Click here to upgrade your browser...
Privacy Policy

Your personal information

It goes without saying that we’d never do anything untoward with your personal data (“personal information”).

This privacy policy tells you what we do with your information, what rights you have with regards to it, and anything else we think you should know.

IN BRIEF.

Information we collect

We collect personal information when you make a reservation or a payment, when you buy or redeem vouchers, and when you get in touch with the reservations and feedback team. (Further detail below.)

How we use your information

We may use this information to respond to and fulfil your requests, manage and promote our restaurants, comply with applicable law, and as otherwise permitted by applicable law. (Further detail below.)

How we share your information

We may share your information with our suppliers to provide reservation, wi-fi and payment services, or as otherwise permitted by applicable law. (Further detail below.)

What cookies we use

We may use cookies (and other technology) to improve the performance of   our website and to personalise your experience. (Further detail below.)

How long we hold information

We may share your information with our suppliers to provide reservation, wi-fi and payment services, or as otherwise permitted by applicable law. (Further detail below.)

International transfers

We may need to transfer your information outside of your home country. To protect your information, any such international transfers will be made in accordance with applicable law. (Further detail below.)

Call monitoring

We record and monitor telephone calls to help us improve our service and train our team. (Further detail below.)

Third party links

Our website may contain links to other sites and platforms (such as our reservations provider) which are not owned or managed by us, and which have their own privacy policies. (Further detail below.)

Your rights

You have the right to opt out of receiving marketing communications, to receive a copy of the data we hold, and to update your personal data. (Further detail below.)

Changes to this policy

We will let you know about any material changes to this policy via an update on our website, and as otherwise required by applicable law. (Further detail below.)

Contact us

If you have any questions about your information and what we do with it, please send an email to all-ears@dishoom.com (Further detail below.)

 

IN FULL.

1. About Us

This policy describes the processing of your personal data in relation to your use of this website by Dishoom Limited (company number 06226963) (“we”, “us” or “our”), as the owner and operator of this website, and any related sites (such as www.nightatthebombayroxy.com). It also applies to any personal information we collect when you visit our restaurants or otherwise interact with us. Our head office is located at 141-143 Shoreditch High Street, London E1 6JE.

For the purposes of applicable data protection law (including the General Data Protection Regulation 2016/ 679 (the “GDPR”), we are a ‘data controller’ of your personal data (“your information”).

Where applicable, this policy should be read alongside our reservations or wi-fi terms of use which tell you about the basis on which you may book a table or sign up for wi-fi.

2. What personal information do we collect?

Dishoom collects personal data when you visit one of our restaurants, sign in for our wi-fi, contact us, or visit our website. This information may include:

Information you provide when you book a table (contact name, phone number, email address and any additional notes you may provide such as anniversary or birthday details)

Transaction and billing information when you purchase food and drink in our restaurants (e.g. your purchase and credit/debit card details used to process a payment)

Records of your conversations with us over the phone, on email or on social media

Information you provide if you attend an event (e.g. when buying a ticket)

Information you provide if you enter a competition or complete a survey (e.g. providing feedback)

Information you provide when you buy or redeem vouchers or loyalty cards

Automatically Collected Information from Google Analytics when you visit our website (such as web browser type and version, operating system, the website you came from and exit to, your IP (Internet Protocol) address, your browser settings, the date and time of your visits, and details regarding your interaction with the website (including which pages or resources on the website you access and whether you clicked on a link in one of our email newsletters or social media posts)

3. How do we use personal data?

Depending on how you use our restaurants and website and the permission you have given us, we process your personal data for the following purposes:

Contractual Necessity: As required to establish and fulfil a contract with you, for example: when you make a purchase from us (this includes taking payments in a restaurant or via the website, or making a reservation); communicating with you and providing customer services;

Legitimate Interests: Because it is in our legitimate interests in operating our business. In particular:

managing, operating and improving online, email and phone reservations (including enabling you to manage your marketing preferences);

managing, operating and improving our service whilst you are visiting our restaurants (including ensuring that we provide a personal service such as helping to celebrate birthdays or anniversaries if you have provided these details)

managing access to wi-fi services whilst in the restaurant (including enabling you to manage your marketing preferences)

monitoring our restaurants via CCTV cameras to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;

communicating with you about any queries or complaints to our reservations or feedback team;

investigating and handling any complaints received from you about our restaurants, or anything else;

creating user / customer insights based on demographic segments to drive targeted email direct marketing and also carrying out market research and surveys;

delivering tailored advertising to promote our restaurants (including via Facebook look-a-like and custom audiences);

we will use data in connection with legal claims which concern our company, group or partners, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);

You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below.

Legal Compliance: To ensure compliance with applicable laws and legal processes including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such information in connection with legal process or litigation and to law enforcement agencies).

Consent: Subject to the following, we will send you direct marketing by email about Dishoom products and services that we think you might be interested in. This will only be sent where you have given us your consent during the reservation process, in person when you completed a voucher, via online wi-fi sign up, via email newsletter sign up or (where permissible) you have been given an opportunity to opt out. If you change your mind about receiving our emails you will be able to opt out of electronic direct marketing by clicking the unsubscribe link contained in the email itself.

4. Who will your personal data be shared with, and where?

We will share your personal data with third parties in the following circumstances:

With our suppliers and service providers working for us such as payment providers, reservations service providers, communications providers, wi-fi service providers

With our professional and legal advisers

With third parties engaged in fraud protection and detection

With government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our own legitimate interests in compliance with applicable laws; and

In the event that we sell any business assets, purchasers or prospective purchasers of all or part of our assets or our business, and their professional advisers, in connection with the purchase.

Otherwise where we have your consent or are otherwise legally permitted to do so.

