Privacy Notice
Summary
This Privacy Notice describes how we collect, use, share, store or otherwise process the information we hold about you. Your personal information allows us to provide the products and services you have asked for, as well as enabling us to improve those products and services by understanding your interests and preferences.
Who we are
We are Savio Services Limited, (referred to below as “Cosmo”, “we”, “our”, “us”), with the registered office at No. 1, 53 Wood Street, Barnet, Hertfordshire, EN5 4BS, United Kingdom. Savio Services Ltd are service company of all Cosmo franchisees and licence restaurants. Savio Services Ltd is registered in England and Wales, reg. 09495269
Cosmo is the data controller when you provide information to us or to our affiliates.
Legal basis for using your information
All organisations need a legal reason to use your personal information, if they don’t have one, they can’t use it. There are a number of legal grounds that enable data processing. It’s quite complicated but below are the most relevant grounds you should be aware of.
With your consent (C)
There are some activities where we process personal information with your consent, which you are able to withdraw at any time, although if you do, we may not be able to provide the product or service you have requested. For example, where we want to send you marketing messages by email, we would ask your permission first and you could opt-out at any time. We will indicate in the Notice where we rely on consent.
To fulfil a contract (A)
We also process your personal information in order to fulfil a contract we have with you. For example, when you make a booking at a restaurant, we will process your information to administer that transaction.
For a legitimate interest (LI)
Sometimes we may use your information to help achieve our business objectives but only where that activity doesn’t negatively affect your rights. For example, we might use your information to communicate with you on the basis of our legitimate interest.
To comply with legal obligations (LO)
There may be situations where we need to use your information to comply with legal obligations. For example, we are required by law to keep records of who is in our business premises in case there is an emergency, so we can make sure you’re safe.
What information do we collect?
When you interact with our organisation, our products, and our services, we collect information about you and our interaction. Generally, this may include:
- Your personal details;
- Contact information, and preferences;
- More sensitive information, for example when you tell us about dietary requirements, or disabilities;
- Information about your use of our products or services;
- Images of you in areas of our organisation covered by CCTV;
- Conversations you have when you call our sales or customer support teams;
- Information about the devices you use to interact with us.
Where you provide information to us about other people, you need to make sure you have their permission to do so.
When and how we collect your information
We may collect information you provide to us directly and indirectly when interacting with our products and services. This may include such interactions as:
- Make an initial approach to use by email or on the phone;
- Create, use or manage an online account, if you have one;
- Visit our website, use our apps, or access our internet facilities
- Fill out our online forms or registration cards;
- Interact with us in online forums, by email, text, or on social media;
- Complete our market research/customer surveys;
Use of our WiFi facilities
When you use our free wi-fi service in any of our restaurants, you will provide us with the following types of information:
- personal data, such as name, email address, and postcode, as well as related optional information collected on the registration page;
- browsing activity when you are using our wi-fi service;
- a variety of user information including, but not limited to, and meta-data such as login details, authentication data, IP address, session ID, and device ID;
- other wireless connectivity information relating to the device you are using to connect to the wi-fi service such as the device’s Bluetooth profile where you have accepted a Bluetooth connection request.
This information will be used for the purposes of providing you with the wi-fi service. Where you consent, we may send you marketing communications based upon this information via email, SMS or wireless communication such as Bluetooth.
Our processors
There may be situations where we use data processors – companies who act on our behalf – to collect your information for us. These processors can only use your information in accordance with our instructions and for the purposes stated in this Notice published on our websites and partner websites.
We also receive information about you indirectly when you interact with us. For example, when you visit our websites or use our apps the devices you use may provide us with your general location (like which country or region you’re in), if you are using ad-blockers, and your IP address. We may also receive information from cookies and other technologies that are on your device or browser. For more information on our use of cookies, please see our Cookies Notice.
Our partners and Third Parties
We collect information about you when it is provided to us by third parties. This might include when you interact anyone who promotes our products, brands, or services, such as when you make a booking via a partner. They will send you emails and/or text messages related to the fulfilment of your booking from that partner.
You should always read the privacy policies of other third parties you use, as they will use your information in accordance with their own privacy policies.
We may also obtain information about you from our partners and other companies that have your permission to share your information both online and offline, like insight providers. For example, we may use this information to communicate special offers regarding future bookings, products or offers provided by the restaurant from time to time, but only when you have indicated it is okay for us to do so.
How we use your personal information
The reason we use your information will often be obvious from the way you interact with us.
The legal basis for processing is listed, and where there is more than one, the exact grounds will depend on the activity. See the section above for an explanation of each.
Use of personal information |
Basis |
Provide you with the products and services you have requested (including responding to any enquiries, complaints or requests you may have), and to tailor our service to your preferences, where you tell us about them. Certain data is used to manage our relationship with you, and to provide linked services, like joint promotions with partners |
C, LI, A |
Make decisions about what direct marketing to show you based on how you have interacted with us, and to improve our products and services online and offline, including our websites and apps |
LI |
Comply with legal obligations on us, To keep you safe and ensure your security |
LO, LI |
Send you direct marketing, where you have consented |
C,LI |
Allow social sharing functionality |
C,LI,A |
Facilitate the restructuring or sale of all or part of our business |
LO,LI,C,A |
Further Information on how we use your information
We sometimes use your information for other reasons, so to help we have added more information to these below.
