Privacy Policy

Le Chardon d’Or Ltd. 2021

Last updated: 12th May 2021

Recording of customer data and the NHS Test and Trace App/Test and Protect (Scotland)

As part of reopening our premises, the Government has stated that we should keep a record of persons visiting our establishment so that they can be traced in the event of a localised Covid-19 outbreak.

We have re-inducted all our employees to ensure that they understand new restrictions, new rules and the reason to collect and retain customer data.

By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace / Test and Protect (Scotland) where requested, you can help to identify people who may have been exposed to the virus. This guidance applies to any establishment that provides an onsite service and to any events that take place on its premises.

This guidance does not apply to drop-off deliveries made by suppliers or contractors.


Information collected

The following information will be collected by our business.


The names and contact details of staff who work on our premises

The dates and times that staff are at work (Shift Rota).

Customers and visitors

The name of the customer or visitor.

If there is more than one person, then you can record the name of the ‘lead member’ of the group and the number of people in the group.

A contact phone number for each customer or visitor, or for the lead member of a group of people.

Date of visit, arrival time and, where possible, departure time.

If a customer will interact with only one member of staff, the name of the assigned staff member should be recorded alongside the name of the customer.

No additional data will be collected for this purpose.

We routinely take bookings and already have systems for recording customers and visitor’s details and in light of such we request an ‘advanced booking only’ service in order to manage the numbers of people on the premises at any one time.

Recording both arrival and departure times (or estimated departure times) will help reduce the number of customers or staff needing to be contacted by NHS Test and Trace / Test and Protect (Scotland). (Particularly, if taxis and or public 3rd party transport is utilized for getting to and from the venue.) However, recording departure times during busy periods will not always be practicable.


Non-sharing of customer information

Collecting of customer data is entirely voluntary, but we encourage our customers and visitors to share their details in order to support NHS Test and Trace / Test and Protect (Scotland) and we advise that this information will only be used where necessary to help stop the spread of Covid-19.

If a customer chooses to opt out of sharing their personal details, management have the right to refuse them admission to our premises.

The accuracy of the information provided will be the responsibility of the individual who provides it. We will not need to verify an individual’s identity for NHS Test and Trace / Test and Protect (Scotland) purposes.

How we maintain records:

To support NHS Test and Trace / Test and Protect (Scotland), we will hold records for 21 days. This reflects the incubation period for Covid-19 (which can be up to 14 days) and an additional 7 days to allow time for testing and tracing.

After 21 days, this information will be securely disposed of or deleted.

When deleting or disposing of data, we do so in a way that does not risk unintended access (e.g. shredding paper documents and ensuring permanent deletion of electronic files).


Privacy Policy: Updated January 2020
• Visitors and users of website

• Restaurant reservation services are provided by ResDiary; any other online properties of ResDiary or third parties explained within their Consumer Terms of Use

• Our online voucher order service is provided by Voucher Cart their customer T&C’s can be viewed here
and online payments are processed by Secure Trading their terms of use can be found here

This policy explains:
• when and why we collect personal information from people who visit our website and complete forms

• how we use the information

• the conditions under which we may disclose the information to others

• how we keep it secure
By using our website, you consent to the data practices described in this statement.
Any questions regarding this privacy policy should be sent by email to the restaurant here: What happens with my information?

How do we collect information from you?
We collect information related to how you interact with our software (including, but not limited to, clicks, page views, searches and steps taken to complete actions).

What type of information is collected from you?
In connection with your input of personal data on any forms on our website, Le Chardon d’Or Ltd collects the following personal information.

When you fill in a form enquiry:
Le Chardon d’Or Ltd. collects information such as:
• title

• name

• e-mail address

• telephone number

• special requests

• marketing preferences (whether you opt-in or opt-out)
When you fill out a form enquiry, we do not proactively collect personal information considered as sensitive personal information such as health-related information.
However, our forms may include questions which are designed for you to provide information you wish on dining preferences.

When you access our site:
There is “Device Information” about your computer hardware and software that is automatically collected by Google Analytics. This information can include:
• device type (e.g. mobile, computer, laptop, tablet)

• cookies

• operating system

• IP address

• browser type

• browser information (e.g., type, language, and history)

• domain names

• access times

• settings

• referring website addresses

• other data about your device to provide the services as otherwise described in this policy.

Location information
We may receive your generic location (such as city or neighbourhood) or, with your consent, precise geographic location data when you browse our site from your mobile device.

How is your information used?
This information gathered by Le Chardon d’Or Ltd is used to maintain the quality of our service, and to provide general statistics regarding use of our site.

We may use your information to:
• process reservations

• notify you of your restaurant reservations

• pay deposits

• join wait lists

• provide you with new and improved features

• personalise your experiences on our Site

• seek your feedback on the services we provide

• let you know of changes in our services or terms and conditions

• send you marketing communications that you have opted into and you may be interested in

• collect data, including without limitation from you, with the purpose of improving the booking service and to provide feedback to the restaurant

• present a quality index for the restaurant industry

• collate and share aggregated or de-identified information at its absolute discretion, including but not limited to aggregate statistical data.

