do to ensure it is kept private and secure.
This Policy sets out the following:
About The Yellow Chilli (and how to contact us)
What information we collect
How we use your information
Our website and cookies
Keeping your information safe
Images, video and CCTV taken on our premises
Storing you information
Details of the The Yellow Chilli
- Updates to this Policy
1. About The Yellow Chilli (and how to contact us)
Any personal information provided to us, will be handled in accordance with this Policy. For further
information about The Yellow Chilli, please see paragraph 13.
For the purposes of data protection law we will be a controller of your personal information (this means we
make decision about how and why your information is used, and have a duty to ensure your rights are
2 Howe Drive, Gilston, Hertfordshire, CM20 2FT, email firstname.lastname@example.org or telephone 020 8616 5940
2.What information we collect
We collect information from individuals to provide goods or services and to keep them informed about
The Yellow Chilli. This may include personal information, such as your name and contact details provided when
communicating with us or signing up to a mailing list, or in connection with a booking or purchase, Gift
cards or other loyalty programs, raffles and competitions. If you make a purchase from us, we will use
financial information in order to process your payment.
We don’t normally collect or process sensitive personal information about our customers or visitors (such
as information about someone’s health or beliefs). In the unlikely event that we do (for example, details if
an accident occurs on our premises), we’ll ensure that this information is kept private and secure.
3.How we use your information
We will only use your information with your consent, or because we need to in order to:
• enter into, or perform, a contract with you;
• comply with a legal duty;
• for our own (or a third party’s) lawful interests, provided your rights don’t override the these.
In any event, your information will only be used for the purpose(s) we collected it for (or else for a closely
related purpose, such as keeping a record of a payment once a transaction is complete)
We will never sell your personal information. We do share information within our business (see paragraph
13 for details) and with our suppliers (e.g. if you place an order with us we’ll share your address with our
delivery company), but they will only be allowed to use the information for a specific purpose and we will
make sure your data is protected.
4. Booking online
You can book tables at our restaurant online at www.theyellowchilli.co.uk or via a third-party booking
website. When you make a booking you with us will be asked to provide certain information (such as your
name, email address and telephone number) which we use to contact you about your booking.
Booking information will be retained after your visit (for up to 2 years ), unless you have opted-in to receive
marketing communications, in which case we will continue to use your information for that purpose.
If you choose to book via a third-party website, such as Quandoo or OpenTable, then you will be asked to
provide information to that website. That third-party website will not be covered by this Policy and its’
operator may use your information for other purposes (such as marketing), we therefore recommend you
The third-party booking website will share your details with us, so we can arrange your booking. When we
contact you to confirm the booking you will also be provided with an opportunity to opt-in to further
communications from us.
5.Our website and cookies
We don’t collect or process personal information about visitors to our website unless they choose to
provide information (such as when making a booking, purchase or signing up to a mailing list).
We may collect non-personal information about visitors to our website as this helps us optimise and
improve the website. This information might include your internet protocol address, the browser being
used to connect to our site, the device (e.g. its operating system) and the connection type (e.g. the Internet
service provider used). However, none of this information will directly identify you.
Our website may use “cookies” to enhance your experience and enable certain functionality (such as
bookings). Web browsers place cookies on hard drives for record-keeping purposes and sometimes to track
your ability to use the site.
Hyperlinks to other sites
Our website may contain hyperlinks to other websites operated by third parties. We are not responsible for
the content or functionality of any of those external websites. If an external website requests personal
information from you (e.g. in connection with an order for goods or services), the information you provide
any personal information.
We may contact you by email, telephone or post. We do this to confirm bookings. We may also contact you
to notify you of changes to our terms of business or this Policy.
If you are an existing customer, we’ll send you marketing communications about similar products or
services that may be of interest, unless you ask us not or decide to unsubscribe.
We will only contact an individual consumer with marketing communications if that person is an existing
customer, or if he or she has asked to receive marketing or enquired about our products or services. If you
would like to opt-in in to marketing you can do so by signing up for our newsletters or ticking an opt-in box
(e.g. on our website or a table card). If you decide to enter a competition or prize draw, we will contact you
to let you know if you have won and to see if you would like to continue to hear from us with other news,
offers and competitions.
We may contact local businesses to introduce ourselves and provide details of our products, services and
offers. If you have received such a communication, and would prefer not to hear from us in future, simply
let us know using the details below.
