1. INTRODUCTION

We are committed to protecting the privacy of those with whom we interact with and recognise the need to respect information that is disclosed to us.

We will treat all personal data we hold on you in accordance with current UK data protection legislation (including the UK General Data Protection Regulation or UK GDPR and the Data Protection Act 2018).

This notice explains how we collect your personal data, how long we hold this information for, and what rights and options you have in this respect.

This notice applies to all personal data collected by us when you make a reservation with us (either in person, via the telephone or via our website (https://www.cleaverandwake.com/), when you visit, or dine at Cleaver & Wake or attend an event at Cleaver & Wake and/or when you otherwise make use of our services.

2. WHO ARE WE?

Cleaver & Wake is part of the canal side destination at The Island Quarter (TIQ) development. This notice applies to the Cleaver & Wake restaurant.

Throughout this notice, references to TIQ, “we“, “our” or “us” means The Island Quarter Canal Turn Operating Company Limited registered in England under company number 13616632 with registered address First Floor, Suite 3, 1 Duchess Street, London, United Kingdom, W1W 6AN who is the controller and responsible for your personal data.

For the purposes of the UK GDPR, we are regarded to be a controller of your personal data. This means that we are responsible for deciding how and why your personal data is used.

3. HOW TO CONTACT US

If you have any questions about this notice or the information we hold about you, please email us at marketing@theislandquarter.com

4.How is personal information collected?

We may obtain your personal data from the following sources:

  1. From you directly: e.g. through your interactions with our website, including personal data you provide to us directly when you complete the contact form on the website, over the phone, via emails, paper forms, in person or when you use our online systems such as by logging into our Wi-Fi.
  2. From you indirectly: e.g. from third party service providers that are assisting us in providing you with a service (such as third party reservations platform when you make a booking).

5.What personal data is collected?

The list below provides a non-exhaustive list of the types of personal data collected by us:

  • Mandatory contact/identification details including name, phone number and email address.
  • Voluntary contact/identification details including date of birth and postcode
  • Details relating to the nature of enquiry and/or information relating to your reservation or free entry (for example, seating preferences, group size, time, dietary requirements and social occasion information such as whether you or your guest are celebrating a birthday or anniversary and accessibility requirements etc.).
  • Online identifiers (including your device information such as IP and MAC address when you log-in to our WiFi or navigate our website).
  • Financial details (e.g. confirmation of whether you paid by card and card type, your name, the last four digits of your long card number, the CVC number and expiry date).
  • Voucher or other discount details if you provide them to us (such as the voucher number, your name and contact details and the voucher amount).
  • Details and records of your request, complaint or query and/or any feedback you submit about your experience with us.
  • Categorisation of you as a customer based on the information we have about you from various sources (for example, if this is your first experience with us or you are a regular customer).

We do not need to process any information which would be considered to be ‘special category data’ (that is any information which, for example, reveals your ethnic or racial origin, political affiliations or health data) in order to provide your services. To the extent that you confirm that you or your party have any underlying health condition when reserving or booking with us (such as an allergy or disability) we will only process such information based on your explicit consent for such period of time as is necessary to provide our services. Where you provide such data on behalf of a member of your party, you confirm that you have obtained their consent for us to process this information. Please ensure that you bring this Privacy Notice to the attention of your party.

6.Why do we collect your personal data?

The table below explains why we process your personal data alongside the legal grounds for processing:

Processing Activities: Purposes of processing Lawful Ground for Processing
When you make a booking or reservation with us [either when you contact us via email or telephone or] via our third party reservations and booking platform (Sevenrooms). You may be required to provide your payment card details in order to pay a deposit: To complete your reservation and to comply with your reservation requests and/or making a booking. Legitimate interests (this information is necessary for us to complete your reservation or book Cleaver & Wake’s private function venue upstairs and respond to your requests).

 

 

When you use our online services including: browsing our website, logging into our WiFi and collecting loyalty rewards To enable you to access our WiFi and benefit from our loyalty rewards program Legitimate interests (ensuring that we provide with appropriate services)
When you provide feedback on our services Receiving/responding to event or customer enquiries, complaints and receiving feedback from guests (including via surveys/questionnaires). Legitimate interests (to respond to enquiries and provide customer service)
When you receive marketing, communications and advertising from us: To provide you with marketing, promotional material and other communications relating to Cleaver & Wake or other TIQ businesses in the TIQ development which may be of interest to you.

 

Information which may be relevant to a specific competition or promotion (e.g. your name, email address and phone number if relevant) (for more information, please refer to the relevant competition Ts&Cs and privacy notice).

 

Consent. You may opt out from receiving direct marketing at any time by unsubscribing from our email communications or by sending us an email with the words “Opt Out” in the subject header.
When we share information with law enforcement or such other competent authority It may be necessary for us to disclose your personal data with law enforcement, the courts or other competent authorities in order to comply legal obligation imposed on us or otherwise to exercise and/or defend our legal rights. To comply with a legal obligation or as part of our legitimate interests (to exercise/defend our legal rights).
When we respond to or make a legal claim/exercise our legal rights. It may be necessary for us to process your personal data if we need to receive legal advice, or exercise our legal rights or settle a legal claim which relates to you.

