Privacy Notice
We at our restaurant understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
This Privacy Notice gives you an overview of the processing of your personal data in the context of the use of the offers and online services within the website and related mobile app (in the following, when the word “Platform” is used, this refers both to the website as well as the mobile app) which is operated and controlled by Bookyup.com Ltd, a company registered in England and Wales with registered company number 10962989 and whose registered office is Fairgate House, 205 Kings Road, Tyseley, Birmingham, B11 2AA.
This Privacy Notice also informs you about your rights and the possibilities you have to control your personal data and to protect your privacy.
Who is responsible for the data processing and who can I contact?
Responsible for the data processing is Bookyup.com.ltd. This company is also meant if the terms “we” or “us” are used in the following.
You can contact our data protection officer at: support@bookyup.com
Which personal data do we process and from which sources do these data come from?
When we provide our Platform to you for use, we process personal information from various sources. On the one hand, this is data that we automatically collect when you use the Platform. However, this may also be data that you have voluntarily provided to us or that we receive from our partners.
Data that we automatically collect when you use our Platform
As soon as you visit the website or open the app, you send technical information to our web servers. This happens regardless of whether or not you make a booking with a restaurant or whether or not you subsequently register with an account with us to use the Platform. In any case we will collect the following access and web-access data (that we call "Access Data"):
We process Access Data to allow you and other users to use the Platform and to ensure the functionality of the Platform. We also process Access Data to perform analyses on the performance of the Platform, to continuously improve the Platform and correct errors; to ensure IT security and operation of our systems as well as in order to prevent or uncover abuse, particularly fraud. Further, we process Access Data to customise the Platform to your needs (personalisation). For this purpose, we will also assign you a so-called "Unique User ID". This Unique User ID allows us to assign your bookings and other interactions.
To process this data, we also use cookies. Cookies are small text files that you download to your device when you visit our websites and save the above information about yourself. If you want to know more about how cookies work, which cookies we use and how you can disable them, these can be found on our website. There, you can also find out about which data we process using not our own cookies, but the cookies and tracking tools of third parties such as Google and Facebook. To maintain readability of this Privacy Notice we have moved this information to a separate page.
Our Use of Cookies
Data which you yourself transmit to us
In addition to the data we receive from all visitors, we also process other data. The exact amount of this data depends on how you use the Platform. You can use the Platform with and without creating a user account.
Account data
If you decide to create a user account and fill out the registration form, we will process your:
You can also use the social log-in functions offered on our Platform to create your user account. If you choose this function, you send us your username on the social network of your choice (i.e., Facebook or Google), the email address you use to log on to the social network and, if applicable, the mobile phone number provided to the social network.
The data entered during registration will be used for the purpose of providing the Platform and to notify you by email on any information relevant to the Platform or registration, such as modification to the scope of the Platform or to the technical circumstances.
Data needed to process order
Booking and reservation data
If you make a booking or reservation, we will further process your:
We process this data to secure your reservation, to inform you about the status of your reservation and also to customise the Platform to your needs based on your previous reservations and bookings.
Ratings and Reviews
The Platform gives you the possibility to use certain social functions: you can submit reviews and ratings for restaurants. You can also subscribe to comments and reviews by other users.
If you use these functions, your IP address will be stored when you submit a comment or rating. This is a safeguard measure for us for cases where someone posts illegal content, comments and/or contributions (insults, prohibited political propaganda, etc.). We need to be able to determine the identity of the author in such cases, as legal action may arise based on the content in the comments or post.
If you opt to subscribe to successor comments, a confirmation email will be sent to verify that you are actually the owner of the email address entered. Subscriptions to comments can be cancelled at any time. The confirmation email will contain the relevant instructions in this respect.
Loyalty Points and Smart Offers
In case you wish to participate in any of our Reward Programs, additional data will need to be processed in order to bring this service to you. For this purpose, we will process your reservation and booking history in order to manage your rewards and provide you with bonus offers and other discounts.
Equally, where you purchase an offer using our platform, we will process the specific terms of this offer purchased by you (such as the restaurant that the offer is valid for, the term of the offer and the services included). You will be informed of the terms of each offer before you purchase it. When you purchase an offer we will further receive a confirmation from the restaurant that you have honoured the reservation and actually claimed the offer.
Payment data
We do not process any sensitive card payment details ourselves, but use secure payment providers to do so for us. Any payment data you input is encrypted in your browser by the payment provider in a way that only they can access, whereas we receive only non-sensitive data (payment token) and references confirming that you have made a payment. We do not store further payment related information in our system.
Newsletter & sending of advertising by email
If you want to receive the Newsletter, we require a valid email address and information that enables us to verify that the subscriber is the owner of the email address or that the respective owner of the email address used for the subscription, agrees to receive the Newsletter. No further information is collected. This data will solely be used for the purposes of sending the Newsletter.
Upon subscription to the Newsletter, we will store the IP address of the respective user and the date of subscription. The storage of this data serves solely the purpose of proof in cases, where a third party abuses an email address and subscribes to the Newsletter without the knowledge of the owner of the respective email address.
Customer support requests
You might wish to make a request for assistance to our customer support team or submit a complaint. In this case, in order to react to your request, we will process your IP address and contact data as well as the contents of your request.
Data we receive from partners
Due to our Platform serving as an intermediary between you and the restaurant you are making the reservation with, we will also process data that we receive from our partner restaurants. This data includes:
For what other purposes do we process your data?
In addition, we might process your data for additional purposes. These include:
What is the legal basis of the processing?
When processing your personal data, we rely on various legal bases according to the so-called Basic Data Protection Ordinance, an EU-wide legal framework for the standardisation of data protection law ("GDPR" for short). Here we refer in detail to the following legal bases:
Consent (Article 6 (1) a GDPR)
Since you have given us your consent to process personal data for the specific purposes explained above, this consent ensures the legality of the processing. By registering with your account data or making a booking, you expressly agree the data processing as described in detail in this Privacy Notice by ticking the box before sending the registration or reservation form: If we process your data, it is because you have expressly allowed and requested us to do so when you use the Platform. Thus, your consent represents the most important legal basis for the processing of your personal data by us.
Performance of our contractual obligations towards you (Article 6 (1) b GDPR)
At the same time, the processing takes for the provision of the Platform in the context of the performance of our contract with you. Accordingly, in most cases, the processing is not only justified by your consent, but also because it is necessary to fulfil our contract with you. For example, if you make a booking with a restaurant using the Platform, it will be required to process the booking data to secure your booking.
Our legitimate interests (Article 6 (1) f GDPR)
There are also some cases in which we would be entitled to process your data even without your consent because it is necessary to protect our legitimate interests (or the interests of third parties). In this respect, the purposes described above for which we process your data also, in many cases, represent legitimate interests. This means that we are allowed to process the data necessary to guarantee the safety of our IT systems in any case, even if you have not given or withdrawn your consent to this processing. This also relates to preventing abuse of our platform or personalising ads to your interests (so-called direct marketing).
Legal requirements (Article 6 (1) c GDPR) or in the public interest (Article 6 (1) e GDPR)
In addition, we are legally obliged to provide certain information to criminal prosecution or tax authorities in individual cases upon request.
To whom do we transmit your data?
We treat your personal data with care and confidentially and will only pass them on to third parties to the extent described below and not beyond. We transmit data to public authorities only in the case of a legal obligation based on a request for information from the respective authority.
Outside of legal obligations towards public authorities, we only transmit your data to other users of the platform, to our third-party providers who help us provide the platform or within the Bookyup.com Limited, and its associated companies.
Other users of the platform
We transmit booking and reservation data to our partner restaurants using the Platform to facilitate reservations at their restaurants. We also share with the restaurants your Reward Program and Offers data to enable a smooth functioning of these programs. The restaurants will receive your account data (with the exception of your password) as well as any reviews or ratings about them that you might enter into the system of the Platform. Reviews and ratings will also be published on the Platform for all remaining users (including visitors without an account on the Platform) to be seen.
