Casual Dining Limited, trading as La Viña, (“we”, “our”, “us” “the Group”) is committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.lavina.co.uk (our “Site”) you are accepting and consenting to the practices described in this policy.
For the purpose of the European General Data Protection Regulation (2016/679) (the “Legislation”), the data controller is Casual Dining Bidco Limited, with registered number 06022702, with registered address at 163 Eversholt Street, London NW1 1BU.
Our Data Protection Officer for the purpose of the Legislation can be contacted at firstname.lastname@example.org.
2. WHAT INFORMATION WE COLLECT AND WHEN
We only collect information that we know we will genuinely use and in accordance with the EU General Data Protection Regulation (GDPR), the Data Protection Act 2018 and associated data protection legislation. We may collect:
• Information you give us. This is information about you that you give us by filling in forms on our Site or by corresponding with us by phone, e-mail, in our restaurants or otherwise. It includes information you provide when you register to use our Site, subscribe to our newsletter, book a table at one of our restaurants, enter a competition, promotion or survey, purchase a gift card or voucher, apply for a job with us, register for Wi-Fi in our restaurants and when you report a problem with our website. The information you give us may include your name, address, e-mail address postcode, phone number and birthday.
• Photography and Video Recordings. As part of our local and brand marketing activities, from time to time we may be filming or taking photographs of happy guests enjoying their visits to our restaurants, When filming or taking photos for a particular campaign, the site will display a prominent poster to confirm that filming and photos will be taken in the restaurant. We will ensure that consent is obtained expressly in every case.
• Information we collect about you on our Site:
With regard to each of your visits to our Site we will automatically collect the following information:
• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, date and time zone setting, browser plug-in types and versions, operating system and platform;
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for’ page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
• Information we collect when you use wifi in our restaurants:
We use a company called Wireless Social to provide wifi in our restaurants. If you sign up to use the wifi in our restaurants, the Wireless Social terms and conditions will apply, which are available here – https://www.wireless-social.com/privacy-policy/.
• Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
Similar to other commercial websites, our Site uses a technology called “cookies” and web server logs to collect information about how our Site is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that Site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies.
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Site, and the Sites visited just before and just after our Site. Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our Site and which parts of the Site are most popular. This helps us gather feedback so that we can improve our Site and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.
We use ‘session’ cookies which enable you to carry information across pages of the Site and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Site is being used and to improve its structure. We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Site, tailoring the content of certain areas of the Site to offer you content that match your preferred interests.
You can refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Site.
4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data. Typically we will process your data on one of the following bases:
• Consent given (e.g. for obtaining feedback, photos and video recordings for marketing purpose)
• Performance of a contract or an agreement with you (e.g. use for recruitment and customer membership)
• Necessary for our legitimate interests (e.g use of CCTV on sites)
• Necessary to comply with a legal obligation (e.g. if requested by authority for investigation)
5. HOW WE USE YOUR INFORMATION
We use information held about you in the following ways:
• Information you give to us. We will use this information:
• to provide you with the information, products and services that you request from us;
• to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
• to provide you with information about goods or services we feel may interest you, where you have consented to us contacting you for the purposes of marketing or other promotional purposes. If you are an existing customer, we will only contact you or share information with you by electronic means (e-mail, social media or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your data in this way, please tick the relevant box situated on the form on which we collect your data;
• to validate discounts and verify your identify;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and others;
• to notify you about changes to our service;
• to ensure that content from our site is presented in the most effective manner for you and for your computer.
• Photography and Video Recordings. We will use this information:
• for use on social media and in our marketing. We will ensure that consent is obtained expressly.
• Information we collect about you. We will use this information:
• to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and others;
• to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
• Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
6. WHO WE MAY SHARE YOUR INFORMATION WITH:
• Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
• Selected third parties including:
• advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience analytics and search engine providers that assist us in the improvement and optimisation of our site. You can contact our DPO at email@example.com at any time to opt out of this type of lookalike advertising.
We will disclose your personal information to third parties:
• In the event that we sell or buy any business or assets, in which case we may be required to disclose your personal data to the prospective seller or buyer of such business or assets
• If Casual Dining Bidco Limited, or its direct or indirect parent companies, or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
7. KEEPING YOUR DATA SECURE
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
• Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
• Implementing access controls to our information technology;
• We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores;
• Carrying out appropriate risk-based diligence and penetration testing on third party processors.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8. SENDING INFORMATION OUTSIDE THE EEA OR THE COUNTRY YOU’RE LOCATED IN
Where any transfer outside of the European Economic Area (EEA) occurs, we’ll ensure that any such transfer or processing is subject to appropriate legal and technical safeguards.
9. HOW LONG WE WILL STORE YOUR DATA
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary. For more information, you may contact our DPO.
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept.
10. YOUR RIGHTS
Under the GDPR data subjects have several rights subject to certain exemptions:
• The right to be informed: You have the right to be informed. We will inform you of the reason for processing your data.
• The right of access: You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
• The right to rectification: If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
• The right to object: You have the right to ask us not to process your personal data for marketing purposes, in particular where we have used consent as the lawful basis for processing. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by emailing firstname.lastname@example.org.
• The right to erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons. Right to erasure does not apply in the following scenarios (i) when the lawful basis for processing the data is ‘legal obligation’; (ii) For the establishment, exercise or defence of legal claims’.
• The right to restrict processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if our use of the data is unlawful but you do not want us to erase it, (ii) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it, or (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
• Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right may only apply to automated information which you initially provided consent for the Group to use or where the Group used the information to perform a contract with you.
• Withdraw consent at any time where the Group is relying on consent to process your personal data for direct marketing purposes: However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. All marketing communications will contain information about how to opt-out and electronic communications will have a direct link to unsubscribe. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Where possible we will endeavour to respond to notifications of withdrawn consent for use of image or film prior to publishing the image or film. It may not be possible to do so after publication.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing any requests to exercise your legal rights. Requests should be made to email@example.com or to DPO, Casual Dining Group, 163 Eversholt Street, London NW1 1BU.
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they can help you address any concerns. You can access them here https://ico.org.uk/for-the-public.