Privacy Statement


About this policy

Little Petra is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible way.  This policy outlines how we aim to achieve this and includes the information collected when:

  • you use our website
  • you make a booking on our website.
  • you make enquiries on our website.
  • someone is interested in working with us.

Definition of Personal Data

Personal Data means any data that relates to an identifiable person who can be directly/indirectly identified from that data.  In this case, it means personal data that you give to us via our site.

By providing your personal data, you agree that we can use your personal data in accordance with this policy.

Ensure you understand this policy in its entirety and take your time to read it.

Who are we?

Little Petra is a restaurant/venue based in 60 Hills Road, Cambridge, CB2 1LA.

Our registered address is: 60 Hills Road, Cambridge, CB2 1LA.

How do we collect information from you?

We collect information from you:

  • when you make a booking.
  • when you visit a restaurant (preferences, allergies etc.).
  • make an enquiry.
  • when you sign up to marketing emails.

What type of information is collected from you?

You may be asked to submit personal information about yourself when you make a booking.  We will collect this information so we can fulfil your booking request and you may dine at our venue.

When you make a booking:

Little Petra collects information such as:

  • title
  • name
  • e-mail address (used for booking confirmation and post-dining feedback emails)
  • home or work address
  • billing information taken for deposits, ticketing, or holding credit card information for use in the case of no-shows (where applicable)
  • telephone number
  • company name
  • dietary requests
  • marketing preferences (whether you opt-in or opt-out)

When you dine at Little Petra:

  • marketing responses (where applicable)
  • survey responses
  • current and past restaurant reservation details

When you access our sites:

There is “Device Information” about your computer hardware and software that is automatically collected by Little Petra.  This information can include:

  • device type (e.g., mobile, computer, laptop, tablet)
  • cookies
  • operating system
  • IP address
  • browser type
  • browser information (e.g., type, language, and history)
  • domain names
  • access times
  • settings
  • referring website addresses
  • other data about your device to provide the services as otherwise described in this policy.

Location information:

If you use our website, we may receive your generic location (such as city or neighbourhood).


You may submit your CV if you are interested in working for us to  This information may include:

  • personal details
  • employment details
  • education
  • salary history
  • other relevant details

We will use this information to assess your application.  We may also keep it in our records for future reference.  Please get in contact if you would no longer like us to hold your records at

How is your information used?

Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking, because you have consented to our use of your personal data (e.g., by subscribing to emails), or because it is in our legitimate interests.


We require the information outlined in the previous section to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • Send you service emails (booking confirmation and post-dining feedback).
  • Improve our products and services.
  • Send marketing communications if you have opted in to receive them.
  • We may use the information to customise the website according to your interests.

Who has access to your information?

We will not sell, distribute, or lease your personal information to third parties.  Any personal information we request from you will be safeguarded under current legislation.

We will only share your information with companies if necessary, to deliver services on our behalf.  For example, service providers (e.g., Little Petra for the provision of online bookings), third-party payment processors, and other third parties to provide our Sites and fulfil your requests, and as otherwise consented to by you or as permitted by applicable law.

Third parties (including Wix and B&G Web & Event Designs) whose content appears on our Site may use third-party Cookies, as detailed below.  Please refer to ‘Use of Cookies’ for more information on controlling Cookies.  Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.

You may choose to restrict the collection or use of your personal information at any point.  Please refer to the Your Choices section of this Privacy Policy for details.

How and where do we store data?

We only keep your personal data for as long as we need to (12 months) to use it as described in this privacy policy, and/or for as long as we have your permission to keep it.

For reservations taken through Little Petra software, your data will only be stored in the UK.


We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.  We may make use of additional information about you when it is available from external sources to help us do this effectively.

Your choices

We will not contact you for marketing purposes by email, phone, or text message unless you have given your prior consent.  We will not pass your details to any third parties for marketing purposes unless you have expressly allowed us to.  Furthermore, you can change your marketing preferences at any time by contacting us by email at

You have a right to request a copy of the personal information that Little Petra holds about you and have any inaccuracies corrected.  Any such requests should be made to this email address:

You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.  We do not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected.  Data will, therefore, be retained for the following periods (or its retention will be determined on the following basis):

12 months for all information collected


Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site.

Use of ‘cookies’

Like many other websites, we use cookies.  We use them to help you personalise your online experience.

A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit.  Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.


