PRIVACY POLICY

Purpose of policy

At Gambas we are committed to maintaining the trust and confidence of our customers be it visitors to our website, customers on our marketing lists, visitors to our Social Media pages or customers booking via our online systems. In particular we want you to know that Gambas is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes. This is our Privacy policy in which you will find detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.

The purpose of our policy is to
• comply with the law
• follow good practice
• protect clients, staff and other individuals
• protect the organisation

 

Wi-fi

When you use Gambas wi-fi we do not collect data about:

  1. your device
  2. the volume of data which you use
  3. the websites and applications which you access
  4. Your usage by access time or frequency

 

Mailing Lists

As part of the registration for our Loyalty Programme, we collect personal information. We use that information to tell you about special offers, live acts that we have performing for you and any news that we think you would like to know about. We may need to contact you if we need to obtain additional information; to check our records are right and to check now and again that you are happy and satisfied. We do not rent or trade email lists with other organisations or businesses. We use a thirdparty provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails.

 

Website

When someone visits gambas.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the
site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make any attempt to find out the identities of those visiting our website.

 

Electronic Point of Sale

Loyalty Card customers will be able to give explicit consent at the time of sign-up so that you can opt in to receive communications by email, text, phone and/or mail. Only staff and management have access to any information that is held on our system and have be sufficiently trained on how to handle data sensitively. Nobody unauthorised will have access to any details that we hold of our customers. Customers at any time can request that their details be removed and their details will be deleted from our system. We will not sell or distribute any of our customer’s data to any third parties or transfer any
data outside the EU.

 

Social Media

Gambas use the Facebook, Twitter and Instagram social media platforms as a way of letting our followers and customers know of anything that may be happening including competitions, special offers, Live Acts or the likes. Consent and data use is effectively covered by the terms and conditions and privacy notices in each of these platforms when you decide to sign up and start participating. Our Social Media Privacy Policy is to ensure that our followers can be confident that their information and data is not used in any way other than to inform them of the above. Any opinions expressed by followers are personal and do not in any way represent the views of Gambas. We use the strictest privacy settings which automatically apply to all new customers that sign-up. Every one of our followers has the right to request the deletion or removal of their personal data, including information published online. It can also be requested that all posts made before the age of 18 made on websites or social networks be removed.

 

Social Media Policy (Staff & Management)

Our Social Media Policy is to protect from the following:

  • Risk of defamation
  • Reputation and brand management
  • Handling negative comments
  • Monitoring employees
  • Protecting information about employees

Employees may face disciplinary action for posting comments online that may damage the company’s reputation. Gambas may monitor employees’ social media activity if we become aware of any of the above. Any members of staff that posts on social media on behalf of Gambas and uses the company’s devices are not permitted to use the devices for personal communications. They will not publicly share sensitive information about followers online. Staff using their own device to post on behalf of Gambas that contains personal data of customers must be aware that they are responsible for any security breaches which include the loss of a personal device or it being accessed by friends or family whilst containing confidential or sensitive information. All devices are to be and will be password protected to ensure that this information does not and cannot be accessed by anyone unauthorised to do so.

 

Electronic Booking Systems (Loyalty customer Database)

Bookatable is an online restaurant service that we use in Gambas. Bookatable has a consent box so that customers are able to opt-in to marketing whilst using the platform themselves. This gives our diners the opportunity to consent by taking a positive action. Bookatable is also used as a tool within the restaurant and any customer calling to book a table will be asked if they are happy to receive marketing communications from us. We will not sell any customer data to any third parties or transfer any data outside the EU.

 

SMS Messaging

Textlocal is a mobile communications online platform that we use to inform our customers of any special offers, news and Live Acts that may be performing in due course. All customers that are on our database for textlocal will be sent texts in which they will be able to opt-in or out of our marketing communications. Nobody unauthorised will have access to any details that we hold of our customers. Customers at any time can request that their details be removed and their details will be deleted from our system.

 

 

Gambasuk Ltd. will:

  • comply with both the law and good practice
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support for staff who handle personal data, so that they can act confidently and consistently
  • Notify the Information Commissioner voluntarily, even if this is not required

 

Responsibilities

The Board / Company Directors: Darin Scales

Data Protection Officer
As Gambas has less than 250 employees we do not have to employ a Data Protection Officer but all staff and employees will:

  • Brief staff on Data Protection responsibilities
  • Review Data Protection and related policies
  • Advise other staff on tricky Data Protection issues
  • Ensure that Data Protection induction and training takes place
  • Notification to the ICO
  • Handle subject access requests
  • Approve unusual or controversial disclosures of personal data
  • Approve contracts with Data Processors

 

Employees
All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Enforcement
Any member of staff or management that infringe Data Protection and/or related policies will be subject to disciplinary action that may involve dismissal as an employee of Gambas. All staff and management will be provided with basic training and knowledge of data protection laws and are expected to adhere to this.

