It explains how information collected about you is used, how you can instruct us if you prefer to limit the use of that information, your rights in relation to that information and the procedures that we have in place to safeguard your privacy.
We are registered with the Information Commissioner’s Office (with the registration number [insert number]), and abide by the requirements of the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2003, and the General Data Protection Regulation (EU) 2016/ 679 (GDPR).
We are the controller of your personal data provided to, or collected by or for, or processed in connection with any take-out collection orders you place or any other information you submit through the Website.
Please note that our Website may contain links to products, services and websites that are owned and operated by third parties, in particular all payments for take-out collection orders are done through a third-party payment website. These websites will have their own privacy policies which you should review if you choose to visit these websites. We do not make any representations about third party websites and applications that may be linked to the Website and are not responsible for the privacy practices of third parties.
Types of information we may collect about you
We collect both personal and anonymous data when you send us information or use our Website. Personal data comprises information where you can be identified from this information (directly or indirectly). Anonymous data is that which cannot identify you and which is typically used in aggregate to better understand our customers.
How we collect your personal data
We collect data when you interact with our Website, for example when you browse our Website, when you place a take-out collection order and when you engage with us and through our email correspondence.
Specific details of the information we may collect:
When forms on our Website are completed by you we will receive various pieces of personal data such as your name and other information such as your postal address, e-mail address and telephone number to process your request. Only relevant information will be used by us necessary to fulfil the any take-out collection order or other service requested and potentially communicate with you on any concerns arising in the provision of the products or service in general.
A cookie is a small file placed onto your device that enables us to supply features and functionality for our Website. For example, cookies enable us to identify your device, secure your access to our Website generally, and even help us know if someone attempts to access your account from a different device. Cookies can be used to recognize you when you visit our Website, remember your preferences, and give you a personalized experience that’s in line with your browser settings. Cookies also make your interactions with our Website faster and more secure. Additionally, cookies allow us to bring you advertising both on and off our Website.
Most browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information. If you do not want to receive cookies, you can change your browser settings on your computer or other device you are using to access our Website. If you use our Website without changing your browser settings, we will assume that you are happy to receive all cookies on our Website. Most browsers also provide functionality that lets you review and erase cookies, including our cookies. Please note that our Website may not work properly without cookies.
We also collect data on how you interact with our Website. To understand how our Website is used and performing we may use analytics services to provide us with statistical information.
In using one of our Website we may collect information about the device you are using, such as the operating system, your browser type, the URL of the previous website you visited, your ISP and unique device identifiers which allow us to recognise you next time you visit to provide you with a personal experience. We use analytic and reporting technologies to record and collect data from you. This information, such as your browser type, the URL of the previous websites you visited, your ISP, operating system, cannot be easily used to personally identify you. We may use partners to help manage, monitor and optimise our Website to help us measure the effectiveness of our advertising, communications and how visitors use the Website.
Information about transactions – if you make any purchase from us we will record details of that transaction for book-keeping and performance analysis. We do not have access to or store any information relating to your financial information, such as credit or debit card details.
How we use and process your personal data
We use your personal data for the following purposes:
To fulfil take-out collection orders or provide a service to you, for example to:
- to respond to your queries about our products and services.
- to fulfil your requests for our products or service.
- to send you communications (for example, an acknowledgement notification related to your take-out collection order(s), support correspondence or a notification regarding changes to our products or services).
- to keep records up to date and to ensure the provision of purchases you have made.
We rely on the lawful basis of performance of a contract for the above purposes.
We rely on our legitimate business interests for the following purposes:
- To send you email marketing communications. We will always inform, when you provide your details to us, of our intention to send you such messages. You will have a clear opportunity to opt-out at this point and in every subsequent communication.
- To determine the effectiveness of promotional campaigns and advertising.
- To personalise or improve the way that our products, services or advertising is presented to you on our Website and that of third parties, such as based on location, gender (if known) and interests (based on browsing and purchase habits).
- To keep records up to date and to ensure the provision of purchases you have made. To learn from and improve how customers interact with our Website and restaurants to improve their experience over time.
