OUR PRIVACY POLICY

At Elystan Street we are committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this Policy and our privacy practices should be sent by email to info@elystanstreet.com.

WHO WE ARE

We are Elystan Street Restaurant at 43 Elystan Street, London SW3 3NT . 

HOW DO WE COLLECT INFORMATION FROM YOU?

  • We request sign up to our email newsletters via our website
  • We offer you the chance to sign up to emails via comment cards and forms distributed in our premises
  • We collect your contact information when you purchase vouchers from our website. Please note that we do not collect any information about your credit or debit cards, this is handled separately via a third party secure connection handled by PayPal.
  • We collect details of your IP address when you view our website, we do this via cookies *
  • You may have allowed us to use your email address as a result of a specific opt in to our mailing list present on a a third party website (e.g. a bookings website)

 

WHAT TYPE OF INFORMATION IS COLLECTED FROM YOU?

The personal information we collect from you might include your name, address, email address , IP address (collected via cookies), postcode, add any other method such as uploaded cvs,and information about which pages on our website you have accessed and when. If you purchase a product from us your card information is not held by us, it is collected by third party payment processors who specialise in the secure online capture and processing of credit and debit card transactions, as explained below.

HOW IS YOUR INFORMATION USED?

Please delete those not applicable to your business and add those not listed below.

We may use your information to:

  • process orders that you have submitted;
  • to carry out our obligations arising from any contracts entered into by you and us;
  • dealing with entries into a competition;
  • seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you. These may include information about special events, offers, competitions, new products or staff changes activities, promotions of our associated companies goods and services;
  • process a job application.

We will hold your personal information on our systems for as long as is necessary for the relevant activity.

WHO HAS ACCESS TO YOUR INFORMATION?

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

Sevice providers acting on our behalf

Any third party services or contractors we employ (to produce websites and send marketing information via email for example) that need access to data (IP addresses, email addresses) are bound by a contract that requires them to keep the information secure and not to use it for their own direct marketing purposes.** Our email database is kept securely password protected Mailchimp, you can see their privacy policies by clicking here.

COOKIES

Our website uses cookies* which keep a browser record of which IP addresses are accessing the site for the following reasons:

Analytics

We use Google analytics to see how many people have accessed our website and what pages they have spent time reading. It also tells us whether people are visiting our site as a result of search engine traffic or through links from other websites or marketing emails. Google analytics relies only on IP addresses to collect this information. You can read the Google data protection policy here.

Security

We use a third party plugin Wordfence which scans IP addresses such that we can block access to our site from known spammers and hackers.

Functionality

Our site is built in WordPress which requires the collection of IP information for any person with access to update the site.Any transaction which involves a user of our website providing information on a form in which a thank you notice appears involves the use of cookies.It is possible to disable cookies via your browser but it may affect the functionality of our site.Any data from information provided by cookies is only shared with the third parties listed above.

YOUR CHOICES

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about special offers, new products or interesting events then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email:  info@elystanstreet.com or telephone on 020 7628 5005.

 

HOW CAN YOU ACCESS OR UPDATE YOUR INFORMATION?

The accuracy of your information is important to us. If you wish to know what if any data we hold on you please email us at info@elystanstreet.com or write to us at: 43 Elystan Street, SW3 3NT. Alternatively, you can telephone 020 7628 5005.

If you wish us to delete your information from our records we will do so.

 

UNSUBSCRIBING FROM MARKETING EMAILS

If you unsubscribe from our marketing email list we will not send you any further emails however we will still keep your email address on file. If you wish your details to be completely deleted please email us at info@elystanstreet.com., or write to us at: 43 Elystan Street, SW3 3NT. Alternatively, you can telephone 020 7628 5005.

 

LINKS TO OTHER WEBSITES

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

 

DATA BREACHES

We have policies in place to help prevent data breaches. Data that we collect is done so via an encrypted connection ( Any data we hold on our own computers in spreadsheet or database form is password protected

 

Employees are aware that the following actions are to be strenuously avoided:

  • Loss of computing devices (portable or otherwise), data storage devices, or paper records containing personal data
  • Disclosing data to a wrong recipient
  • Handling data in an unauthorised way (eg: downloading a local copy of personal data)
  • Unauthorised access or disclosure of personal data by employees (eg: sharing a login)
  • Improper disposal of personal data (eg: hard disk, storage media, or paper documents containing personal data sold or discarded before data is properly deleted)

Malicious Activities

We take measures to avoid loss of data as a result of malicious activities, which include

  • Hacking incidents / Illegal access to databases containing personal data
  • Theft of computing devices (portable or otherwise), data storage devices, or paper records containing personal data
  • Scams that trick our staff into releasing personal data of individuals
  • Failure of cloud computing cloud storage security / authentication / authorisation systems

Reporting Breaches

All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:

  • Investigate the failure and take remedial steps if necessary
  • Maintain a register of compliance failures
  • Notify the Supervisory Authority of any compliance failures that are material either in their own right or as part of a pattern of failures

Under the GDPR, the DPO is legally obliged to notify the Supervisory Authority within 72 hours of the data breach (Article 33). Individuals have to be notified if adverse impact is determined (Article 34). In addition, we must notify any affected clients without undue delay after becoming aware of a personal data breach (Article 33).

We do not have to notify the data subjects if anonymised data is breached. Specifically, the notice to data subjects is not required if the data controller has implemented pseudonymisation techniques like encryption along with adequate technical and organizational protection measures to the personal data affected by the data breach (Article 34).

Footnotes

* An HTTP cookie (usually just called a cookie) is a simple computer file made of text. The information stored in cookies can be used to personalise the experience when using a website. A website can use cookies to find out if someone has visited a website before and record information (data) about what they did.

When someone is using a computer to browse a website, a personalised cookie file can be sent from the website’s server to the person’s computer. The cookie is stored in the web browser on the person’s computer. At some time in the future, the person may browse that website again. The website can send a message to the person’s browser, asking if a cookie from the website is already stored in the browser. If a cookie is found, then the data that was stored in the cookie before can be used by the website to tell the website about the person’s previous activity. Some examples where cookies are used include shopping carts, automatic login and remembering which advertisements have already been shown.

Cookies have been a problem for Internet privacy. This is because they can be used to track browsing behavior. Cookies have often been mistaken for computer programs. But cookies cannot do much on their own. They are simply a piece of data. They are occasionally called spyware or viruses, but they are not either of these. 

Most web browsers allow users to choose whether to accept cookies. If the user does not allow cookies, some websites will become unusable. For example, shopping baskets.