Bookatable is committed to protecting your personal information and being clear and transparent about what information we collect and how we will use it. This policy explains how any personal information Bookatable Limited and its associated companies collect when you use our website or digital services and platforms, or that you provide to us, will be processed.
The information set out in this policy is applicable to your use of Bookatable’s websites, digital platforms and online services. Please read the following policy carefully to understand our views and practices regarding your personal information and how we will treat it.
- Who we are and how we can be contacted
- About our Data Protection Officer
- Other policies you should read
- Information we collect from you
- Marketing communications
- Information we collect about you from other places
- Where we store your personal information
- International transfers of personal data
- Sharing your personal information
- How long will personal information be kept by us
- Your rights under data protection legislation
- What you can do if you’re not happy with how we use your information
- About Data Security
Who we are and how we can be contacted
Bookatable Limited acts as a Data Controller when you use our websites, digital platforms and services directly.
If you need to contact us you have a number of options, you can:
- email us at email@example.com;
- send us a letter addressed to our registered office Bookatable Limited, 7 Soho Square, London W1D 3QB; or
- contact your local Bookatable company using any of the contact details on this website.
About our Data Protection Officer
While everyone at Bookatable is committed to protecting and respecting your privacy, we have a Data Protection Officer who deals with all aspect of personal data at Bookatable. You can contact our Data Protection Officer by sending an email to firstname.lastname@example.org.
Other policies and information we encourage you to read
- Additional privacy policies
- Our Terms of Website Use
- Linked Platforms
Our site may contain links to and from our websites and digital platforms of our partner networks, advertisers, affiliates, Restaurants and social media pages. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
- Additional privacy policies
Information we may collect from you
This section sets out:
- how we collect your personal information;
- the categories of data that we collect;
- a description of how we plan to use the information we collect;
- the legal basis that we will rely on to process information collected; and
- where possible, how long we will hold the information collected.
We may collect and hold the following information about you:
Type of Data
Lawful basis for processing
Information you give to us when you enter a competition or promotion (“ Promotion Data”).
To enable us to send you further information about the competition, promotion or a prize if you are the competition winner. Unless we state otherwise when we collect your information, we will only use this information for managing and administer the competitions or promotions.
Promotion Data might include, for example, your name and e-mail address.
If you win a prize we may request your full address to enable us to send you your prize.
The performance of an agreement between you and us to enter the competition or promotion.
Unless otherwise stated in the competition or promotion terms Promotion Data will be deleted 12 months after competition or promotion closure.
Information you provide to us when you complete a survey or respond to a questionnaire or submit a review or feedback of a restaurant (“ Review Data”).
To collect information about a specific matter, for example, our services to you or reviews of a restaurant you have visited.
In many cases surveys, and questionnaires are anonymous and we only collect personal information for statistical data. If this is not the case, we will let you know at the time of collecting the information.
Information may include your full name, your email address and other personal data requested.
We will use our legitimate interests in the monitoring and improvement of our products and services to our customers and users as the legal basis for processing Review Data.
While we like to retain reviews and feedback from you to help other diners, we will anonymise or delete your reviews and feedback after 5 years.
Any information collected pursuant to a survey or questionnaire will be deleted within 3 years of you submitting your responses. Any information retained will be aggregated, statistical data only.
If you register for any of our digital products or services via an account we will request information to enable us to identify you and provide the products and services to you (“ Account Data”).
Account Data will be processed for the purpose of operating our websites, providing digital services you sign up for, communicating with you about those digital products and services and maintaining back-ups of our services.
Account Data will include your full name, email address. We may also ask you to set a password so you can securely log on to your account.
The performance of the agreement between you and us for the provision of the digital product and services is the legal basis for processing Account Data.
We will retain Account Data for as long as you have an account with us. If you do not access your account for 24 months, we will delete your account data so that we do not keep information for longer than is necessary. You can of course, create a new account if you like.
Information you give to us when you book a restaurant (“ Booking Data”).
This information is used to enable us to provide you with restaurant booking services and complete your booking with the Restaurant.
We also use this information to show you your past restaurant reservations and cancellations.
We will ask you for your name, surname, e-mail address, phone number and any special requests you have in relation to your booking.
The legal basis for this processing is to fulfil the agreement between us and you in relation to your booking.
We retain your booking information for 3 years following your last dining experience. If you provide us with new information, we will update your details.
Information you give to us when paying a deposit on a restaurant (“ Payment Data”).
If a deposit is required to secure your booking, we will use this information solely in relation to making the deposit for that Restaurant booking.
We will ask you for you’re the name on your card, Debit or Credit Card Number, CCV and Card Expiry.
The legal basis for this processing Payment Data is to fulfil the agreement between us and you in relation to your booking.
We do not store Payment Data for longer than is necessary. Payment Data is retained no longer than 12 months following your last dining date.
Information you provide us when you communicate with us, e.g. by email or contact us form via our website (“ Communication Data”)
This information is used to enable us to respond to or following up on your comments, queries or questions.
Information may include your full name, your email address and other personal data you provide us to enable us to deal with your communication.
We will use our legitimate interests in the assisting you and answering your communications as the legal basis for processing Communication Data.
