It goes without saying that we’d never do anything untoward with your personal data (“personal information”).
Information we collect
We collect personal information when you make a reservation or a payment, when you buy or redeem vouchers, use our wifi and when you get in touch with the reservations and feedback team. (Further detail below.)
How we use your information
We may use this information to respond to and fulfil your requests, manage and promote our restaurants, comply with applicable law and as otherwise permitted by applicable law. (Further detail below.)
How we share your information
We may share your information with our suppliers to provide reservation, wi-fi, CRM, advertising and payment services, or as otherwise permitted by applicable law. (Further detail below.)
What cookies we use
How long we hold information
We will generally keep your information stored for up to two years, unless you have withdrawn your consent for us to do so. We may also be obliged to keep your information longer if necessary to comply with the law or under our contracts with you. (Further detail below.)
We may need to transfer your information outside of the UK or the EEA. To protect your information, any such international transfers will be made in accordance with applicable law and we will ensure appropriate safeguards are put in place. (Further detail below.)
We record and monitor telephone calls to help us improve our service and train our team. (Further detail below.)
Third party links
Our website may contain links to other sites and platforms (such as our reservations provider) which are not owned or managed by us, and which have their own privacy policies. (Further detail below.)
You have the right to opt-out of receiving marketing communications, to receive a copy of the data we hold, and to update your personal data. (Further detail below.)
Changes to this policy
We will let you know about any material changes to this policy via an update on our website, and as otherwise required by applicable law. (Further detail below.)
If you have any questions about your information and what we do with it, please send an email to email@example.com (Further detail below.)
1. About Us
This policy describes the processing of your personal data in relation to your use of this website by Dishoom Limited (company number 06226963, registered in England and Wales) (“we”, “us” or “our”), as the owner and operator of this website, and any related sites (such as www.nightatthebombayroxy.com). It also applies to any personal information we collect when you visit our restaurants or otherwise interact with us. Our head office is located at 141–143 Shoreditch High Street, London, E1 6JE and our registered office address is Tricor Suite 4th Floor, 50 Mark Lane, London, EC3R 7QR.
For the purposes of applicable data protection law (including the General Data Protection Regulation 2016/ 679 (the “GDPR”), we are a ‘data controller’ of your personal data (“your information”).
2. What personal information do we collect?
Dishoom collects personal data when you visit one of our restaurants, sign in for our wi-fi, contact us or visit our website. This information may include:
Information you provide when you book a table (contact name, phone number, email address and any additional notes you may provide such as anniversary or birthday details)
Transaction and billing information when you purchase food and drink in our restaurants (e.g. your purchase and credit/debit card details used to process a payment)
Records of your conversations with us over the phone, on email or on social media
Information you provide if you attend an event (e.g. when buying a ticket)
Information you provide if you enter a competition or complete a survey (e.g. providing feedback)
Information you provide when you buy or redeem vouchers or loyalty cards
Automatically Collected Information from Google Analytics when you visit our website (such as web browser type and version, operating system, the website you came from and exit to, your IP (Internet Protocol) address, your browser settings, the date and time of your visits and details regarding your interaction with the website (including which pages or resources on the website you access and whether you clicked on a link in one of our email newsletters or social media posts)
3. How do we use personal data?
Depending on how you use our restaurants and website and the permission you have given us, we process your personal data for the following purposes:
Contractual Necessity: As required to establish and fulfil a contract with you, for example: when you make a purchase from us (this includes taking payments in a restaurant or via the website, or making a reservation); communicating with you and providing customer services;
Legitimate Interests: Because it is in our legitimate interests in operating our business. In particular:
managing, operating and improving online, email and phone reservations (including enabling you to manage your marketing preferences);
managing, operating and improving our service whilst you are visiting our restaurants (including ensuring that we provide a personal service such as helping to celebrate birthdays or anniversaries if you have provided these details)
managing access to wi-fi services whilst in the restaurant (including enabling you to manage your marketing preferences)
monitoring our restaurants via CCTV cameras to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
communicating with you about any queries or complaints to our reservations or feedback team;
investigating and handling any complaints received from you about our restaurants, or anything else;
creating user / customer insights based on demographic segments to drive targeted email direct marketing and also carrying out market research and surveys including using service providers and third-party CRM systems;
delivering tailored and targeted advertising to promote our restaurants (including via Facebook look-a-like and custom audiences);
we will use data in connection with legal claims which concern our company, group or partners, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below.
Legal Compliance: To ensure compliance with applicable laws and legal processes including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such information in connection with legal process or litigation and to law enforcement agencies).
Consent: Subject to the following, we will send you direct marketing by email about Dishoom products and services that we think you might be interested in. This will only be sent where you have given us your consent during the reservation process, during a transaction on our online store at store.dishoom.com, in person when you completed a voucher, via online wi-fi sign up, via email newsletter sign up or (where permissible) you have been given an opportunity to opt-out. If you change your mind about receiving our emails you will be able to opt-out of electronic direct marketing by clicking the unsubscribe link contained in the email.
