M&C Restaurants (London) Limited (M&C Restaurants) respects your privacy and is committed to protecting your personal data.
This privacy notice is issued on behalf of M&C Restaurants so reference to “we”, “us” or “our” in this privacy notice is a reference to M&C Restaurants.
Note that none of our websites are intended for children, and we do not knowingly collect data relating to children. Any such information collected about children will be deleted from our systems as soon as possible.
M&C Restaurants (London) Limited
London W8 5SY
M&C Restaurants is the owner and operator of the following London restaurants:
• The Korean Grill Kensington
• Porto Chelsea
• The Bugis Singapore Restaurant
WHAT PERSONAL DATA DO WE PROCESS?
We process personal data of our customers or visitors to our websites for a number of different purposes, which are explained below.
“Personal data”, or “personal information”, means any information about any identifiable person. It does not include data where the information has been anonymised and where any individual cannot be identified from that information (for example, statistical or demographic data derived from visitors to our website).
The following personal information is required in order for us to make a reservation at our restaurants:
• Booking Name
• Telephone Number or Email Address
In order to provide exceptional customer service and to improve your dining experience, we may also collect and process additional personal information, including the following:
• Special occasions – birthdays (excluding year of birth), anniversaries relating to you or your guests
• Seating preferences
• Allergies or food intolerances
• Food & beverage preferences, or any other preferences
• Previous booking history
• Any publicly available personal information (e.g. job title, employer name, family member names, photographs
• Encrypted credit card information
• Mobility requirements
For online reservations at our restaurants, we use the third party booking engine OpenTable and you will be directed to its website when making a booking online. In order to provide the online booking service, your personal data will be collected, transferred to and processed by Opentable, who are located in USA as a data processor acting on behalf of M&C Restaurants.
HOW DO WE COLLECT PERSONAL DATA ABOUT YOU?
Personal information is collected when you make reservations, bookings and orders at any of our restaurants, or interact with us in any of the following ways:
• In person;
• Through social media – if you choose to interact with us socially
Any personal data collected is then stored and processed in the corresponding business system for us to be able to provide the relevant goods and services to you.
We may also collect and process publicly available information that we believe could be relevant to your reservations, bookings, orders or other interactions with us. In such cases, we may use search engines such as Google or Social Media sources such as LinkedIn to collect this information. In these circumstances, your personal information is gathered without you actively having to provide the information.
WHAT IS YOUR PERSONAL INFORMATION USED FOR?
Your personal data is only used in accordance with the law. Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform the contract we are about to enter into or have entered into with you (please refer to the “Restaurant Services” section below for more information).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (please refer to the “Marketing and Communications” section below for more information).
• Where we need to comply with a legal or regulatory obligation.
Where it personal data is required by law, or under the terms of a contract we have with you, and you do not provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, and will notify you if this is the case at the time.
We use the personal data you have provided us in order to:
• Confirm bookings, reservations and/or orders
• Amend bookings, reservations and/or orders
• Cancel bookings, reservations and/or orders
• Customise any bookings, reservations and/or orders you have placed to your exact requirements
• Contact you with regard to any future or previous bookings and/or orders you have placed
• To provide exceptional customer services, or improve any customers’ experiences at our restaurants.
The data that we capture for these purposes ensures that we can provide the best possible customer service and experiences. The information collected about you will allow us to ensure that we can provide the best possible customer service and experiences or to ensure that our employees may familiarise themselves with and look after you and your guests.
MARKETING AND COMMUNICATIONS
We wish to stay in touch with all our customers making a reservation with us. We may email you marketing communications from time to time to inform you about our restaurants; any new openings, developments, events, promotions and partnerships; and products or services we think may interest you.
You may opt out of these marketing communications at the point the information is collected by us, in the form of an email sign up or via our website.
We will always treat your personal details with the utmost care, and will never sell them to other companies for marketing purposes.
You may also unsubscribe to any marketing communications from us at any time by clicking on the unsubscribe link which will be made available to you in each communication, or by emailing us at any time at firstname.lastname@example.org
WHO WE MAY SHARE YOUR PERSONAL DATA WITH
We work with a number of trusted third parties who we have contracted with in order to be able to provide our goods and services to you. These third parties include (but are not limited to) those who provide services to us for the delivery of goods or services, restaurant bookings and business systems providers.
We may transfer your personal data to the following third parties, who we have contracts with, for them to process your data as our data processors:
Mailchimp – an online email marketing application that enables us to create, send, manage and track branded emails, located in Atlanta, Georgia, USA https://mailchimp.com/legal/
CML Ltd – a fulfilment house, in order to dispatch orders of products to you, located in UK [http://www.cmlplc.com/reference/privacy-policy]
Toast Marketing Studio Ltd – a marketing agency company located in the UK
Fourth Hospitality Ltd – who provide payroll, forecasting and cost control software located in the UK
NCAL Ltd – a training provider offering apprenticeship solutions located in the UK [https://www.ncal.co.uk/cookie-policy]
Opentable Europe Limited – an online reservations system and booking engine for restaurant reservations located in the EU [https://www.opentable.co.uk/legal/privacy-policy?
Ridgewall Ltd – Smart Cyber Security, IT, Cloud and Energy Management Solutions located in the UK [https://www.ridgewall.co.uk/privacy-policy]
located in the UK
Stripe Inc – Online payment processing for internet businesses located in the USA [https://stripe.com/gb/privacy]
All third parties who are given access to your personal information are required to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes and in accordance with our instructions.
Some of our external service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we will only do so if:
• the country in question has been deemed by the European Commission to provide an adequate level of protection for personal data; or
• one of the mechanisms set out in the applicable data privacy legislation has been put in place applies, e.g. where one of the “appropriate safeguards” listed in data protection legislation has been put in place or a specific exception applies.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data shared with them the same protection it has in the UK.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the UK and the US.
There may be certain circumstances in which we have a legal obligation, above and beyond the Data Protection Act 2018, to control your data and share it with the police or relevant regulatory, government or legal enforcement bodies. These circumstances include where CCTV recording is requested for a lawful purpose (including the prevention of fraudulent activity on our premises), transaction information is required for financial auditing purposes, or personal data is required to investigate fraudulent or criminal activity using our systems.
HOW WE PROTECT YOUR PERSONAL DATA
The security of your data is as important to us as it is to you, and we take all necessary steps to protect it.
Our websites use encrypted ‘https’ technology and access to your personal data is password protected, and sensitive data (such as payment card information) is secured by SSL encryption and tokenisation.
From time to time, we carry out vulnerabilities assessments and penetration testing to identify ways to further strengthen our information security.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, you may ask us to delete your data (see the section “Your Rights” below for further information) and in some circumstances we may anonymise your personal data (so that it is no longer associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
Right of access: You may request access to the data we hold about you, which is usually free of charge. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Right to rectification: You may have your data corrected if it is incomplete or incorrect. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Right to restrict processing: You may ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Unsubscribe: You may unsubscribe from receiving any of our marketing communications at any time. Each email communication will include link to unsubscribe from further marketing communications.
Right to withdraw your consent to processing: Where we are relying on consent to process your personal data, you may withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Right to object to processing: You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to erasure: You may request to have your data removed from our systems altogether. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Transfer to third party: You may request the transfer of your personal data to you or to a third party. We will provide to you (or the nominated third party) your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Complain to the ICO: You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK authority overseeing data protection issues (www.ico.org.uk). Before contacting the ICO, you would be expected to have given us the chance to deal with your concerns first.
We aim to respond to all legitimate requests within one month. Usually, we will respond much sooner. Very occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
LINKS TO THIRD PARTY WEBSITES
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit.