Privacy Notice
Last updated – 26th January 2021
1. Who we are
We are The French Table Ltd, Steamboat Quay, Limerick, also. This Data Protection Notice relates to the Data Protection practices of this business and the services offered by us.
We are a ‘Controller’ of personal data. You can contact our data protection representative by e-mail at [email protected], or by phone on 061 609274.
2. Who we process data about
We process personal data for the following categories of persons.
Category Of Data Subject;
- Restaurant Visitor or Customer
- Online Visitor or Customer
- Staff Member
- Contractors or Suppliers
3. Purpose and lawful basis for processing
We are obliged to inform you of the purposes for which we use your data and legal basis for processing.
The purposes for processing your personal data may overlap, and some purposes for processing may have multiple legal basis. They are as follows:
| Category | Purpose | Examples of the type of data processed | Legal basis for processing* |
|---|---|---|---|
| Operation of a food services business | |||
| Operation of a restaurant | Taker bookings and provide the service of restaurant. | name, contact details, dietary choices. | – Entering into or performance of a contract of supply – Consent – Legitimate interest of TFTL * – There is a legal / regulatory obligation |
| Online booking or sales | Restaurant bookings or food sales online | name, contact details, dietary choices. | – Performance of a contract of supply – Legitimate interest of name, contact details, dietary choices.* – There is a legal / regulatory obligation – Consent |
| Enquiries | To engage with individuals who make an enquiry | name, and contact details | – Consent – Legitimate interest of TFTL * |
| Processing of special data relating to food services | The recording of dietary preferences | Food choices that may reflect medical conditions or religious beliefs | – There is a legal / regulatory obligation – Vital interest of the subject – Legitimate interest of TFTL * |
| Marketing & other activities | |||
| Direct Marketing to customers | To inform customers of TFTL services and events and engage with social media | Contact details including postal address, e-mail, text, phone, mobile phone. (You may opt out of any of the above upon request). |
– Consent – Legitimate interest of TFTL * |
| CCTV | |||
| CCTV recordings internally and externally. | For safety and security | Motion images from cameras (not including voice) | – Legitimate interest of TFTL * – Vital interest of the subjects |
| Internal cameras | Monitoring of monetary transactions | Motion images | – Legitimate interest of TFTL * – and to monitor transactions and resolve disputes |
| Voice Recording | |||
| Voice Mail | To record a phone message | Voice message | – Consent – Legitimate interest of TFTL * |
| General Legal/regulatory obligations | |||
| Employment | To manage the employment of staff | Name, address, financial details, qualifications, bank account | – Contract – There is a legal / regulatory obligation – Vital interest of the subject – Legitimate interest of TFTL * |
| Food safety and the delivery of food services | |||
| Revenue | To comply with the requirements of Revenue, to pay all applicable taxes, enable tax audits | Identity, PPs number, manage VAT, tax residency, details relating to tax rules and income | – There is a legal / regulatory obligation – Legitimate interest of TFTL * |
| Regulatory Authorities | To enable processes that are compliant with law and regulation, including food safety regulation | Employment and health data relating to working practices and food safety | – There is a legal / regulatory obligation |
| Auditors & Compliance | To audit the activities of the TFTL in line with regulation and best practice | All data | – There is a legal / regulatory obligation – Legitimate interest of TFTL * |
*Note; Where this document refers to the Legitimate interest of The French Table Limited (TFTL) as a legal basis for processing, such legitimate interest refers to the management and delivery of the services of a food producer, a restaurant and a vendor of foods.
4 Where you have provided consent
Where we are processing data based on your consent you may withdraw that consent at any time.
5. Who we may share personal data with
We make use of third-party services to process data and to deliver services to customers in line with this privacy statement. Such parties acting on our behalf are data processors acting under an appropriate contract.
We will also share data with third parties if you give us permission, or if it is required by law, or if we are required to do so as a result of a court order or if we deem it necessary to do so for the protection of our interests or for defence against a legal claim, or if it is necessary to do so to ensure safety and security either physically or on-line.
Features on our website such as social media like or sharing buttons, will result in personal data being shared with third parties for their own purposes via cookies or other mechanisms. This is how these types of service operate and we are not responsible for the uses that these third parties may have for data obtained in this way.
6. International transfers
We make use of the services of third parties and these parties may be located outside the EU/EEA, or may make use of servers located outside the EU/EEA. When we or our contractors transfer personal data outside the EU/EEA we rely on EU Standard Contractual Clauses, an EU approved Adequacy ruling, or your instruction or consent.
