Kababish Restaurants take your privacy seriously and we respect your privacy and data protection rights. This privacy notice aims to give you information on how we collect and process your personal data through your use of our websites, mobile apps and our services, including any data you may provide through our websites, mobile apps and our services when you sign up to receive news, offers, promotions and updates, book a table with us, VoIP systems, take part in a competition, complete a survey, provide feedback, use our Wi-Fi, use our mobile apps, or otherwise purchase a product or service (such as ordering a takeaway and buying a gift card).
We sometimes collect and process Sensitive Data (such as your health information, race, ethnicity) and Children’s Data. Except where set out to the contrary in another of our privacy notices (for example, our Candidate Privacy Notice for job applications), we do not collect or process any information about criminal convictions and offences.
We refer to “we”, “us” or “our” in this privacy notice; we are referring to Kababish Restaurant within the Group that is responsible for processing your data. Kababish Restaurant is the controller and is responsible for our websites, mobile apps and this service.
We have appointed a data protection officer (DPO), who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details below:
Data Protection Officer
266 Jockey Road, Sutton Coldfield, West Midlands B73 5XP
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for data protection issues in the UK (phone: 0303 123 1113 or at www.ico.org.uk/concerns). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance.
Changes to this Privacy Notice and Changes to Your Details
We will need to update this privacy notice from time to time as the law and/or our business changes and develops. We will endeavour to tell you in advance by sending a service message to you if we hold your email address. Otherwise, please look out for the flags on our websites and materials that indicate we have changed this privacy notice. If you continue to use our websites and/or services after we have changed our privacy notice, we will take this as an indication that you accept the changes.
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third Party Links
Our websites, mobile apps and/or the service may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, mobile app and/or service, we encourage you to read the privacy notice of every website, plug-in and/or application that you visit.
The Personal Data We Process
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may process different kinds of personal data about you, which we have categorised as follows:
Identity Data: including your name, username, nickname, alias name, email address, marital status, title, date of birth and gender.
Contact Data: including you billing address, delivery address, email addresses and telephone number(s).
Financial Data: including payment card details.
Transaction Data: including the details of the products and services purchased and the date, time and location of sale and your purchasing activity (including vouchers and coupons).
Technical Data: including information we collect through your use of our websites and mobile apps, where you came to our website from and where you went when you left our website, how often you visit and use our websites and mobile apps, technical information about the devices you use to access our websites and mobile apps (including your device’s unique identifying codes (e.g. its “MAC” address), relevant IP address, operating system and version, web browser and version, and geographic location).
Profile Data: including your username and password, purchases, orders or bookings made by you, your interests, your preferences, your feedback, your survey responses, your social media content (where this is in the public domain including posts and comments, pictures and video footage)
Usage Data: including information about how you use our website, mobile apps, products and services (such as details of your table reservations).
Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, your communication preferences and information on what you view, click on and access in and through our marketing emails, text messages and push notifications.
Aggregated Data: Such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Sensitive Data: As part of any feedback and/or complaints which you raise with us, for example where you believe you have suffered a health issue following a visit to one of our venues (for example, suspected food poisoning or another health and safety incident), or where you believe we have been discriminatory against you (for example, discrimination based on race or sexual orientation). We are allowed to process this Sensitive Data (together with any other relevant information), to investigate, address and resolve your issue and to administer any possible legal claims or out-of-court procedures.
Names, ages and dietary requirements of children when they attend any one of our venues which is organised or accompanied with an adult; Identity Data, Contact Data, Technical Data and Usage Data of children when they log into our WiFi network ; and Sensitive Data relating to children where this is provided by you. We do not knowingly process any other data relating to children.
We do, from time to time, process personal data about you in an automated way to evaluate certain personal aspects about you, including enabling us to analyse and make predictions about your interests and how you are likely to interact with our Restaurants. It is our way of providing you with a more bespoke customer experience.
The personal data about you that we process for profiling purposes includes your Identity Data, your Contact Data and your Profile Data. We do not process personal data about you for profiling purposes that consists of Special Category Personal Data. You also have the right to object to us processing your personal data for profiling.
