Last updated: March 2018
This policy applies to:
- visitors and users of ResDiary’s websites, including ResDiary.com (“Sites”)
- any ResDiary-branded restaurant reservation services available via multi devices (“ResDiary Application”)
This policy explains:
- when and why we collect personal information from people who visit our website and make reservations via our Services
- how we use the information
- the conditions under which we may disclose the information to others
- how we keep it secure
By using the ResDiary website, you consent to the data practices described in this statement.
Who are we?
ResDiary is a table reservation system that processes reservations on behalf of thousands of venues across the world. Venues can take bookings through:
- ResDiary sites including www.resdiary.com
- ResDiary apps, including the ResDiary Now smartphone app.
- The restaurant’s own website and social media using ResDiary’s booking technology
- Third party sites that use our reservations software (e.g. Time Out).
Our registered address is: 3rd Floor, 36 Renfield Street, Glasgow, G2 1LU. ResDiary is restaurantdiary.com Limited. (In this document “ResDiary” means restaurantdiary.com Limited).
How do we collect information from you?
We collect information related to how you use our Services, including how you interact with our software (including, but not limited to, clicks, page views, searches and steps taken to complete actions).
What type of information is collected from you?
In connection with your registration, booking, or making a payment to a restaurant on our website, ResDiary collects personal information.
When you make a booking:
ResDiary collects information such as:
- e-mail address
- home or work address
- billing information taken for deposits, ticketing or holding credit card information for use in the case of no-shows (where applicable)
- telephone number
- company name
- special requests
- marketing preferences (whether you opt-in or opt-out)
- marketing responses (where applicable)
- survey responses (where applicable)
When you make a booking, we do not proactively collect personal information considered as sensitive personal information such as health-related information. However, our Sites include text boxes which are designed for you to provide information you wish on dining preferences.
When you sign up to create a ResDiary profile:
This refers to when you click Sign Up on any ResDiary Site. ResDiary collects the above information in the “When you make a booking” section and additional information such as:
- ZIP code or postcode
- interests and favorites
- account settings
- current and past restaurant reservation details
- favourite restaurants
- special restaurant requests
- dining activity (e.g. frequency, restaurants, restaurant type, meal type, cancellations, no-shows)
- dining preferences
When you access our sites:
There is “Device Information” about your computer hardware and software that is automatically collected by ResDiary. This information can include:
- device type (e.g. mobile, computer, laptop, tablet)
- operating system
- IP address
- browser type
- browser information (e.g., type, language, and history)
- domain names
- access times
- referring website addresses
- other data about your device to provide the services as otherwise described in this policy.
If you use our Services, we may receive your generic location (such as city or neighbourhood) or, with your consent, precise geographic location data from your mobile device when the ResDiary Applications are running and when they are not running. We may, for example, receive this information when you select restaurant search locations.
How is your information used?
This information is used by ResDiary for the operation of services, to maintain quality of the service, and to provide general statistics regarding use of the ResDiary Sites.
Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through ResDiary public message boards, this information may be collected and used by others.
Note: ResDiary does not read any of your private online communications.
We may use your information to:
- process reservations
- notify you of your restaurant reservations
- buy gift vouchers
- pay deposits
- join wait lists
- provide you with new and improved features
- personalise your experiences on our Sites
- seek your feedback on the services we provide
- let you know of changes in our services or terms and conditions
- send you marketing communications that you have opted into and you may be interested in
- collect data, including without limitation from you, with the purpose of improving the booking service and to provide feedback to the restaurant
- present a quality index for the restaurant industry
- collate and share aggregated or de-identified information at its absolute discretion, including but not limited to aggregate statistical data.
We may combine your Personal Information with Device Information and location information to serve you specifically, such as to deliver a product to you according to your preferences or restrictions, or for advertising or advertising targeting purposes. When we combine Personal Information with Device Information in this way, we treat it as, and apply all of the safeguards in this Policy applicable to, Personal Information.
Consistent with above, we may communicate with you via electronic messages, including email, text message, or mobile push notification to, for example:
- send you information relating to our products and services, including reservation confirmations and updates, receipts, technical notices, updates, security alerts, and support and administrative messages.
- and/or, subject to the Your Choices section, below, and/or applicable law, communicate with you about contests, offers, promotions, rewards, upcoming events, and other news about products and services offered by ResDiary, our parent companies, our subsidiaries, our affiliates, restaurants, and other business partners.
With your consent, we may contact you at the mobile phone number that you provide to us by way of direct dial calls and text messages in connection with the above Purposes.
Our Role as Data Controller and Data Processor
It is important to understand the difference between being a data controller and data processor.
When bookings are made for a restaurant using ResDiary technology on any other digital platforms, via the ResDiary.com portal, or the ResDiary Now app, then the restaurant, or partner, is responsible for tracking marketing preferences.
