We treat your personal data with the upmost respect and security, the following policy statement demonstrates our compliance with the new GDPR regulations – please let us know if you have any queries by emailing firstname.lastname@example.org
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases. We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Data Types & Storage
Your data is primarily kept so that we can make a reservation for you and to contact you regarding your booking or enquiry. We can process data in this manner as it is in our legitimate interests to ensure efficient provision of customer service & running of the bar and restaurant.
This is the data we may collect & how we store it:
Your name, email address, home address & phone number
Booking information & record of visit
Subscription date & method
On some occasions we may publish photographs of you attending our restaurant & bar and publish these on our website or social media channel with your verbal or written permission
We may also collect some information about how you use our website through cookies. This information is used to enhance the functionality of our website and user experience.
We may use your data to send you our newsletters if you have agreed to receive this on our website, through your booking or through in-house marketing materials. We will only do this if we have a relationship (e.g you have visited us) and no clear objection has been made regarding receipt of communication and/or we have your permission.
Data is stored in the following ways:
Bookings diary - kept in the staff only service areas
Online bookings diary – secure access by management personnel only
Email database – secure access by management personnel only
Online Mailing Lists - secure access by management personnel only
Wifi Network Provider – secure access by management personnel only
Archive of Bookings Diaries – kept on the premises in private office
We may keep booking data for up to 5 years unless specifically asked to remove it. If you subscribe to our mailing list we will keep your data until asked to remove it.
All data is kept either on the premises at Bruach or within our email servers accessed only by management personnel. Access to online emails, servers and databases is firmly restricted and monitored by our managing director.
We will never sell or share your data with third parties.
Data Security and Protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Email marketing Messages & Subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal data" above. Any email marketing messages we send are done so through an EMS, (Email Marketing Service Provider) An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Any email marketing messages we send are in accordance with the GDPR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.
To unsubscribe please email email@example.com
We use Email Marketing Servers to create marketing campaigns, emails & newsletters. Although we personally create each campaign the EMS have the authority to view our mailing lists & data. We ensure we have appropriate agreements in place to protect your personal data.
Otherwise we will not share your data with any other third-party. An exception to this would be where our business is purchased by a third party or where we are legally bound to share your data in accordance with the law to which we are subject.
We have summarised your rights below, please contact firstname.lastname@example.org to exercise these.
If we require your consent you can withdraw at any time, at which point we will stop processing your data in that way. This does not affect the legality of our processing up to the date of your withdrawal of consent.
You can seek to restrict our processing of your personal data, ask us to rectify any personal data or object to us processing your personal data for the purposes stated in this policy.
You have the right to lodge a complaint with the ICO if you believe your rights have been infringed - https://ico.org.uk
You have the right to access all the personal data held by us about you
In certain circumstances you have the right to ask us to provide you with our personal data in a structured, commonly used and machine-readable format to allow you to transmit this information to another party. More information can be found at https://ico.org.uk
In certain circumstances you have the right to ask us to erase the personal data we hold about you. Such circumstances include (a) where we no longer need your personal data for the purposes set out above; (b) if you withdraw your consent to our processing; (c) if you object to our processing based on our legitimate interest and we have no overriding legitimate grounds to continue processing your personal data; (d) if we process the data unlawfully; or (e) where the personal data has to be erased to comply with legal obligation to which we are subject. We will consider any such request in line with GDPR. Please note this is not an absolute right and there may be circumstances where we choose not to delete all of the personal data we hold about you.
More information about your right of erasure can be found at https://ico.org.uk