Picnic Cafe (“We”) are committed to protecting and respecting your privacy.
If you have any questions about this policy you can contact us by emailing firstname.lastname@example.org.
1. WHAT IS PERSONAL DATA?
“Personal Data” means any information relating to an identified or identifiable natural person, known as a “data subject”, who can be identified directly or indirectly. It may include names, addresses, email addresses, telephone numbers, IP addresses, location data and other similar information. It may also include ‘special categories of personal data’ such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union memberships, genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a natural person’s sex life or sexual orientation.
In respect of the Personal Data of website visitors, the Data Controller is Picnic Cafe.
In respect of the Personal Data of a customer, We shall process Personal Data as a data processor to assist with the administration of gathering guest feedback for research purposes.
2. THE INFORMATION WE COLLECT FROM YOU AND HOW WE COLLECT IT
We will collect and process the following Personal Data about you:
2.1 Information you give us
This is information about you that you give us by filling in forms on this site or by corresponding with us by e-mail or otherwise if you have any queries. It includes information you provide when you correspond with us and if you report a problem with our site.
2.2 Information we collect about you
With regard to each of your visits to our site We will automatically collect the following information:
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
4. USES MADE OF THE INFORMATION
In this section we have set out:
The general categories of personal data that we may process;
The purposes for which we may process that personal data; and
The legal basis for the processing of that personal data.
Correspondence Data – we may process information contained in or relating to any communication that you send to us. The Correspondence Data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The Correspondence Data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
Usage Data – we may process data about your use of our website and services. The Usage Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the Usage Data is our analytics tracking system. This Usage Data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services, troubleshooting and as part of our efforts to keep our site safe and secure. Please see our Cookies Policy for further information on this.
Client Data – we may process your personal data that you provide in the course of using our services. Client Data may include your name, email phone number and opinions. We will only process the Client Data for the purposes of carrying out our obligations arising from any contracts entered into. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business. Where we are processing Personal Data for the purpose of enabling the marketing of current or future products or services to you, the basis for this is consent.
In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. DISCLOSURE OF YOUR INFORMATION
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, insofar as is reasonably necessary for the purposes set out in this policy.
Our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance cover, managing risks, obtaining advice and managing legal disputes.
Our business partners, third party suppliers and sub-contractors for the performance of any contract we enter into with them or you;
Analytics and search engine providers that assist us in the improvement and optimisation of our site;
Any prospective buyer of our business or assets, or any prospective seller of another business or business assets that we are interested in buying.
In addition to the specific disclosures of personal data set out in this Section 5, we may also disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6. WHERE WE STORE YOUR PERSONAL DATA
External access to our database is only possible from specified IP addresses by users with the correct permissions and passwords. Our reporting platform is stored on the same server and access granted to our administrators and designated representatives with the correct permissions and passwords.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. YOUR RIGHTS
In this section we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summary. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
the right to access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right to complain to a supervisory authority; and
the right to withdraw consent.
You have the right to request information as to whether or not we process your Personal Data and, where we do, access to the Personal Data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Data concerned and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Provision of such information will be subject to you supplying us with appropriate evidence of your identity.
You have the right to request that your Personal Data is not processed for marketing purposes. You can exercise your right to prevent such processing by unsubscribing at any time. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
8. RETENTION AND DELETION OF DATA
This section sets out our data retention procedure, which is designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of Personal Data.
Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We may keep an anonymised form of your personal data, which no longer refers to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
We will hold your Personal Data for as long as we have an obligation to provide our services.
Notwithstanding the other provisions of this section, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please contact us for further details of applicable retention periods.