This Notice describes the types of information collected, how that information is used and disclosed, and how you can access, modify, or delete your information.
La Bodega Negra Doha, St Regis Hotel, Doha, Qatar (“we”, “us” or “our”) is the ‘data controller’ for the personal data we collect.
1. WIFI IN OUR RESTAURANT
HOW DO WE COLLECT INFORMATION ABOUT YOU?
If you use our Wi-Fi network in the restaurant, we will collect personal information from you, such as your name, email address and post code in order to log you on to the Wi-Fi network. You will also be offered the opportunity to subscribe to email marketing.
Children under the age of 13 are not permitted to use Wi-Fi networks. If you have reason to believe that a child under the age of 13 has provided personal information, please contact us and we will delete that information from our databases.
HOW DO WE COLLECT INFORMATION ABOUT YOU?
Entering into a competition or promotion hosted by ourselves or our third parties: You may provide us with personal data when you subscribe to these services either online or through a physical form.
Enrolling for a loyalty card or loyalty mobile application: you will typically provide us with your name and contact details when you enrol for a loyalty programme either through a physical form, via your mobile, an electronic newsletter or through our website.
Feedback: providing feedback to us via physical form where you may provide your contact details and subscribe to marketing.
Website usage: When you visit our website, you may choose to register for our electronic newsletter and we will typically require an email address and name.
Booking an event: we may collect your name and contact details if you book an event with us. We may also collect data if you book to attend an event that we have planned and hosted at our restaurant.
Promotional Photography – we may take photographs of you when you attend one of our events. We will advise you when photographs are being taken, and if you have concerns or do not wish to be photographed please raise these with a member of team.
Interaction with social media – Depending on the Privacy setting you have applied in your Social Media account, and based on the content that you choose to share, when you interact with our Social Media presence we will have access to your user generated content, such as posts, comments, pages, profiles and images. Also depending on the Privacy setting you have applied in your Social Media accounts, and based on the content that you choose to share, we may have access to contact details, personal information (such as age, gender, employer, education, location and habits and preferences).
In all of the above instances, we will only provide you with email marketing where you have consented and you can withdraw this consent at any time by clicking the unsubscribe link within the emails you have been sent. Where we send you information electronically, we review whether the communication has been opened and whether you have clicked on any links in the communication. This is because we want to make sure that our communications are useful for you.
We also use third party marketing agencies who may have access to your personal details to devise email marketing campaigns, to provide guest insight through the analysis of data and to collect personal data on our behalf. We store your information in a secure marketing database hosted by a third party which we use to also generate our email marketing campaigns.
In relation to third parties, we ensure that they will also safeguard your data – please see Protection of Your Information below.
FOR WHAT PURPOSE IS IT COLLECTED
The personal information gathered through WIFI and Marketing is for our legitimate business interests, this includes to:
1. Tailor our online services to you so the content you see is relevant to you. For example, we may request your date of birth, gender and some basic interests (such as ‘eating’ and ‘drinking’) so that we can provide you with content that we think you will be interested in – “profiling”; and
2. Collect data obtained through our interaction with guests for research, analysis, testing, monitoring, risk management and administrative purposes including the optimisation of service delivery at our restaurant to improve the guest experience.
3. Promote our site externally.
DATA MINIMISATION AND RETENTION
We will only collect the minimum amount of personal information necessary and will only keep your information for as long as you remain engaged with our marketing campaigns. Where you have not engaged with our marketing material for over a year, we will take steps to remove your information from our marketing database.
Where you have provided your details in relation a completion, we will keep your personal data when the competition has finished (unless you have opted for your data to not be used for marketing purposes).
3. OTHER THIRD-PARTY TRANSFERS NOT DETAILED PREVIOUSLY
We may pass on or allow access to your information:
1. to any purchaser of all or part of our business or any of our properties to which the Online Service relates;
2. to sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
3. where we are required to do so by law, court order or other legal process;
4. where, acting in good faith, we believe disclosure is necessary to assist in the investigation or reporting of suspected illegal or other wrongful activity. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
5. to protect and defend our rights or property;
6. to deal with any misuse of any of our Services; or
7. in order to enforce or apply our terms and conditions and other agreements with third parties.
8. we may disclose your personal data to our group companies and affiliates or third-party data processers who may process data on our behalf to enable us to carry out our usual business practices.
4. PROTECTION OF YOUR INFORMATION
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that we hold. We place similar obligations on our third parties and risk assess their security based on the sensitivity of the personal data that they hold.
If we transfer your personal information outside of the EEA, it will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme).
5. LINKS TO OTHER WEBSITES
This Privacy Notice only applies to the websites provided by us. If you link to another service and/or website from here, you should remember to read and understand that service and/or website’s privacy and cookies policy as well. We are not responsible for any use of your information that is made by other services and/or websites. Links or advertisements do not imply that we endorse or have reviewed such third parties or their privacy practices.
6. YOUR RIGHTS
You have the right to opt out of receiving any marketing information which we send you. If our processing of personal data is based on your consent, you have the right to withdraw consent for future processing at any time by contacting us. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason (other than consent) for doing so;
You have the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
In some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided to us;
You have the right to request that we correct your Personal Data if it is inaccurate or incomplete;
You have the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;
You have the right to object and/or request that we restrict our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your Personal Data but we are legally entitled to refuse that request; and
You can also contact the Information Commissioner’s Office via https://ico.org.uk/ for information, advice or to make a complaint.
If you wish to opt out of the marketing we sent you, please contact: firstname.lastname@example.org
If you wish for further information, or wish to exercise any other right, please contact: email@example.com
We will respond to your request (including providing information on whether the rights apply in the particular circumstances) within the applicable statutory time period. If we are not sure of your identity, we may require you to provide further information in order for us to confirm who you are.
This Privacy Notice was last updated on 24 January 2020. If it is necessary for us to alter the terms of the Privacy Notice, we will post the revised Privacy Notice here. We encourage you to frequently review the Privacy Notice for the latest information on our privacy practices.
8. HOW YOU CAN CONTACT US
If you have any questions about this Privacy Notice, please write to us at La Bodega Negra Doha, St Regis Hotel, Doha, Qatar for the attention of the GDPR Officer or contact us via email at firstname.lastname@example.org