The River Cafe GDPR Policy
The River Café Ltd is a limited company. This privacy policy will explain how our organisation uses the personal data we collect from you when you use our website.
Topics
- What data do we collect?
- How do we collect your data?
- How will we use your data?
- How do we store your data>
- Marketing
- What are your data protection rights?
- What are your cookies?
- What types of cookies do we use?
- How to manage your cookies
- Privacy policies of other websites
- Changes to our privacy policy
- How to contact us
- How to contact the appropriate authorities
What data do we collect?
The River Café Ltd collects the following data:
- Personal identification information (Name, email address, phone number)
How do we collect your data?
You directly provide The River Café with most of the data we collect. We collect data and process data when you:
- Make a reservation or place an order for any of our products or services online or by telephone.
- Voluntarily complete a customer survey, provide feedback or contact us via email.
- Use or view our website via your browser’s cookies.
How will we use your data?
The River Café collects your data so that we can:
- Process your order or reservation
- Email you with special offers on River Café products and services we think you might like.
The River Café does not share your data with any third parties.
We use third party companies for processing payments and reservations. Please refer to Privacy Policy of the following companies for more information:
How do we store your data?
The River Café securely stores your data using the program 7rooms. Please refer to their privacy policy for more information at https://sevenrooms.com/en/privacy-policy/
Privacy Policy
Privacy
Your privacy is important to us. This privacy policy describes the online information practices which we The River Café Limited ('we', 'our') employ in relation to the information which you, our customers ('you', 'your'), provide when using the www.rivercafe.co.uk site ('Website').
It is important that you read this privacy policy together with any other notice that we may provide you on specific occasions when we are collecting or processing your personal information, so that you are fully aware of how and why we are using your information, and the legal rights that you have.
The Information we collect
As part of you using our Website and during the course of us providing products and/or services to you, we may collect, use, store and transfer the following types of information about you:
- Identity information including your first name, last name and title.
- Contact information including your address, e-mail address and telephone numbers.
- Financial information including bank details and credit/debit card information.
- Technical information including your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices you use to access our website.
- Communications information including your correspondence with us and any feedback that you provide us with.
How and when do we collect your personal information?
We collect the majority of the personal information that we process about you directly from you when you provide this information to us by:
- contacting us to obtain information relating to us or our products and/or services;
- placing orders on the Website;
- communicating with us by phone, e-mail or otherwise, or when you complete a questionnaire or form
We may also collect technical information when you access and interact with the Website (see the section below on “How do we use cookies?”).
We do not collect data from people under the age of 16 and we will delete such data if we are informed we hold it.
Information from other sources
We may also receive personal information about you from various third parties that we engage in order to assist us with providing products and/or services to you, including:
- delivery and address information from our carriers who deliver products to you;
- marketing information from marketing companies who send customer communications and direct marketing materials on our behalf;
- data analytics information from companies that provide us with data analytics services;
If we request that you do so and you fail to provide information to us, we may be prevented from exercising our rights and obligation and, in particular, we may be prevented from providing the products and/or services that you have asked us to provide. For example, if you fail to provide us with your full address details, it may not be possible for us to fulfill your delivery, or if you fail to provide us with your payment details then we will not be able to process payments for our products and cannot therefore supply them to you.
How we use your personal information
We use your personal information for the following purposes:
- to respond to your enquiries and complaints, and to manage our relationship with you;
- to handle orders, deliver items and process payments;
- to communicate with you about updates, orders, products, services and promotional offers;
- to update our records;
- to administer and protect our business and this site, including to prevent or detect fraud or abuses of our Website;
- for market research, reporting, analysis and modeling so as to improve the products and services we provide;
- to comply with our financial record keeping obligations;
- to use data analytics to improve our website, products, services and user experiences; and
- to enable third parties to carry out technical, logistical or other functions on our behalf.
By law, when processing your personal information we are required to have a ‘legal basis’ to do so. A legal basis is essentially a legal justification for processing your personal information. The legal basis we use to process your personal information will generally be one or more of the following:
- to enable us to perform the contracts that we have with you to supply you with products and/or services;
- where it is necessary for our legitimate interests in administering and managing our relationship with you, providing you with products and/or services, and running our business lawfully and effectively; or
- to enable us to comply with a legal or regulatory obligation.
Sometimes we may ask for your consent to use your information for particular purposes (e.g. to send you marketing communications). Where we do so, this consent will be our legal basis for our use of the information. You can withdraw your consent at any time and we will then stop processing your information for that purpose. If you wish to withdraw your consent, then please contact us using the details at the end of this notice.
For more information on the specific legal basis we are relying on in relation to any of the individual processing activities we have highlighted above, please contact us using the contact details at the end of this notice.
How do we use your personal information for marketing purposes?