- We may use your IP address to identify your location, for example to block disruptive or abusive use of our Website.
- To enhance the security of our network and information systems.
- For reporting and audit purposes.
We have balanced our legitimate interests with those of our customers. If you would like further information or to object to us using your data for such purposes, please contact [email protected].
In specific circumstances we rely on the lawful basis of consent (i.e. where you actively agree to a specific use of your personal data) and legal obligation (i.e. where we are legally obliged to hold your personal data or disclose it by law).
NHS Test & Trace and Your Personal Data
To support the NHS Test and Trace service, we are required by law to collect and store a record of visits to our restaurants for the purpose of contact tracing.
Collecting and sharing this information with public health authorities on request, ensures the safety of our staff and patrons and helps fight the transmission of coronavirus.
If you visit one of our restaurants in order to pick-up a take-out collection order placed though our Website we will collect your personal information which, may include requesting you to scan our Test and Trace QR code. The information collected for NHS Test and Trace includes first and last names of the person picking-up the take-out collection order, a contact telephone number, a contact email address and the date and time of the visit.
NHS Test and Trace requires us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out correctly and we are responsible for compliance with data protection legislation for the period of time we hold the information. If this information is requested by the NHS Test and Trace service, the NHS would at that point become responsible for compliance with data protection legislation.
We will only share information with NHS Test and Trace if it is specifically requested by them for contact tracing.
Information collected only for the purpose of contact tracing (such as, when you use the specific Test and Trace QR code) it will not be used for other purposes, and neither we nor NHS Test and Trace will disclose this information to any third party unless required to do so by law (such as, as a result of receiving a court order). Information collected for the purpose of contact tracing will be destroyed by us 21 days after the date of your visit.
Other information that we would usually collect, store and use in our ordinary dealings with you will continue to be held after 21 days and we will use it as we usually would, unless and until you request that we do not use it.
How do we secure your data?
We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it. When you give your personal data to us we will process that data in accordance with our responsibilities.
To prevent unauthorised access, to maintain data accuracy and to ensure the correct usage of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your personal data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Any outside suppliers are under strict contractual terms to mirror the security policies that we currently have in place.
We will keep personal data only for as long as we need it to maintain our relationship with our contacts, provide services or information they have requested, to inform our research into the preferences of our customers /clients, to comply with the law, and to ensure we do not communicate with individuals that have asked us not to. When we no longer need the information, we will dispose of it securely, using specialist companies to do this work for us, if necessary.
Sharing information with others
Primarily we use your information internally in order to provide you with the products and services you have selected.
We may disclose your information to specific third parties in the following circumstances:
- We may engage third parties to provide you with products or services on our behalf, including payment processors, fraud and security providers, those providing technology services and support, loyalty schemes and services, contact centre services, analytics or business services, marketing, promotions and advertising services, financial services, insurance services or professional or legal services. In that circumstance, we may disclose your personal data to those third parties in order to meet your request for products or services. Where we do so we take the necessary steps to ensure your personal data is treated securely and have appropriate contractual arrangements in place.
- We may transfer your personal data outside the European Economic Area (EEA). Some of our third-party service providers are based outside the EEA so their processing of your personal information will involve a transfer of data outside the EEA. Where we do so we take the necessary steps to ensure your personal data is treated securely and have appropriate contractual arrangements in place.
- If disclosure is required or permitted by law. We will always ensure that those requesting the information have the legal right to do so.
- If another company should purchase any of our companies or assets, including our database, that company will have the right of possession of the personal data collected by us and will assume the rights and obligations formerly attributable to us.
Under certain circumstances, under applicable data protection law you have the right to:
- Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
If you want to review, verify, correct or request erasure of your personal data or object to the processing of your personal data please contact us via email [email protected] or via our Website https://laaghas.com/contact/.
If contacting us does not resolve your complaint, we are registered with the Information Commissioner’s Office who can be contacted if you have concerns about our practices and do not feel we are able to satisfactorily answer your concerns.