Privacy Policy Sample
Please note: The advice given by us relating to the GDPR (General Data Protection Regulation) is for information purposes only and does not constitute legal advice. It is not designed to be an exhaustive guide to the requirements of the GDPR. It is your legal responsibility to ensure that you comply with the provisions of the GDPR, any other related legislation and ResDiary’s Terms and Conditions. Each company’s responsibilities relating to the GDPR will vary depending on individual circumstances; accordingly we will not be liable to you for your reliance on our advice provided in relation to the GDPR. We recommend that you seek appropriate legal or specialist advice regarding GDPR and data protection legislation.
This guide to privacy notices isn’t simply for you to copy and paste to put on your website. Make sure you amend it before using it so it is tailored to your venue and specific data use. Please note that this guide to privacy notices was published on 26th May 2022 and as the GDPR may change, it is your responsibility to ensure your privacy notice is up to date.
About this Notice
[INSERT RESTAURANT NAME AND/OR THE COMPANY NAME/GROUP NAME] is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible way. This notice outlines how we aim to achieve this and includes the information collected when:
- you use our website [INSERT RESTAURANT WEBSITE]
- you make a booking on our website
- you make enquiries on our website
- someone is interested in working with us
Definition of Personal Data
Personal Data means any data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via our site.
By providing your personal data, you agree that we can use your personal data in accordance with this notice. Please ensure you understand this policy in its entirety and take your time to read it.
Who are we?
[INSERT RESTAURANT NAME, IF YOU ARE A RESTAURANT GROUP PLEASE ENTER DETAILS HERE] (“We”, “Us”, “Our”) is a restaurant or venue, our address is:[ENTER YOUR ADDRESS AND REGISTERED ADDRESS HERE IF DIFFERENT FROM THE VENUE LOCATION]. Our company registration number is [ENTER COMPANY REGISTRATION NUMBER HERE].
We act as the data controller for your data.
How do we collect information from you?
We collect information from you:
- when you make a booking
- when you visit our restaurant (preferences, allergies etc.)
- make an enquiry
- when you sign up to marketing emails
What type of information is collected from you?
- You may be asked to submit personal information about yourself when you make a booking. We will collect this information so we can fulfil your booking request and you may dine at our venue.
When you make a booking:
We collect information such as:
- title
- name
- e-mail address (used for booking confirmation and post-dining feedback emails)
- home or work address
- billing information taken for deposits, ticketing, or holding credit card information for
- use in the case of no-shows (where applicable)
- telephone number
- company name
- dietary requests
- marketing preferences (whether you opt-in or opt-out)
When you dine at our restaurant:
- marketing responses (where applicable)
- survey responses
- current and past restaurant reservation details
When you access our sites:
There is “Device Information” about your computer hardware and software that is automatically collected by us. This information can include:
- device type (e.g. mobile, computer, laptop, tablet)
- cookies
- operating system
- IP address
- browser type
- browser information (e.g., type, language, and history)
- domain names
- access times
- settings
- referring website addresses
- other data about your device to provide the services as otherwise described in this policy.
Location information:
If you use our website, we may receive your generic location (such as city or neighbourhood).
Careers:
You may submit your CV if you’re interested in working for us by email or through our Contact Page. This information may include:
- personal details
- employment details
- education
- salary history
- other relevant details
We will use this information to assess your application. We may also keep it in our records for future job opportunities. Please get in contact if you would no longer like us to hold your records at [INSERT THE APPROPRIATE CONTACT EMAIL ADDRESS].
How is your information used?
Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.
We require the information outlined in the previous section to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- Send you service emails (booking confirmation and post-dining feedback).
- Improve our products and services.
- Send marketing communications if you have opted in to receive them.
- We may use the information to customise the website according to your interests.
- [ADD AS APPROPRIATE]
Who has access to your information?
We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under current legislation.
We will only share your information with companies if necessary to deliver services on our behalf. For example service providers (e.g. ResDiary for the provision of online bookings), third-party payment processors, and other third parties to provide our Sites and fulfil your requests, and as otherwise consented to by you or as permitted by applicable law.
Third parties [LIST THIRD PARTIES WHOSE CONTENT APPEARS ON THE SITE] whose content appears on our Site may use third-party Cookies, as detailed below. Please refer to ‘Use of Cookies’ for more information on controlling Cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy notices of any such third parties.
You may choose to restrict the collection or use of your personal information at any point. Please refer to the Your Choices section of this Privacy Notice for details.
How and where do we store data?
We only keep your personal data for as long as we need to in order to use it as described in this privacy notice, and/or for as long as we have your permission to keep it.
For reservations taken through ResDiary software, your data will only be stored in your local country, jurisdiction or lawful location. ResDiary data is stored securely in data centres managed by Microsoft Azure.
Profiling
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
Your Choices
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not pass your details to any third parties for marketing purposes unless you have expressly permitted us to. Furthermore, you can change your marketing preferences at any time by contacting us by email at [INSERT THE APPROPRIATE CONTACT EMAIL ADDRESS].
Your rights on the information we hold about you
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold.
Right of Rectification
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us.
Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased.
Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information by contacting us.
Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that information to you or directly to a third party organisation.
The above right exists only in respect of personal information that:
- you have provided to us previously; and
- is processed by us using automated means.
You can exercise any of the above rights by contacting us using any of the methods in the Contact section below.