We will hold on to Communication Data for as long as it is necessary to enable us to deal with the matter relating to that communication. Once your matter has been dealt with, unless we inform you otherwise, we will delete Communication Data within 3 years.
When you provide us information (for example, the information set out in the scenarios above), in some cases we may ask you for additional, voluntary information. This information will be identified as optional and is used to help us better understand our customers and tailor our services to them and you.
We also collect and use aggregated data such as statistical or demographic data (“ Aggregated Data”). Aggregated Data may be derived from your personal information but does not reveal your identity in any way. For example, we may aggregate your Usage and Device Data to calculate the percentage of our website users accessing a specific feature of our website. Aggregated Data is used for our own business purposes only.
Sensitive Personal Information
While we do not request sensitive personal data, we do have sections on our websites where you can submit additional information and special requests, for example, during the booking propose or when you submit reviews. Sensitive personal data may include special requests relating to disabilities or health related matters such as food allergies. If you submit information on these free text sections, only submit information you are comfortable providing and always bear in mind that it may be sensitive information. If you are submitting information in the course of your booking, this information we be kept confidential and only used to process your booking and any special requests. If you submit reviews or feedback for our website, please remember that this information will be visible to others users of our website – and don’t forget, reviews can be submitted anonymously if you like.
Children and Personal Information
This website is not intended for use by children and we do not knowingly collect data relating to children. If we become aware that we are holding any information about children under the age of 16, we will take any actions necessary to comply with data protection legislation, including if appropriate, deleting the information. If you become aware that your child (under 16) has provided their personal information to us, without your consent, please let us know as soon as possible by emailing email@example.com so that we can take appropriate action.
When you sign up to receive any of our newsletters or marketing communications we will use the information you provide us, usually just your name and email address, to enable us to send you our newsletters, restaurant deals or any other communications you’ve requested. We will process your personal information for email marketing purposes based on your consent. Marketing communications are received directly from your local Bookatable company and that local Bookatable company acts as the Data Controller for marketing purposes. Bookatable local companies do not share your personal information for marketing purposes with any other company within the Bookatable Group.
Don’t’ worry, if you decide at any point that you no longer want to receive these emails, you can unsubscribe at any time. There are a number of ways you can do this: (i) there is always an unsubscribe option at the bottom of each marketing communication we send to you; and (ii) you can also contact us by email or letter using any of the contact details set out in this notice.
We will generally send you marketing communications until you choose to unsubscribe from receiving them. However, if we have not heard from you for a while or notice that you have not opened our emails in a period of 24 months, we will remove your details from our database. There’s nothing stopping you from subscribing again at any time.
If you have signed up to any of our services or booked a restaurant through us, you will still receive emails relating to those services and bookings (e.g. confirmation emails, reminder emails). If you decide not receive marketing emails from us, it will not affect service emails which are integral to the services provide to you by us and the Restaurants.
From time to time we may also use your Usage and Device Data to make online suggestions and recommendations to you about goods or services that may be of interest to you. This is necessary for the legitimate interest of our business in developing our products and services and growing our business.
Marketing from Restaurants and Partner Networks
When you book a Restaurant, you may also have the option to opt-in for marketing communications from that Restaurant or Partner Network. We will always ask you for your express consent before allowing Restaurants or Partner Networks to market to you. Restaurants and Partner Networks will have access to information on which individuals have opted-in and which have chosen not to opt-in.
Marketing by the Restaurants and Partner Networks are subject to their own privacy policies and you should consult these privacy policies for further information.
Information we collect about you from other places
To enable us to provide you with our services, we may receive personal information about you from other sources, including:
- We may receive information about you if you use any of the other websites we operate or the other products or services we provide. We also work closely with third parties (including, for example, business partners, technical service providers, payment services, analytics providers such as Google Analytics and search information providers) and may receive information about you from them. The legal basis for this processing is our legitimate interests in monitoring and improving our website, products and services.
- Information from our web servers’ logs, for example information about your computer, such as your IP address, operating system and browser type. We may also collect information on the searches you carry out on our website, the websites or restaurant pages you visit and your interaction with communications we send you, for example, when you open email communications. (“ Usage and Device Data”). This information is used by us for system administration and to analyse how people are using our websites and digital services and platforms such as our mobile applications. It also helps us to provide the best infrastructure for your online experience. The legal basis for this processing is our legitimate interests in monitoring and improving our website, products and services.
- Our website may enable you to share your experience and connect with us through third party social networks such as Facebook and Twitter. We may collect this information from our social media sites, including likes, shares and tweets, and about the content on social networking sites. We do not control the privacy of the information you provide on social media networks and the privacy policies of those social media networks will apply when using their services.
Our relationship with Restaurants
Where we store your personal information
All information you provide to us is stored on secure servers within UK or EEA. Unless you are told otherwise in any specific privacy notices provided by us, we do not transfer any personal information outside the EEA.
While we are committed to keeping your personal information secure, the transmission of information online via the internet is not completely secure. We, together with our service providers will do our best to protect your personal information but information provided is at your sole risk.
Sharing your personal information
We only share your personal data with people who have a need to know such information to perform their responsibilities.
