Gordon’s Wine Bar is committed to protecting the privacy of our customers and this privacy notice sets out details of how we use and process your data.
The name and contact details of our organisation:
Court Pie Catering Ltd t/a Gordon’s Wine Bar is a company limited by shares registered in England under company number 00981038 whose registered office is at Walter Wright, 89 High Street, Hadleigh, Ipswich, Suffolk IP7 5EA.
If you would like to get in touch with us for any further information the best way to do so is by emailing: firstname.lastname@example.org.
The personal data processing we undertake
Any information provided by you through our website uses a secure https connection and is stored securely. We do not share your information with any third parties.
Any contact with you will be in direct response to a query, booking or order from you based on your consent to being contacted.
Any purchases made will be handled through PayPal so that we will never hold your card/payment details and will never ask you to provide us with such details directly.
We give our customers the option to sign-up to our newsletters to receive occasional news on upcoming events, products and general information. We provide the option to sign-up via our website or it can occasionally be processed manually if requested.
Email marketing campaigns may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database to improve how we communicate with the customer and ensure content is relevant. Such tracked activity may include, for example: the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity.
Social Media Platforms
Gordon’s Wine Bar does make use of social media where we share images, videos and information to better communicate and interact with our customers. All the social media use is based on the terms and conditions as well as the privacy policies held with each social media platform respectively.
Any image or video shared is carefully selected and if any individual is present they will not be identified without consent. Consent will always be asked to share any image or video which was not taken ourselves.
We will share links through social media which often will get shortened. An example being: https://bit.ly/zyVUBo. While we do our best to make sure all links are safe and genuine many social media platforms are prone to spam and hacking and therefore we cannot be held responsible for any damages or implications caused by clicking on a shortened link.
CCTV and Facial Recognition
We use CCTV surveillance for both our inside and outside areas to maximise security and safety for both customers and staff. Access to the recordings are limited and controlled. Recordings will only be used if an incident is reported or if required by law, furthermore, it will only be handled by persons with approved access. Such as: police, insurers or courts of law.
CCTV recordings are kept for a maximum of 28 days at which point they are automatically deleted.
Website and Cookies
We use Google Analytics cookies to monitor and analyse web traffic and this can be used to keep track of user behaviour.
The purposes of the processing
We process personal data for the following purposes:
- Recruitment and employment of staff
- Sales and Marketing
- Customer Communications
- Security of our patrons, staff, premises, data and other assets
The lawful basis for the processing:
As a legal basis for processing personal data we rely on legal obligation, fulfilment of contract, consent, public interest and legitimate interest.
The right to withdraw consent:
Where we rely on consent to process your personal data you may withdraw that consent at any time and we will cease processing.
The legitimate interests for the processing:
We only rely on legitimate interest for processing the personal data of customers with whom we have an existing relationship and who reasonably expect to receive communication from us.
The categories of personal data obtained:
We only process the minimum amount of personal data to fulfil the purpose of the processing and the requirements of the legal basis for processing.
The recipients or categories of recipients of the personal data:
We only pass on personal data to other recipients to fulfil the purpose of the processing and the requirements of the legal basis for processing e.g HMRC, marketing service providers, accountants, suppliers.
The details of transfers of the personal data to any third countries or international organisations:
All our data stays in the UK except that stored using a cloud data storage provider in the USA who conform with the US Privacy Shield.
The retention periods for the personal data:
Once collected Data is retained for no longer than 28 days to 12 months unless required for longer due to legal requirements.
The source of the personal data:
We only collect personal data provided by the data subject themselves other than as detailed in this notice.
The details of whether individuals are under a statutory or contractual obligation to provide the personal data:
It will be clear when signing a contract with us which personal data is required by law or contract to provide.
The rights available to individuals in respect of the processing:
The Data Protection Act 2018 provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
To exercise your rights as a data subject under the Data Protection Act 2018 please email us at email@example.com.
The right to lodge a complaint with a supervisory authority:
You have the right to lodge a complaint with the UK Information Commissioner’s Office.