KTP Services LIMITED – PRIVACY NOTICE
IMPORTANT NOTICE
This is the Privacy Notice of Sushi La Bar which is the trading name of Ktp services ltd (HE 171710) whose registered office is at 4 Naousis street, Larnaca, 6018 (“we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
This Privacy Notice relates to personal data that identifies “you” meaning our guests, suppliers or individuals who browse our website and other individuals outside of our organisation with whom we interact. However, if you are an employee, or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
We refer to this information throughout this Privacy Notice as “personal data” and paragraph 3 sets out the further detail of what this includes.
Please read this Privacy Notice to understand how we may use your personal data. This Privacy Notice may vary from time to time so please check it regularly. This original version was published on [25th] May 2018.
Collection of Personal Information
Personal Information refer to any piece of information that can be used to identify a data subject. Example: Name, Address, Telephone Number, Date of Birth, Personal Identification Numbers (SSN, Passport, Taxpayer Identification number etc.), Photographic Images, log in details etc. Sushi La Bar collects the following information when data subject uses the platform:
Type of Information collected |
Purpose |
|
|
|
|
Information that Sushi La Bar collects through automatic data collection technologies:
|
|
|
|
|
|
Categories of personal data that we collect
The categories of personal data about you that we may collect are:
-
- Individual Data which includes personal data you provide to us in person, via our website, by telephone, or by our locally used menu app, including the personal and contact details (such as your first name, middle name, last name, title, email address and telephone numbers) you supply when booking a table at one of our restaurants, using our menu app and when you contact us for a reservation, make a complaint or ask a general enquiry.
- Audio and Visual Data which includes personal data which is gathered using our CCTV or other recording systems in the form of images or video footage that is taken at one of our restaurants or otherwise by us for promotional purposes;
- Advertising and Marketing Data which includes personal data which relates to your marketing preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
- Sales Data which includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us;
- Economic and Financial Data which includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
- Advertising and Market Research Data which includes personal data which is gathered for the purposes of market research;
- Information Technology Data which includes personal data which relates to your use of our website and App, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location including geo location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, and
- Health Data which includes personal data which is gathered for health and safety purposes including any accident report or claim log or any information you provide about allergies or other medical conditions during the booking process or in one of our restaurants.
- We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services or goods, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate some of your Information Technology Data operational data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.We do not collect information about criminal convictions and offences.
The sources from which we obtain your personal data
We obtain your personal data from the following sources:
-
- Directly from you, either in person (at our restaurants or otherwise), via our website, menu app or email or by telephone. This could include personal data which you provide when you:
- Make a reservation for one of our restaurants;
- Give us feedback on our tablet apps.
- Request information on our services or products or for other marketing to be sent to you;
- Enter a competition or promotion;
- Complete a survey from us or give us feedback
- When you visit any of our restaurants.
- Automated technologies, such as CCTV or other recording systems, cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs, and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies. Please see our cookie policy [LINK] for further details. Audio and Visual Data may be collected on you if you attend any of our restaurants for security purposes.
- Third parties, such as:
- from external providers of Wi-Fi which you give your name and contact details to when accessing Wi-Fi at one of our restaurants;
- our provider of guest feedback;
- from our provider of online reservations at our restaurants when you make a booking for one of our restaurants;
- analytics providers (such as Google based outside the EU);
- providers of social media platforms (such as Facebook, Twitter, and Instagram) for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter.
- Publicly available sources, (mainly for our suppliers if applicable) such as:
Use of Personal Information
Sushi La Bar’s primary purpose in collecting personal information is to provide Users with content and services that Users request through the Platform or that match User interests. Sushi La Bar may also use personal information for various other purposes, including without limitation to:
-
- Where we are relying on a basis other than consent
- We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data:
- Purposes for which we process your personal data
- Type of personal data used (see above for more details) The basis on which we can do this (this is what the law allows)
- To register you as a new guest.