We use cookies for the following purposes:

  • Authentication, personalisation, and security: cookies help us verify your account and device and determine when you log in, so we can make it easier for you to access the services and provide the appropriate experiences and features.  We also use cookies to help prevent fraudulent use of login credentials.
  • Performance and analytics: cookies help us analyse how the services are being accessed and used and enable us to track the performance of the services.  For example, we use cookies to determine if you viewed a page or opened an email.  This helps us provide you with information that you find interesting.  We also use cookies to provide insights regarding your End Users and your sites’ performance, such as page views, conversion rates, device information, visitor IP addresses, and referral sites.
  • Third Parties: Third Party services may use cookies to help you sign into their services from our services.  We also may use third-party cookies, such as Google Analytics, to assist with analysing performance.  Any third-party cookie usage is governed by the privacy policy of the third party placing the cookie.
  • Opting Out: You can set your browser to not accept cookies, but this may limit your ability to use the services.

Our Site may contain links to other websites.  Please note that we have no control over how your data is collected, stored, or used by other websites and we recommend that you check the privacy policies of any such websites before providing any data to them.

What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business.  Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part.  The new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event, that any of your data is to be transferred in such a manner, you will (NOT) be contacted in advance and informed of the changes.  (When contacted you will (NOT, HOWEVER,) be given the choice to have your data deleted or withheld from the new owner or controller.)


For more information, please feel free to contact us at:

Changes to this statement

Little Petra will occasionally update this Privacy Policy to reflect company and customer feedback.  Little Petra encourages you to periodically review this statement to be informed of how Little Petra is protecting your information.  This policy was last updated 1st January 2020.

Contact Information

Little Petra welcomes your comments regarding this Privacy Policy.  If you believe that Little Petra has not adhered to this Privacy Policy, please contact Little Petra at  We will aim to use commercially reasonable efforts to promptly determine and remedy the problem.








The information given by us relating to the GDPR (General Data Protection Regulation) is for information purposes only.  It is not designed to be an exhaustive guide to the requirements of the GDPR.  It is your responsibility to ensure that you comply with the provisions of the GDPR and related legislation.  Each company’s responsibilities relating to the GDPR will vary depending on individual circumstances; accordingly, we will not be liable to you for your reliance on information provided in relation to the GDPR.

You warrant, represent, and undertake to us that Personal Data shall comply with the GDPR in all respects including, but not limited to, its collection, holding, and processing.

You shall be liable for, and shall indemnify (and keep indemnified) us in respect of any and all action, proceeding, liability, cost, claim, loss, expense (including reasonable legal fees and payments on a solicitor and client basis), or demand suffered or incurred by, awarded against, or agreed to be paid by, us and any of our Sub-Processors arising directly or in connection with:

  • any non-compliance by you with the GDPR or other applicable legislation.
  • any Personal Data processing carried out by us and any of our Sub-Processors in accordance with instructions given by you that infringe the GDPR or other applicable legislation.

Data storage

Data is stored securely in Microsoft Azure data centres throughout the world.  Data will be held in the data centre nearest to the location of your venues e.g., for EU this will be held in London, AU – New South Wales, China – HK, Asia – Singapore, North America – Illinois.  Data is encrypted at rest and is also encrypted in transit with all communications over HTTPS.  No data leaves the production environment and only qualified personnel have access to the Azure data centres.  And no data on our UK server is transferred out with the EEA.

Backup and Security

In terms of security, access to security logs are strictly controlled within our development team, we follow advice from Microsoft as to when security patches should be applied, and we use Cloudflare to monitor for unauthorised intrusion attempts.  Authorised support and sales executives have access to your diary; a smaller set of Little Petra staff have administrator access to our network and server infrastructure.  Data is backed up automatically every day.  Data cleansing is the responsibility of the restaurant operator.  Data-retention policies will be put in place as part of the GDPR work that is currently underway.  All access to diaries is controlled by username and password.  Each diary may set its own level of password complexity, as required – the minimum password length is 6 characters, and the restaurant operator can specify the level of complexity required.  Data can be deleted upon request either by you or by us.  Data can only be deleted by Little Petra if a diner booked on Little or the Little Petra Now app.  If a diner booked via social media/a venue’s widget/website, then the restaurant must delete that customer’s data.  A diner can contact Little Petra at to delete their record.  We have agreed our data retention period will be 12 months.

Data breach

In case of a data breach, the point of contact from Little Petra is the Marketing Director, Yaseen Hlalat, who is also our Data Protection Officer.  He will invoke the data control procedure, as required.  Then we will report the breach to the relevant supervisory authority within 72 hours of the organisation becoming aware of it.  We will notify affected venues within 48 hours of becoming aware of the breach.