top of page

We are committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers.

This privacy notice outlines information on how Dough and Co Scotland collects and processes your personal data when you visit our establishment, through your use of this website, including any data you may provide through this website when you sign up to our news announcements and/or fill out a contact form.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Throughout this document we refer to Data Protection Legislation means the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

You can contact about any of us either by email or post.

By email:

info@doughandco.uk

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. We collect your personal data when you visit our bars, use our websites and mobile apps, and otherwise interact with us.

The type of personal information that we will collect falls into three categories:

(a) information you provide to us; (b) information we collect through automated methods when you use our services; and (c) information we collect from other sources

Generally, you are under no statutory or contractual requirement or obligation to provide us with your personal information; however we require at least the information above in order for us to deal with you as a prospect or customer in an efficient and effective manner.

We may combine information we receive from other sources with information you give to us and information we collect about you.

We collect information you provide to us

You may provide the following information to us, depending on how you interact with us:

  • personal details, such as your name, home and email addresses, phone number, birthday date, dietary preferences and other contact information, when you register with our online services, make a booking, log-in to Wi-Fi, or contact us by phone or through our online services;

  • demographic information such as age or gender;

  • transaction information, including information about your purchases such as prices, method of payment and payment details (payment details not retained)

  • account information you provide when using our apps, such as your username or password used to access our online services or to buy or use our products and services;

  • other personal information you choose to provide us when you interact with us (including through social media or via website forms).

We collect information through automated methods

We may use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our online services, or in-restaurant technology. Automated technology may include cookies, local shared objects, and web beacons. There is more information about this in our cookie policy.

We may collect information about your:

  • internet protocol (IP) address;

  • computer or mobile-device operating system and browser type and version;

  • type of mobile device and its settings and other technology on the device you use to access this website;

  • unique device identifier (UDID) or mobile equipment identifier (MEID) of your mobile device;

  • login data

  • device and component serial numbers;

  • advertising identifiers

  • referring webpage (a page that has led you to ours) or application;

  • online activity on other websites, applications or social media;

  • activity related to how you use our online services, such as the pages you visit on our websites or in our mobile apps.

  • Images obtained via CCTV, IDScan or other surveillance technologies. See section 5 for further details.

Our online services such as our apps and onsite Wifi may collect information about the exact location of your device using geolocation and technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity.  Most devices and computer systems, you can disable the collection of this information by using the device or web-browser settings.

When is my personal data collected?

The below table provide examples of when your personal data is captured:

Contact details (e.g. email address, telephone number and postal address)When you book a table/package/function/event/ tickets.

 

When you contact us via our website or sign-up to competitions or offers

When you opt-in to receive marketing communications.

When you provide us with feedback or submit an enquiry

When you sign up to use our Wi-Fi.

When you purchase an item off our online shop

When you use our mobile or web app to order and pay at table or to access perks and offers

If you have an accident while visiting us at our venues.

When you sign-up to hear from us when using our photobooths

When you interact with lead-generation ads and provide your contact details

Date of birthTo confirm that you are over 18 in order to receive licensed goods and services.

 

When you choose to provide it for marketing personalisation

Personal InterestsWhen you choose to provide it for marketing personalisation.

 

When you sign-in to use our WIFI using a Social Media Login

Dietary and special needs requirementsWhen you choose to provide it when booking a table / function / event

Information about other guests on your bookingWhen you provide them on behalf of others as part of making a table / function

The correspondence that you have with us (e.g., emails, letters, calls, online chat service)When you contact us or we contact you. This may include telephone call recording.

Your location / visit informationWhen you use our Wi-Fi.

 

When you use our websites or mobile app

Your transaction details and payment.When you place an order and pay for food or drink in Dough and Co.

 

When you redeem a promotional voucher code

When you pre-book at package or table online

When you purchase a gift voucher or other item.

When you order and pay for food and drink through our apps

How we use your information

Under GDPR, we must have a lawful basis for using your ‘personal data’. The lawful bases most relevant for our processing are:

Consent

The data subject has told us that we can use their data for a specific and defined activity.

Contract

Processing is necessary to fulfil or prepare a contract with you; for example, the information that we are required to collect in order to provide our party services.

Legal obligation

Processing is necessary to meet a legal obligation applicable to us, for example, if we are required to retain your information to comply with tax/revenue laws

Vital interests

Processing is necessary to protect a person’s life or in an urgent medical situation.

Legitimate interest

Processing is necessary for our legitimate business interests. This condition does not apply if there is a good reason to protect your personal data which overrides our legitimate interest.

We may use your personal data for the following purposes:

  • Supplying our services to you including Gift card, Reservations or bookings, ticket purchases and online order & payment facilities

  • Communicating with you. This may include seeking feedback on services supplied responding to emails, calls, feedback or einquiries from you.

  • Supplying you with information and/or marketing materials by email and/or post that you have opted-in to (you may unsubscribe or opt-out at any time by using the ‘unsubscribe link’ included in all emails or by contacting us via the address stated in part 1.