 

Legitimate interests (to exercise/defend our legal rights and/or seek legal advice).
When you visit our premises Security measures on premises -CCTV is placed on our building to monitor and maintain security of our guests and employees Legitimate interests (to ensure the safety of guests and employees and assist law enforcement).

Footage may be used to exercise or defend our legal rights.

Where we have relied on legitimate interests to justify processing your personal data, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

Please be aware that you have the right to object to the processing of your data of any of the legitimate interests identified.

7. How is data stored?

Your personal data will be treated confidentially. Authorised members of our team can access the data, which is protected by password access. We use technical and organisational measures to safeguard your information and put in place appropriate measures to prevent personal data from being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. For example, our web server is password protected to protect from external threats. We limit access to your personal data to only those people who need access to the data (which is also password protection).

Whilst we use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the Internet. If you have any particular concerns about your information, please contact us (see paragraph 3 (how you can contact us)).

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. In practice, we will retain your personal data in accordance with the indicative retention periods set out in the table below:

Processing Activities: How long will we hold your personal information for
Details relating to a booking or reservation with us 3 months
Details you provide to set up an account to collect loyalty rewards  If you do not redeem or earn any loyalty rewards for 18 months, we will delete your account.
Feedback you provide on our services  3 months unless we need to hold the information in order to respond to or make a legal claim/exercise our legal rights (see below row)
When we respond to or make a legal claim/exercise our legal rights Generally 6 years in accordance with UK statutory limitation periods
CCTV 1 month or such longer period if we are required to retain this information in order to share it with law enforcement or such other competent authority

We review annually what we hold, and always consider if we still need the personal data, factoring in if it is sensitive, at risk of harm from unauthorised use or disclosure, and the processing purposes.

Upon expiry of the applicable retention period we will securely destroy your personal data unless we have are required to extend the applicable retention period in accordance with applicable laws and regulations.

9. Who do we share your personal data with?

We may share your personal data with the following categories of recipient

  1. our third party service providers including: IT services, CRM (customer relationship management), website development, guest WiFi and other online services, software platform providers providing digital marketing and advertising, managing reservations and booking information, collecting consents other services and receiving customer feedback;
  2. law enforcement, the courts and other competent authorities as required.

For more information about our third party service providers, please contact us using the details provided at the beginning of this notice. For information about how a third party service provider processes your personal data we may direct you to their applicable privacy notice.

10. Transfers of your personal data outside of the UK

We may need to transfer your personal data outside of the UK. Any transfer of your data will be subject to either a recognised adequacy decision or appropriate data transfer mechanisms such as standard contractual clauses which will safeguard privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms. If you would like more information about the transfer mechanisms used by us, please contact us using the details provided at the beginning of this notice.

11. Your rights in relation to personal data

As a data subject, you have the following rights under the UK GDPR:

  • The right of access to personal data relating to you. This means that you can ask us for a copy of your personal data we hold on you, the purpose for which it is processed, details of recipients or classes of recipients to whom it is or may be disclosed, the period for which it is held and any information available about the source of the data. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. If you wish to receive a copy of your personal data, please contact us using the contact details set out at paragraph 3 above (how to contact us).
  • The right to correct any mistakes in your information. This means that you can require us to correct any mistakes in your information which we hold free of charge.
  • The right to ask us to stop contacting you with direct marketing. If you would like us to stop sending you direct marketing/email communications, please email us with the subject line “Opt Out”. You can also click on the ‘unsubscribe’ button at the bottom of the marketing emails.
  • The right to ask us to stop contacting you with direct marketing. If you would like us to stop sending you direct marketing/email communications, please email us with the subject line “Opt Out”. You can also click on the ‘unsubscribe’ button at the bottom of the marketing emails.
  • The right to have your personal data ported to another data controller.
  • The right to erasure. You have the right to ask us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected or when (for example) your personal data has been unlawfully processed.
  • The right to withdraw consent – where consent has been relied on to process your personal data. This is a vital and necessary aspect of consent, and we are aware that you may wish to withdraw consent at any time. If you do not want us to hold information relating to your allergies or disabilities, please contact us (see paragraph 3 (how can you contact us)). If you wish to opt out of receiving marketing communication, you can unsubscribe by clicking on the link provided in our emails.

If you have any questions regarding how to exercise your rights, please contact us (see paragraph 3 (how can you contact us)). We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

12. What will happen if your rights are breached?

If you do not think that we have processed your personal data in accordance with this notice – you should let us know as soon as possible (see section 3 (How to contact us) above.

Similarly, you may complain to the Information Commissioner’s Office. Information about how to do this is available on its website at https://ico.org.uk.

You may be entitled to compensation for damage if do not comply with data protection legislation.

This notice is reviewed and updated from time to time. Do check this page periodically in order to review the latest version. We welcome your questions regarding privacy.

Privacy Notice Last Updated on [insert date] 2022.