Consent
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will, therefore, be retained for the following periods (or its retention will be determined on the following basis):
[INSERT HOW LONG EACH TYPE OF PERSONAL DATA WILL BE RETAINED, OR HOW RETENTION IS DETERMINED IF THIS IS NOT A FIXED PERIOD. ADD FURTHER ITEMS AS REQUIRED]
Data for marketing purposes – 5 years
Booking Information – 3 years
Career application information – 2 years
Security
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site.
Use of ‘cookies’
Like many other websites, we use cookies. We use them to help you personalise your online experience.
A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.
We may use cookies for the following purposes: [PLEASE DELETE AS APPROPRIATE. YOU MAY NEED YOUR WEB COMPANY TO HELP WITH THIS. IF YOU HAVE A SEPARATE COOKIE POLICY, YOU MAY NOT REQUIRE TO INCLUDE ALL OF THIS INFORMATION IN THIS PRIVACY NOTICE]
- Authentication, personalisation and security: cookies help us verify your account and device and determine when you log in, so we can make it easier for you to access the services and provide the appropriate experiences and features. We also use cookies to help prevent fraudulent use of login credentials.
- Performance and analytics: cookies help us analyse how the services are being accessed and used, and enable us to track the performance of the services. For example, we use cookies to determine if you viewed a page or opened an email. This helps us provide you with information that you find interesting. We also use cookies to provide insights regarding your End Users and your sites’ performance, such as page views, conversion rates, device information, visitor IP addresses, and referral sites.
- Third Parties: Third Party services may use cookies to help you sign into their services from our services. We also may use third-party cookies, such as Google Analytics, to assist with analysing performance. Any third party cookie usage is governed by the privacy notice of the third party placing the cookie.
- Opting Out: You can set your browser to not accept cookies, but this may limit your ability to use the services.
The following first-party Cookies may be placed on your computer or device:
Name of Cookie | Purpose | Strictly Necessary | Expiry |
<<insert file name>> | <<insert description>> | <<yes / no>> | |
<<insert file name>> | <<insert description>> | <<yes / no>> | |
<<insert file name>> | <<insert description>> | <<yes / no>> | |
<<insert file name>> | <<insert description>> | <<yes / no>> | |
<<insert file name>> | <<insert description>> | <<yes / no>> |
and the following third-party Cookies may be placed on your computer or device:
Name of Cookie | Provider | Purpose | Expiry |
<<insert file name>> | <<Insert Name of Provider>> | <<insert description>> | |
<<insert file name>> | <<Insert Name of Provider>> | <<insert description>> | |
<<insert file name>> | <<Insert Name of Provider>> | <<insert description>> | |
<<insert file name>> | <<Insert Name of Provider>> | <<insert description>> | |
<<insert file name>> | <<Insert Name of Provider>> | <<insert description>> |
Our Site uses analytics services provided by [INSERT THE NAME(S) OF THE ANALYTICS PROVIDER(S)]. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Our Site is used. This, in turn, enables Us to improve Our Site and the products and/or services offered through it.
The analytics service(s) used by Our Site use(s) Cookies to gather the required information. You do not have to allow Us to use these Cookies, however whilst Our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable Us to continually improve Our Site, making it a better and more useful experience for you.
The analytics service(s) used by Our Site use(s) the following Cookies:
Name of Cookie | First / Third Party | Provider | Purpose | Expiry |
<<insert file name>> | <<first / third>> | <<insert name>> | <<insert description>> | |
<<insert file name>> | <<first / third>> | <<insert name>> | <<insert description>> | |
<<insert file name>> | <<first / third>> | <<insert name>> | <<insert description>> | |
<<insert file name>> | <<first / third>> | <<insert name>> | <<insert description>> | |
<<insert file name>> | <<first / third>> | <<insert name>> | <<insert description>> |
In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy notices of any such websites before providing any data to them.
What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part. The new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.
In addition to providing you with more customised service, we may, as permitted by applicable law, share your information with our restaurant affiliates to support operations, such as to perform analytics, tailor marketing to you, support a loyalty program that you have chosen to participate in, and improve services.
For more information, please feel free to contact us at: [INSERT THE APPROPRIATE CONTACT EMAIL ADDRESS].
Restaurant groups [ONLY USE IF APPLICABLE]
We may share your information (such as meal or seating preferences and special occasions) with other restaurants in the same restaurant group. This is to enhance the hospitality experience that we (the restaurant group) provide you when you dine with us (such as, trying to seat you by a window, if you previously expressed a preference for window seating) (“customised service”) and to improve our table and shift planning.
In addition to providing you with more customised service, we may, as permitted by applicable law, share your information with our restaurant affiliates to support operations, such as to perform analytics, tailor marketing to you, support a loyalty program that you have chosen to participate in, and improve services.
For more information, please feel free to contact us at: [INSERT THE APPROPRIATE CONTACT EMAIL ADDRESS].
Changes to this notice
We will occasionally update this Privacy Notice to reflect company and customer feedback. We encourages you to periodically review this statement to be informed of how we are protecting your information. This policy was last updated in May 2022.
Contact Information
We welcome your comments regarding this Privacy Notice. If you believe that we have not adhered to this Privacy Notice, please contact us at [INSERT THE APPROPRIATE CONTACT EMAIL ADDRESS]. We will aim to use commercially reasonable efforts to promptly determine and remedy the problem.
Complaint
If you would like to make a complaint about how we are processing your data, then you can contact us at [INSERT THE APPROPRIATE CONTACT EMAIL ADDRESS] or the data protection authority within your own country.