PRIVACY POLICY

PRIVACY NOTICE FOR OUR CUSTOMERS AND OTHER BUSINESS RELATED PERSONAL DATA

1. Who is responsible for processing your data
2. Categories and Sources of Personal Data and Purposes and Lawful Basis for Processing
3. Sharing of Your Information
4. Your Rights

 

1. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA AND HOW TO CONTACT US

 

We provide hospitality services and aim to please our customers with our approach to the quality of service. We are committed to respecting your privacy, and this privacy notice explains how we collect, use, disclose, retain and protect your personal data.

For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR”), [DIRCKSEN & TALLYRAND INC, trading as River Café] (the “[River Café]” or “we” or “us” or “our”) will be the data controller responsible for any personal data we process.

Please take the time to read this privacy notice, since it contains important information about the way that we process personal data.

Questions, comments, complaints and requests regarding this privacy notice, or our privacy practices in general, are welcomed and should be addressed to [email protected] or by post to Attn: Data Subject Requests, 1 Water Street, Brooklyn, New York 11201. Any inquiries and requests regarding this privacy notice may be emailed to [email protected]

 

2. WHAT PERSONAL DATA WE COLLECT AND WHY

 

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting your personal data.

In each of the sections listed below, we describe how we obtain your personal data and how we treat it.

Section 2.1 Individual Customers

Section 2.2 Representatives of our Existing or Prospective Corporate

Customers, Business Partners, and Vendors

Section 2.3 Website Visitors

Section 2.4 Job applicants

Section 2.5 Visitors to our premises

Section 2.6 Users of WiFi (In case it is given to private event vendors)

 

2.1 INDIVIDUAL CUSTOMERS

We collect personal data related to individual customers.

A – Sources of personal data

B – Personal data that we collect and process

C – Why do we collect your personal data and what are our lawful bases for it

D – How long do we keep your personal data

 

A – SOURCES OF PERSONAL DATA

 

We may obtain your personal data from the following sources:

1. a) from you directly (over the phone, email, website or paper forms or in person);
2. b) from third parties (for example, OpenTable or service providers that are assisting us in providing you with service, and/or)
3. c) from our systems, such as WIFI, if you have used our internet connection service at our restaurant.

 

B – PERSONAL DATA THAT WE COLLECT AND PROCESS

 

We may collect the following categories of personal data relating to our existing or prospective individual or related customers:

a) name;

b) email

c) title

d) personal and/or business email address;

e) home address;

f) home and/or business telephone number;

g) date of birth;

h) family members and their dates of birth. *Please note that it is your responsibility to obtain consent from adult family members for sharing their personal data with us prior to providing their personal information to us;

i) credit card details;

j) details of your request, for example, for booking a table in our restaurant; this will include the date, time, party size, menu selection, table preferences; and dietary requirements, and any food allergies.

k) Gift Certificates or other discount details, if you provide them to us;

l) social occasion information;

m) inquiry, request or complaint

n) details of orders (amount spent, date, time, table number, vouchers or offers used);

o) categorization of you as a customer based on the information we have about you from various sources for example, if this is your first experience, you are a regular customer, and/or employee, friend or family of anyone in the organization

p) any feedback you submitted about your experience with us.

 

 

C – WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT

Individual Customers

We may use your personal data to:

Provide you with our products or services (for example, to book a dining room reservation, private event, or outdoor ceremony)

Our lawful basis for doing so is:

Contract

We may use your personal data to:

Establish and manage our relationship (this covers making your experience with us personalized, adapting our services to your requirements, such as your food preferences, dealing with complaints or maintaining your account with us)

Learn about how our products and services are or may be used (for example, when we ask you to fill out surveys about the experience you had with us)

Security (ensuring confidentiality of personal information or preventing unauthorized access and modifications to our systems)

Let you know about our products, services and events that may be of interest to you by mail, telephone, text, email or other forms of electronic communication

Our lawful basis for doing so is:

Legitimate Interest of River Café and the customer

Our legitimate interests in doing so are:

Promote our goods and services

Account Management

Management Reporting

Exercise or defend legal claims

Understand the market in which we operate

Managing security, risk and fraud prevention

___________________________________________________________________

In compliance with our legal obligations, River Café will collect and process data on food allergies submitted by customers. Where this is collected it will be processed securely and only held by the organization for as long as is necessary to provide services to related customers.

If you object to us using your personal data for these purposes, including direct marketing, please let us know using the email address provided in section 1.

Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA

 

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defense of legal claims.

 

2.2 REPRESENTATIVES OF OUR EXISTING OR PROSPECTIVE CORPORATE CUSTOMERS, BUSINESS PARTNERS, AND VENDORS

We may collect personal data related to employees, directors, authorized signatories, or other individuals associated with River Café’s existing or prospective corporate customers, business partners, and vendors.