- Individual Data;
- Economic and Financial Data; o Account and Profile Data.
- The processing is necessary
- To Perform a contract with you; and
- Our legitimate interest in the provision of goods and services to our guests.
- To perform our contractual obligations to you. This would include;
- processing and performing any restaurant reservation or food order placed by you;
- orders placed by us where you are a supplier;
- making or receiving payments, fees, and charges; and
- collecting and recovering money owed.
- Individual Data;
- Economic and Financial Data; and
- Sales Data.
- The processing is necessary to:
- perform any contract entered with you
- our legitimate interest in recovering debts owed to us.
- To comply with our own legal obligations, e.g. health and safety legislation, or to assist in an investigation (e.g. from the Police).
- Individual Data;
- Audio and Visual Data; and Health Data
- The processing is necessary for us to comply with the law.
- In order to use your personal data in life or death situations and there is no time to gain your consent (e.g. in the event of an accident and we have to give your personal details to medical personnel).
- Individual Data; and
- Health Data
- The processing is necessary in order to protect the vital interests of an individual.
- In order to manage our relationship with you including:
- to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Notice);
- to provide you with important real-time information about products or services you have ordered from us (e.g. a change of time or location due to unforeseen circumstances); and
- to send you the information you have requested;
- to deal with your inquiries; and
- to ask you to leave a review or feedback on us.
- Individual Data;
- Account and Profile Data;
- Sales Data; and
- Advertising and Marketing Data.
- The processing is necessary:
- to perform any contract entered into with you;
- to comply with the law; and
- for our legitimate interests in the management and operation of our business, to keep our records updated and to study how guests use our products/services.
- In order to administer and protect our business, deal with any misuse of our website and to comply with our security policies at our restaurants or offices.
- Individual Data;
- Account and Profile Data;
- Audio and Visual Data; and
- Information Technology Data.
- The processing is necessary:
- for our legitimate interest in the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and
- necessary to comply with the law.
- In order to make suggestions and recommendations to you about goods or services that may be of interest to you, to provide you with promotional offers (for example on your birthday), help ensure our App and website delivers relevant content and advertisements to you and to measure or understand the effectiveness of our advertising.
- Individual Data;
- Sales Data;
- Information Technology Data
- Advertising and Marketing Data.
- The processing is necessary for our legitimate interests to study how guests use our products/services, to develop our products and services and ensure our marketing is relevant to you, to grow our business and to inform our marketing strategy.
- For internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, App, products/services, marketing, guest relationships, and experiences.
- Information Technology Data;
- Advertising and Marketing Data; and
- Advertising and Market Research Data.
- The processing is necessary for our legitimate interest in defining types of guests for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
- To communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions;
- Individual Data;
- Account and Profile Data;
- Sales Data;
- Information Technology Data; and
- Advertising and Marketing Data.
- The processing is necessary:
- For the performance of a contract with you; and
- Necessary for our legitimate interests to promote our business.
- To sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.
- Individual Data;
- Account and Profile Data;
- Sales Data;
- Information Technology Data; and
- Advertising and Marketing Data.
- The processing is necessary for our legitimate interests in the sale or disposal of our business or assets.
- The processing is necessary for our legitimate interests in the sale or disposal of our business or assets.
- Individual Data;
- Account and Profile Data;
- Sales Data; and
- Economic and Financial Data.
- The processing is necessary for our legitimate interests in protecting our business and property and recovering debts owed to us.
- In addition, we may lawfully process Special Categories of Data in certain ways. We set these out below along with the linked purposes for which we can process these Special Categories of Data:
- Purposes for which we process your personal data
- Categories of personal data
- The basis on which we can do this (this is what the law allows)
- In order to use our knowledge of any health-related personal data you disclose to us in the event of illness or injury or some other related emergency or to record any accident or injury or other incidents, you may suffer when visiting any of our restaurants.