Other Third Parties
In addition, we transmit data to external service providers that enable us to provide the Platform. These include the data and providers listed on our Cookie Policy. In this context, please note that all our server hosting and cloud services are provided by Webfaction processes all data on our behalf and we have subjected Webfaction to a strict data processing agreement to ensure the security of the processing in accordance with the requirements of the GDPR.
Do we transfer your data to countries outside the EU or the EEA?
We generally do not transfer your data to countries outside the EEA (so-called "Third Countries"). We do not host your data in Third Countries and all our servers are located in the EEA (Germany, to be exact). In some events, however, we transfer your data to Third Countries. Specifically, these concerns third-party Platforms provided by entities based in India. These countries do not provide an adequate level of protection for the purposes of the GDPR. However, we will ensure that an adequate level of data protection is guaranteed at any time. In this regard, we will ensure that the data recipients are either certified under the so-called "Privacy Shield" (as in the case of Google and Facebook), the "Binding Corporate Rules" or that the EU Standard Contractual Clauses are entered into by any other recipient to ensure the security of the processing and an adequate level of data protection.
How long will my data be stored?
We process and store your personal data as long as it is necessary for the fulfilment of our contractual or legal obligations. Thus, we store the data as long as our contractual relationship with you exists and after termination only to the extent and for as long as the laws of England and Wales require this. All other data will be deleted immediately when you unsubscribe from the Platform. If the remaining data are no longer required for the fulfilment of such obligations, they will be regularly deleted, unless their further processing is necessary for the preservation of evidence or to prevent legal claims from becoming time-barred.
Do you create a user profile with my personal data?
We use your data to optimise your Bookyup.com Limited browsing experience. This means that we use your data to provide you with a personalised Platform based on your personal preferences and interests and to make tailor-made offers based on your previous behaviour. For example, the IP-address of your computer will be used in order to identify your geographical location and in order to offer you localised content in your local language. We might make suggestions and offers for new restaurants based on the restaurants you have previously viewed and/or made a booking with using our Platform. However, we will never process and analyse your personal data in the context of profiling in such a way that this leads to an automated decision that has a legal effect on you or significantly impairs you in a similar way.
Is there an obligation for me to provide data? What happens if I do not provide my data or no longer do so?
You are not required by law to provide us with the personal data as indicated by this Privacy Notice. In particular, the contractual relationship that you have entered into with us by agreeing to our terms and conditions does not imply any obligation to provide your personal data. However, the transmission of the contract information provided by you to us is a basic prerequisite for concluding a contract with us. In addition, you cannot use the Platform or only to a limited extent if you do not provide us with certain data or object to the use of these data.
What rights do I have with regard to the processing?
You can assert the following rights against us under the GDPR:
You can revoke your consent to the processing of your personal data at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. However, this revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
Information about your right of objection under Article 21 GDPR
Right of objection in individual cases
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which, on the basis of Article 6 para. 1 e GDPR (data processing in the public interest) and Article 6 para. 1 f GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 para. 4 GDPR. If you file an objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Please also note the information in Section 8 of this Privacy Policy: If we terminate the processing due to your objection, it may be that the Platform can no longer or only to a limited extent be made available to you.
The right to object to the processing of data for advertising purposes
You also have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing (including any subscription to our newsletter); this also applies to profiling, insofar as it is associated with such direct marketing. If you object, we will no longer process your personal data in the future.
The objection can be made form-free and should be addressed to:
Modification of The Privacy Notice at Hand
To keep this information up to date, this Privacy Notice will be modified if the underlying data processing is modified. We will not constrain your rights under this Privacy Notice without your prior written consent. We will publish all intended modifications to the Privacy Notice at hand on the Bookyup.com Limited websites and in the app. In the event that such modifications should be substantial, we shall provide a clear notification (including, in the case of certain Platforms, a notification by email stating the modifications to the data privacy statement at hand). We will also archive older versions of the data privacy statement for future reference.
Bookyup.com Limited
London, GDPR May 2018