Privacy and Cookies Policy
About us and contact
www.kroketa.co.uk is a site operated by Croqueteria Ltd.
Registered office 21 Beak Street, London, W1F 9RR.
If you have any comments or questions about this Privacy Policy on how we collect, use or disclosure personal information, please contact our Data Protection Officer at the address below referencing “Privacy Policy”: [email protected] or our registered address given above.
Companies we work with:
• Brindisa Kitchens (Our Sister Company)
• Brindisa LTD. (Our Sister Company)
• Acteol (CRM Platform)
• Wireless Social (Wifi Login)
Objective
· This Policy applies only to information we collect, process and use through the Systems and Services. This Policy does not apply to information that we collect through other channels, such as information that we collect offline, from other websites or from emails you send us.
This policy details how we manage your personal information within the business of Croqueteria Ltd together with any products and services we provide. Our Privacy Policy is in line for GDPR that took place on the 25th May 2018.
· If you have concerns about any changes and/or no longer wish for us to retain your personal data in line with GDPR you may cancel your account by emailing us at [email protected].
Definitions
· Key words used in this document are “personal information” or “personal data” which relates to information used to either directly or indirectly identify an individual, either from that information alone or from that information combined with other information Croqueteria Ltd. has access to about that individual.
· Personal information may include details you provide or upload to our site, elements of information may be assigned by us please see below for further information.
Our Commitment to You
· Croqueteria Ltd. is committed to protecting the privacy, confidentiality and security of your personal information in order to comply with data protection legislation (e. g. General Data Protection Regulation in Europe Union), we will specifically seek prior explicit consent to the particular processing (e. g. automated individual decision-making) of special categories of personal data.
· If personal information is provided, everything will be kept in accordance with this policy which details how we collect, use, disclose, process and protect any information that you give us when you use our products and services whether that be instore at our restaurants or via on-line at our website https://www.kroketa.co.uk
By using Kroketa products and services you are deemed to have read, acknowledged and accepted all the provisions stated here in the Privacy Policy, including any changes we may make from time to time.
· You hereby consent that we may process and disclose personal information to our affiliated companies (Brindisa Kitchens and Brindisa), Third Party Service Providers (defined below) for the purposes stated in this Privacy Policy.
When and Why is Information Is Collected?
Personal information is collected to provide services and /or products and as part of our legal compliance. Our legitimate interests are whether you are a partner (Wholesale), Potential and Existing trade customer:
· As a current trading partner by registering and maintaining your account as efficiently as possible.
· Our purpose is to provide you with information about our goods, services and events, to enhance our trading relationship, offering the right to object at any time using our contact details provided below.
Our legitimate interests towards online and customers attending events:
· We will only send you special offers, promotions and information of goods and events that may be of interest if you have consented to receive them.
· As an online customer, information is used to process and fulfil purchase orders and surveys regarding customer experiences.
· Regarding Croqueteria Ltd competitions, data is required to ensure prize winners receive their reward.
· If you sign up to our newsletter on our website where we provide the latest news and information about our products and services.
· Information is collected also via email, phone and where required by additional notes added by internal staff for topics like dietary requirements
Who, What, How and Where is information collected and stored?
In order to provide our services to you, we will ask you to provide personal information required. Should you wish to decline providing your personal information, we may not be able to provide you with our products or services.
This means that the data collection is largely necessary for fulfilling the relationship we have with you, and where that is not the case, we have a legitimate interest in collecting the information described below.
We only collect information required for purposes that are necessary, specified and legitimate in nature. No further processing takes place that is outside of that manner. We may collect the following types of information (which may or may not be personal information):
· Information specific to customer requirements such as dietary information, special requests, workplace, names of colleagues and other details if included by the customer
· Other requests might be collected via our email system: When you submit information to this website via webform, we collect the data requested in the webform in order to track and respond to your submissions. We share this information with Squarespace, our online store hosting provider, so that they can provide website services to us. We also share this information with [google drive] for storage and [with Acteol for data porting].
· Card payment information is held by Payment Sense which are only kept for as long as necessary for the transaction to take place. This format is encrypted and tokenised
· Providing other Bar Kroketa services such as for functions of that service, and to facilitate the provision of that service for the benefit of the user, e.g. downloading, updating, registering or Bar Kroketa web portals and related activities.