- Health Data
- The processing is necessary to comply with social protection law in the case of a health and safety incident recorded at any of our restaurants or to protect the vital interests of you or another individual where you or the individual is physically or legally incapable of giving consent.
- In order to use information about your health in fulfilling your food and drink order, where you have published in a public forum that you are suffering from a particular health condition, e.g. informing us at a restaurant that you suffer from an allergy or other medical condition.
- Health Data
- The processing relates to personal data which are manifestly made public by you.
- In order to disclose any Special Categories of Data we hold on you, where to do so is in the substantial public interest, provided that when we do so we provide suitable measures to protect your rights.
- Health Data
- The processing is necessary for reasons of substantial public interest, on the basis of applicable law and it is:
- proportionate to the aim pursued; respects the essence of the right to data protection; and
- provides for suitable and specific measures to safeguard the fundamental rights and the interests of the individuals.
- In order to protect against the threat of an epidemic.
- Health Data
- The processing is necessary for reasons of public interest in the area of public health for example:
- protecting against serious cross-border threats to health; ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices.
- The processing must be on the basis of applicable law which provides for suitable and specific measures to safeguard your rights and freedoms, in particular, professional secrecy.
- Where we may rely on consent
- We would like to use the personal data you provide to us for a variety of different purposes. For certain of these purposes, it is appropriate for us to obtain your prior consent. These are as follows:
- where, in the provision of our products and services to you, we need to use the Special Categories of Data that you provide to us relating to your health (where for example you have notified on your booking or otherwise informed us that you suffer from a dietary requirement such as an allergy);
- where we would like to use photos or images taken of you in promotional materials; or
- where we or our carefully selected third parties have new products and services which we think you will be interested in.
- The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way. You may at any time withdraw the specific consent you give to our processing your personal data by following the UNSUBSCRIBE link at the bottom of the marketing email or by contacting [email protected].
- Please note even if you withdraw consent we may rely on another basis to process your personal data.
- Sharing of Information
Sushi La Bar does not sell, rent or share any of data subject’s personal information. However, Sushi La Bar does share data subject’s personal information with appropriate data controllers (Since, Sushi La Bar is involved in processing for many data controllers). Sushi La Bar only processes the personal information as directed by the data controllers. Sushi La Bar has contracts in place with data controllers.
Further, Sushi La Bar markets to the data subjects on behalf of the data controllers, information about their products and services. For example, Sushi La Bar may offer a promotion in conjunction with a cosponsor that may have special offers or services that might be of interest to data subjects.
We may disclose the personal data you provide to us to:- our group companies and affiliates or third-party data processors who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
- our PR agency and the provider of our App and guest feedback;
- HMRC, legal and other regulatory authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
- external professional advisers such as accountants, auditors, bankers, insurers, and lawyers;
- law enforcement agencies, courts or other relevant parties, to the extent necessary for the establishment, exercise or defence of legal rights;
- third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- third parties which are considering or have decided to acquire some or all of our assets or shares (including in the event of a reorganisation, dissolution or liquidation);
- third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you choose to interact with.
- Use of data processors and further processing:
Sushi La Bar may share data subject’s personal information like birthday to give data subjects with promotional offers with service providers that perform services for Sushi La Bar. Sushi La Bar has contracts in place with its data processors. This means that data processors cannot do anything with your personal information unless Sushi La Bar instructs them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area, including the United States of America.
In connection with such transfers we rely on the following:
- the relevant safeguard in place is the standard data protection contractual clauses between us and the recipient and a copy can be obtained by e.g. contacting our Data Protection Officer at the details above; or
- this is made on the basis of an adequacy decision, namely: the Privacy Shield for transfers to the US or the European Commission has decided that the relevant non-EU country ensures an adequate level of protection.
- Access to your information and correction
Sushi La Bar can provide data subjects with the copy of information they hold. If the data subjects would like a copy of some or all the personal information, please email or write to Sushi La Bar at the following address: [email protected] Sushi La Bar want to make sure that data subjects information is correct and up-to-date. Data subjects may ask Sushi La Bar to correct or remove information they think is inaccurate.