When a diner creates a profile on ResDiary.com, ResDiary is the data controller for that personal data.
We are not responsible for any restaurant’s use of information for which it is an owner or controller. To learn more about how a restaurant may use such personal information, you should review its privacy notice.
We review our retention periods on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as it is set out in any relevant contract you hold with us.
Who has access to your information?
ResDiary does not sell, rent or lease its customer lists to third parties.
ResDiary may share your information with other third parties for marketing purposes with your consent. More details can be seen in the Your Choices section below. In such cases, please note that you are subject to the separate privacy policies of such third parties.
Information shared with restaurants and their affiliates
When you make a dining request through our Sites, such as a restaurant reservation or making a payment to a restaurant through our Sites, all details pertaining to the reservation is delivered to the restaurant’s ResDiary system.
The notifications sent by email or SMS via ResDiary systems are to confirm your booking details and to send a survey out after dining.
We or the restaurant may share your information (such as meal or seating preferences and special occasions) with other restaurants in the same restaurant group. This is to enhance the hospitality experience that the restaurant group provides you when you dine with them (such as, trying to seat you by a window, if you previously expressed a preference for window seating) (“customized service”) and to improve the restaurant’s table and shift planning.
In addition to providing you with more customized service, we or the restaurant may, as permitted by applicable law, share your information with such restaurant’s restaurant affiliates to support operations, such as to perform analytics, tailor marketing to you, support a loyalty program that you have chosen to participate in, and improve their services.
For more information, please feel free to contact the restaurants at which you dine or book, or ResDiary as detailed in the Contact Information section below.
To learn more about your choices related to how we share your information with restaurants, restaurant groups, and/or restaurant affiliates under our programs, please see the Your Choices section below.
Third Party Service Providers working on our behalf
We may pass on your information to our third party service providers, agent subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. When we use third party service providers, we disclose only the information that is necessary to deliver the service. Please be reassured that we will not release your information to third parties beyond ResDiary for them to use for their own direct marketing purposes, unless you have requested us to do so.
ResDiary websites will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to:
(a) comply with the law or comply with legal process served on ResDiary or the site
(b) protect and defend the rights or property of ResDiary
(c) act under exigent circumstances to protect the personal safety of users of ResDiary, or the public.
We may transfer your personal information to a third party:
- as part of a sale of some or all of our business and assets to any third party
- or as part of any business restructuring or reorganisation
- or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation
However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Payment Card Information
To use certain services on our Sites and Applications we may require credit or debit card account information in order to:
- make reservations at certain restaurants
- make payments to certain restaurants
- pay a deposit to certain restaurants
- pre-order at certain restaurants and to purchase gift vouchers.
By submitting your credit or debit card account information through our Sites, to the extent permitted by applicable law, you expressly consent to the sharing of your information with restaurants, third-party payment processors (e.g Stripe), and other third-party service providers, and you further agree to the following terms.
When you use a credit or debit card to secure a reservation through our Sites, we provide your credit or debit card account information (including card number and expiration date, but excluding the CVV number) to our third-party payment service providers and the applicable restaurant.
- When you initially provide your credit or debit card account information through our Sites in order to use our restaurant payment services, we provide your credit or debit card account information to our third-party payment service providers. As explained in the ResDiary Terms and Conditions, these third parties may store your credit or debit card account information so you can use our restaurant payment services through our Sites in the future to the extent permitted by local law.
- For information about the security of your credit or debit card account see further information on Security precautions in place to protect the loss, misuse or alteration of your information.
Subject access request
If you would like access to your data then please contact us at email@example.com
You can choose whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, you can opt out by not ticking the relevant boxes on the forms where we collect your personal information.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email at firstname.lastname@example.org.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software, the Secure Socket Layer (SSL). When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer. Stripe never stores any card details.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Who is the point of contact at ResDiary in the event of a data breach?
The point of contact from ResDiary is the Chief Operating Officer, Mike Breewood, who is also our Data Protection Officer. He will invoke the data control procedure with the Chief Technical Officer, Colin Winning, as required. Then we will report the breach to the relevant supervisory authority within 72 hours of the organisation becoming aware of it.
We will notify affected venues within 48 hours of becoming aware of the breach.
Where is data stored?
Data is stored securely in data centres managed by Rackspace in the UK. They are one of the leading Managed Security Service Providers in the world. Thousands of organisations, including global enterprises, use this company.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
Use of ‘cookies’
Opting Out: You can set your browser to not accept cookies, but this may limit your ability to use the Services.
Links to other websites
ResDiary encourages you to review the privacy statements of websites you choose to link to from ResDiary so that you can understand how those websites collect, use and share your information. ResDiary is not responsible for the privacy statements or other content on websites outside of those websites owned and/or controlled by ResDiary or its affiliate companies.
Changes to this Statement