Privacy Policy

 

This notice describes how we col­lect and use per­son­al data about you, in accor­dance with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), the Data Pro­tec­tion Act (2018) and any oth­er nation­al imple­ment­ing laws, reg­u­la­tions and sec­ondary leg­is­la­tion, as amend­ed or updat­ed from time to time, in the UK (‘Data Pro­tec­tion Leg­is­la­tion’). Please read the fol­low­ing care­ful­ly to under­stand our prac­tices regard­ing your per­son­al data and how we will treat it.

 

About us

Pied à Terre is a trad­ing name of New­bri­ar Com­pa­ny Lim­it­ed  (“we”, “us”, “our” and “ours”) a licensed restau­rant. Our reg­is­tered office is at:

New­bri­ar Com­pa­ny Limited
34 Char­lotte Street
London
Eng­land, W1T 2NH

For the pur­pose of the Data Pro­tec­tion Leg­is­la­tion and this notice, we are the ‘data con­troller’. This means that we are respon­si­ble for decid­ing how we hold and use per­son­al data about you. We are required under the Data Pro­tec­tion Leg­is­la­tion to noti­fy you of the infor­ma­tion con­tained in this pri­va­cy notice.

We have appoint­ed a Data Pro­tec­tion Lead. Our Data Pro­tec­tion Lead is our Data Pro­tec­tion Point of Con­tact and is respon­si­ble for assist­ing with enquiries in rela­tion to this pri­va­cy notice or our treat­ment of your per­son­al data. Should you wish to con­tact our Data Pro­tec­tion Point of Con­tact you can do so using the con­tact details not­ed at para­graph 12 (Con­tact Us), below.

 

How we may collect your personal data

We may obtain per­son­al data about you, for exam­ple, when:

  • you request a pro­pos­al from us in respect of the ser­vices we provide
  • you or your employ­er or our clients engage us to pro­vide our ser­vices and also dur­ing the pro­vi­sion of those services
  • you con­tact us by email, tele­phone, post, our web­site or social media (for exam­ple when you have a query about our ser­vices), or
  • from third par­ties and/or pub­licly avail­able resources (for exam­ple, from your employ­er or from Com­pa­nies House).

The kind of information we hold about you

The infor­ma­tion we hold about you may include the following:

  • your per­son­al details (such as your name and/or address, tele­phone number)
  • details of con­tact we have had with you in rela­tion to the pro­vi­sion, or the pro­posed pro­vi­sion, of our services
  • details of any ser­vices you have received from us
  • our cor­re­spon­dence and com­mu­ni­ca­tions with you
  • infor­ma­tion about any com­plaints and enquiries you make to us
  • infor­ma­tion from research, sur­veys, and mar­ket­ing activities
  • pseu­do­nymised infor­ma­tion about the usage of our web­site and social media ser­vices such as ses­sion track­ing cookies
  • infor­ma­tion we receive from oth­er sources, such as pub­licly avail­able infor­ma­tion, infor­ma­tion pro­vid­ed by third-par­ty com­pa­nies and agencies.

How we use the personal data we hold about you

We may process your per­son­al data for pur­pos­es nec­es­sary for the per­for­mance of our con­tract with you and to com­ply with our legal obligations.

We may process your per­son­al data for the pur­pos­es nec­es­sary for the per­for­mance of our con­tract with our clients. This may include pro­cess­ing your per­son­al data where you are an employ­ee, sub­con­trac­tor, sup­pli­er or customer.

We may process your per­son­al data for the pur­pos­es of our own legit­i­mate inter­ests pro­vid­ed that those inter­ests do not over­ride any of your own inter­ests, rights and free­doms which require the pro­tec­tion of per­son­al data. This includes pro­cess­ing for mar­ket­ing, busi­ness devel­op­ment, sta­tis­ti­cal and man­age­ment purposes.