4. Who will your personal data be shared with, and where?
We will share your personal data with third parties in the following circumstances:
With our suppliers and service providers working for us such as payment providers, reservations service providers, communications providers, wi-fi service providers and advertising platforms
With our professional and legal advisers
With third parties engaged in fraud protection and detection
With government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our own legitimate interests in compliance with applicable laws; and
In the event that we sell any business assets, purchasers or prospective purchasers of all or part of our assets or our business, and their professional advisers, in connection with the purchase.
Otherwise where we have your consent or are otherwise legally permitted to do so.
5. What cookies will be used on the website?
On the Dishoom site we use the following types of cookies:
Strictly Necessary Cookies: Some cookies are essential for the operation of the website. For example, some cookies allow us to identify users and ensure they can access the website. If a user opts to disable these cookies, the user may not be able to access certain content or features on the website.
Performance Cookies: Other cookies may be used to analyse how users use the site and to monitor site performance. This allows us to provide a high-quality experience by customising the offering and quickly identifying and fixing any issues that arise. For example, performance cookies may be used to keep track of which pages are most popular and to determine why some pages are receiving error messages.
Functionality Cookies: These are used to allow us to remember customer selections and preferences and tailor the website to provide enhanced features.
Social Media Cookies: These cookies allow users to share what they’ve been doing on the website on social media such as Facebook and Instagram. These cookies are not within our control. Please refer to the respective social media providers’ privacy policies for how their cookies work.
6. How long will you hold my data?
Where we process personal data for marketing purposes or where you have given your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests), or for up to 24 months at which point we will contact you to check you still want to hear from us. We also keep a record of your email address if you have unsubscribed, or you have asked us not to send you direct marketing, so that you do not receive marketing emails in future.
Where we process personal data for a reservation we retain it for 24 months. After that our records are anonymised (personal data is deleted). The anonymised data may be used to provide management information and historical analysis.
Where we process personal data for any other purpose, including when you make a complaint, provide feedback or buy a voucher, we retain it for 24 months. After that your data may be anonymised (personal data is deleted). The anonymised data may be used to provide management information and historical analysis.
We will also maintain records for invoicing, tax and warranty purposes.
We may keep a record of correspondence relating to queries and complaints for as long as necessary to protect us from legal claim.
Where we no longer have a need to keep your information we will delete it.
7. Where will you send my data?
Our servers are kept in the UK, however Dishoom uses service providers around the world. Consequently your personal data may be processed in countries outside Europe (the “EEA”) (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway) including in countries where the local laws do not provide the same level of data protection as those in Europe. In particular, we have suppliers based in India and USA.
Where this is the case, and where the transfer is to a country or territory that is not subject to an adequacy decision by the EU Commission, personal data is adequately protected by EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 42 (2) of the GDPR). If you have any questions about the standard contractual clauses, or would like to obtain a copy of them, please email us via the contact details given below.
8. Telephone call monitoring
If you contact us by telephone we may monitor or record the call for training purposes, and to improve the quality of services that we provide to you.
9. Third party links
Dishoom may include links to websites operated by third parties (such as our reservations service). These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content or activities of these linked sites. However, we welcome any feedback about these linked sites via the contact details given below.
We do not knowingly collect or store any personal information about children under the age of 13 and we do not offer any of our products or services directly to children under the age of 13.
11. What rights do you have regarding personal information?
You are entitled to ask us:
for a copy of your personal data;
to correct your personal data (if it is inaccurate, incomplete or not up-to-date);
to ‘port’ your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller);
to erase your personal data; or
restrict its processing (i.e. processing will temporarily stop (save to the extent that personal data will continue to be stored)).
You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where we have asked for your consent to process your data, you are entitled to withdraw this consent as more fully described above.
These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.
If you have unresolved concerns you are entitled to contact the UK Information Commissioners Office if you have any concerns.
12. Facebook Ads
We may use Facebook advertising services to deliver content to you while you are using the Facebook platform. You can control how Facebook uses data to show you ads by turning off ads which may be based on interests and / or your relationship with specific advertisers, in your ad preference settings. For further information, please visit the various Facebook pages which allow you to learn more about Facebook ads and tracking technologies and to update your settings:
Further, by visiting Your Online Choices, you can opt-out from seeing Facebook’s interest-based ads. You can also use your mobile device settings to configure your advertising preferences.
On your Facebook ad preferences, you will see that ads may be delivered to you according to ‘interests’ or specific advertisers and you can manage your ad preference settings for both of these.
Please note that where you have opted out of receiving our email marketing communications via the methods described above, you may still see our non-targeted adverts whilst you are online, if your interests settings on Facebook are aligned to an audience segment (pre-defined by Facebook) which our business is also associated with. We do not control whether these ads are displayed to you. Please see the relevant links above for details on how to learn more and manage Facebook ad settings.
Users are always free to decline cookies if their browser permits, although doing so may interfere with their use of the website. Please find detailed information on how to disable cookies here.
13. Contact us
We are happy to respond to any queries you may have about the way we process your personal data. If you have any questions or concerns about this policy or the way we process your personal data, please contact us at firstname.lastname@example.org
14. Changes to this policy
Any changes we may make to this policy in the future will be updated on our website and, where appropriate, notified to you by email or otherwise. The policy was last updated on 29th July 2021.