· Verifying user identity. Croqueteria Ltd. uses this data to verify the user identity and ensure there is no log-in by hackers or unauthorized persons.
· Collecting user feedback. The feedback you choose to provide is valuable in helping Bar Kroketa to make improvements to our services. In order to follow up on the feedback you have chosen to provide, Bar Kroketa may correspond with you using the personal information that you have provided and keep records.
· Take photographs to be used for promotional activities
· Ask you to fill in a Health and Safety questionnaire where your name and signature are collected.
· Sending notices. From time to time, we may use your personal information to send important notices, such as communications and changes to our terms, conditions, and policies.
Type of Information Collected
Information you provide to us or upload: including and any other information you provide us:
FULL NAMES, DATE OF BIRTH, MOBILE PHONE NUMBER, HOME NUMBER, EMAIL ADDRESS, FEEDBACK, POSTAL ADDRESS, PHOTOS, GEOGRAPHIC INDICATORS:
· Information specifically assigned to you by Croqueteria Ltd:
Croqueteria Ltd Membership ID
· Financial information: data used to complete purchases like:
BANK ACCOUNT NUMBER, ACCOUNT HOLDER NAME, SORT CODE, TAXPAYER IDENTIFICATION NUMBER, CREDIT CARD NUMBER
· Log information: information related to your use of apps and websites and security monitoring: COOKIES, CCTV FOOTAGE
We may also collect other types of information which are not directly or indirectly linked to an individual and which is aggregated, anonymised or de-identified.
Cookie Policy
This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.
· These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.
· These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.
Opting Out of Cookies
You can control, manage and/or delete cookies via your browser settings however, cookies are necessary for us to provide the services you use and you cannot opt out of these on the Platform. You are able to disable placement of some (but not all) Cookies by setting your browser to decline cookies, though this may worsen your user experience. For further information please go to the following website AboutCookies.org.
Sharing with Our Group and Third-Party Service Providers
· We do not sell any personal information to third parties. We may disclose your personal information on occasion to third parties (as described below) in order to provide the products or services that you have requested or upon request by the data subject, or if required to do so for legal reasons, for example, as part of a criminal investigation.
· Disclosure may be made to Third Party Service Providers and affiliated companies listed in this section below. In each case described in this section, you can be assured that Croqueteria Ltd will only share your personal information in accordance with your consent. This will engage sub-processors for the processing of your personal information.
· You should know that when Croqueteria Ltd contractually specifies that the third party is subject to practices and obligations to comply with applicable local data protection laws such as GDPR and will contractually ensure that any Third-Party Service Providers comply with privacy standards.
· To conduct business operations, we may be required to disclose your personal information to third party services that provide in communications, social media, technology or cloud facilities, service providers which are our mailing houses, delivery service providers, telecommunications companies, data storage facilities, customer service providers, advertising and marketing service, providers.
Security Measures
· We are committed to ensuring that your personal information is secure. In order to prevent unauthorized access, disclosure or other risks, we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect. We will use all reasonable efforts to safeguard your personal information.
· All your personal information is stored on secure servers that are protected in controlled facilities. We classify your data based on importance and sensitivity and ensure that your personal information has the highest security level.
We make sure that our employees and Third-Party Service Providers who access the information to help provide you with our products and services are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet such obligations. We have special access controls for cloud-based data storage as well.
· We will take all practicable steps to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.
· We will take upon the personal data breach, notifying the breach to relevant supervisory authority or under some circumstances, notifying the personal data breach to the data subjects by complying with applicable laws.
Controlling Privacy
Brindisa Kitchens recognizes each individual has privacy concerns and aims to ensure that methods are available and without complication to enable you to restrict the collection, use, disclosure or processing of your personal information and control your privacy settings by allowing:
· The right to request access to and/or correction of any other personal information that we hold about you, however before we proceed with your request please recognise the need for security as you will be asked to verify your identity.
· Free of charge and upon request a copy of your personal data collected and processed by us will be provided to you
Note: Any extra requests of the same information, may incur a reasonable fee based on administrative costs.
