- your use of our site https://surfden.co.uk
- information you provide when placing bookings and purchasing food and drink from us;
- communications with us (by phone, e-mail, in our restaurants or otherwise); and
- information you provide to us via social media accounts. and sets out the basis on which any personal data we collect from you or that you provide to us (whether as an individual or an individual acting on behalf of an organisation), will be processed by us.
You may be asked to provide personal data whilst you are in contact with us. Personal data is information that can be used to identify or contact you. You do not have to provide the personal data that we request, however, if you choose not to, we may not be able to provide you with the services that you have requested. If we combine personal data with non-personal data, the combined information will be treated as personal data for as long as it remains combined. Personal data does not include data where the identity has been removed (anonymous data).
ABOUT US (CONTROLLER)
For the purpose of the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation (including the Data Protection Act 2018) (the “Legislation”), the data controller is BEACH TWO LTD, a company registered in England and Wales with company number 09430344 whose registered office address is Surf Beach Bar, Sennen Cove, Penzance, England, TR19 7BT. Our Data Protection Officer can be contacted by emailing firstname.lastname@example.org and marking it for the attention of the DPO, as further detailed below.
WHAT INFORMATION WE COLLECT AND WHEN
We only collect information that we know we will genuinely use and in accordance with the Legislation. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Financial Data includes bank account, payment card details (type, number, name on card, expiry date and CCV code). The financial data may be processed for the purposes of reserving your booking, processing and delivering your online order, fulfilling you restaurant order (namely managing payments and charges and collecting monies). The legal basis for this processing is the performance of a contract and our legitimate interests (namely to recover debts due).
- Transaction Data includes details about payments to and from you and other details of the food, drink and products you have purchased from us. The transaction data may be processed for the purpose of processing your booking, processing and delivering your online order and fulfilling you restaurant order. The legal basis for this processing is the performance of a contract and our legitimate interests (namely our interest in the proper administration of our site and business).
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this site, full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for’ page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number. The technical data may be processed for the purpose of administering and protecting our business and site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) and to deliver relevant website content. The legal basis for this processing is our legitimate interests (namely to grow our business and to inform our marketing strategy).
- Usage Data includes information about how you use our site, order food, drink, products and services from us. This usage data may be processed for the purposes of enabling you to [enter a competition or complete a survey], to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you, to use data analytics to improve our site, marketing, customer relationships and experiences and to make suggestions and recommendations to you about food, drink, products and services that may be of interest to you. The legal basis for this processing is the performance of a contract and our legitimate interests (namely to study how our site is used and to grow our business and to keep our site updated and relevant).
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. The marketing and communications data may be processed for the purposes of sending you notifications and/or newsletters. The legal basis for this processing is consent.
- Image Data includes photographs and films taken at our restaurants which may occur whilst you are at the premises. This image data may be processed for the purposes of developing and improving our marketing materials. The legal basis for this processing is consent (the site will display a prominent poster to confirm that filming and photos will be taken in the restaurant). In addition to the specific purposes for which we may process your personal data set above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. We may also provide you with information about offers and services that are similar to those that you have already received or we feel may interest you. If you:
- have already concluded a contract with us, we will only contact you by electronic means (e-mail or text) with information about offers and services similar to those which were the subject of a previous contract. If you do not want to be on our mailing list, you can opt out at any time by contacting us or unsubscribing by using the links provided in our electronic communications and at the point of providing your details.
- are a potential new customer (e.g. enquiring about food, drinks, products or services), we will contact you by electronic means only if you have provided your explicit consent to this. If you are happy for us to use your personal data in this way, please tick the relevant box situated on the website page on which we collect your details. Again, if you do not want us to use your data in this way, you can opt out at any time by contacting us or unsubscribing by using the links provided in our electronic communications.
HOW IS YOUR PERSONAL DATA COLLECTED
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: order food, drink, products and services; o create an account on our site; o subscribe to our newsletters; o [enter a competition, promotion or survey]; or o give us some feedback.
- Automated technologies or interactions. As you interact with our site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
- Third party or publicly available sources. We may receive personal data about you from various third parties which include: o Technical Data from analytics providers such as Google based outside the EU; and o Contact, Financial and Transaction Data from providers of technical, payment and delivery services. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.
CHANGE OF PURPOSE
Similar to other commercial websites, our site uses a technology called “cookies” and web server logs to collect information about how our site is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our site, and the sites visited just before and just after our site. Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our site and which parts of the site are most popular. This helps us gather feedback so that we can improve our site and better serve our customers. Cookies do not allow us to gather any personal information about you and we do not generally store any personal information that you provided to us in your cookies. We use ‘session’ cookies which enable you to carry information across pages of the site and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the site is being used and to improve its structure. We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the site, tailoring the content of certain areas of the site to offer you content that match your preferred interests. You can refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the site.
WHO WE MAY SHARE YOUR INFORMATION WITH
If we form a group of companies, we may share your information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We are working closely with third parties (including, for example, business partners, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). Selected third parties including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We may make use of the personal data we have collected from you to enable us to display relevant advertisements Search engine providers assist us in the improvement and optimisation of our site through the use of analytics. You can contact our DPO at email@example.com at any time to opt out of this type of lookalike advertising.
We will disclose your personal information to third parties:
- where we have your consent to do so;
- to provide and/or improve our services;
- In the event that we sell or buy any business or assets, in which case we may be required to disclose your personal data to the prospective seller or buyer of such business or assets;
- If Beach Two LTD or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
WHERE WE STORE YOUR PERSONAL DATA
Some of the third parties which we work closely with are based outside of the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside of the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Under the Legislation, in certain circumstances you have the following rights in relation to your personal data:
- Right to access. You have the right to request access to information held about you. We will provide you with a copy of your personal data held by us free of charge (providing your request is not excessive or for multiple copies, in which case we may charge a reasonable fee to cover our costs) and certain information about the processing of your personal data and the source of such data (if not directly collected from you by us). You also have the right to request that your personal data is transferred to a third party.
- Right to object to data processing. You may withdraw your consent to the processing of your personal data at any time by contacting us or ticking a box to opt out of receiving marketing materials. Upon receipt of your notification, we shall promptly stop any processing of your personal data and (if requested by you) erase such information if we are not required to retain it for legitimate business or legal purposes.
- Right to restrict processing. You may ask us to suspend the processing of your personal data in the following circumstances:
- if you do not think your personal data is accurate; o where we are found to be processing unlawfully but you do not want us to erase your personal data;
- where you need us to continue holding your personal data to establish, exercise or defend legal claims; or
- you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
- Right of rectification and right of erasure. You have the right to request that we correct or erase any inaccuracies in your personal data if such information would be incomplete, inaccurate, or processed unlawfully. Where we are relying on consent to process your personal data, you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. You can also exercise these rights at any time by contacting us at firstname.lastname@example.org. We may reject requests that are unreasonable or require disproportionate effort (for example, such a request would result in a fundamental change to our existing practice) or risk the privacy of others.
KEEPING YOUR DATA SECURE
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data. We take security measures to protect your information including:
- limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
- implementing access controls to our information technology;
- we use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores; and carrying out appropriate risk-based diligence and penetration testing on third party processors.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE WILL STORE YOUR DATA
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Legislation and never retain your information for longer than is necessary. For more information, you may contact our DPO. We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept.
Our websites are not designed to target children under the age of 16. We do not knowingly collect data relating to children.
Last updated: 15th April 2021