About this policy
Little Petra is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible way. This policy outlines how we aim to achieve this and includes the information collected when:
you use our website www.littlepetra.co.uk.
you make a booking on our website.
you make enquiries on our website.
someone is interested in working with us.
Definition of Personal Data
Personal Data means any data that relates to an identifiable person who can be directly/indirectly identified from that data. In this case, it means personal data that you give to us via our site.
By providing your personal data, you agree that we can use your personal data in accordance with this policy.
Ensure you understand this policy in its entirety and take your time to read it.
Who are we?
Little Petra is a restaurant/venue based in 94 Mill Road, Cambridge, CB1 2BD.
Our registered address is: 94 Mill Road, Cambridge, CB1 2BD.
How do we collect information from you?
We collect information from you:
when you make a booking.
when you visit a restaurant (preferences, allergies etc.).
make an enquiry.
when you sign up to marketing emails.
What type of information is collected from you?
You may be asked to submit personal information about yourself when you make a booking. We will collect this information so we can fulfil your booking request and you may dine at our venue.
When you make a booking:
Little Petra collects information such as:
e-mail address (used for booking confirmation and post-dining feedback emails)
home or work address
billing information taken for deposits, ticketing, or holding credit card information for
use in the case of no-shows (where applicable)
marketing preferences (whether you opt-in or opt-out)
When you dine at Little Petra:
marketing responses (where applicable)
current and past restaurant reservation details
When you access our sites:
There is “Device Information” about your computer hardware and software that is automatically collected by Little Petra. This information can include:
device type (e.g., mobile, computer, laptop, tablet)
browser information (e.g., type, language, and history)
referring website addresses
other data about your device to provide the services as otherwise described in this policy.
If you use our website, we may receive your generic location (such as city or neighbourhood).
You may submit your CV if you are interested in working for us to email@example.com. This information may include:
other relevant details
We will use this information to assess your application. We may also keep it in our records for future reference. Please get in contact if you would no longer like us to hold your records at firstname.lastname@example.org.
How is your information used?
Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking, because you have consented to our use of your personal data (e.g., by subscribing to emails), or because it is in our legitimate interests.
We require the information outlined in the previous section to understand your needs and provide you with a better service, and in particular for the following reasons:
Internal record keeping.
Send you service emails (booking confirmation and post-dining feedback).
Improve our products and services.
Send marketing communications if you have opted in to receive them.
We may use the information to customise the website according to your interests.
Who has access to your information?
We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under current legislation.
We will only share your information with companies if necessary, to deliver services on our behalf. For example, service providers (e.g., Little Petra for the provision of online bookings), third-party payment processors, and other third parties to provide our Sites and fulfil your requests, and as otherwise consented to by you or as permitted by applicable law.
How and where do we store data?
For reservations taken through Little Petra software, your data will only be stored in the UK.
Little Petra data is stored securely in data centres managed by Little Petra.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
We will not contact you for marketing purposes by email, phone, or text message unless you have given your prior consent. We will not pass your details to any third parties for marketing purposes unless you have expressly allowed us to. Furthermore, you can change your marketing preferences at any time by contacting us by email at email@example.com.
You have a right to request a copy of the personal information that Little Petra holds about you and have any inaccuracies corrected. Any such requests should be made to this email address: firstname.lastname@example.org
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. We do not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected. Data will, therefore, be retained for the following periods (or its retention will be determined on the following basis):
12 months for all information collected
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site.
Use of ‘cookies’
A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.
Opting Out: You can set your browser to not accept cookies, but this may limit your ability to use the services.
Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we recommend that you check the privacy policies of any such websites before providing any data to them.
What happens if our business changes hands?
In the event, that any of your data is to be transferred in such a manner, you will (NOT) be contacted in advance and informed of the changes. (When contacted you will (NOT, HOWEVER,) be given the choice to have your data deleted or withheld from the new owner or controller.)
For more information, please feel free to contact us at: email@example.com.
Changes to this statement
The information given by us relating to the GDPR (General Data Protection Regulation) is for information purposes only. It is not designed to be an exhaustive guide to the requirements of the GDPR. It is your responsibility to ensure that you comply with the provisions of the GDPR and related legislation. Each company’s responsibilities relating to the GDPR will vary depending on individual circumstances; accordingly, we will not be liable to you for your reliance on information provided in relation to the GDPR.
You warrant, represent, and undertake to us that Personal Data shall comply with the GDPR in all respects including, but not limited to, its collection, holding, and processing.
You shall be liable for, and shall indemnify (and keep indemnified) us in respect of any and all action, proceeding, liability, cost, claim, loss, expense (including reasonable legal fees and payments on a solicitor and client basis), or demand suffered or incurred by, awarded against, or agreed to be paid by, us and any of our Sub-Processors arising directly or in connection with:
any non-compliance by you with the GDPR or other applicable legislation.
any Personal Data processing carried out by us and any of our Sub-Processors in accordance with instructions given by you that infringe the GDPR or other applicable legislation.
Data is stored securely in Microsoft Azure data centres throughout the world. Data will be held in the data centre nearest to the location of your venues e.g., for EU this will be held in London, AU – New South Wales, China – HK, Asia – Singapore, North America – Illinois. Data is encrypted at rest and is also encrypted in transit with all communications over HTTPS. No data leaves the production environment and only qualified personnel have access to the Azure data centres. And no data on our UK server is transferred out with the EEA.
Backup and Security
In terms of security, access to security logs are strictly controlled within our development team, we follow advice from Microsoft as to when security patches should be applied, and we use Cloudflare to monitor for unauthorised intrusion attempts. Authorised support and sales executives have access to your diary; a smaller set of Little Petra staff have administrator access to our network and server infrastructure. Data is backed up automatically every day. Data cleansing is the responsibility of the restaurant operator. Data-retention policies will be put in place as part of the GDPR work that is currently underway. All access to diaries is controlled by username and password. Each diary may set its own level of password complexity, as required – the minimum password length is 6 characters, and the restaurant operator can specify the level of complexity required. Data can be deleted upon request either by you or by us. Data can only be deleted by Little Petra if a diner booked on Little Petra.com or the Little Petra Now app. If a diner booked via social media/a venue’s widget/website, then the restaurant must delete that customer’s data. A diner can contact Little Petra at firstname.lastname@example.org to delete their record. We have agreed our data retention period will be 12 months.
In case of a data breach, the point of contact from Little Petra is the Marketing Director, Yaseen Hlalat, who is also our Data Protection Officer. He will invoke the data control procedure, as required. Then we will report the breach to the relevant supervisory authority within 72 hours of the organisation becoming aware of it. We will notify affected venues within 48 hours of becoming aware of the breach.