7. Special data
We recognises special categories of data, specifically personal data revealing racial or ethnic origin, political opinion, religious of philosophical beliefs, trades union membership, genetic or biometric data, or a subject’s health or sexual life. The processing of these categories of information shall typically require consent. We may also process special data where there is a legal/regulatory obligation, or where it is in the public interest.
As a provider of food services, it is also in our legitimate interest to process special data relating to persons in the course of their work where such data may have an impact on food production or where we are informed for medical or religious data in the course of the delivery of food services.
8. Keeping your data safe
We use appropriate organisational and technical measures to protect your data from unauthorised access or disclosure. Personal data is stored in locations that have both physical and technical access controls, and appropriate physical and technical access controls are in place in our stores and online processing.
9. Data retention
We retain personal data that you submit to us only for as long as is necessary and for the purposes for which it was obtained, or as required by law. We have detailed retention periods for which personal data shall be retained for particular purposes below. We reserve the right to delete personal data prior to the conclusion of the retention period or where such retention is not absolutely necessary for the provision of service.
| Storage of personal data – | ||
|---|---|---|
| Purpose of processing | Duration | Criteria for the storage of personal data |
| Customer Transactions | 7 years | As required in law plus one year. |
| Employment/staff data | Generally for the duration of employment plus 7 years. Where categories of data have – regulatory limitations to possible liability, or – mandatory retention periods, We will retain for these periods plus one year. |
|
| Marketing data | 12 months | From the last communication |
| CCTV | 1 month | From recording. Up to 6 years In the event of an incident where a material risk of liability exists |
| Incidents or complaint reports | Permanent | |
| Documentation relating to revenue | Stored as mandated by law plus 12 months |
Nothing in this section creates an obligation upon The French Table Limited to retain personal data on behalf of a Subject.
10. Your rights
You have the right to:
- Where information is collected directly from the subject, to be informed of the controller and representative, the purpose and legal basis for processing, where we rely on our legitimate interest we will inform you of that interest, who we may transfer that personal data to, if the data is being transferred internationally, the retention duration or criteria for storage for personal data, the consequences of not providing the data
- Where data was not provided by you, we will identify the source of that data together with data categories.
- Be informed if a failure to provide the personal data will have any direct and material personal consequences
- Information on whether we have Personal Data relating to a subject, the categories of data and the purpose of processing
- Access your personal data. Where the format is not reasonably understood, this shall be delivered in an intelligible format
- Have inaccurate, incomplete or out-of-date personal data that we hold about you corrected, or deleted
- Withdraw consent for your personal data to be processes – where it was obtained from you on the basis of consent.
- Make a submission on any automated decisions making processes or profiling of you.
- Transfer your data to another controller
- Have your personal data excluded from certain categories of processing.
- Lodge a complaint with the Data Protection Commissioner. Contact details for the DPC can be found at www.dataprotection.ie.
Please note;
- There are some limitations to these rights.
- You can contact us to exercise these rights in store, by e-mail at [email protected], or by phone on 061 609274. We will ask for additional information to verify your identity prior to acting upon such requests.
11. Your responsibility for 3rd party data provided to us
You warrant that personal information provided to us by you that relates to third parties (e.g. employees, family, party members, product recipients) while doing business or otherwise engaging with us has been obtained fairly and lawfully and that such information is accurate. You also warrant that such third parties are aware of the purpose for which their personal data is being used and that their privacy rights have been upheld.
12. Information relating to children and vulnerable persons
The processing of personal data relating to children receives special attention under Data Protection Regulation and we shall treat this information with particular care. Children are defined as under 16’s in Ireland. Information obtained about children shall comply with the requirement for parental consent and shall receive additional consideration while planning an operational process.
13. Cookies & third party services
We make use of cookies and other similar technologies to let us know whether you have or have not seen a particular web page or email. Certain features of our website and apps require cookies or similar technologies to allow the site to function. In other cases, you can choose to opt-out of these technologies being used, by changing your preferences in our cookies consent management tool here.
Certain content on our site may link to 3rd party websites. We have no control over the privacy policies or practices of third-party websites.
You can access our cookie policy here.
14. Removal from mailing lists
You can click onto the “unsubscribe” link in any communication that we send to you by email or you can contact our Data Protection representative at by emailing: [email protected]
15. Updates
We may update this privacy notice from time to time to comply with precedent that has been established or to provide further guidance. You should always rely upon the most up to data notice when considering your rights.