  • Gathering information to form statistical and trend analysis; research and analytics on an aggregate and/or anonymous basis.

  • Monitoring website usage and demand for services.

  • Meeting legal, regulatory and compliance requirements.

  • With regards to messages posted via social media (including Facebook, Twitter, and Instagram) or other social platforms, we will collect the information provided to us. We may retain this information for the purposes set out in this privacy policy and use as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.

  • Help us understand more about you as a customer, the products and services you consume, so we can serve you better;

  • To identify and engage with the right audience and create and distribute personalized marketing content across platforms and services.

  • Provide you with online advertising and promotions;

  • If you stop using our services, we may continue to use and disclose your personal information in accordance with this privacy policy (as amended from time to time)

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we might share your information with

We may share your personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data e.g. HM Revenue & Customs, regulators and other authorities

  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or

  • We will not share your information with any third parties for the purposes of direct marketing without your explicit consent.

  • Third party service providers such as digital service provides, professional advisors and marketing service providers We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

  • We may share your data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

CCTV, IDScan and other surveillance technologies

IDScan

Licenced premises have a responsibility to uphold four objectives from the Licensing Act 2003:

  • Public Safety

  • Prevention of Public Nuisance

  • Prevention of Crime and Disorder

Considerable attention is paid to seeking to ensure that data captured is held securely.

IDScan retains a copy of customer identity documents. Scanning is entirely voluntary, however the management reserve the right to refuse entry if ID is not volunteered.

Access to stored data is restricted to management level. Data viewed by door supervisors extends merely to the photograph and DOB.

Occasionally we may share this data with Police, if requested following an incident in the venue, to assist in crime and disorder investigation or prosecution. 

Our systems are set to automatically purge data that is over 3 years old which is in line with the statute of limitations for civil claims. Copies of ID documents will be retained for a maximum 3 years with the exception of any individual who is on the Barred List, where their details will be retained for as long as they remain on that list.

Should you require that we purge you’re information, and given that the information need not reasonably be kept for any of the purposes above, please email info@doughandco.uk.

CCTV

In the interests of Public Safety, and the prevention of Crime and Disorder Dough and Co. Scotland uses CCTV in all of its venues. We may, in some of our premises use body cameras for the same purpose and the use one or both may be a condition on the premises licence. Where we use CCTV, this will be clearly signposted at the entrance to the premises.

Video footage will be retained for a minimum of 31 days and will only be accessed by the following personnel;

  • Site management

  • The Risk and Compliance Team

  • Local law enforcement officers

Video copies of specific incidents may be retained and made available to local law enforcement officers and/or legal representatives where the footage is part of an accident investigation, official investigation or legal case.

Enquiries regarding CCTV footage should be sent to info@doughandco.uk.

How we keep you updated on our products and services

We will send you relevant offers and news about our products and services in a number of ways including by email, SMS, or phone but only if you have previously consented to receive these marketing communications. You may unsubscribe or opt-out at any time by using the ‘unsubscribe link’ included in all emails or by contacting us via the address stated in part 1. You can also manage your opt-in preferences via our preference centre, links to this are located at the foot of our emails.

Your rights over your information

7.1.1 The right to be informed about our collection and use of personal data;

You have the right to be informed about the collection and use of your personal data. We ensure we do this through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

7.1.2 Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If you would like to exercise this right, please contact us as set out below.

7.1.3 Right to Correction Your Personal Information

If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.

If you would like to exercise this right, please contact us as set out below.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

7.1.4 Right to restrict processing

You have the right to ask us to restrict the processing of your personal data. For example, this may be because you have issues with the accuracy of the data we hold or the way we have processed your data. The right is not absolute and only applies in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

7.1.5 Right to Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

7.1.6 Right to Portability

The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.

If you would like to exercise this right, please contact us as set out below.

7.1.7 Right to object

You have the right to object to our processing of some or all of the personal data that we hold about you. This is an absolute right when we use your data for direct marketing, but may not apply in other circumstances where we have a compelling reason to do so, e.g., a legal obligation.

7.1.8 Additional information

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

7.1.9 For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

 

How long we keep your information for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see ‘6. Rights over your information’.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

International Transfers

Wherever possible we do not transfer your personal data outside the European Economic Area (EEA).

Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data may sometimes involve a transfer of data outside the EEA.

If we transfer your Personal Information out of Europe to a country not deemed by competent regulators to provide an adequate level of personal information protection, the transfer will be performed:

a. Pursuant to the recipient’s compliance with standard contractual clauses or binding corporate rules;

b. Pursuant to the consent of the individual to whom the Personal Information pertains; or

c. As otherwise permitted by applicable European data protection laws.

Please contact us if you would like further information.

What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the purposes for which it was originally collected by us.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this policy regularly to keep up-to-date.

How to contact us

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

By email:
info@doughandco.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Thank you for taking the time to read our Privacy Policy.

bottom of page