· In the event of realising your personal data held by us is incorrect or incomplete, please contact us via email as soon as possible [email protected]
· should you wish to erase your personal information, your request will be considered against any outstanding contractual measures first, then if approved your request will follow a measured procedure.
Note: Once information has been erased, it cannot be un-erased. The information must be resubmitted by the candidate.
· You have the right to restrict processing which will be reviewed against contractual processes and if approved it will be applied under applicable circumstances related to GDPR, if the restriction of processing is lifted, you will be informed beforehand.
· If you are Europe Union user under GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
· If you are Europe Union user under GDPR, you have the right to receive your personal information in a structured, commonly used format and transmits the information to another data controller.
Retention Policy
· Personal information will be held for as long as it is necessary to fulfil the purpose for which it was collected, or as required or by applicable laws.
Should we be notified or a reasonable assumption regarding personal information purposes is no longer required, we shall cease to retain and/ or remove the data associated with an individual.
· If further processing is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to the applicable laws, the data can be further retained by Croqueteria Ltd even if the further processing is incompatible with original purposes.
Trade customers: We will retain your data for such time as you are in trading relationship with Brindisa Ltd. If you stop trading with Brindisa Ltd. or your account is suspended for any other reason, your personal data may be retained on our system for a period of up to seven years.
· Online customers: We will retain your data for such time as you are in trading relationship with Brindisa Ltd.
At any time, you may amend or delete any personal data that we hold or request us to do so.
Customers attending Brindisa Ltd. closed events: We will store images indefinitely unless a request is made to remove them for our archives. Photographs used in print cannot be removed.
· We will store any personal data to fulfil our legal obligations (e.g. accidents investigation). At any time, you may request us to amend or delete any personal data that we hold. If we receive your data through a competition entry, we will retain it for as long as is necessary to administer the competition.
Withdrawal of Consent
· You may withdraw your consent for the collection, use and/or disclosure of your personal information in our possession or control by submitting a request. This may be done by email or by contacting your Line manager or human resources department. We will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose your personal information as per your request.
· Please recognize that your withdrawal of consent could result in certain legal consequences. Depending on the extent of your withdrawal of consent for us to process your personal information, it may mean that you will not be able to enjoy Croqueteria Ltd’s products and services. 2.9 Transfer of Personal Information Outside of EU Jurisdiction
Croqueteria Ltd. is a UK-headquartered company operating within the UK. As such, and to date we do not transfer any personal data to any party outside of the European Union or the European Economic Area. Regardless should personal data be transferred outside of the EEA, Croqueteria Ltd. we will do so on the basis of EU standard contractual clauses or any other safeguards provided for in the GDPR.
Miscellaneous
· We consider it the responsibility of parents to monitor their children’s use of our products and services. Nevertheless, it is our policy not to require personal information from minors or offer to send any promotional materials to persons in that category.
· Croqueteria Ltd does not seek or intend to seek to receive any personal information from minors. Should a parent or guardian have reasons to believe that a minor has provided Croqueteria Ltd with personal information without their prior consent, please contact us to ensure that the personal information is removed and the minor unsubscribes from any of the applicable Croqueteria Ltd services.
Updates to The Privacy Policy
· We keep our Privacy Policy under regular review and may update this privacy policy to reflect changes to our information practices. If we make material changes to our Privacy Policy, we will post the changes on all the Croqueteria Ltd websites so that you may be aware of the information we collect and how we use it.
· Such changes to our Privacy Policy shall apply from the effective date as set out in the notice or on the website. Your continued use of products and services on the websites, mobile phones and/or any other device will be taken as acceptance of the updated Privacy Policy.
· We will seek your fresh consent before we collect more personal information from you or when we wish to use or disclose your personal information for new purposes.
Systematic Approach to Manage Your Personal Information
If you are a Europe Union user under GDPR, Brindisa Kitchens will provide systematic approach to manage personal data deeply engages our people, management processes and information systems by applying a risk management methodology. According to the GDPR, for instance,
(1) Croqueteria Ltd set up a Data Protection Officer (DPO) in charge the data protection, please email “The Data Officer” using the email: [email protected]
(2) Procedures like data protection impact assessment (DPIA) and data flow mapping