1. Privacy and Your Personal Data
1.2 It applies to Information collected by us, or provided by you, whether in one of our restaurants, over our Website (including the mobile optimised version of the website accessible from your portable hand-held device), or in any other way (such as over the telephone). It is also intended to assist you in making informed decisions when using our Website and our products and services. Please take a minute to read and understand the policy.
1.3 All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in section 9 below, please write to us at the below address or via email at firstname.lastname@example.org :
314 Regents Park Road
London N3 2LT
1.4 Arrowstone Limited is the controller of your Information for the purposes of the GDPR and is a company registered under number 04589428 and whose VAT number is GB 810 0398 68.
2. What Information Do We Collect on our Website?
2.1 When you visit our Website (including the mobile optimised version of the website accessible from your portable hand-held device) you may provide us with personal information such as name, email address and phone number. You may provide us with Information in a number of ways:
a) by supplying us with the Information as listed above, on an individual basis by registering as a registered user or subscribing to receive updates or offers from us.
To become a member of our loyalty card scheme you must provide us with your name, phone number, address, postcode, date of birth and email address.
b) by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses; and
c) by booking a table
3. What Information do we collect in our restaurants or elsewhere?
3.1 When you are in one of our restaurants, we may collect the following Information when you use our free Wi-Fi service:
a) your name, date of birth, email address, location and social media profile
b) your device’s MAC address, and the time and date of your connection
3.2 Whilst dining with us you may provide us payment card information.
4. What Information do we collect from Third Parties?
4.1 When you order a delivery through a third party such as Deliveroo or Uber (including the mobile optimised version of their website or app) you may provide us with personal information such as name and address necessary for the fulfilment of an order.
5. How we use your Information
5.1 We will hold, use and disclose your Information for our legitimate business purposes including:
a) to keep you up to date about important changes to our business;
b) to direct-market products and services, advise you of events, promotions and competitions and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
c) to answer your queries;
d) to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.
5.2 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health in booking requests. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
6. The legal basis for processing your Information
6.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
a) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
b) Necessary for the purposes of legitimate interests – we will need to process your Information for the purposes of our legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries from you, fulfilling bookings and takeaways, and informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
7. How we share your Information
7.1 In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it.
a) Trusted third parties: In order to provide certain services, we will share your information with third party service providers such as credit card companies, IT infrastructure companies (including booking software tools, WiFi providers and EPOS provider) and email logistics providers. We will not share your data with any third party where it is not necessary to do so to provide a service to you.
b) Regulatory and law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
c) New business owners. If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisers. If this happens, you will be sent notice of such event.
8. How long we hold your Information
8.1 Regarding personal information we have processed in connection with the supply of our products and services to any customer, we will retain personal information relevant to that supply of products or services for six years from the date of supply and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world). We may then destroy such files without further notice or liability.
Regarding any other personal information we have processed, we will retain relevant personal information for a period of five years from the date of our last interaction with you.
If you have opted out of receiving marketing communications from us, we will need to retain certain personal information indefinitely so we do not send you marketing communications again. If your information is only useful for a short period e.g. for specific marketing campaigns we may delete it at the end of that period.
9. Your rights relating to your Information
9.1 You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
a) Right of Access
You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. We will usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing information for baseless or excessive/repeated requests and for further copies of the same information. Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from the time we receive your request, but if the request would take longer than that to deal with, we will let you know.
b) Right of Correction or Completion
If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
c) Right of Erasure
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If we’ve shared your personal information with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
d) Right to Object to or Restrict Processing
In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes. You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
e) Right of Data Portability
In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation. While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
9.2 You can exercise any of the above rights by contacting us at the address or email address set out above.
9.3 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
10.1 To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address or email address set out above.
If you are unhappy about our use of your Information, you can contact us at the address or email address above.
You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Information Commissioner’s Office
Cheshire SK9 5AF