Changing your preferences or unsubscribing
You can change how you hear from us or unsubscribe from marketing at any time. You can do this by
clicking the “unsubscribe” link on any of our emails, or by writing to The Yellow Chilli, 2 Howe Drive, Gilston, Hertfordshire CM20 2FT,
email email@example.com or telephone 020 8616 5940 with
details of your request. You can also contact us via these details if you wish to complain about a marketing
communication you have received in error.
7. WiFI Users
We provide visitors with free WiFi access. Our WiFi is operated by Ocean WIFI. You will need to register
before you can login and use wireless internet in our restaurant. We do not not store information on WiFi
users and we will not send marketing information to WiFi users without their consent. However, personal
data may also be collected by Ocean WIFI and you must make sure you read their terms and conditions and
8.Keeping your information safe
We employ a variety of physical and technical measures to keep your personal data safe and to prevent
unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure
computer systems and we control who has access to them (using both physical and electronic means). Our
staff receive data protection training and we have a set of detailed data protection procedures which
personnel are required to follow when handling personal data.
However, we cannot absolutely guarantee the security of the internet or external networks or your own
device, accordingly any online communications (e.g. information provided by email or through our website)
are at your own risk.
9.Images, video and CCTV taken on our premises
Photos and videos taken on our premises
Occasionally we may take (or be provided by a customer with) photos or videos at our premises (e.g. if we
hold an event) which we might want to use to promote our business, a product or an event. These images
or recordings may be published on online and by social media, in promotional materials and in publications.
Individuals featured in these photos will not be identified without their consent. If we are taking photos or
recording videos for promotional purposes, we’ll usually let you know or place a sign to notify you of this. If
you wish to complain about a photo or recording which features you, please contact us using the details set
out in paragraph 1 of this Policy.
Our premises have CCTV (either inside or on their exterior). We use CCTV to protect the safety of customers
and staff, and also to establish facts in the event of the claim. Access to CCTV is strictly controlled, and it will
only be used in the event of an incident, and only disclosed (typically to police, courts, professional advisers
or insurers) if required by law or in relation to in the event of actual or prospective legal proceedings.
We store CCTV footage for around two weeks, after which tapes are automatically deleted and the old
footage is recorded over.
10. Storing your information
We only store personal information so long as it is required for the purpose(s) we it collected for (or for a
related compatible purpose, such as keeping a record of a transaction). We regularly review what data we
have and delete that which is no longer necessary. You also have a right to request that your data be
deleted (the right to be forgotten), please see paragraph 11 for further details.
We normally only store personal information within the European Economic Area (EEA). If one of our
subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps
to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These
safeguards will usually be contractual and/or the result of a European Union decision which allows the
transfer (for example, a US organisation which is certified under the EU-US Privacy Shield framework).
We use MailChimp, an email services platform based in the USA, to manage and send email
communications. If you receive emails powered by the MailChimp platform, this will mean your information
has been transferred to the USA. However, MailChimp’s owner (the Rocket Science Group LLC) is certified
under the EU-US Privacy Shield Scheme, meaning
it has taken steps to ensure your information is adequately protected. You can learn more about MailChimp
the Privacy Shield scheme please visit https://www.privacyshield.gov/welcome.
If you believe that any information we are holding on you is incorrect or incomplete, please contact using
the details set out in paragraph 1.
We want to ensure you remain in control of your personal information. Part of this is making sure you
understand your legal rights, which are as follows:
(a) the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a
copy of the personal data;
(b)(from 25 May 2020) the right to have certain information provided to you in a portable electronic format,
or transmitted to another data controller, where technically feasible;
(c)where personal data are processed
on the basis of your consent, the right to withdraw that consent;
(d)the right to have inaccurate data rectified;
(e)the right to object to your data being used for marketing or legitimate interests/ purposes;
(f) the right to restrict how your personal information is used; and
(g) the right to be forgotten, which allows you to have your data erased in certain circumstances
(though this is not an absolute right and may not apply if we need to continue using the information for a
If you would like further information on your rights or wish to exercise them, please write to The Yellow Chilli,
2 Howe Drive, Gilston, Hertfordshire, CM20 2FT email firstname.lastname@example.org or telephone 020
7584 7654 with details of your request. Please keep in mind that there are exceptions to the rights above
and, though we will always try to respond to your satisfaction, there may be situations where we are unable
to do so (for example, because the information no longer exists or there is an exception which applies to
If you are not happy with our response, or you believe that your data protection or privacy rights have been
infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection
compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
13. Updates to this Policy
We may update this Policy at any time. When we do, we will post a notification on the main page of our
website, revise the updated date at the bottom of this page. We encourage used to frequently check this
page for any changes to stay informed about how we are helping to protect the personal information we
Effective 25th May 2020