We treat your personal data with the upmost respect and security, the following policy statement demonstrates our compliance with the new GDPR regulations – please let us know if you have any queries by emailing email@example.com
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases. We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Data Types & Storage
Your data is primarily kept so that we can make a reservation for you and to contact you regarding your booking or enquiry. We can process data in this manner as it is in our legitimate interests to ensure efficient provision of customer service & running of the bar and restaurant.
This is the data we may collect & how we store it:
• Your name, email address, home address & phone number
• Booking information & record of visit
• Subscription date & method
• Information that may help us to enhance the service we provide to you. This may include, but is not limited to: allergies, preferences relating to tables/areas, accessibility, complaints, incidents, previous bookings, cancellations and no-shows, and any other information we deem relevant to ensuring we can offer you improved or enhanced service.
• On occasion we may publish photographs of you attending our restaurant & bar and publish these on our website or social media channel with your verbal or written permission
• We may also collect some information about how you use our website through cookies. This information is used to enhance the functionality of our website and user experience.
• We may use your data to send you our email newsletter if you have agreed to receive this on our website, through your booking or through in-house marketing materials. We will only do this if we have a relationship (e.g you have visited us or subscribed on our website) and no clear objection has been made regarding receipt of communication and/or we have your permission.
Data is stored in the following ways:
• Online booking diary – secure access by management personnel only. As of April 2022, we use a 3rd party software called Resdiary, also known by the name Dishcult.
• Email database – secure access by management personnel only.
• Online Mailing Lists - secure access by management personnel only
• Wifi Network Provider – secure access by management personnel only
• Archive of Bookings Diaries – kept on the premises in private office
We may keep booking data for up to 10 years unless specifically asked to remove it. If you subscribe to our mailing list we will keep your data until asked to remove it.
All data is kept either on the premises at Bruach or within our online and email servers accessed only by management personnel.
Access to online emails, servers and databases is firmly restricted and monitored by our managing director.
We will never sell or share your data with third parties.
We will never sell or share your data with third parties.
Data Security and Protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Email marketing Messages & Subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal data" above. Any email marketing messages we send are done so through an EMS, (Email Marketing Service Provider) An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Any email marketing messages we send are in accordance with the GDPR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.
To unsubscribe please email firstname.lastname@example.org
We use Email Marketing Servers to create marketing campaigns, emails & newsletters. Although we personally create each campaign the EMS have the authority to view our mailing lists & data. We ensure we have appropriate agreements in place to protect your personal data.
Otherwise we will not share your data with any other third-party. An exception to this would be where our business is purchased by a third party or where we are legally bound to share your data in accordance with the law to which we are subject.
We have summarised your rights below, please contact email@example.com to exercise these.
If we require your consent you can withdraw at any time, at which point we will stop processing your data in that way. This does not affect the legality of our processing up to the date of your withdrawal of consent.
You can seek to restrict our processing of your personal data, ask us to rectify any personal data or object to us processing your personal data for the purposes stated in this policy.
You have the right to lodge a complaint with the ICO if you believe your rights have been infringed - https://ico.org.uk
You have the right to access all the personal data held by us about you
In certain circumstances you have the right to ask us to provide you with our personal data in a structured, commonly used and machine-readable format to allow you to transmit this information to another party. More information can be found at https://ico.org.uk
In certain circumstances you have the right to ask us to erase the personal data we hold about you. Such circumstances include (a) where we no longer need your personal data for the purposes set out above; (b) if you withdraw your consent to our processing; (c) if you object to our processing based on our legitimate interest and we have no overriding legitimate grounds to continue processing your personal data; (d) if we process the data unlawfully; or (e) where the personal data has to be erased to comply with legal obligation to which we are subject. We will consider any such request in line with GDPR. Please note this is not an absolute right and there may be circumstances where we choose not to delete all of the personal data we hold about you.
More information about your right of erasure can be found at https://ico.org.uk