Privacy Notice - Tuk Shop Limited
Updated: 16 May 2018
1. Privacy and Your Personal Data
1.2 It applies to information collected by us, or provided by you, whether in one of our restaurants, over our website or social platforms, via our in-restaurant WiFi login, or in any other way (such as in person or over the phone). We want to be transparent with you, and allow you to make informed decisions when visiting a Tuk Shop or using one of our services. We hope you have a few minutes to read and understand this policy.
1.3 All of the personal information we hold about you shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. You can find out what information we collect and hold about you by writing to the below address:
FAO: Chris Burford
LEON Restaurants Ltd
St Margaret’s House
18-20 Southwark Street
1.4 Tuk Shop is the controller of your information for the purposes of the GDPR and is a UK registered company under number 05018441.
2. We collect Personal & Aggregate Information
2.1 We collect two types of information from you: "Personal Information" (anything which identifies you as an individual, either on its own or by reference to other information) and "Aggregate Information" (non-personally identifiable and anonymous data).
3. What Information do we collect on our Website?
3.1 We collect personal information so that we can operate effectively and provide our customers with the best possible service. The information we collect depends on the context of your interactions with us.
3.2 When you visit our Website you may voluntarily provide us with personal information such as your full name, email address, your local Tuk Shop, your birthday, your gender, and your dietary preferences. If you purchase a gift card from us then you may also provide credit or debit card details to a third party such as Pay Pal ("Information"). You may provide us with Information in a number of ways:
a) by corresponding with us by email, in which case we might hold on to the content of your email messages together with your email address and our responses;
b) by applying for a job with us;
c) through any preferences and areas of interest as advised by you on subscribing to our online services;
3.3 Occasionally we might ask you for information about other people in your life, like if you have children and, if so, their age. We ask for this Information so we can tailor any promotions we’ve got to your friends and family members because of their age. We do not ask for their contact details.
4. What Information do we collect in our restaurants or elsewhere?
4.1 When you are in one of our restaurants, we may collect the following Information if you log on to the Tuk Shop Wi-Fi:
a) your name and contact details (date of birth), gender, email address, postcode and mobile telephone number)
b) Your physical location, whilst you are in the restaurant only.
c) The number of times you visit us.
4.2 Personal information may also be collected directly by us when you enter into a contract with us or contact us to make enquiries or complaints via telephone, e-mail, social media platforms or by post.
5. The purpose for which we use your Personal Information
5.1 We will only ever hold, use and disclose your Information for Tuk Shop-related business. These include:
a) to keep you up to date about important changes to Tuk Shop;
b) to email you with news, treats, competitions and promotions. Before we do so, you will be given an option to opt-out of these newsletters and an option to unsubscribe will also be provided every time we email you;
c) to answer your queries and, as a follow up, occasionally mail you vouchers or prizes;
d) to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.
5.2 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health or diet preferences. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
6. The legal basis for processing your Information
6.1 Under GDPR, the main reasons we would process your Information are:
a) If it’s necessary for compliance with a legal obligation. We are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency. We wouldn’t do so otherwise;
b) Our use of your Personal Information is in our legitimate interest as a commercial organisation. We would need to process your Information for things like responding to requests and enquiries from you; gift card sales or competition prizes; writing or emailing you with news and updates; or improving what we do at Tuk Shop, both online, in the restaurants and in our kitchens. Provided it is conducted at all times in way that is proportionate and that respects your privacy rights.
c) You have provided your consent to us using the Personal Information.
7. How we share your Information
7.1 In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it. We will never share your data with any third party where it is not necessary to do so to provide a service to you.
a) Trusted third party service providers. In order to do what we do and provide certain services, we will share your information with trusted third party service providers, such as email marketing platforms, IT infrastructure companies and logistics providers. Such Service Providers are required under their contract with us, to handle your Personal information in accordance with applicable laws and principles related to privacy and data protection;
b) Regulatory and law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
c) For card payments we employ a third party to process these payments on our behalf. This third party will only have access to the Personal information which you provide directly to them when you make card payment. They are required under their contract with us to process this Personal Information securely and in accordance with all Data Protection laws.
d) New business owners. If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, you will be sent notice of such event.
8. How long we hold your Information
8.1 We will only hold your Information for as long as we have to. We’ve stated above the reasons why we collect your Information so, if this is no longer relevant or necessary to continue providing you services, we will not hold your Information.
8.2 The criteria we use to determine how long we keep it depends on the nature of the data and the reasons we store it. For example, if you enter a Tuk Shop competition then we will only hold your data for as long as we need to run the competition.
8.3 If we receive your Information when you apply for a job, we will retain your data for as long as we need to process your application and maintain application statistics.
8.4 In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
9. Your rights relating to your Information
9.1 You have certain rights about the personal information we hold about you. Details of these rights, and how you can exercise them, are set out below. Before we can act upon any request we would need proof of Identification.
a) Right of Access. You have the right, at any time, to ask us for a copy of the Information we hold about you, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR says so, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will always provide you with our reasons for doing so.
b) Right of Correction or Completion. If the Information we hold about you is inaccurate, out of date or incomplete, and requires updated or corrected, you have a right to fix this. You can let us know by contacting us at the address or email (GDPR@leon.co).
c) Right to Erase. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.
d) Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.
You may also have the right to restrict our use of your Information, such as in situations where you’ve challenged the accuracy of the Information and as we are verifying its accuracy.
e) Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to send that Information to you or directly to a third party organisation.
This right exists in respect of Information that:
· you have provided to us previously; and
· is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to Information of others without their consent.
9.2 You can exercise any of the above rights by contacting us at the address or email address set out above. You can exercise your rights free of charge.
9.3 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
10 How we protect and store your information
10.1 We take the security of the information we collect seriously. We have implemented and we maintain technical and organisational security measures, policies and procedures intended to reduce risk of accidental destruction or loss, or the unauthorised disclose or access.
11.1 We process your Information with your consent. You have the right to withdraw that consent at any time. You can do this by unsubscribing via the link provided in our emails or contacting us at the address or email address set out above.
12.1 Similar to other commercial websites, our Website uses a technology called "cookies" and web server logs to collect information about how our Website is used. A cookie is a small text file that is downloaded to your computer when visiting a website. It often includes an anonymous unique identifier. When you visit a website, that site's computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies
12.2 Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website.
12.3 Cookies, in conjunction with our web server's log files, allow us to calculate the aggregate number of people visiting our Website and which parts of the website are most popular. This helps us gather feedback so that we can improve our Website and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.
12.4 We use ‘session’ cookies which enable you to carry information across pages of the Website and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Website is being used and to improve its structure.
12.5 We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Website, tailoring the content of certain areas of the Website to offer you content that match your preferred interests. We also use it to remember language preferences.
12.7 Please be aware that some of our services will not function if your browser does not accept cookies. However, you can allow cookies from specific websites by making them "trusted website" in your internet browser.
13 Other Websites
If you are unhappy about our use of your Information, you can contact us at the address or email address above. You are also entitled to lodge a complaint with the UK Information Commissioner's Office using any of the below contact methods:
Telephone: 0303 123 11113
Post: Information Commissioner's Office