Storage
All data held on our customers is kept on password protected devices.

Retention periods
Customers are able to opt-in or out of marketing at any time by updating their preferences across all of our communications. Customers are also able to request that their information is deleted by contacting the restaurant and asking.

 

Right of Access

Responsibility
Right of access requests will be handled within one month.

Procedure for making request
Right of access requests must be in writing

Provision for verifying identity
Identity must be checked before handing over any information.

Charging
Information will be provided free of charge. However we will charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. The fee will be based on the administrative cost of providing the information.

 

Lawful Basis

Opting out
Customers are given the opportunity to opt-out of any type of marketing we utilise (as explained before).

Withdrawing consent
Consent can be withdrawn at any time by verbal request, written request or by following the links and instructions.

 

Employee training & Acceptance of responsibilities

Induction
All employees who have access to any kind of personal data will have their responsibilities outlined during their induction.

Continuing training
Any Data Protection issues will be raised during employee training, team meetings, supervisions, etc.

Procedure for staff signifying acceptance of policy
Staff and employees are expected to show acceptance of their responsibilities to Data Protection.

 

Policy review

Responsibility
Management will have responsibility for carrying out the next policy review.

Procedure
All employees that are privy to sensitive information will be consulted in the review.

Timing
The next review will be carried out no later than two months before the review date of 25th May 2021.

 

 

Prepared by: Karen Whisker.
Last updated: 
25th May 2018. Policy review date: 25th May 2021.

RESERVATIONS

Phone:

01493 668028

Email:
info@gambas.co.uk

WE'RE OPEN:

Tues – Fri:
12-2pm & 5pm-late
Saturday: 12pm-late
Sunday: 1-6pm


Join our monthly newsletter!

4-5 Beach Road,
Gorleston-on-Sea,
NR31 6BH

© , GambasUK Ltd.     Privacy Policy

4-5 Beach Road, Gorleston-on-Sea, NR31 6BH

RESERVATIONS

Phone:

01493 668028

Email:
info@gambas.co.uk

WE'RE OPEN:

Tues – Fri:
12-2pm & 5pm-late
Saturday: 12pm-late
Sunday: 1-6pm

Join our monthly newsletter!

PRIVACY POLICY

Purpose of policy

At Gambas we are committed to maintaining the trust and confidence of our customers be it visitors to our website, customers on our marketing lists, visitors to our Social Media pages or customers booking via our online systems. In particular we want you to know that Gambas is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes. This is our Privacy policy in which you will find detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.

The purpose of our policy is to
• comply with the law
• follow good practice
• protect clients, staff and other individuals
• protect the organisation

 

Wi-fi

When you use Gambas wi-fi we do not collect data about:

  1. your device
  2. the volume of data which you use
  3. the websites and applications which you access
  4. Your usage by access time or frequency

 

Mailing Lists

As part of the registration for our Loyalty Programme, we collect personal information. We use that information to tell you about special offers, live acts that we have performing for you and any news that we think you would like to know about. We may need to contact you if we need to obtain additional information; to check our records are right and to check now and again that you are happy and satisfied. We do not rent or trade email lists with other organisations or businesses. We use a thirdparty provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails.

 

Website

When someone visits gambas.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the
site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make any attempt to find out the identities of those visiting our website.

 

Electronic Point of Sale

Loyalty Card customers will be able to give explicit consent at the time of sign-up so that you can opt in to receive communications by email, text, phone and/or mail. Only staff and management have access to any information that is held on our system and have be sufficiently trained on how to handle data sensitively. Nobody unauthorised will have access to any details that we hold of our customers. Customers at any time can request that their details be removed and their details will be deleted from our system. We will not sell or distribute any of our customer’s data to any third parties or transfer any
data outside the EU.