If you are an existing customer or you have consented to receiving marketing communications by email, web or text we may send you information on any offers, events or news about our products and/or services that we believe may be of interest to you. Please note that if you do not choose to receive this information, we will be unable to keep you informed of any offers, events or news regarding our products and services.
You can ask us to stop sending you marketing messages (whether by email, web or text) at any time by sending a request to info@rivercafe.co.uk
When do we share your personal information?
We only share your personal information with our other offices, our agents or third parties where necessary so that they can assist us in providing products and/or services to you.
Where we share your personal information with third parties who process your information on our behalf, they will only process your information on our instructions and we will remain responsible for ensuring that it is protected and processed lawfully.
Where we share your personal information with third parties who process it for their own purposes (such as government bodies), those third parties will have their own legal obligations to protect your information and you will have legal rights that you can enforce directly against them.
In particular, we may share your personal information with third parties for the following purposes:
- we may need to share your personal information to other companies who we engage to perform functions on our behalf including; fulfilling orders, delivering packages, sending customer communications, analysing data, processing payments and providing customer services. They will have access to personal information needed to perform their functions, but may not use it for other purposes
- where it is necessary to prevent fraud or reduce credit risk, we may share your personal information with other companies and organisations; and
- where requested or if we consider that it is reasonably required, we may share your personal information with government bodies, regulatory bodies or law enforcement organisations so that they can carry out their legal functions.
In some circumstances, you will receive notice before we share your personal information with third parties and you will have the opportunity to choose not to share your information. If you would like further information about the third parties with whom we share your personal information then please contact us on the details at the end of this notice.
Collection of Information by Third-Party Sites
Our Website may contain links to other websites whose information practices may be different to ours. You should consult the privacy notices of those third party sites as we have no control over information that is submitted to, collected, or processed by them.
How do we use cookies?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer's hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the 'lifetime' of the cookie, and a value, usually a randomly generated unique number. When you visit our Website we send you a cookie.
Cookies may be used in the following ways:
|
Purpose
|
Supplier
|
Expiration
|
Cookie
|
|
Randomly generated session for recognising a client that purchase an item from our online shop
|
Sevenrooms Booking
|
1 year
|
__stripe_mid
|
|
This cookie is a security measure and prevents Cross Site Request Forgeries, which is external code being executed on www.sevenrooms.com
|
Sevenrooms Booking
|
1 year
|
csrftoken
|
|
Registers a unique ID that is used to recognise a client
|
Sevenrooms Booking
|
2 years
|
G_ENABLED_IDPS
linkedin_oauth_77ulrjjedsies7
linkedin_oauth_77ulrjjedsies7_crc
_gid
|
|
This cookie is a security measure and prevents Cross Site Request Forgeries, which is external code being executed on rivercafe.co.uk .
|
The River Café
|
1 year
|
csrftoken
|
|
Google Analytics is a web analytics service provided by Google, Inc. (“Google”), to help us see how our website is used. In doing so information about your use of our website, including your IP address, may be transmitted to Google and stored on servers in the United States. The data collected by Google Analytics is used to analyse how frequently the same people revisit the University website, how the website is found (from advertising or referring websites), and which pages are most frequently viewed. This information is combined with data from thousands of other users to create an overall picture of website use, and is never identified individually or personally and is not linked to any other information we store about you.
|
Google Analytics
|
The longest lasting cookie expires 2 years after your last visit to the website. Others are deleted 6 months, 30 minutes and the moment you close your browser.
|
__utma, __utmb, __utmc, __utmv, __utmz
|
|
Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
|
Google Maps
|
Most of the cookies expire 10 years after your last visit to a page containing a Google Map.
|
SID, SAPISID, APISID, SSID, HSID, NID, PREF
|
|
Vimeo sets a number of cookies on any page that embeds a Vimeo video. While we have no control over these cookies, they appear to include a mixture of pieces of information to measure the number and behaviour of Vimeo viewers, to hold information about current viewing video settings as well as a personal identification token, if you are logged into Vimeo. Furthermore, a set of cookies regarding Google Adsense advertising campaigns might be set, which contain identifiers that record user browsing behaviour.
|
Vimeo
|
There are some cookies that expire 10 years after first viewing a Vimeo video while most of them expire between a few days for up to two years after the last viewing of a Vimeo video.
|
__utma, __utmb, __utmc, __utmv, __utmz, last_page, embed_preferences, has_logged_in, stats_start_date, stats_end_date, CAL, GAPS, N_T, S_adsense, adsenseReferralSourceId, adsenseReferralSubId, adsenseReferralUrl, adsenseReferralUrlQuery, APISID, HSID, NID, PREF, SAPISID, SID, SNID, SSID
|
You can accept or decline 'cookies' by modifying the setting in your browser. Please note that if you disable 'cookies' you may not be able to use all the features of our Website.