5. What cookies will be used on the website?

Like other websites, information and data on the Dishoom website may be automatically collected through cookies and similar technologies. Cookies are small files placed on website users’ hard drive to distinguish you from other users of the website. This helps us to provide you with a high quality experience when you browse the website and also allows us to improve the website. We use cookies to analyse the flow of information; customisethe services and content; measure promotional effectiveness; and promote trust and safety.

Most browsers automatically accept cookies, but if you do not want information collected through the use of cookies, there is a simple process in most browsers to deny or accept cookies. More detail on how businesses use cookies is available here.

On the Dishoom site we use the following types of cookies:

Strictly Necessary Cookies: Some cookies are essential for the operation of the website. For example, some cookies allow us to identify users and ensure they can access the website. If a user opts to disable these cookies, the user may not be able to access certain content or features on the website.

Performance Cookies: Other cookies may be used to analyse how users use the site and to monitor site performance. This allows us to provide a high-quality experience by customising the offering and quickly identifying and fixing any issues that arise. For example, performance cookies may be used to keep track of which pages are most popular and to determine why some pages are receiving error messages.

Functionality Cookies: These are used to allow us to remember customer selections and preferences and tailor the website to provide enhanced features.

Social Media Cookies: These cookies allow users to share what they’ve been doing on the website on social media such as Facebook and Instagram. These cookies are not within our control. Please refer to the respective social media providers’ privacy policies for how their cookies work.

Google Analytics: Google Analytics is a web analysis service provided by Google, Inc. We use Google Analytics to monitor how visitors use our website, to compile reports and to help us improve the website. Please see Google’s privacy policy here for further information on the data Google collects and how it is processed. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-Out Browser Add-On by following the instructions here.

6. How long will you hold my data?

Where we process personal data for marketing purposes or where you have given your consent, we process the data until you ask us to stop for a short period after this (to allow us to implement your requests), or for up to 24 months at which point we will contact you to check you still want to hear from us. We also keep a record of your email address if you have unsubscribed, or you have asked us not to send you direct marketing, so that you do not receive marketing emails in future.

Where we process personal data for a reservation we retain it for 12 monthsAfter that our records are anonymised (personal data is deleted). The anonymised data may be used to provide management information and historical analysis.

Where we process personal data for any other purpose, including when you make a complaint, provide feedback or buy a voucher, we retain it for 24 months. After that your data may be anonymised (personal data is deleted). The anonymised data may be used to provide management information and historical analysis.

We will also maintain records for invoicing, tax and warranty purposes.

We may keep a record of correspondence relating to queries and complaints for as long as necessary to protect us from legal claim.

Where we no longer have a need to keep your information we will delete it.

7. Where will you send my data?

Our servers are kept in the UK, however Dishoom uses service providers around the world. Consequently your personal data may be processed in countries outside Europe (the “EEA”) (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway) including in countries where the local laws do not provide the same level of data protection as those in Europe. In particular, we have suppliers based in India and USA.

Where this is the case, and where the transfer is to a country or territory that is not subject to an adequacy decision by the EU Commission, personal data is adequately protected by EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 42 (2) of the GDPR) or the EU-US Privacy Shield. If you have any questions about the standard contractual clauses, or would like to obtain a copy of them, please email us via the contact details given below.

8. Telephone call monitoring

If you contact us by telephone we may monitor or record the call for training purposes, and to improve the quality of services that we provide to you.

9. Third party links

Dishoom may include links to websites operated by third parties (such as our reservations service). These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content or activities of these linked sites. However, we welcome any feedback about these linked sites via the contact details given below.

10. Minors

We do not knowingly collect or store any personal information about children under the age of 13 and we do not offer any of our products or services directly to children under the age of 13.

11. What rights do you have regarding personal information?

You are entitled to ask us:

for a copy of your personal data;

to correct your personal data (if it is inaccurate, incomplete or not up-to-date);

to ‘port’ your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller);

to erase your personal data; or

restrict its processing (i.e. processing will temporarily stop (save to the extent that personal data will continue to be stored)).

You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where we have asked for your consent to process your data, you are entitled to withdraw this consent as more fully described above.

These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.

If you have unresolved concerns you are entitled to contact the UK Information Commissioners Office if you have any concerns.

12. Facebook Ads

We may use Facebook advertising services to deliver content to you while you are using the Facebook platform. You can control how Facebook uses data to show you ads by turning off ads which may be based on interests and / or your relationship with specific advertisers, in your ad preference settings. For further information, please visit the various Facebook pages which allow you to learn more about Facebook ads and tracking technologies and to update your settings:

  • https://www.facebook.com/policies/cookies/
  • https://www.facebook.com/about/ads
  • https://www.facebook.com/ads/preferences/edit/

Further, by visiting Your Online Choices , you can opt out from seeing Facebook’s interest-based ads. You can also use your mobile device settings to configure your advertising preferences.

On your Facebook ad preferences, you will see that ads may be delivered to you according to ‘interests’ or specific advertisers and you can manage your ad preference settings for both of these.

Please note that where you have opted out of receiving our email marketing communications via the methods described above, you may still see our non-targeted adverts whilst you are online, if your interests settings on Facebook are aligned to an audience segment (pre-defined by Facebook) which our business is also associated with. We do not control whether these ads are displayed to you. Please see the relevant links above for details on how to learn more and manage Facebook ad settings.

Users are always free to decline cookies if their browser permits, although doing so may interfere with their use of the website. Please find detailed information on how to disable cookies here.

13. Contact us

We are happy to respond to any queries you may have about the way we process your personal data. If you have any questions or concerns about this policy or the way we process your personal data, please contact us at all-ears@dishoom.com

14. Changes to this policy

Any changes we may make to this policy in the future will be updated on our website and, where appropriate, notified to you by email or otherwise. The policy was last updated on 24th May 2018.