We may process your per­son­al data for cer­tain addi­tion­al pur­pos­es with your con­sent, and in these lim­it­ed cir­cum­stances where your con­sent is required for the pro­cess­ing of your per­son­al data then you have the right to with­draw your con­sent to pro­cess­ing for such spe­cif­ic purposes.

Please note that we may process your per­son­al data for more than one law­ful basis depend­ing on the spe­cif­ic pur­pose for which we are using your data.

Situations in which we will use your personal data

We may use your per­son­al data in order to:

  • car­ry out our oblig­a­tions aris­ing from any agree­ments entered into between you or our clients and us (which will most usu­al­ly be for the pro­vi­sion of our services)
  • car­ry out our oblig­a­tions aris­ing from any agree­ments entered into between our clients and us (which will most usu­al­ly be for the pro­vi­sion of our ser­vices) where you may be a sub­con­trac­tor, sup­pli­er or cus­tomer of our client
  • pro­vide you with infor­ma­tion relat­ed to our ser­vices and our events and activ­i­ties that you request from us or which we feel may inter­est you, pro­vid­ed you have con­sent­ed to be con­tact­ed for such purposes
  • seek your thoughts and opin­ions on the ser­vices we pro­vide, and
  • noti­fy you about any changes to our services.

In some cir­cum­stances, we may anonymise or pseu­do­nymise the per­son­al data so that it can no longer be asso­ci­at­ed with you, in which case we may use it with­out fur­ther notice to you.

If you refuse to pro­vide us with cer­tain infor­ma­tion when request­ed, we may not be able to per­form the con­tract we have entered into with you. Alter­na­tive­ly, we may be unable to com­ply with our legal or reg­u­la­to­ry obligations.

We may also process your per­son­al data with­out your knowl­edge or con­sent, in accor­dance with this notice, where we are legal­ly required or per­mit­ted to do so.

Data retention

We will only retain your per­son­al data for as long as is nec­es­sary to ful­fil the pur­pos­es for which it is collected.

When assess­ing what reten­tion peri­od is appro­pri­ate for your per­son­al data, we take into consideration:

  • the require­ments of our busi­ness and the ser­vices provided
  • any statu­to­ry or legal obligations
  • the pur­pos­es for which we orig­i­nal­ly col­lect­ed the per­son­al data
  • the law­ful grounds on which we based our processing
  • the types of per­son­al data we have collected
  • the amount and cat­e­gories of your per­son­al data, and
  • whether the pur­pose of the pro­cess­ing could rea­son­ably be ful­filled by oth­er means.

Change of purpose

Where we need to use your per­son­al data for anoth­er rea­son, oth­er than for the pur­pose for which we col­lect­ed it, we will only use your per­son­al data where that rea­son is com­pat­i­ble with the orig­i­nal purpose.

Should it be nec­es­sary to use your per­son­al data for a new pur­pose, we will noti­fy you and com­mu­ni­cate the legal basis which allows us to do so before start­ing any new processing.

Data sharing

— Why might you share my per­son­al data with third parties?

We will share your per­son­al data with third par­ties where we are required by law, where it is nec­es­sary to admin­is­ter the rela­tion­ship between us or where we have anoth­er legit­i­mate inter­est in doing so.

— Which third-par­ty ser­vice providers process my per­son­al data?

“Third par­ties” includes third-par­ty ser­vice providers and oth­er enti­ties mem­bers of our firm’s pro­fes­sion­al net­works. The fol­low­ing activ­i­ties are car­ried out by third-par­ty ser­vice providers: IT and cloud ser­vices, pro­fes­sion­al advi­so­ry ser­vices, admin­is­tra­tion ser­vices, mar­ket­ing ser­vices, insur­ance and bank­ing services.

All of our third-par­ty ser­vice providers are required to take com­mer­cial­ly rea­son­able and appro­pri­ate secu­ri­ty mea­sures to pro­tect your per­son­al data. We only per­mit our third-par­ty ser­vice providers to process your per­son­al data for spec­i­fied pur­pos­es and in accor­dance with our instructions.

