COYA General Privacy Policy

General Data Protection Regulation (GDPR)

Privacy Notice for external use

We issue this privacy notice in the interests of transparency over how we use (“process”) the personal data that we collect from our Customers, suppliers and third parties (“you”).

Personal data for these purposes means any information relating to an identified or identifiable person.

“Sensitive personal data” means personal data consisting of information as to –

  1. a) The racial or ethnic origin of the individual,
  2. b) Their political opinions,
  3. c) Their religious or philosophical beliefs,
  4. d) Their membership of a trade union,
  5. e) Their physical or mental health or condition,
  6. f) Their sexual life,
  7. g) The commission or alleged commission by them of any offence,
  8. h) Any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings,
  9. i) Genetic data; and
  10. j) Biometric data where processed to uniquely identify a person (for example a photo in an electronic passport)

Data Controller

For data protection purposes the “data controller” means the person or organisation who determines the purposes for which and the manner in which any personal data are processed.

The data controller is COYA London 118 Piccadilly London W1J 7NW

The Administrator for the data controller is Juliette Shelton who can be contacted by email on Juliette@COYArestaurant.com

What personal data is collected?

We will collect, store and use the following categories of personal data about you:

GDPR EXTERNAL DATA PRIVACY NOTICE

COYA Restaurants Ltd trading as COYA.

COYA Mayfair Registration No: 7824813, COYA Angel Court Registration No: 10075697– GDPR External data privacy notice – issue 1 –24.05.2018

  • Personal contact details such as name, title.
  • If provided personal email address and personal mobile phone numbers.
  • CCTV footage and other information obtained through electronic means such as computerised records.

For you we do not collect, store and use sensitive personal data.

How data is collected from you.

Your personal details are collected through direct communications “(Telephone, email)” with you or your company.

We do not collect data through targeting technologies “(Website)”. However if you email us through the website we may retain information from this email.

Purpose of processing the data

It is necessary for us to process this personal data for the following reasons:

  1. We will need the information in order to carry out Contracted works
  2. We will need to maintain that information for the general purposes of the ongoing   relationship including health and safety of our individuals on your premises.

Some examples of the specific situations in which we will use your personal data are: contact you regarding projects that you are carrying out, contact you to maintain the contract i.e. to inform you of start dates operatives details, health and safety paperwork and discuss the account. The purchasing of supplies.

Our legal basis for processing personal data of our customers, suppliers and third parties is that:

  1. Processing the personal data is necessary for the purpose of carrying out the contract.
  2. Processing is necessary to comply with a legal obligation (for example we are obliged under contract law to keep information for 12 years)
  3. Processing the data is necessary for the purposes of our “legitimate interests” as the data controller (except where such interests are overridden by the interests, rights or freedoms of the individual).

Our “legitimate interests” for these purposes are:

  1. The need to process data on customers, suppliers and third parties for the purposes of carrying out the contract;
  2. The need to gather data on customers for the purposes safeguarding the health and safety of our individuals;
  3. The need to process personal data for the purposes of entering into contract with the customer, supplier and third party.

Recipients of personal data

Your personal data may be received by the following categories of people:

  1. Our Sales and marketing team;
  2. Contracts Manager;
  3. Finance team;
  4. Any individual authorised by us to maintain your files;
  5. Our professional advisers;
  6. Appropriate external regulators and authorities (such as HSE)

A small amount of your personal data “(Name, Mobile number, signature)” maybe uploaded on to our online platform or booking system and will be accessible by our operatives and you, where requested. This is for the purposes of contact details for our operatives and daily work records where requested.

We do not envisage that your data would be transferred to a country outside the EEA. If we perceive the need to do that we would discuss that with you and explain the legal basis for the transfer of the data at that stage.

Duration of storage of personal data

We will keep personal data for no longer than is strictly necessary, having regard to the original purpose for which the data was processed. In some cases we will be legally obliged to keep your data for a set period.

Your rights in relation to your personal data

  1. The right to be forgotten

You have the right to request that your personal data is deleted if:

  1. a) it is no longer necessary for us to store that data having regard to the purposes for which it was originally collected; or
  2. b) In circumstances where we rely solely on your consent to process the data (and have no other legal basis for processing the data), you withdraw your consent to the data being processed; or
  3. c) You object to the processing of the data for good reasons which are not overridden by another compelling reason for us to retain the data; or
  4. d) The data was unlawfully processed; or e) the data needs to be deleted to comply with a legal obligation.

However, we can refuse to comply with a request to delete your personal data where we process that data:

  1. a) To exercise the right of freedom of expression and information;
  2. b) To comply with a legal obligation or the performance of a public interest task or exercise of official authority;
  3. c) For public health purposes in the public interest;
  4. d) For archiving purposes in the public interest, historical research or statistical purposes;
  5. e) The exercise or defence of legal claims.

 

  1. The right to data portability

You have the right to receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (us) where:

  1. a) The processing is based on consent or on a contract; and b) the processing is carried out by automated means.

Note that this right only applies if the processing is carried out by “automated means” which means it will not apply to most paper based data.

  1. The right to withdraw consent

Where we process your personal data in reliance on your consent to that processing, you have the right to withdraw that consent at any time. You may do this in writing to the data Controller COYA LTD

  1. The right to object to processing

Where we process your personal data for the performance of a legal task or in view of our legitimate interests you have the right to object on “grounds relating to your particular situation”. If you wish to object to the processing of your personal data you should do so in writing to data controller COYA LTD stating the reasons for your objection.