Electronic communications
Consistent with above, we may communicate with you via electronic messages, including email (Microsoft, text message, or mobile push notification to, for example:
• send you information relating to our products and services, including reservation confirmations and updates, receipts, technical notices, updates, security alerts, and support and administrative messages. • and/or, subject to you opting in, communicate with you about contests, offers, promotions, rewards, upcoming events, and other news about products and services offered by Le Chardon d’Or Ltd.
With your consent, we may contact you at the mobile phone number that you provide to us by way of direct dial calls and text messages in connection with the above Purposes.

Our Role as Data Controller and Data Processor
It is important to understand the difference between being a data controller and data processor.
When you fill a form on our site, we become the data controller for this information. This means we determine how your personal information is processed, how long your data is kept following making the form enquiry (retention period) and we maintain your marketing preferences.
When a diner books through the widget provided by, ResDiary processes the data to Le Chardon d’Or Ltd.
When a diner chooses to create a profile on then ResDiary become the controller for that personal data.

We review our retention periods on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as it is set out in any relevant contract you hold with us.  If we recieve no contact from you, the longest period that we will hold your information is 24months, or until you request its deletion.

Who has access to your information?
Le Chardon d’Or Ltd does not sell, rent or lease its customer lists to third parties.
When you fill out a form request through our Site, such as a restaurant reservation, all details pertaining to the reservation are delivered to the restaurant’s email address via Umbraco Contour and server RackSpace in the UK. They are one of the leading Managed Security Service Providers in the world. Thousands of organisations, including global enterprises, use this company. Once received, the relevant (in-house) fully trained employee will process your enquiry/request and your information may be kept so that correspondence may be made with reference to that enquiry alone. When you request to ‘opt in’ you may be contacted on multiple occasions.
The notifications sent by email or SMS via our ResDiary system are to confirm your booking details and to send a survey out after dining.

Payment Card Information
Gift voucher services on our Site can be used via our data processor We require credit or debit card account information in order to process payments which is hosted by Secure Trading.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email at [email protected]
If you would like to delete personal information relating to a booking or any data we hold, please contact the restaurant directly and allow five working days from the date of your request for your information to be removed.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software, the Secure Socket Layer (SSL). When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

PCI Compliancy Statement
Credit cards are accepted for payments in house using one of our two GPRS terminals and processed by our security trained staff/management team. Merchant copy receipts are held and kept by our accounts department and the card's security code is NEVER recorded on this merchant receipt. Cardholder receipts are issued to our guests with partially concealed account details. Payments are also accepted over the phone and only ever processed by our management team. Card details are processed while the paying customer is on the line (using the cardholders security code) and the details are never recorded on paper or computer files. Merchant receipts are held by our accounts department and customer copies with partially concealed details are scanned and emailed to guests via secure PDF documents. Payments accepted online are made through third party host VoucherCart at and are processed by SecureTrading. This Secure Trading account can only be accessed by our management team through the business computer over a secure IP address using two factor authentication with Microsoft Authenticator. This Secure Trading account is ONLY accessed in the instance of a customer incorrect purchase or the request of refund. The full customer account details are concealed and only partially revealed for refunding purposes.

Use of ‘cookies’
Like many other websites, we use cookies. We use them to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns and do not identify you as an individual.

We use cookies for the following purposes:
Authentication, personalisation and security: Cookies help us verify your Account and device and determine when you’re logged in, so we can make it easier for you to access the Services and provide the appropriate experiences and features. We also use cookies to help prevent fraudulent use of login credentials.
Performance and analytics: Cookies help us analyse how the Services are being accessed and used and enable us to track performance of the Services. For example, we use cookies to determine if you viewed a page or opened an email. This helps us provide you with information that you find interesting. We also use cookies to provide insights regarding your End Users and Your Sites’ performance, such as page views, conversion rates, device information, visitor IP addresses and referral sites.
Third Parties: Third Party Services may use cookies to help you sign into their services from our Services. We also may use third party cookies, such as Google Analytics, to assist with analysing performance. Any third-party cookie usage is governed by the privacy policy of the third party placing the cookie.
Opting Out: You can set your browser to not accept cookies, but this may limit your ability to use the Services.

Links to other websites
Le Chardon d’Or Ltd. website contains links to other websites. We only link to reputable sites, however we are not responsible for the privacy statements or other content on websites outside of our own.

Changes to this Statement
Le Chardon d’Or Ltd. will occasionally update this Privacy Policy to reflect company and customer feedback. We encourage you to periodically review this statement to be informed of how we are protecting your information. This policy was last updated in May 2019.

Who is the point of contact at Le Chardon d’Or Ltd. in the event of a data breach?
The point of contact from us is owner and operators Brian & Susan Maule, who are also our Data Protection Officers. They will invoke the data control procedure when required. Then they will report the breach to the relevant supervisory authority within 72 hours of our organisation becoming aware of it.
We will notify affected customers within 48 hours of becoming aware of the breach.

Contact Information
Le Chardon d’Or Ltd welcomes your comments regarding this Privacy Policy. If you believe that we have not adhered to this Privacy Policy, please contact us directly at [email protected] and we will aim to use commercially reasonable efforts to promptly determine and remedy the problem.


Be kept informed of our latest deals, special offers and events.

Newsletter Sign-up