A – Sources of personal data

B – Personal data that we collect and process

C – Why do we collect your personal data and what are our lawful bases for it

D – How long do we keep your personal data

 

A – SOURCES OF PERSONAL DATA

 

We may obtain your personal data from the following sources:

1. a) from you directly,
2. b) from a company that employs you, if you are an employee of our existing or prospective customer, business partner, or vendor,
3. c) during networking events that we have either hosted, or sponsored, or attended
4. d) from publicly available sources (for example, your company website or social media sites, such as LinkedIn, BeenVerified, TruthFinder, PeopleSearch, 411 and YellowPages)

 

B – PERSONAL DATA THAT WE COLLECT AND PROCESS

We may collect the following categories of personal data relating to our existing or prospective customers, business partners, and vendors’ employees, officers, authorized signatories, and other associated individuals:

1. a) name;
2. b) business address;
3. c) business email address;
4. d) business telephone number;
5. e) job title;
6. f) details of booking (venue, date, party size, previous functions)
7. g) any feedback you submitted about your experience.

 

C – WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT

Representatives of our Existing or Prospective Corporate Customers, Business Partners and Vendors

 We may use your personal data to:

Provide you with our products or services or receive products or services from you

Establish, and manage and maintain our relationship

Learn about how our products and services are or may be used

Security

Let you know about our products, services and events that may be of interest to you by mail, telephone, email, text or other forms of electronic communication

Our lawful basis for doing so is:

Legitimate Interest

Our legitimate interests in doing so are:

Efficiently fulfill our contractual and legal obligations

Account Management

Understand the market in which we operate

Exercise or defend legal claims

Manage security, risk and fraud prevention

___________________________________________________________________

 

If you object to us using your personal data for these purposes, including direct marketing, please let us know using the email address provided in section 1.

Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA

 We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your business relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defense of legal claims.

 

2.3 WEBSITE VISITORS

A – Sources of personal data of personal data

B – Personal data that we collect and process

C – Why do we collect your personal data and what are our lawful bases for it

D – How long do we keep your personal data

 

A – SOURCES OF PERSONAL DATA

 

We may obtain your personal data from the following sources:

a) from you directly (for example, at the time of subscribing to any services offered on our website, including but not limited to email lists, interactive services or requesting further goods or services)

b) from your device or browser

c) if you contact us, we may keep a record of that correspondence

d) from the any of the forms that you fill out on our website, including the Gift Certificate Request Form

 

 

 

B – PERSONAL DATA THAT WE COLLECT AND PROCESS

 

a) name;

b) title

c) date of birth, and zip code, if you are signed up to our e-newsletters;

d) email address;

e) operating system;

f) browser type;

g) information on the use of our website (for example, pages visited, geographical location, time spent on the website, online transactions);

h) cookie data (for more information please see our Cookie Notice Link)

 

i) preferences regarding online marketing

j) IP address

 

C – WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT

 

Website Visitors

We may use your personal data to:

Provide our website services to you

Establish, manage and maintain our relationship

Learn about our websites users’ browsing patterns and the performance of our website

Security

Let you know about our products, services and events that may be of interest to you by mail, telephone, email text or other forms of electronic communication

Learn about how our products or services may be used

Our lawful basis for doing so is:

Legitimate Interest

Our legitimate interests in doing so are:

Website Management

Promote our goods and services

Understand the market in which we operate

Management Reporting

Account Management

Manage security, risk and fraud prevention

Promote our goods and services

___________________________________________________________________

 

If you object to us using your personal data for the above purposes, including direct marketing, please send us an email using the email address in section 1.

Where we use cookies or similar technologies we will seek your prior consent where required to do so by law.

Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA

We will keep your personal data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.

 

2.4 JOB APPLICANTS

We may collect personal data related to job applicants for positions advertised on our website.

A – Sources of personal data

B – Personal data that we collect and process

C – Why do we collect your personal data and what are our lawful bases for it

D – How long do we keep your personal data

 

A – SOURCES OF PERSONAL DATA

We may obtain your personal data from the following sources:

1. a) from you directly;
2. b) from a third party, for example, individual referrals, a recruitment agency;
3. c) via web-based application forms;
4. d) during networking events that we have either hosted, or sponsored, or attended;
5. e) from publicly available sources (for example, professional networks, such as LinkedIn, Craigslist).

