Le Chardon d’Or Ltd. 2020
Last updated: July13th 2020
Recording of customer data and the NHS Test and Trace App/Test and Protect (Scotland)
As part of reopening our premises, the Government has stated that we should keep a record of persons visiting our establishment so that they can be traced in the event of a localised Covid-19 outbreak.
We have re-inducted all our employees to ensure that they understand new restrictions, new rules and the reason to collect and retain customer data.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace / Test and Protect (Scotland) where requested, you can help to identify people who may have been exposed to the virus. This guidance applies to any establishment that provides an onsite service and to any events that take place on its premises.
This guidance does not apply to drop-off deliveries made by suppliers or contractors.
The following information will be collected by our business.
The names and contact details of staff who work on our premises
The dates and times that staff are at work (Shift Rota).
Customers and visitors
The name of the customer or visitor.
If there is more than one person, then you can record the name of the ‘lead member’ of the group and the number of people in the group.
A contact phone number for each customer or visitor, or for the lead member of a group of people.
Date of visit, arrival time and, where possible, departure time.
If a customer will interact with only one member of staff, the name of the assigned staff member should be recorded alongside the name of the customer.
No additional data will be collected for this purpose.
We routinely take bookings and already have systems for recording customers and visitor’s details and in light of such we request an ‘advanced booking only’ service in order to manage the numbers of people on the premises at any one time.
Recording both arrival and departure times (or estimated departure times) will help reduce the number of customers or staff needing to be contacted by NHS Test and Trace / Test and Protect (Scotland). (Particularly, if taxis and or public 3rd party transport is utilized for getting to and from the venue.) However, recording departure times during busy periods will not always be practicable.
Non-sharing of customer information
Collecting of customer data is entirely voluntary, but we encourage our customers and visitors to share their details in order to support NHS Test and Trace / Test and Protect (Scotland) and we advise that this information will only be used where necessary to help stop the spread of Covid-19.
If a customer chooses to opt out of sharing their personal details, management have the right to refuse them admission to our premises.
The accuracy of the information provided will be the responsibility of the individual who provides it. We will not need to verify an individual’s identity for NHS Test and Trace / Test and Protect (Scotland) purposes.
How we maintain records:
To support NHS Test and Trace / Test and Protect (Scotland), we will hold records for 21 days. This reflects the incubation period for Covid-19 (which can be up to 14 days) and an additional 7 days to allow time for testing and tracing.
After 21 days, this information will be securely disposed of or deleted.
When deleting or disposing of data, we do so in a way that does not risk unintended access (e.g. shredding paper documents and ensuring permanent deletion of electronic files).
• Visitors and users of website
• Our online voucher order service is provided by Voucher Cart their customer T&C’s can be viewed here
This policy explains:
• when and why we collect personal information from people who visit our website and complete forms
• how we use the information
• the conditions under which we may disclose the information to others
• how we keep it secure
By using our website, you consent to the data practices described in this statement.
How do we collect information from you?
We collect information related to how you interact with our software (including, but not limited to, clicks, page views, searches and steps taken to complete actions).
What type of information is collected from you?
In connection with your input of personal data on any forms on our website, Le Chardon d’Or Ltd collects the following personal information.
When you fill in a form enquiry:
Le Chardon d’Or Ltd. collects information such as:
• e-mail address
• telephone number
• special requests
• marketing preferences (whether you opt-in or opt-out)
When you fill out a form enquiry, we do not proactively collect personal information considered as sensitive personal information such as health-related information.
However, our forms may include questions which are designed for you to provide information you wish on dining preferences.
When you access our site:
There is “Device Information” about your computer hardware and software that is automatically collected by Google Analytics. This information can include:
• device type (e.g. mobile, computer, laptop, tablet)
• operating system
• IP address
• browser type
• browser information (e.g., type, language, and history)
• domain names
• access times
• referring website addresses
• other data about your device to provide the services as otherwise described in this policy.
We may receive your generic location (such as city or neighbourhood) or, with your consent, precise geographic location data when you browse our site from your mobile device.
How is your information used?
This information gathered by Le Chardon d’Or Ltd is used to maintain the quality of our service, and to provide general statistics regarding use of our site.