Direct marketing, only with your consent
In addition to sending you information about the products and services you use, and where we have your permission, we may send you direct marketing communications about our products, services, events and offers.
Direct marketing communications may be sent by post, email, or social media. These may include push notifications to your mobile devices, and via other electronic means such as when you visit our websites or use our apps.
We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have used one of our products or services.
You will be able to opt-out of direct marketing by following the instructions in the communications you receive or changing your device settings.
We will ask for your consent before sending marketing communications, and you may withdraw your consent at any time.
Linked services, third party sites and content
Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Notice. We do not accept any responsibility or liability for other sites’ privacy notices or privacy policies. If you access other websites using the links provided, please check their policies before submitting any personal information.
Payments and credit checks
Your information may be used to take payment for products and services and may be used to verify credit details related to payments.
Disclosures required by law
Your information will be disclosed where we are obliged by law to do so. We may also disclose your information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.
Data Transfers
When you complete our registration forms or use our services, we may transfer your information to our processors – companies that carry out activities on our behalf, and only on our instructions.
Training and quality
If you call contact us by phone or on chat the conversation may be recorded and listened to for training and quality purposes.
Social media login
Our websites and apps may provide plug-ins to social media websites. If you make use of, or log-in to, the social media features on our websites or apps, we may (depending on your privacy settings) access, use and store information about you, including, but not limited to: your name, e-mail address, gender, location, profile, picture, contacts, and any other information you have chosen to make available.
To find out more about the reasons and extent to which social media sites collect and process your data, or to change your privacy settings, please refer to your social media provider’s privacy policy.
How we share your personal information
Where you provide your information to us we do not share it with any third parties except in the performance of a contract or in anticipation of a contract. Your information will only be shared and used in accordance with this notice, and where an agreement is in place to ensure that your information is protected. We won’t sell your personal information without your consent.
Sharing with our processors
There may be situations where we use data processors – companies who act on our behalf – to process your information for us. These processors can only use your information in accordance with our instructions and for the purposes in this Policy.
Sale of our business
If we restructure or sell all or part of our business or business operations, we may transfer your information as part of that activity. Where this is the case your information will be used in accordance with this Notice unless you are notified otherwise.
Access and Control
Controlling direct marketing
You can change your mind about receiving direct marketing from us or change your preferences by logging into your account, if you have one. Opting-out in any marketing or product communication you have received from us or emailing us using the contact details below.
Controlling other communications
You can control the communications you receive from us, such as product related communications by following the instructions in any relevant communication.
Requesting copies of your information
You may request a copy of your personal information which we may hold about you. You may also ask us to correct any inaccuracies in your personal information. This right may be restricted by law where disclosing information may result in the personal information of other individuals being disclosed and it would be unreasonable to do so.
Withdrawing consent
Where we may rely on consent to use your information, you have the right to withdraw that consent for that processing activity at any time. However, we may have the right to rely on an alternative legal basis for the processing activity and will inform you of that.
If you do withdraw consent we may not be able to provide you with the product or service you have requested.
Other rights
You may have the right to object, erase, or restrict our processing of your information – for example, where we process your personal information because this is in our legitimate interests, you may object to this. We will carefully consider your request as there may be circumstances which require us to, or allow us to, continue processing your data.
Complaining to the regulator
If you have any comments, concerns or complaints about our uses of your information we would ask that you contact us first, so that we can try and resolve any matter.
However, where we are unable to help, you are able to complain to the Information Commissioner’s Office in the United Kingdom or the data protection regulator in your country of residence, who will be able to liaise with the UK Information Commissioner in the UK
Retention of your information
We shall retain your information in accordance with our records retention policy, or for as long as necessary for the uses set out in this notice or while there is a legitimate business reason for doing so.
If you ask us to delete your information before this time, we may not be able to do so for technical, legal, regulatory or contractual constraints. For example, where you wish to be suppressed from direct marketing, we would need to retain your information for this purpose.
Where you ask for your account to be closed, we will do this as soon as possible subject to any terms and conditions relating to the account. Your information will be retained in order to comply with legal and regulatory obligations as well as for analysis, to prevent fraud, collect any monies owed, and to resolve disputes.
Help on Privacy Notice
If you have any questions or issues about this Privacy Notice, please contact the Compliance Officer of Cosmo Restaurants:
by Email: compliance@cosmo-restaurants.co.uk
by telephone: +44(0)20 8370 6200
by post:
The Compliance Officer, 53 Wood Street, Barnett, EN5 4BS, United Kingdom
Alternatively, you may raise your queries or concerns with the Supervisory Authority. In the United Kingdom, this is The Information Commissioner’s Office:
by Email: casework@ico.org.uk
by telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
by post:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF