1. Privacy & your Personal Data
1.2 It applies to Information collected by us, or provided by you, whether in one of our restaurants, over our website (including the mobile optimised version of the website accessible from your portable hand-held device), or in any other way (such as over the phone). It is also intended to assist you in making informed decisions when using our website, our products & services. Please take a minute to read & understand the Policy.
1.3 All your personal Information shall be held & used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) & national laws implementing GDPR & any legislation that replaces it in whole or in part & any other legislation relating to the protection of personal data. If you want to know what information we collect & hold about you, or to exercise any of your rights as set out in section 9 below, please write to us at the below address or via email at firstname.lastname@example.org:
FAO: GDPR Representative Bone Daddies Ltd 31 Peter Street LondonW1F 0AR
1.4 Bone Daddies Ltd is the controller of your Information for the purposes of the GDPR & is a Company registered under number 08184277 & whose VAT number is GB142103273.
2. What Information do we collect on our website?
2.1 When you visit our website (including the mobile optimised version of the website accessible from your portable hand-held device) you may provide us with personal information such as name, postcode, email address & mobile phone number (“Information”). You may provide us with Information in a number of ways:
a) by supplying us with the Information as listed above, on an individual basis by registering as a user or subscribing to receive updates or offers from us. To become a registered user you must provide us with your name & email address.
b) by corresponding with us by email, in which case we may retain the content of your email messages together with your email address & our responses;
c) by booking a table, purchasing a gift voucher, registering a loyalty card, or applying for a job with us;
d) through any preferences & areas of interest as advised by you on subscribing to our online services;
e) by Information provided when you use our mobile optimised website from your portable hand-held device, including details of your physical location, where you have agreed to it being used.
2.2 We may collect Information about your computer, including, where available, your IP address, operating system, browser type & the geographical location of your computer, for system administration purposes.
2.3 When you submit a job application, whether for a current role or speculative query (e.g. name, job title, contact information including email address, curriculum vitae, your education, employment history and similar matters and similar information that you may provide to us and any other information relevant to potential recruitment)
3. What Information do we collect on our Loyalty Card Scheme?
3.1 When using our Loyalty Card, you may provide us with:
a) your name & contact details (email address & name)
b) further information (postcode & favourite restaurant/s)
4. What Information do we collect in our restaurants or elsewhere?
4.1 When you are in one of our restaurants, we may collect the following Information when you use the Wi-Fi service: your name, email address & phone number
5. How we use your Information
5.1 We will hold, use & disclose your Information for our legitimate business purposes including:
a) to keep you up to date about important changes to our business;
b) to direct-market products & services, advise you of news & industry updates, events, promotions & other information. Before we do so, you will be given an option to opt-out of such communications & an option to unsubscribe will also be provided with each communication;
c) to apply profiling technology which analyses our customers’ engagement with our direct marketing communications, activity & interests so that we can send you content that is relevant to you;
d) to answer your queries;
e) to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.
5.2 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us, e.g. if you include information about your health in booking requests. 5.3 Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for the company. We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent which shall be obtained at the time we collect your personal information following the instructions provided.
6. The legal basis for processing your Information
6.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
a) Necessary for compliance with a legal obligation – we are subject to certain legal obligations which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
b) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your Information for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights & freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests & enquiries from you or a third party, optimising our website & customer experience, informing you about our products & services & ensuring that our operations are conducted in an appropriate & efficient manner;
c) Consent – in some circumstances, we may ask for your consent to process your Information in a particular way.
7. How we share your Information
7.1 In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it.
a) Trusted third parties: in order to provide certain services, we will share your information with third party service providers such as IT infrastructure companies & email logistics providers. We will not share your data with any third party where it is not necessary to do so to provide a service to you.
b) Regulatory & law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, & if permitted under GDPR & other laws, we may disclose certain personal information to such bodies or agencies.
c) New business owners. If our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company & their advisors. If this happens, you will be sent notice of such event.
8. How long we hold your Information
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data & the purposes for which it is kept. For example, if we receive your Information through a competition entry, we will retain your data for as long as is necessary to administer the competition. If we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application & maintain application statistics. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
9. Your rights relating to your Information
9.1 You have certain rights in relation to personal information we hold about you. Details of these rights & how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
a) Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, & to confirm the nature of the Information & how it is used. Where we have good reason, & if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
b) Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, & requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
c) Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased, e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent & there are no other legal grounds on which we may process the Information.
d) Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests & there are no compelling legitimate grounds for our processing which override your rights & interests. You also have the right to object to use of your Information for direct marketing purposes.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information & during the period where we are verifying its accuracy.
e) Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used & machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.This right exists in respect of Information that you have provided to us previously & is processed by us using automated means.While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
9.2 You can exercise any of the above rights by contacting us at the address or email address set out above. You can exercise your rights free of charge.
9.3 Most of the above rights are subject to limitations & exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address or email address set out above.
11.1 Similar to other commercial websites, our website uses a technology called “cookies” & web server logs to collect information about how our website is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies.
11.2 Information gathered through cookies & web server logs may include the date & time of visits, the pages viewed, time spent at our website, & the websites visited just before & just after our website.
11.3 Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our website & which parts of the website are most popular. This helps us gather feedback so that we can improve our website & better serve our customers. Cookies do not allow us to gather any personal Information about you & we do not generally store any personal Information that you provided to us in your cookies.
11.4 We may use ‘session’ cookies which enable you to carry information across pages of the website & avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the website is being used & to improve its structure.
If you are unhappy about our use of your Information, you can contact us at the address or email address above. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
14. RISK ASSESSMENTS