Privacy Policy

PRIVACY POLICY

Liang Yu Company Limited T/A Opium Restaurant aim to please our guests with our approach to the quality of service. We are committed to respecting your privacy, and this privacy notice explains how we collect, use, disclose, retain and protect your personal data. 

For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR”), Liang Yu Company Limited T/A Opium Restaurant or “we” or “us” or “our” will be the data controller responsible for any personal data we process.

At Liang Yu Company Limited T/A Opium Restaurant we take your privacy very seriously and we are committed to protecting your personal data. If you wish to contact us regarding this privacy statement, we may be reached at “eat@opiumrestaurant.co.uk”

Please take the time to read this privacy notice, since it contains important information about the way that we process personal data. 

WHAT DATA DO WE COLLECT

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting your personal data.

The information Liang Yu Company Limited T/A Opium Restaurant use about you falls into three categories: (a) data you give us; (b) data any member of Liang Yu Company Limited T/A Opium Restaurant collects about you; and (c) data we collect from or are provided by third parties.  

We may collect, use, store and transfer the following personal data about you:

  • Data you give us
    • when you visit Liang Yu Company Limited T/A Opium Restaurant
    • when you make a reservation in person, on the Website, or by phone to visit our restaurant
    • when you inform us of any dietary requirements you may have (for example, allergies or food intolerances)
    • when entering into a prize draw or competition
    • if you ask us to provide you with marketing communications such as newsletters or updates, or information about special events or promotions;
    • if you ask us to keep in touch with you
    • if you ask us to provide you with personalized content such as targeted advertising
    • if you contact us or correspond with us (for example, by phone, email or otherwise) for any reason, for example, when making an enquiry about a private event or for press enquiries; or
    • when you provide us with comments, opinions and/or feedback about our restaurant, our food and our service
    • during networking events that we have either hosted, or sponsored, or attended
    • image (for example, from CCTV cameras at our premises for safety and security)
    • personal data related to job applicants for positions
  • Data we collect about you when you visit or use our website
    • technical information, including the type of device (and its unique device identifier) you use to access the Online Services, the Internet protocol (IP) address used to connect your device to the Internet, your unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, your device and component serial numbers, your login information, browser type and version, time zone setting, browser plug in types and versions, operating systems, mobile network information and platform and details of any referring website or application
  • Data we collect from or are provided with by third parties. We may be given information about you from third parties, event management agencies, food delivery websites, social media platforms or anyone making a reservation on your behalf to attend one of our restaurants. We may also collect information that is publicly available. For example, we may collect information about you when you interact with us through social media.

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR DATA

We will use the data held about you for the purposes stated below:

Purpose of Processing

Type of data

Legal basis for processing

To process any reservations or bookings for private events

Your name, contact details, details of any allergies and dietary requirements (including any dietary or access assistance requirements you may provide) and your reservation details

Performance of a contract and consent (in respect of any dietary or access assistance requirements)

To process any payments you make

Your name, bank details, credit card and/or debit card details

Performance of a contract

To process any payments you make using a gift card

Your name and gift card details

Performance of a contract

To manage our relationship with you, including:

–       deal with any enquiries, correspondence, concerns or complaints you have raised;

–       notifying you about changes to this privacy statement; or

–       asking you to provide us with your comments or feedback. 

Your name, information about the issue raised, phone number and email address (if applicable)

Legitimate interest – to allow us to improve the overall customer experience at our restaurant

To ensure we adhere to your dietary requirements and allergies

Your name, contact details, details of any dietary requirements and allergies (including any medical information you may provide) and details of any pre-booked reservations

Consent

To process any take away orders you make

Your name, contact details, details of your order, details of any allergies and dietary requirements (including any dietary requirements you may provide) and your bank details, credit card and/or debit card details

Performance of a contract and consent (in respect of any dietary requirements)

To send you our newsletter or update and to keep in touch with you

Your name and email address

Consent

To tell you about our restaurants, services, products, offers, promotions or special events that we believe may interest you

  

To provide you with marketing communications, for example, newsletters, updates and notifications

Your name, postal address, phone number or email address

Consent

To enable you to partake in a prize draw, competition or survey

Your name, email address, phone number and address details

Consent

To provide personalized online content to you (social media platforms)

The technical information mentioned above, your name and email address.