 

Social Media

Gambas use the Facebook, Twitter and Instagram social media platforms as a way of letting our followers and customers know of anything that may be happening including competitions, special offers, Live Acts or the likes. Consent and data use is effectively covered by the terms and conditions and privacy notices in each of these platforms when you decide to sign up and start participating. Our Social Media Privacy Policy is to ensure that our followers can be confident that their information and data is not used in any way other than to inform them of the above. Any opinions expressed by followers are personal and do not in any way represent the views of Gambas. We use the strictest privacy settings which automatically apply to all new customers that sign-up. Every one of our followers has the right to request the deletion or removal of their personal data, including information published online. It can also be requested that all posts made before the age of 18 made on websites or social networks be removed.

 

Social Media Policy (Staff & Management)

Our Social Media Policy is to protect from the following:

  • Risk of defamation
  • Reputation and brand management
  • Handling negative comments
  • Monitoring employees
  • Protecting information about employees

Employees may face disciplinary action for posting comments online that may damage the company’s reputation. Gambas may monitor employees’ social media activity if we become aware of any of the above. Any members of staff that posts on social media on behalf of Gambas and uses the company’s devices are not permitted to use the devices for personal communications. They will not publicly share sensitive information about followers online. Staff using their own device to post on behalf of Gambas that contains personal data of customers must be aware that they are responsible for any security breaches which include the loss of a personal device or it being accessed by friends or family whilst containing confidential or sensitive information. All devices are to be and will be password protected to ensure that this information does not and cannot be accessed by anyone unauthorised to do so.

 

Electronic Booking Systems (Loyalty customer Database)

Bookatable is an online restaurant service that we use in Gambas. Bookatable has a consent box so that customers are able to opt-in to marketing whilst using the platform themselves. This gives our diners the opportunity to consent by taking a positive action. Bookatable is also used as a tool within the restaurant and any customer calling to book a table will be asked if they are happy to receive marketing communications from us. We will not sell any customer data to any third parties or transfer any data outside the EU.

 

SMS Messaging

Textlocal is a mobile communications online platform that we use to inform our customers of any special offers, news and Live Acts that may be performing in due course. All customers that are on our database for textlocal will be sent texts in which they will be able to opt-in or out of our marketing communications. Nobody unauthorised will have access to any details that we hold of our customers. Customers at any time can request that their details be removed and their details will be deleted from our system.

 

 

Gambasuk Ltd. will:

  • comply with both the law and good practice
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support for staff who handle personal data, so that they can act confidently and consistently
  • Notify the Information Commissioner voluntarily, even if this is not required

 

Responsibilities

The Board / Company Directors: Darin Scales

Data Protection Officer
As Gambas has less than 250 employees we do not have to employ a Data Protection Officer but all staff and employees will:

  • Brief staff on Data Protection responsibilities
  • Review Data Protection and related policies
  • Advise other staff on tricky Data Protection issues
  • Ensure that Data Protection induction and training takes place
  • Notification to the ICO
  • Handle subject access requests
  • Approve unusual or controversial disclosures of personal data
  • Approve contracts with Data Processors

 

Employees
All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Enforcement
Any member of staff or management that infringe Data Protection and/or related policies will be subject to disciplinary action that may involve dismissal as an employee of Gambas. All staff and management will be provided with basic training and knowledge of data protection laws and are expected to adhere to this.

Storage
All data held on our customers is kept on password protected devices.

Retention periods
Customers are able to opt-in or out of marketing at any time by updating their preferences across all of our communications. Customers are also able to request that their information is deleted by contacting the restaurant and asking.

 

Right of Access

Responsibility
Right of access requests will be handled within one month.

Procedure for making request
Right of access requests must be in writing

Provision for verifying identity
Identity must be checked before handing over any information.

Charging
Information will be provided free of charge. However we will charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. The fee will be based on the administrative cost of providing the information.

 

Lawful Basis

Opting out
Customers are given the opportunity to opt-out of any type of marketing we utilise (as explained before).

Withdrawing consent
Consent can be withdrawn at any time by verbal request, written request or by following the links and instructions.

 

Employee training & Acceptance of responsibilities

Induction
All employees who have access to any kind of personal data will have their responsibilities outlined during their induction.

Continuing training
Any Data Protection issues will be raised during employee training, team meetings, supervisions, etc.

Procedure for staff signifying acceptance of policy
Staff and employees are expected to show acceptance of their responsibilities to Data Protection.

 

Policy review

Responsibility
Management will have responsibility for carrying out the next policy review.

Procedure
All employees that are privy to sensitive information will be consulted in the review.

Timing
The next review will be carried out no later than two months before the review date of 25th May 2021.

 

 

Prepared by: Karen Whisker.
Last updated: 
25th May 2018. Policy review date: 25th May 2021.

© , GambasUK Ltd.     Privacy Policy