬁcation. It is always your choice whether to continue receiving such marketing materials and updates.
The data protection requires us to rely on a lawful basis to process your personal data. Thus, our legal basis for the processing is the general data protection regulation (“GDPR”) article 6(1)(b) since processing is necessary for the performance of a contract to which you are a party to.
In some instances, we may rely on your consent to use some of your personal data, for example when you choose to receive promotions. In this vein, the legal basis for such processing is GDPR article 6(1)(a) since you consent to such processing. You can always withdraw Your consent as per instructions and guidelines provided by using the Service. Further details are presented in the next section.
HOW YOU CAN OPT OUT
If you no longer wish to receive such information, you can manage your preferences for email and SMS marketing communications at any time by going to the my proﬁle page. Alternatively, you can opt out by using the unsubscribe mechanism in the marketing communication itself (e.g. by clicking the unsubscribe link at the bottom of an email or by sending an SMS as per instructions).
To manage push notifications, go to the settings page of your phone or tablet and change the push notification permission. If you switch oﬀ in-app push notifications, you will no longer receive updates on your orders via push.
FOR HOW LONG IS YOUR PERSONAL DATA STORED
We will retain your personal data for as long as you maintain an account or as needed to provide you the Service. We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Inactivate accounts will be anonymized after 18 months, and as a result these will not considered to be personal data anymore.
YOU ARE IN CONTROL OF YOUR DATA
You have specific rights which help you to be in control of your personal data and we want to make it easy for you to exercise these rights:
|Right to access
|If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data.
|Right to rectification
|If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it.
|Right to erasure and right to restrict processing
|In certain circumstances you can ask us to erase the information or restrict the use of the information.
|Right to data portability
|You have the right to obtain the personal data we process about you in a structured, commonly used and machine-readable format, and to reuse it elsewhere.
|Right to object and to withdraw consent
|You have the right to object to the use of your data for direct marketing purposes at any time. Please see the previous section for more details on how you can unsubscribe from marketing
|Right to lodge a complaint
|If you wish to complain about the processing of your personal data, you can file a complaint to the UK supervisory authority:
Information commissioner’s office
Wycliffe house. Water lane
Cheshire sk9 5af
Tel: 0303 123 1113 or 01625 545 745
Fax: 01625 524 510
Please write an email to firstname.lastname@example.org in order to exercise any of the rights mentioned above. If you contact us, please explain the reason(s) for your request and the desired action. On the other hand, you can update your data as well as delete permanently your account in your profile.
For the protection of your information, we will also need to verify your identity. It would be convenient if you contact us with the email address associated to your profile account and/or include a reference to an orderID.
In addition, any comments with regards to e.g. the reasons you want to obtain your data in a portable format and how you are planning to use it are welcomed. This is a new data right and we are keen to understand how we can provide portable data that is convenient. Please note that providing this information is not mandatory and it will not affect the way we will process your request, but it will help our future planning.
PROTECTING YOUR PERSONAL DATA
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risks, that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. Access to personal data is restricted to authorised personnel who have a legitimate business purpose for accessing your personal data. In case of a data breach we commit ourselves to address it in an appropriate and timely manner.
WHY WE COLLECT DATA – USING COOKIES AND SIMILAR TECHNOLOGIES
There are two different types of cookies, permanent and temporary (cookies for sessions). Permanent cookies are saved as a file on your computer or mobile for a period of not more than 12 months. Cookies for sessions are temporary and disappear when you close the session in the browser.
SHARING PERSONAL DATA
In delivering the Service to you, we may share your personal information with the following entities:
|Microsoft Ireland Operations Ltd.
|Cloud computing, storing and processing
|Marketing tool for direct marketing purposes
|Call forwarding system
|Stuart Delivery Ltd.
|Anonymous event tracking
|Anonymous event tracking
|A/B split testing
|A/B split testing – Not in use
Moreover, we may share personal data with any law enforcement or regulatory body, government agency, court or other third party where we believe disclosure is necessary as a matter of applicable law or regulation, to exercise, establish or defend our legal rights, or to protect your vital interests or those of any other person.
HOW TO CONTACT US
- by writing to us at:
56 Princess Street
- by email at: email@example.com