Where you exercise your right to object we must stop processing the personal data unless:

We can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or the processing is for the establishment, exercise or defence of legal claims.

  1. The right of subject access

So that you are aware of the personal data we hold on you, you have the right to request access to that data. This is sometimes referred to as making a “subject access request”.

  1. The right to rectification

If any of the personal data we hold on you is inaccurate or incomplete, you have the right to have any errors rectified. Where we do not take action in response to a request for rectification you have the right to complain about that to the Information Commissioner’s Office.

  1. The right to restrict processing

In certain prescribed circumstances, such as where you have contested the accuracy of the personal data we hold on you, you have the right to block or suppress the further processing of your personal data.

  1. Rights related to automated decision making and profiling

The GDPR defines “profiling” as any form of automated processing intended to evaluate certain personal aspects of an individual, in particular to analyse or predict:

  • performance at work;
  • economic situation;
  • health;
  • personal preferences;
  • reliability;
  • behaviour;
  • location;
  • movement

You have the right not to be subject to a decision when it is based on automated processing; and it produces a legal effect or a similarly significant effect on you.

However, that right does not apply where the decision is necessary for purposes of the performance of a contract between you and us. We may use data related to your performance or attendance record to make a decision as to whether to take disciplinary action. We consider that to be necessary for the purposes of conducting the employment contract. In any event that is unlikely to be an automated decision in that action will not normally be taken without an appropriate manager discussing the matter with you first and then deciding whether the data reveals information such that formal action needs to be taken. In other words there will be “human intervention” for the purposes of the GDPR and you will have the chance to express your point of view, have the decision explained to you and an opportunity to challenge it.

 

For how long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
  • Retention periods in line with legal and regulatory requirements or guidance.

 

CHANGES TO THIS PRIVACY NOTICE  

 We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy notice, please contact Juliette Shelton

Juliette@coyarestaurant.com

Website Privacy Policy

1. Information gathered through offers and links will not be distributed outside COYA Restaurant.

2. Your friend’s email addresses will only ever be used to forward this email to them, and will not be available to anyone else.

UNSUBSCRIBE

Users may always automatically opt-out of receiving the COYA Newsletter by clicking the unsubscribe link on their email. Users with any questions or who are experiencing problems unsubscribing should send an email to info@coyarestaurant.com  

PERSONAL INFORMATION

In order to receive the COYA Newsletter, we require your email address. We will not disclose your email or any personal information to any third party without your consent.

SECURITY

COYA Restaurant takes every precaution to protect users’ information.

ANTI-SPAM

The only way to receive the COYA Newsletter is to subscribe or if you have supplied us your email address.

Every email sent includes links to unsubscribe, allowing users to automatically and immediately remove themselves from the subscription lists. We do not buy, rent or sell email addresses.

INFORMATION SHARING

COYA Restaurant uses IP addresses and email addresses to analyse trends, administer the site, track users’ movements, and gather broad demographic information for aggregate use. We occasionally share aggregated demographic profiles with our partners and advertisers. This is not linked to any personal information that can identify any individual person.

LEGAL DISCLAIMER

COYA Restaurant may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to (a) conform to the edits of the law or comply with legal process served on us, our partners, sponsors, investors, or affiliates; (b) protect and defend our rights or property or those of our users; and (c) act as immediately necessary in order to protect the personal safety of our users or the public.

NOTIFICATION OF CHANGES

COYA Restaurant reserves the right, at its sole discretion to change, modify or otherwise alter these terms and conditions at any time. Such changes and/or modifications shall become effective immediately upon the posting thereof. Continued use of COYA Restaurant following the posting of changes and/or modifications constitutes acceptance of the revised terms and conditions. Please review the terms and conditions periodically.

TERMS AND CONDITIONS

There may be times when COYA Restaurant wishes to let you know about our additional events or offers. Email addresses of subscribers to these bulletins will not be given to any organisation outside OF COYA Restaurant If you have any questions, please contact us at info@coyarestaurant.com

OUR COOKIES

Like most websites and web applications, this site uses cookies and local storage. In order to deliver a personalised, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which are stored on your computer. These cookies are completely safe and secure and will never contain any sensitive information.

WE USE THE FOLLOWING COOKIES:

Google Analytics – We set cookies to get information on site usage and popularity, for the purposes of improving the site.
Browser capabilities – We store your display dimensions and device capabilities, to more quickly serve content adjusted to display well on your device.
User account settings – To persist your login and preferences, our site places cookies.

THIRD-PARTY COOKIES

Several modules we use on our website are provided by third party companies, and by displaying them the third party may place cookies on your machine for their own purposes. The reasons for including these third party services are as follows:

AddThis – To gain information on how our content is shared. View policy.
Google Maps – To use interactive maps. View policy.
Google Ads – To deliver relevant and contextual advertising. View policy.
Disqus – To display user comment threads. View policy.

HOW TO DISABLE COOKIES

To opt out of cookies, you can configure your browser to disable them. Find out how for your relevant browser:

Chrome – View instructions
Firefox – View instructions
Internet Explorer – View instructions
Mobile Internet Explorer – View instructions
Safari – View instructions
Mobile Safari – View instructions
Blackberry – View instructions
Android – View instructions
Opera – View instructions

Please note that disabling cookies will result in some parts of the site not functioning correctly.

X