We may share your personal information with the following:
- Restaurants - we share Booking Data, reviews, where applicable Payment Data and other relevant information you provide us with the Restaurants that you request services from. This information is provided to the Restaurants to enable them to continue to process and manage your booking. Once we pass your information to the Restaurant, the Restaurant takes the role of Data Controller and we become the Data Processor.
- Partner Networks – where you book a Restaurant through one of our Partner Networks, for example a third party restaurant reservation website, we share Booking Data, reviews and other relevant information you provide us with that Partner Network. We will never share Payment Data with Partner Networks. Once we pass your information to the Partner Network, the Partner Network takes the role of Data Controller for that data.
- Payment and billing providers – to make a reservation at some restaurants, you are required to make a deposit or provide your credit or debit card information to secure your reservation. In order to process this information we share this Payment Data with third party payment and billing service providers.
- Within the Bookatable Group - we may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries to the extent necessary for the same purposes of the initial processing set out in this policy.
For example, we will share your Booking Data with your local Bookatable company (e.g. the company in which you reside and make the booking from), we also may share your Booking Data with one of our group companies in a different country if you make a booking through our UK website for a Restaurant based in that other country. We also share the information with Michelin Travel Partner S.A.S, part of the Michelin Group for the purpose of hosting our marketing database.
The relevant group companies are:
Bookatable AB and 2 Book AB
Bookatable AB, Suomen sivuliike
Bookatable Norway NUF
Bookatable GmbH & Co. KG
- Service Providers - Bookatable may share your personal information with select service providers that Bookatable may use to process your request or provide the services. These service providers act as data processors on our behalf and provide IT and system administration services, such as hosting and email and SMS services.
These service providers are legally obligated to keep the personal information they may have received confidential and secure and to use your personal information the basis of our instructions only.
We may also share your personal information with third parties:
- In the event that we sell or transfer any business or assets, in which case we may disclose your personal information to the prospective purchaser or recipient of such business or assets.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of the Bookatable Group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- In order to manage risks and legal disputes and obtaining professional legal advice. This disclosure will be on a confidential basis and only to our professional advisors who are under a duty of confidentiality.
How long will personal information be kept by us
As a rule, we will not hold your personal information for any purpose or purposes for longer than is necessary to fulfil the purposes we collect it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For more specific retention periods, please see section 5 above. While we do everything we can to comply with these retention periods, if there is a legal, accounting or tax reason why the information is to be held for longer, we will only retain the information for as long as necessary to satisfy that legal, accounting or tax reason.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your rights under data protection legislation
Data protection legislation provides you with certain rights when it comes to the processing of your information. These are the right to:
- be informed
- access your information
- correct your information
- delete your information
- restrict processing
- transfer information
- object to processing
- The right to be informed
You have the right to be informed about how we collect and process your personal information, including who we are, how we use your personal information and your rights in relation to your personal information. We have gathered all the information you need in this privacy notice.
- The right of access your information
You have the right to access the personal information we have on you. We can confirm whether or not your information is being processed and provide you with access to your personal information.
- The right to correct your information
- The right to delete your information
You have the right to request the deletion or removal of your personal. There are limited circumstances in which you can request deletion of you information, these include, where the information is no longer necessary for the purpose for which we originally collected or processed it and where you have withdrawn your consent to the processing by us. If you would like further information on your right to deletion, please just ask.
- The right to restrict processing
In some circumstances, you also have the right to restrict or suppress the processing of your personal information. If you request us to suppress your personal information, we will suspend any further processing of it.
- The right to transfer information
If you want to move or transfer your personal information to a different employer, you have the right to have your information transferred to another person.
- The right to object
You have the right to ask us not to process your personal information where we are relying on a legitimate interest and there is something which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You can find further information on your data protection rights from the Information Commissioner’s Office (the “ ICO”) at www.ico.org.uk or any local supervisory authority.
What can you do if you’re not happy
We are committed to protecting and respecting your privacy. However, if you’re not happy with how we collect or process your information or just want some further information on your rights, you can contact us in the following ways:
- Email us at
- Send us a letter addressed to the
Data Protection Officer, Bookatable Limited, 7 Soho Square, London W1D 3QB
We will work with you to resolve any issues you may have and aim to answer any question raised by you as soon as possible. You can also make a complaint to the ICO – further information can be found at https://ico.org.uk/concerns/ or to your local supervisory authority.
- Email us at
About Data Security
Bookatable has implemented measures to protect the privacy, security and integrity of your personal data. Access to personal data is restricted to those employees and service providers who need to know this information and who have been trained to comply with rules on confidentiality.
On Bookatable's commercial sites, banking information will be collected for the purposes of effective, legal secure payment processes. These measures may consist of SSL encryption (intended to make the data unreadable to others) during the collection or transfer of confidential data. Said information will be used only for purposes of online payment and will not be retained.
Bookatable ensures that your personal data are not altered, damaged or accessed by unauthorised third parties.
We may change our policy from time to time. Any changes we make to this policy in the future will be posted on this page. If you have an online account with us, we may notify you of any changes by email or through your account the next time you log on.