Consent

To deliver relevant online content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

The technical information mentioned above

Legitimate interest – to understand our customers better and to develop our business and to inform our marketing strategy

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

The technical information mentioned above

Legitimate interest – to understand our customers better, keep the Website updated and relevant and to develop our business and to inform our marketing strategy

For job applicants

Your Name, contact information, personal information from any documents given to us regarding the recruitment process

Legitimate interest – To facilitate the entire job recruitment process including making reasonable adjustments, safeguarding our restaurant’s infrastructure, confirming your suitability for employment and communicating with you

To better understand our customers

The technical information mentioned above, location data and information about product choices etc

Legitimate interest – to allow us to prepare statistical information to be used internally to better understand our customers, but also to understand the effectiveness of our sales, marketing and advertising

Where consent is required for our use of your personal data as described above, we will request your consent. Typically, we would collect your consent by you performing an action such as ticking the appropriate consent box or otherwise communicating your consent to us (for example, by email or by you providing us with non-mandatory information), you consent to our use of that personal data as set out in this privacy statement. For example, we will only process your personal data for marketing purposes if we have your consent to do so.

MARKETING AND YOUR CHOICES

We will, if you have given us your consent and in line with your choices, provide you with information by post, telephone, email and SMS, which may be of interest to you in respect of our restaurant.

We will only provide you with marketing communications if you would like us to. You will have the opportunity to clearly set out whether you wish to receive marketing messages from us by ticking the relevant boxes.

PERSONAL DATA OF CHILDREN

We do not knowingly collect information from children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please email us at “eat@opiumrestaurant.co.uk”.

INFORMATION SECURITY

We are committed to taking appropriate measures designed to keep your personal data secure. Our technical and organizational procedures are designed to protect your personal data from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the Internet or any other public network can be guaranteed to be 100% secure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorized access or inadvertent disclosure.

 

RETAINING PERSONAL DATA

We will process your data only for as long as is necessary for the purposes for which it was collected in connection with your business relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, we keep your personal data for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website. We keep your personal data for as long as necessary to ensure security of visitors to our premises and as soon as it is no longer necessary, usually after 90 days for CCTV, we delete it. If you submitted other personal data about yourself, we will add it to your profile as a customer and keep it as long as you are our customer.

For job applicants, we will keep and process your data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates for no longer than a month, unless we obtained their consent to keep it for longer.

DISCLOSURE OF YOUR PERSONAL DATA

We do not sell your data to third parties.

We may share your personal data with selected third parties in accordance with this privacy statement, as follows:

  • with social media platforms such as Instagram and Facebook (if you use your account with them to sign up / in with us), if applicable.
  • service providers (for example, IT services or CRM services), business partners (for example, delivery services or booking services), suppliers and sub-contractors for the performance of any contract we enter into with you, but also when sending out marketing communications.
  • professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • with vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, carrying out research and analysis, and personalizing individual customer experiences.  We do not allow these vendors to use this information or to share it for any purpose other than to provide services on our behalf. 
  • with analytics and search engine providers that assist us in the improvement and optimization of the website.
  • with government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information.
  • with third parties, who acquire us or substantially all of our assets, in which case your personal data (including any sensitive personal data) will be one of the transferred assets (however, we will let you know before this happens).

COOKIES AND OTHER TECHNOLOGIES

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user and a “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity, which are also sometimes referred to as pixels and tags.    

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of the Website and the Online Services. They include, for example, cookies that enable you to log into the Online Services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. They also enable us to see how users use the Online Services. This helps us to improve the way the Website and the Online Services work.
  • Functionality cookies. These are used to recognize you when you return to the Online Services. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to the Website or the Online Services, the pages you have visited and the links you have We will use this information to make the website and the advertising displayed on it more relevant to your interests.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie

Type of Use

How its used

PHPSESSID

Strictly necessary

Created by backend PHP language to keep track of information traveling between pages. It is a random generated number. It does not keep any specific information of the user (https://cookiepedia.co.uk/cookies/PHPSESSID)

__cfduid

Strictly necessary

Set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. (https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-)

_ga & _gid

Analytical/performance cookies

Google Analytics. In order for Google Analytics to determine that two distinct hits belong to the same user, a unique identifier, associated with that particular user, must be sent with each hit. (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookies-user-id)

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Online Services.

For more detailed information about cookies and how they can be managed and deleted, please visit www.allaboutcookies.org.

YOUR RIGHTS

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any inaccurate information we hold about you corrected.
  • Request personal data provided by you to be transferred in machine-readable format (“data portability”).
  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
  • Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Company, as explained above.
  • Withdrawal of consent. If we rely on your consent (for example, when setting cookies on your device or for direct marketing), you may withdraw your consent at any time.

These rights listed may be subject to various conditions under applicable data protection and privacy legislation.

If you would like to exercise any of your rights set out above, you can contact us by emailing “eat@opiumrestaurant.co.uk”

You also have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office, which can be contacted at the following:

UK Information Commissioner

Website: https://ico.org.uk/concerns/

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

Telephone: 0303 123 1113

Email: https://ico.org.uk/global/contact-us/email