About this policy
Maluma Ltd. (New Chapter Restaurant) is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible way. This policy outlines how we aim to achieve this and includes the information collected when:
• you use our websites: www.newchapterrestaurant.co.uk
• you make a booking in house, via email or over the phone with us.
• you make a booking on our website.
• you make a booking through ResDiary
• you make enquiries on our website.
• you’re interested in working with us.
Definition of Personal Data
Personal Data means any data that relates to an identifiable person who can be directly/indirectly identified from that data. In this case, it means personal data that you give to us via our site.
By providing your personal data, you agree that we can use your personal data in accordance with this policy.
Ensure you understand this policy in its entirety and take your time to read it.
Who are we?
New Chapter is a restaurant based in Edinburgh.
We are part of a group owned by the small, family-run company Maluna Ltd.
We are a limited company registered in Scotland with the Company Registration Number SC625174. Our company address is 18 Eyre Place, EH3 5EP.
Legal Basis for Data Collection & Usage
We collect and process your data only as is necessary to the running of our business – part of our ‘legitimate interest’. We collect and use your data as you might reasonably expect in order to fulfil your restaurant enquiries and reservations. For example, we need your name in order to make a restaurant reservation for you, and may ask for your telephone number or email address in order to contact you about that specific reservation.
For other purposes other than what you might reasonably expect from a restaurant, we employ the basis of consent. Information is only used for other purposes with your express consent. For example, you must ‘double opt-in’ to receive marketing emails. This means that we may already have your email address but you must give us your express consent to use it for contacting you about offers or new menus etc.
How do we collect information from you?
We collect information from you:
• when you make a booking.
• when you visit a restaurant (preferences, allergies etc.).
• when you make an enquiry.
• when you sign up to marketing emails.
• when you purchase a voucher from us.
• when you apply to work with us.
What type of information is collected from you?
You may be asked to submit personal information about yourself when you make a booking. We will collect this information so we can fulfil your booking request and you may dine at our venues.
When you make a booking:
New Chapter collect information such as:
• e-mail address (used for booking confirmation and post-dining feedback emails)
• home or work address
• telephone number
• company name
• dietary requests
• marketing preferences (whether you opt-in or opt-out)
When you dine at New Chapter:
• marketing responses (where applicable)
• survey responses (where applicable)
• current and past restaurant reservation details
When you access our sites:
There is “Device Information” about your computer hardware and software that is automatically collected by New Chapter Restaurant. This information is anonymous at the point of our use and cannot be traced back to you. This information may include:
• device type (e.g. mobile, computer, laptop, tablet)
• operating system
• browser type
• browser information (e.g., type, language, and history)
• domain names
• access times
• referring website addresses
• other data about your device to provide the services as otherwise described in this policy.
If you use our websites, we may receive your generic location (such as city or neighbourhood).
You may submit your CV if you’re interested in working for us to email@example.com or firstname.lastname@example.org. This information may include:
• personal details
• employment details
• salary history
• other relevant details
We will use this information to assess your application. If you are an unsuccessful candidate, your information will be deleted or destroyed immediately. If you are successful, your CV may be transferred to your secure file where we keep your personal records, performance appraisals, employment contract etc. We keep this for 6 years after you have left the company per legal requirements.
How is your information used?
Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.
We require the information outlined in the previous section to understand your needs and provide you with a better service, and in particular for the following reasons:
• Internal record keeping.
• Send you service emails (booking confirmation and post-dining feedback).
• Improve our products and services.
• Send marketing communications if you have opted in to receive them. By default you are ‘opted out’ of these unless we gain your express consent (by telling us you’d like to receive them verbally or by clicking a box on our website or Resdiary portal).
• We may use the information to customise the website according to your interests.
Who has access to your information?
We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under current legislation.
We will only share your information with companies if necessary to deliver services on our behalf. For example service providers (e.g. ResDiary for the provision of online bookings), third-party payment processors (e.g. Stripe), and other third parties to provide our Sites and fulfil your requests, and as otherwise consented to by you or as permitted by applicable law.
How and where do we store data?
For reservations taken through ResDiary software, your data will only be stored in the UK. ResDiary data is stored securely in data centres managed by Rackspace.
We also may very rarely store your data on-site in secure offices that can only be accessed by senior management. Most of our non-ResDiary data is stored online in a secure, cloud location that can only be accessed by senior management and company directors.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior and explicit consent. When you give us other types of data (e.g. for reservations), you are not automatically opted in to receive marketing communications – this is entirely separate and we require positive consent. We will not pass your details to any third parties for marketing purposes. Furthermore, you can change your marketing preferences at any time by contacting us by email at email@example.com, as appropriate.
You have a right to request a copy of the personal information that Maluna Ltd. holds about you, how it is being processed or used, and to have any inaccuracies corrected. Any such requests should be made to the above email addresses.
According to your right to erasure, you have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. We do not keep your data for any longer than is necessary and will re-seek your consent after the legal maximum of 24 months.
Any requests to change or delete your data will be fully complied with, within 30 days of your contacting us.
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site.
Use of ‘cookies’
A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.
• Opting Out: You can set your browser to not accept cookies, but this may limit your ability to use the services.
Our sites may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
What happens if our business changes hands?
In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
Our Restaurant Group
We may share your information (such as meal or seating preferences and special occasions) with the other restaurant under the Maluna Ltd group. This is to enhance the hospitality experience that we at Maluna Ltd. provide you when you dine at one of our two locations (such as, trying to seat you by a window, if you previously expressed a preference for window seating) (“customised service”) and to improve our table and shift planning.
For more information, please feel free to contact us at firstname.lastname@example.org.
Changes to this statement
The Information Commissioner’s Office – Scotland
45 Melville Street
Telephone: 0303 123 1115