How we collect your personal data
We use different methods to collect personal data from and about you including through:
Direct Interactions: you may give us your Identity, Contact, Financial, Profile and Marketing and Communications Data by filling in forms or by corresponding with us by post, phone, email, social media or otherwise. Our services, book a table with us, order a takeaway, create an account with us, subscribe to our services, news, offers, promotions and updates, request marketing to be sent to you, enter a competition or promotion, complete a survey or give us feedback.
Social Media Interactions: our website and services may allow you to interact with them by using your social media applications. This interaction may result in us collecting some of your social media content (including posts and comments, pictures and video footage), but only where this content is in the public domain and/or where this content has been sent by you to us in a private message via social media; and also your Technical, Profile and Marketing and Communications Data.
Automated Technologies: as you interact with our website and our services, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Other Third Parties or Publicly Available Sources: we may receive personal data about you from various third parties and public sources as set out below:
From external providers of Wi-Fi which you give your name and contact details to when accessing Wi-Fi at one of our restaurants. From our provider of online reservations at our restaurants when you make a booking for one of our restaurants, suppliers of our gift cards, payment and food delivery services (such as First Data, Mastercard, Visa, Deliveroo, Uber Eats, Just Eats, Wireless Social, TableIn).
Profile Data and Marketing and Communications Data from social media providers such as Facebook, Twitter, Instagram based inside and outside of the EEA
Technical Data from analytics providers such as Google, advertising networks search information providers.
Marketing and Communications Data and Technical Data from online advertising data providers such as Google based outside the EEA.
Identity Data, Contact Data, Financial Data, Transaction Data, Technical Data, Profile Data and Marketing and Communications Data from third party affiliate sites such as TableIn Booking system based in the EEA or The Tastecard and Gourmet Society Card, Wow Group Ltd website and IT.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
How we process your personal data
We only process your personal data when allowed to do so by law. Most commonly, we will process your personal data: With your consent and please note that you have the right to withdraw your consent at any time by contacting us.
Where we need to perform a contract we are about to enter into, or have entered into, with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
How we share your personal data
We cannot run our business or provide many of the services and benefits you expect to receive without involving other people and businesses. We only share your information in accordance with the laws applicable to us.
We share your personal data with: Service providers who help us provide our websites, mobile apps, Wi-Fi networks and related services to you; for example, information technology companies who design and host our websites, payment services companies who enable you to use credit or payment cards with us, and data insight specialists.
Affiliated third parties that provide services to us such as market research, table booking, voucher supply and redemption, marketing insight services and data analytics services.
Rewards companies which you have signed up to, in order for you to receive the rewards and benefits they offer, like Tastecard, Gourmet Society Card
Our professional advisors for example, our lawyers, insurers and insurance brokers, when they need it to provide advice to us or help us obtain insurance.
The Police, the Health and Safety Executive, local authorities, for example for the prevention and detection of crime or to report serious health and safety incidents.
We also may share the information we collect with other third parties where we are legally obliged to do so; for example, to comply with a court order.
How We Keep Your Personal Data Secure
We take the security of your personal data very seriously and have in place appropriate security measures at all times, including where we share your information with our suppliers and partners, to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For security tips and tricks when using the internet, Wi-Fi and smartphones or tablets, please visit www.getsafeonline.org.
Our Retention of Your Personal Data
We can only keep your personal data for as long as necessary for the purposes we collected it for.
The precise length of time we hold your personal data for varies depending on the individual.
We regularly review our retention periods to ensure that we are not keeping your data for longer than necessary. Details of retention periods for different aspects of your personal data are available by contacting us.
In certain circumstances, you may have the right to request access, transfer, rectification and/or erasure of the personal data that we process about you. You may also have the right to object to and/or restrict our processing of your personal data.
Access: you may request access to your personal data, which enables you to receive a copy of the personal data that we hold about you and to check to see if we are processing it lawfully.
Transfer: you may request that we transfer your personal data to you or a third party. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Rectification: you may request rectification of the personal data that we hold about you.
Erasure: you may request erasure of the personal data that we hold about you.
Object: you may object to how we are processing your personal data where we are relying on a legitimate interest (or those of a third party) object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Restriction: you may request that we restrict how we process your personal data.
Withdrawal of Consent: where we have relied on your consent to process your personal data you will have the right to withdraw your consent at any time.
To exercise any of these rights please contact us [email protected]
The ICO regulates most UK data and information laws. To learn more about your rights, visit the ICO website at www.ico.org.uk.