1 - ABOUT US
For the purpose of the General Data Protection Regulation (2016/679) and the Data Protection Act 2018 (the “Legislation”), the data controller is The Big Table Group Limited, a company registered with number 12631102. The registered address is Lower Ground Floor, Elsley House, 24/30 Great Titchfield Street, Fitzrovia, London W1W 8BF.
Our Data Protection Officer can be contacted by emailing firstname.lastname@example.org, as further detailed below.
2 - WHAT INFORMATION WE COLLECT AND WHEN
We only collect information that we know we will genuinely use and in accordance with the EU General Data Protection Regulation (GDPR), the Data Protection Act 2018 and associated data protection legislation. We may collect:
Information you give us.
This is information about you that you give us by filling in forms on our website www.the-mulberry.com (our “Site”) or by corresponding with us by phone, e-mail, in our restaurants or otherwise. It includes information you provide when you register to use our Site, subscribe to our newsletter, register to use our App, book a table at one of our restaurants, enter a competition, promotion or survey, purchase a gift card or voucher, apply for a job with us, register for Wi-Fi in our restaurants and when you report a problem with our website. The information you give us may include your name, address, e-mail address postcode, phone number and birthday.
Information we collect about you on our Site:
With regard to each of your visits to our Site we may automatically collect the following information :
Information we collect when you make a booking:
We use approved third parties to operate our reservations platform. They will send you an automated email message to confirm your booking details and may send further service emails if there is a change to your booking. We are also partnered with a company called Feeditback, who will send a service email giving you the opportunity to review your dining experience, so that we can make any necessary improvements.
Information we collect when you use wifi in our restaurants:
We use a company called Wireless Social to provide wifi in our restaurants. If you sign up to use the wifi in our restaurants, the Wireless Social terms and conditions will apply, which are available at https://www.wireless-social.com/privacy-policy/.
Information we receive from other sources:
This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combined your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
Photography and Video Recordings.
As part of our local and brand marketing activities, from time to time we may be filming or taking photographs of happy guests enjoying their visits to our restaurants, when filming or taking photos for a particular campaign, the site will display a prominent poster to confirm that filming and photos will be taken in the restaurant. We will ensure that consent is obtained expressly in every case.
NHS Track & Trace:
NHS Test and Trace is a key part of the UK’s ongoing COVID-19 response. To support this service, we need to keep a record of our staff, customers and visitors for a minimum of 21 days and to assist NHS Test and Trace with requests for that data if needed. This could help contain clusters or outbreaks. If required, we will share the following information with NHS Test and Trace, either if we already collect this information for ordinary business purposes or if we collect it when you attend our premises: name (If there is more than one person, the name of the ‘lead member’ and the number of people in the group), contact phone number, date, arrival time and, where possible, departure time. The Legislation allows us to process this information from our staff, customers and visitors and share it with NHS Test and Trace to help minimise the transmission of COVID-19 and support public health and safety. Where personal data is collected specifically for NHS Test and Trace, it will not be used for any other purposes (e.g. marketing) and we will hold it for no longer than is necessary. All personal data captured will be held securely, with restricted access. If you would like to know more, please ask a member of staff for assistance or contact our DPO.
3 - COOKIES
Similar to other commercial websites, our Site uses a technology called "cookies" and web server logs to collect information about how our Site is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that Site's computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies.
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Site, and the Sites visited just before and just after our Site. Cookies, in conjunction with our web server's log files, allow us to calculate the aggregate number of people visiting our Site and which parts of the Site are most popular. This helps us gather feedback so that we can improve our Site and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.
We use ‘session’ cookies which enable you to carry information across pages of the Site and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Site is being used and to improve its structure. We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Site, tailoring the content of certain areas of the Site to offer you content that match your preferred interests.
You can refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Site.
4 - PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We will only process your personal data in line with that which is permitted by the Legislation. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data. Typically we will process your data on one of the following bases:
5 - HOW WE USE YOUR INFORMATION
We use information held about you in the following ways:
Information you give to us. We will use this information:
Photography and Video Recordings. We will use this information:
Information we collect about you. We will use this information:
Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
6 - WHO WE MAY SHARE YOUR INFORMATION WITH:
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Selected third parties including:
We will disclose your personal information to third parties:
7 - KEEPING YOUR DATA SECURE
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8 - SENDING INFORMATION OUTSIDE THE EEA OR THE COUNTRY YOU’RE LOCATED IN
Where any transfer outside of the European Economic Area (EEA) (or the UK post-Brexit) occurs, we’ll ensure that any such transfer or processing is subject to appropriate legal and technical safeguards.
9 - HOW LONG WE WILL STORE YOUR DATA
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary. For more information, you may contact our DPO.
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept.
10 - YOUR RIGHTS
Under the Legislation you have the right to make certain requests in relation to the personal information that we hold about you. We will not usually make a charge for dealing with these requests. If you wish to exercise these rights at any time please contact us using the details set out in the "Contact" section.
You have the right to be informed about the collection and use of your personal data.
You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/ or regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk
11 - CHILDREN
12 - WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?
14 - CONTACT
The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they can help you address any concerns. You can access them here.