Sushi La Bar also provides an edit profile option for the data subjects to keep their personal information accurate.
Please note that Sushi La Bar may charge a reasonable fee for repetitive requests as a service for providing the information.
- How we protect personal information
We have implemented measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. All information you provide to us is stored on servers in encrypted format. All transactions, regardless of their nature, are encrypted using TLS technology.
Transfer between subsidiaries: We may transfer user and customer information to our affiliates and to third party providers for the sole purpose of providing our services.
- How long do we keep personal information for?
We will store your personal data for the time-period which is appropriate in accordance with our data retention policy [12 months]. We will only hold your personal data for so long as is necessary for us to do so. We keep the length of time that we hold your personal data for under continual review. These reviews take place annually. We delete data subject’s personal information from systems if no meaningful contact is established.
If you wish to remove your data from our database or request that information need not be processed any further, please write to us at: [email protected]
CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA
In certain circumstances, the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter a contract.
It is your choice as to whether you provide us with your personal data necessary to enter a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to do so may mean that we are unable to fulfil your order or accept a reservation or we may not be able to perform to the level you could otherwise expect. For example, where you fail to notify us of any relevant food intolerance or allergy when placing an order which means we cannot take this into account when preparing your food order and you must bear the risk of any consequences as a result or where you fail to modify your marketing preferences (e.g. falling to notify us that you are vegetarian and as a result you continue to receive marketing material about our meat related products).
- ACCURACY OF YOUR PERSONAL INFORMATION
It is important that the personal data we hold about you is accurate and current. and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging into your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
- YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see section 0), you may have a number of rights in connection with the processing of your personal data, including:- the right to request access to your personal data that we process or control;
- the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
- the right to request, on legitimate grounds as specified in law:
- erasure of your personal data that we process or control; or
- restriction of processing of your personal data that we process or control;
- the right to object, on legitimate grounds as specified in the law, to the processing of your personal data;
- the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
- the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office. Please see http://www.dataprotection.gov.cy for how to do this.
- If you would like to exercise any of the rights set out above, please contact us using the contact details set out in paragraph 2.
- How can you access, amend or take back the personal data you’ve given to us?
One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.- Sushi La Bar provides data subjects with an option to stop processing their personal information at any time.
- Sushi La Bar provides data subjects with an option to withdraw consent.
- Sushi La Bar provides data subjects with an option to erase their personal information
- Sushi La Bar provides data subjects with an option to restrict the processing of their personal information. This means that Sushi La Bar can only continue to store data subject’s data and will not be able to carry out any further processing activities with it until either
- Data subject provides consent
- Exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State
- Sushi La Bar provides data subjects an option for porting their personal data. To allow data subjects to do so, Sushi La Bar will provide data subjects with their personal information in a commonly used machine- readable format that is password-protected so that you can transfer the data to another online platform.
- Sushi La Bar provides data subjects an option to lodge a complaint with their local supervisory authority.
- Information Commissioner officer: [email protected]
-
- Data controller and contact details
For the purposes of relevant data protection legislation, we are the controller of the personal data you provide to us and as a controller, we use the personal data we hold on you in accordance with this Privacy Notice.
If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences, please contact [email protected]
- If you need to contact us in connection with our use of your personal data or gain access it then please direct your query by email to: [email protected]
- Data controller and contact details
- Annexure – 1
KTP Services Ltd
4 Naousis street,
6018 Larnaca
- Annexure-2
Supervisory Authority: Information Commissioner Officer Email: [email protected]
- Annexure- 3
Data Protection Officer
Head of Business Solutions is our Data Protection Officer and can be contacted at [email protected]
- LINKS TO OTHER WEBSITES
This policy only applies to KTP Services LTD. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We are not responsible for any use of your personal data that is made by unconnected third party websites.