 

B – PERSONAL DATA THAT WE COLLECT AND PROCESS 

We may collect the following categories of personal data, which may differ, depending on the content of your CV and/or resume documents you submit to us:

a) name;

b) residence address;

c) personal email address;

d) telephone number;

e) date of birth;

f) social security number

f) career and education history;

g) skills, experience, and qualifications;

h) personal interests, languages spoken, questionnaire results;

i) gender;

j) names and contact details for references. Please note that it is your responsibility to obtain consent from your references prior to providing us personal information about them;

k) current and historic salary details together with salary expectations;

l) details of your current benefit entitlements and insurance

m) information about your legal status to work in the in The United States

n) disabilities

 

C – WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT

 

Job Applicants

We may use your personal data to:

Check your eligibility to work in the United States in which River Café is located

Where you provide us with information regarding your disability, we will process it as part of our legal obligation to make reasonable adjustments for recruitment process

 

Our lawful basis for doing so is:

Legal Obligation

 

We may use your personal data to:

Facilitate the selection process

Assess and confirm your suitability for employment

Communicate with you

Execute business process and internal management

Safeguard the security of our infrastructure, premises, assets and office equipment, including prevention of criminal activity, defending legal claims

 

Our lawful basis for doing so is:

Legitimate interest

 

Our legitimate interests in doing so are:

Talent Management

Management Reporting

Manage security, risk and fraud prevention

Exercise or defend legal claims

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA

 

We will keep and process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV and resume as part of your employee record for the duration of your employment with us. We will keep CVs, resumes and other submitted documents by rejected candidates for no longer than 6 (six) months, unless we obtained their consent to keep it for longer.

 

2.5 VISITORS TO OUR PREMISES

 

A – Sources of personal data

B – Personal data that we collect and process

C – Why do we collect your personal data and what are our lawful bases for it

D – How long do we keep your personal data

 

A – SOURCES OF PERSONAL DATA

 

We may obtain your personal data from you directly and from our systems records.

 

B – PERSONAL DATA THAT WE COLLECT AND PROCESS

 

a) name;

b) business or personal contact details;

c) organization and title

d) time and date of your visit

e) image or video (for example, from CCTV cameras at our premises).

 

C – WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT

 

Visitors to our Premises

We may use your personal data for:

Security

Maintain records of visitors to our premises

 

Our lawful basis for doing so is:

Legitimate interest

 

Our legitimate interests in doing so are:

Manage security, risk and fraud prevention

Business management reporting

 

If you object to us using your personal data for the above purposes, please let us know using the email address provided in section 1.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA

We keep your personal data for as long as necessary to ensure security of visitors to our premises and as soon as it is no longer necessary, regularly after 90 days for CCTV, we delete it.

 

2.6 USERS OF WIFI

A – Sources of personal data

B – Personal data that we collect and process

C – Why do we collect your personal data and what are our lawful bases for it

D – How long do we keep your personal data

 

A – SOURCES OF PERSONAL DATA

We may obtain your personal data from you directly and from our systems records.

 

B – PERSONAL DATA THAT WE COLLECT AND PROCESS

a) name;

b) title

c) email;

d) date of birth;

e) gender;

f) frequency of wi-fi usage;

g) device used

 

C – WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT

 

Users of WIFI

We may use your personal data to:

Provide our WIFI services to you

Security

 

Our lawful basis for doing so is:

Legitimate Interest

 

Our legitimate interests in doing so are:

Account management

Promote our goods and services

Manage security, risk and fraud prevention

 

If you object to us using your personal data for the above purposes, please let us know using the email address provided in section 1.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA

We keep your personal data for as long as necessary for you to use our internet connection. If you submitted other personal data about yourself, we will add it to your profile as a customer, employee or vendor and keep it as long as you are our customer, employee or vendor.

 

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH

 

We do not sell your personal data to third parties.

 

Our Partner Organizations and Service Providers

 

We may disclose information about you to organizations that provide a service to us, ensuring that they are contractually obligated to keep your personal data confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of service providers:

a) technical support providers who assist with our website and IT infrastructure,

b) third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;

c) professional advisers such as lawyers, accountants, tax advisors, auditors and insurance brokers, and lease holder;

d) providers that help us generate and collate reviews in relation to our goods and services;

e) advertising and promotional agencies and consultants and those organizations or online platforms selected by us to create marketing campaigns on our behalf (for example, Facebook, Google, Instagram);

f) service providers that assist us in providing our services.

 

Federal, city and state government agencies

We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

 

Company Mergers and Takeovers

We may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to sell or lease all or parts of our business.

 

4. YOUR RIGHTS

 

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

 

• Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of your personal data that we have collected, and to check that we are lawfully processing it.

 

• Request rectification, correction, or updating to any of your personal data that we have collected. This enables you to have any inaccurate information that we have collected, corrected.

 

• Request personal data provided by you to be transferred in machine-readable format (“data portability”).

 

• Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).

 

• Request the restriction of processing your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish the accuracy or the reason for processing it).

 

• Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of River Café, as explained above.

 

 

• Withdrawal of consent. If we rely on your consent (for example, when setting cookies on your device or for direct marketing), you may withdraw your consent at any time.

 

These rights listed may be subject to various conditions under applicable data protection and privacy legislation.

If you would like to exercise any of your rights set out above, you can contact us by email using the email address in section 1.