We may use your information to:
• process reservations
• notify you of your restaurant reservations
• pay deposits
• join wait lists
• provide you with new and improved features
• personalise your experiences on our Site
• seek your feedback on the services we provide
• let you know of changes in our services or terms and conditions
• send you marketing communications that you have opted into and you may be interested in
• collect data, including without limitation from you, with the purpose of improving the booking service and to provide feedback to the restaurant
• present a quality index for the restaurant industry
• collate and share aggregated or de-identified information at its absolute discretion, including but not limited to aggregate statistical data.
Consistent with above, we may communicate with you via electronic messages, including email (Microsoft outlook.com), text message, or mobile push notification to, for example:
• send you information relating to our products and services, including reservation confirmations and updates, receipts, technical notices, updates, security alerts, and support and administrative messages. • and/or, subject to you opting in, communicate with you about contests, offers, promotions, rewards, upcoming events, and other news about products and services offered by Le Chardon d’Or Ltd.
With your consent, we may contact you at the mobile phone number that you provide to us by way of direct dial calls and text messages in connection with the above Purposes.
Our Role as Data Controller and Data Processor
It is important to understand the difference between being a data controller and data processor.
When you fill a form on our site, we become the data controller for this information. This means we determine how your personal information is processed, how long your data is kept following making the form enquiry (retention period) and we maintain your marketing preferences.
When a diner books through the widget provided by ResDiary.com, ResDiary processes the data to Le Chardon d’Or Ltd.
When a diner chooses to create a profile on ResDiary.com then ResDiary become the controller for that personal data.
We review our retention periods on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as it is set out in any relevant contract you hold with us. If we recieve no contact from you, the longest period that we will hold your information is 24months, or until you request its deletion.
Who has access to your information?
Le Chardon d’Or Ltd does not sell, rent or lease its customer lists to third parties.
When you fill out a form request through our Site, such as a restaurant reservation, all details pertaining to the reservation are delivered to the restaurant’s email address via Umbraco Contour and server RackSpace in the UK. They are one of the leading Managed Security Service Providers in the world. Thousands of organisations, including global enterprises, use this company. Once received, the relevant (in-house) fully trained employee will process your enquiry/request and your information may be kept so that correspondence may be made with reference to that enquiry alone. When you request to ‘opt in’ you may be contacted on multiple occasions.
The notifications sent by email or SMS via our ResDiary system are to confirm your booking details and to send a survey out after dining.
Payment Card Information
Gift voucher services on our Site can be used via our data processor VoucherCart.com We require credit or debit card account information in order to process payments which is hosted by Secure Trading.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email at [email protected]
If you would like to delete personal information relating to a booking or any data we hold, please contact the restaurant directly and allow five working days from the date of your request for your information to be removed.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software, the Secure Socket Layer (SSL). When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
PCI Compliancy Statement
Credit cards are accepted for payments in house using one of our two GPRS terminals and processed by our security trained staff/management team. Merchant copy receipts are held and kept by our accounts department and the card's security code is NEVER recorded on this merchant receipt. Cardholder receipts are issued to our guests with partially concealed account details. Payments are also accepted over the phone and only ever processed by our management team. Card details are processed while the paying customer is on the line (using the cardholders security code) and the details are never recorded on paper or computer files. Merchant receipts are held by our accounts department and customer copies with partially concealed details are scanned and emailed to guests via secure PDF documents. Payments accepted online are made through third party host VoucherCart at https://brianmaule.vouchercart.com/ and are processed by SecureTrading. This Secure Trading account can only be accessed by our management team through the business computer over a secure IP address using two factor authentication with Microsoft Authenticator. This Secure Trading account is ONLY accessed in the instance of a customer incorrect purchase or the request of refund. The full customer account details are concealed and only partially revealed for refunding purposes.
Use of ‘cookies’
Opting Out: You can set your browser to not accept cookies, but this may limit your ability to use the Services.
Links to other websites
Le Chardon d’Or Ltd. website contains links to other websites. We only link to reputable sites, however we are not responsible for the privacy statements or other content on websites outside of our own.
Changes to this Statement
Who is the point of contact at Le Chardon d’Or Ltd. in the event of a data breach?
The point of contact from us is owner and operators Brian & Susan Maule, who are also our Data Protection Officers. They will invoke the data control procedure when required. Then they will report the breach to the relevant supervisory authority within 72 hours of our organisation becoming aware of it.
We will notify affected customers within 48 hours of becoming aware of the breach.