— What about oth­er third parties?

We may share your per­son­al data with oth­er third par­ties, for exam­ple in the con­text of con­tracts, com­pli­ance, mar­ket­ing or pro­fes­sion­al ser­vices. We may also need to share your per­son­al data with a reg­u­la­tor or to oth­er­wise com­ply with the law.

Transferring personal data outside the European Economic Area (EEA)

Per­son­al infor­ma­tion in the EEA (which means all the EU coun­tries plus Nor­way, Ice­land and Liecht­en­stein) (“EEA”) is pro­tect­ed by data pro­tec­tion laws but oth­er coun­tries do not nec­es­sar­i­ly pro­tect your per­son­al infor­ma­tion in the same way.

We may use ser­vice providers based out­side of the EEA to help us pro­vide our ser­vices to you and this means that we may trans­fer your infor­ma­tion to ser­vice providers out­side the EEA for the pur­pose of pro­vid­ing our ser­vices to you. For exam­ple, we utilise cloud ser­vices and online stor­age solu­tions, parts of these ser­vices may, for exam­ple, be host­ed on servers locat­ed with­in the Unit­ed States or man­aged and sup­port­ed from out­side the EEA to for exam­ple to ensure ser­vice avail­abil­i­ty and secu­ri­ty around the clock.

We take steps to ensure that where your infor­ma­tion is trans­ferred out­side of the EEA by our ser­vice providers and host­ing providers, appro­pri­ate mea­sures and con­trols in place to pro­tect that infor­ma­tion in accor­dance with applic­a­ble data pro­tec­tion laws and reg­u­la­tions. This may be that there is an ade­qua­cy deci­sion by the Euro­pean Com­mis­sion in rela­tion to these coun­tries and there­fore they will be deemed to pro­vide an ade­quate lev­el of pro­tec­tion for your per­son­al infor­ma­tion. In each case, such trans­fers are made in accor­dance with the require­ments of Reg­u­la­tions (EU) 2016/679 (the Gen­er­al Data Pro­tec­tion Reg­u­la­tions or “GDPR”) and may be based on the use of the Euro­pean Commission’s Stan­dard Mod­el Claus­es for trans­fers of per­son­al data out­side the EEA.

By using our web­site, prod­ucts or ser­vices or by inter­act­ing with us in the ways described in this Pri­va­cy Notice, you con­sent to the trans­fer of your infor­ma­tion out­side the EEA in the cir­cum­stances set out in this Pri­va­cy Notice where nec­es­sary for the deliv­ery of our ser­vices. If you do not want your infor­ma­tion to be trans­ferred out­side the EEA you may not be able to use all our services.

Should you require fur­ther infor­ma­tion about these pro­tec­tive mea­sures, or con­fir­ma­tion as to if the ser­vices we deliv­er to you involve such trans­fers please con­tact us using the con­tact details out­lined in the sec­tion below.

Data Security

We have put in place com­mer­cial­ly rea­son­able and appro­pri­ate secu­ri­ty mea­sures to pre­vent your per­son­al data from being acci­den­tal­ly lost, used or accessed in an unau­tho­rised way, altered or dis­closed. In addi­tion, we lim­it access to your per­son­al data to those employ­ees, agents, con­trac­tors and oth­er third par­ties who have a busi­ness need to know. They will only process your per­son­al data on our instructions.

We have put in place pro­ce­dures to deal with any sus­pect­ed data secu­ri­ty breach and will noti­fy you and any applic­a­ble reg­u­la­tor of a sus­pect­ed breach where we are legal­ly required to do so.

