We at The Restaurant Group respect your right to privacy. This Privacy Notice describes the types of personal information that you may provide to us or which we may otherwise collect when you communicate with us, and how we may use your information, who we may share it with and how we protect it. We also tell you how you can update your information, unsubscribe from receiving marketing communications from us or change your preferences.
The Restaurant Group plc, a company registered in Scotland under company number SC0300343, with its registered office at 1 George Square, Glasgow, Scotland G2 1AL (“TRG”, “we” or “us”), is the data controller of your personal information.
What this Privacy Notice covers
Whenever you communicate with us, including when you:
- visit our website located at http://www.trgplc.com
- use one of our apps
(whether you do this directly or through one of our partners or sub-contractors), we collect, store and use your personal data in various ways. Because at TRG, we know that your personal data is important to you, we want to be completely transparent with you so you know exactly what we are doing with it. So this Privacy Notice explains:
- what information we collect and how do we obtain it
- how we protect your information
- purpose and legal basis for the information we collect and use
- special offers and promotions
- sharing and disclosure of Personal Information
- collection of information by third party sites
- your rights regarding your Personal Information
- retention of Personal Information
- Disabling / Enabling Cookies
- Revisions to this Privacy Notice
- How to contact us
In the normal course of our business, we will collect personal information relating to you, such as your name, address, phone number and e-mail address (“Personal Information”) whenever you communicate with us or one of our partners or sub-contractors, (including by email, phone, SMS, via the website, our apps or otherwise), for example, in the following situations:
- when you browse our website or sign up to receive alerts and news about us;
- when you write to us;
- we operate CCTV on our premises - please consult the signage for more details.
- if your submit a job application form and/or CV, or otherwise seek employment with us, we will collect your Personal Information (including employment history and qualifications, photo id, and reference contact details and, where required, criminal records checks). You may also choose to give us certain details about a medical condition or disability, religious belief or other sensitive data relevant to your application for employment. We also collect ethnicity data (on a voluntary basis) in order to monitor our adherence to equal opportunities and anti-discrimination laws.
Some of the personal information that you provide may include sensitive personal information, such as health-related information when you make a complaint or suffer an incident in one of our restaurants (see above). We need this information to investigate the complaint or incident and (if necessary) report it to health or other authorities, law enforcement agencies, our insurers and any suppliers who may be involved). We may also collect information about the names of others in your party, and any other information needed for the purposes of the investigation.
We apply appropriate technical and organisational security measures to prevent unauthorized access to Personal Information we hold about you. All Personal Information about our guests is stored within a robust secure environment.
We never sell your data to a third party. Our practice is that no data is ever provided to third parties except in the circumstances described below under Sharing and Disclosure of Personal Information.
Please note that email correspondence with us is in free format text and cannot be encrypted. Accordingly please do not send any sensitive information such as credit card details or passwords via email. Please also note that perfect security does not exist on the Internet. You’ll know that you’re in a secure area of our website when a “padlock” icon appears on your screen and the “http” portion of our URL address changes to “https.” The “s” stands for “secure.”
We know how important your Personal Information is so we will only ever collect and use your Personal Information for a lawful reason relating to our business. Generally this means that we will use your Personal Information:
- to carry out a contract with you or because you have asked us to take specific steps;
- because we have to comply with the law and applicable regulations, for example reporting any health, safety or security incidents to the relevant authorities,
- for legitimate legal purposes,
- where required by external parties we deal with such as our insurers, suppliers or where necessary for the establishment, exercise or defence of any legal claims.
We want you to be clear on what we do with your Personal Information. We will keep your Personal Information secure and never sell your Personal Information to anyone. We do use sub-contractors to carry out certain functions on our behalf and, occasionally, have to disclose your Personal Information (for example, to provide specific services to you or dealing with insurers or public authorities like the police). This is described more fully below:
Sub-contractors, suppliers and agents: from time to time we employ other companies to perform functions on our behalf including designing and sending guest or investor communications, providing shareholder vouchers, analysing data, providing elements of our IT or back-up systems, providing marketing assistance, processing payments, improving our services and providing customer service. They may have access to Personal Information needed to perform their functions, but are not permitted to use it for other purposes and cannot modify, disclose or erase your data without our instructions.
Legal reasons: we may disclose information about you (i) if we are required to do so by law or regulation, (ii) in response to a request from law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Fraud / Credit Risk: where necessary to prevent fraud or reduce credit risk, we may exchange your Personal Information with other companies and organisations.
Business transfers: in any corporate transactions (e.g. buying or selling of businesses, stores or business units) Personal Information is generally one of the transferred assets. We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets, however that would always be under conditions of strict confidentiality and limited to the specific purpose.
Sending data outside of Europe: We do not transfer your Personal Information to countries outside the European Union. However, some of our appointed carriers, sub-contractors, suppliers and agents may transfer, use or store data in other countries. Where this is the case, they are obliged to ensure that there is equivalent protection for your Personal Information as would be the case within the European Union.