How do we keep your information secure?
We employ security measures to prevent unauthorized access to information that we collect online and through POS. We use a secure online order form for all purchases made via the Website. All data transmitted via this form (including credit card details) is encrypted so it is transmitted securely. To verify this, when placing an order using the Website a padlock will appear in your browser. It is normally in the status bar, towards the right hand side, in the address bar of your browser window. You can double click this padlock to verify that the secure certificate has been issued to the Website.
Our security is certified by the certificate provider Let’s Encrypt Authority X3.
Please note that email correspondence with us is in free format text and cannot be encrypted. Accordingly please do not send any sensitive information such as credit card details via email.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
- We protect the security of your information while it is being transmitted by encrypting it using a modern cipher suite.
- We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
Data retention
We will only keep your personal data for as long as necessary for the purposes for which we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
Details of the retention period for different aspects of your personal information are available in our data retention policy, detailed in the table below and covering all key databases held by The River Café Ltd.
|
Ref
|
Type of Data
|
Details
|
Purpose of data
|
Review Period
|
Retention Period or Criteria
|
|
1
|
Personal Details
|
Eg Name, Address, Title, Gender
|
To support email and whitemail marketing, customer reporting and analytics
|
12 months
|
5 years
|
|
2
|
Contact Details
|
Eg Billing Address, Delivery address, email address and phone number
|
To support email marketing & customer reporting
|
12 months
|
5 years
|
|
3
|
Image Data
|
Eg CCTV images, photographs if taken during an event and you have not objected to this
|
For security and PR
|
12 months
|
5 years
|
|
4
|
Financial
|
Eg Payment card details
|
To provide financial information with regard to purchases as well as to support fraud prevention
|
12 months
|
7 years
|
|
5
|
Transactional Data
|
Eg order information, product purchased, total cost, payment information, billing and delivery information
|
To support transactional queries, customer and product reporting & analytics
|
36 months
|
7 years
|
|
6
|
Technical Data
|
Eg Internet Protocol (IP) address, login data, browser type and version, time-zone setting and location, browser plug in types and versions, operating system and platform and other technology devices used to access the website, geographical location, length of visit, number of pages viewed
|
To support online reporting & analytics as well as operational information
|
12 months
|
5 years
|
|
7
|
Profile Data
|
Eg Order history, preferences, feedback on survey and response,
|
To support reporting, analytics and personalisation of marketing activity
|
12 months
|
5 years
|
|
8
|
Marketing Data
|
Eg Preferences in receiving marketing and communications
|
To support marketing activity
|
12 months
|
3 years
|
|
9
|
Instore Data
|
Eg products purchased, amount spent, payment information
|
To support transactional queries, customer and product reporting & analytics
|
12 months
|
7 years
|
Your legal rights
You have the following rights in relation to the personal information that we hold about you:
- The right to request access to your personal information (commonly known as a “data subject access request”). This enables you to request a copy of the personal information we hold about you and to check we are processing it lawfully.
- The right to request correction of the personal information we hold about you. This enables you to request that we correct any incomplete or inaccurate information that we hold about you.
- The right to request erasure of your personal information in some circumstances. This enables you to request that we erase your personal information where there is no good reason for us continuing to process it.
- The right to object to us processing your personal information. This enables you to object to us processing your personal information where we are relying on a legitimate interest and it impacts on your fundamental rights and freedoms.
- The right to restrict our processing of your personal information. This enables you to ask us to suspend the processing of your personal information in certain circumstances.
- The right to data portability. In certain circumstance this enables you to request that we provide you, or a third party, with a copy of the personal information that you provided to us in a structured, commonly used, machine-readable format.
For more information on your legal rights or if you would like to exercise these rights, please contact us on the contact details at the end of this notice.
Revisions to this Privacy Statement
We reserve the right to revise this privacy policy or any part of it from time to time. Please review the privacy policy periodically for changes. This privacy policy was last updated on 25th November 2019.
Unless stated otherwise, our current privacy policy applies from time to time to all information that we have about you.
It is important that the personal information we hold about you is accurate and up-to-date. Please keep us informed of any changes to your personal information.
How to Contact us
If you have any questions or concerns about this privacy policy, would like further details on any of the information contained in this notice, or to exercise any of your legal rights please contact us by email at info@rivercafe.co.uk
Whilst we would appreciate the opportunity to deal with your concerns before you do so, if you are unhappy with how we have used your personal information you have the right to lodge a complaint at any time with a supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office (ICO).
The River Café Ltd
Registered in England : 02105075
Registered office: The River Café Ltd, Thames Wharf, Rainville Road, London W6 9HA.