Rights of access, correction, erasure and restriction

Under cer­tain cir­cum­stances, by law, you have the right to:

  • Request access to your per­son­al data. This enables you to receive details of the per­son­al data we hold about you and to check that we are pro­cess­ing it lawfully
  • Request cor­rec­tion of the per­son­al data that we hold about you
  • Request era­sure of your per­son­al data. This enables you to ask us to delete or remove per­son­al data where there is no good rea­son for us con­tin­u­ing to process it. You also have the right to ask us to delete or remove your per­son­al data where you have exer­cised your right to object to pro­cess­ing (see below)
  • Object to the pro­cess­ing of your per­son­al data where we are rely­ing on a legit­i­mate inter­est (or those of a third par­ty) and there is some­thing about your par­tic­u­lar sit­u­a­tion which makes you want to object to pro­cess­ing on this basis. You also have the right to object where we are pro­cess­ing your per­son­al infor­ma­tion for direct mar­ket­ing purposes
  • Request the restric­tion of pro­cess­ing of your per­son­al data. This enables you to ask us to sus­pend the pro­cess­ing of per­son­al data about you, for exam­ple, if you want us to estab­lish its accu­ra­cy or the rea­son for pro­cess­ing it
  • Request the trans­fer of your per­son­al data to you or anoth­er data con­troller if the pro­cess­ing is based on con­sent, car­ried out by auto­mat­ed means and this is tech­ni­cal­ly feasible.

If you want to exer­cise any of the above rights, please email our data pro­tec­tion point of con­tact dataprotection@pied-a-terre.co.uk

You will not have to pay a fee to access your per­son­al data (or to exer­cise any of the oth­er rights). How­ev­er, we may charge a rea­son­able fee if your request for access is clear­ly unfound­ed or exces­sive. Alter­na­tive­ly, we may refuse to com­ply with the request in such circumstances.

We may need to request spe­cif­ic infor­ma­tion from you to help us con­firm your iden­ti­ty and ensure your right to access the infor­ma­tion (or to exer­cise any of your oth­er rights). This is anoth­er appro­pri­ate secu­ri­ty mea­sure to ensure that per­son­al infor­ma­tion is not dis­closed to any per­son who has no right to receive it.

Right to withdraw consent

In the lim­it­ed cir­cum­stances where you may have pro­vid­ed your con­sent to the col­lec­tion, pro­cess­ing and trans­fer of your per­son­al data for a spe­cif­ic pur­pose (for exam­ple, in rela­tion to direct mar­ket­ing that you have indi­cat­ed you would like to receive from us), you have the right to with­draw your con­sent for that spe­cif­ic pro­cess­ing at any time. To with­draw your con­sent, please email our data pro­tec­tion point of con­tact dataprotection@pied-a-terre.co.uk

Once we have received noti­fi­ca­tion that you have with­drawn your con­sent, we will no longer process your per­son­al infor­ma­tion (per­son­al data) for the pur­pose or pur­pos­es you orig­i­nal­ly agreed to, unless we have anoth­er legit­i­mate basis for doing so in law.

Changes to this notice

We may make changes to this Pri­va­cy Notice from time to time. Any changes we may make to our pri­va­cy notice in the future will be pro­vid­ed to you by being updat­ed on our web­site at www.pied-a-terre.co.uk which will always con­tain the lat­est version.

This pri­va­cy notice was last updat­ed on Sep­tem­ber 2, 2020.

Contact us

If you have any ques­tions regard­ing this notice or if you would like to speak to us about the man­ner in which we process your per­son­al data, please email our Data Point of Con­tact at dataprotection@pied-a-terre.co.uk or tele­phone our Data Pro­tec­tion Point of Con­tact on 020 7636 1178.

You also have the right to make a com­plaint to the Infor­ma­tion Commissioner’s Office (ICO), the UK super­vi­so­ry author­i­ty for data pro­tec­tion issues, at any time. The ICO’scontact details are as follows:

Infor­ma­tion Commissioner’s Office Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tele­phone: 0303 123 1113

Web­site: www.ico.org.uk/concerns