We will take appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These safeguards may include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information by a data controller established in the European Union to a processor established in a third country which does not offer adequate level of protection.
Analytics and profiling: In order to offer you a more personalized experience in your interactions with us, information collected through one source may be combined with information we obtains through other sources. This may include information that allows us to identify you across multiple devices through which you access our websites. We may also supplement the information we collect with information obtained from other parties, including our business partners and other third parties to create customised profiles about you. Examples of how we may use this information include using your data to help us to improve your experience using our website, to present you with options tailored to your preferences and for targeted advertising purposes.
Our website may contain links to other websites whose privacy practices may be different to ours. You should check the privacy notices of those third party sites as we have no control over information that is submitted to or collected by those third party sites. We are not responsible for the content of these sites, any products or services that may be offered through these sites, or any other use of these sites.
You have certain rights regarding your Personal Information. We summarise these below:
Right to access: You have the right to access data about you that we use. If you want to access all your Personal Information or specific Personal Information not available on your TRG account, then you can make an access request by writing to us (see below). We will process your request without undue delay and, at the latest, within 1 month, unless your request is complex or numerous in which case we may take up to 3 months, but we will inform you within 1 month if this is the case.
Please note that there are certain limited exceptions to your right to access personal data such as if it would involve disclosing the personal information of another person who has not consent to such disclosure, if disclosing Personal Information would prejudice on-going negotiations with you, information relating to the prevention or detection of crime or apprehension or prosecution of offenders, management information and information covered by legal privilege.
Right to rectification: when you log in to your account, you can also rectify or update any information on your account. If you are not able to do so, then you can make a rectification request by writing to us (see below).
Right to erasure: When you log on to your account, you may also erase any data on your account with the exception of data that is required for you to keep your account open (such as your email address, name etc.). You also have the right request us to erase Personal Information which TRG hold about you by writing to us (see below).
Please note that there are exceptions such as where we need to retain Personal Information for legal reasons (e.g. where necessary for the establishment, exercise or defence of any legal claims) or where we have another legitimate business reason for retaining Personal Information.
Right to restrict or object to processing: if you want to stop receiving special offers, discounts, news and information from us, either:
- simply click on “unsubscribe” at the foot of the email or text and we will take you off our marketing and promotions list or
- if you have registered for alerts, just log into your account on our website at www.trgplc.com and change your preferences on the profile tab at any time.
You also have the right to request portability of your Personal Information which you have given us.
Right to complain to a data protection authority: You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
To make a request concerning your Personal Information, as described above, please write to: Company Secretary, The Restaurant Group plc, 5-7 Marshalsea Road, London SE1 1E.
We will keep your data for as long as necessary to carry out the purpose for which we collected it. Please see Your rights regarding your Personal Information above.
We, our service providers, and/or non-affiliated third parties, may use “cookies” or similar technologies on the Site. When you visit our website we serve cookies to your computer. Cookies may be used in the following ways:
- to enable the personalisation features on our website (which give you the ability to recall recently viewed pages and see information which you have input on line);
- to compile anonymous, aggregated statistics that allow us to understand how users use our website and to help us improve the structure of our website. We cannot identify you personally in this way and
- for security, site and product integrity.
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can recognise your computer when a user of your computer returns to a website previously visited by someone using your computer. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number that identifies your computer. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
There are two broad categories of cookies “first party cookies” and “third party cookies”. First party cookies are cookies that are served directly by the website operator to your computer, and are used only by the website operator to recognise your computer when it revisits that site. Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognise your computer when it visits other websites. Third party cookies are most commonly used for website analytics or advertising purposes.
The sorts of cookies we use may include:
Anonymous site usage statistics
We use Google Analytics cookies to record anonymous usage of the site and produce statistics such as the number of visitors to a page. These cookies include _ga, _gat, _gid.
We also use Hotjar web analytics to keep track of how people use our web site. It has no personal information stored and certainly cannot be used to contact you.
Some parts of our website are supplied by third parties and embedded within this site. When you use third party services they may also place cookies on end user browsers. An example of this is our table reservation system. These third parties may use additional cookies for service, performance, tracking and analytics purposes and the information practices of those third-parties are not covered by this Privacy Notice. We suggest you check these third party websites for more information about the cookies they use.
Corporate information about us
You can accept or decline cookies by modifying the setting in your browser. The “help” portion of the toolbar on most Internet browsers will tell you how to change your browser cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether For further details on how to do this please visit the educational sources http://www.allaboutcookies.org and http://www.youronlinechoices.eu.
Please note that if you disable cookies you may not be able to use all the features of our website.
We may update or revise all or any part of this Privacy Notice from time to time. A copy of the current Privacy Notice will be posted on our website and we encourage you to check it from time to time so you are aware of any changes or updates to the notice. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the bottom of this Privacy Notice.
Should you have any questions about this Privacy Notice or how we use your Personal Information, please write to us at:
The Restaurant Group plc
5 – 7 Marshalsea Road
London SE1 1EP
24th May 2018