Privacy Policy – Wasabi UK LTD.

Effective 14/09/2023

Welcome to the Wasabi Sushi & Bento privacy policy.

We value your privacy and are committed to protecting your personal information.

This policy pertains to data gathered by us or shared by you, whether within our dining establishments, via our Website (including the mobile-friendly version accessible on your handheld device), third party apps or through any other means (like telephone, logging into our wifi or applying of a job). Its purpose is to aid you in making well-informed choices while using our website and our products and services. We kindly request that you take a moment to review this policy.

 

Purpose of this privacy policy

This privacy policy informs you of how we look after your personal data, informs you of your privacy rights and the laws that protect you.

Our website and services are not intended for persons under the age of 18, and we do not knowingly collect data related to children.

It’s vital that you go through this privacy policy along with any other privacy policies or data processing guidelines we might provide on specific occasions when we collect or process your personal information. This privacy policy works alongside other notifications and privacy policies and doesn’t intend to override them. Our aim is to ensure you fully understand how and why we use your data.

 

Who we are and what we do.

This Privacy Policy is issued by Wasabi Co LTD. When we mention ‘Wasabi,’ ‘Wasabi Sushi & Bento,’ ‘We,’ ‘Us,’ or ‘Our’ throughout this policy, we are referring to Wasabi Co LTD. Wasabi Co LTD is the data controller and is responsible for this website and the protection of your data. In cases where an entity other than Wasabi Co LTD will be the controller of your data, we will inform you accordingly to ensure transparency in our data processing practices.

Our details:

Full Name of Legal Entity: Wasabi Co. LTD
Unit 5 Origin Business Park,
Rainsford Road,
Park Royal,
London, England, NW10 7FW.

Company Number:
05908632
ICO Registration Number: ZA434225

 

How to contact us

If you have any questions about this privacy policy, or wish to exercise your rights, please contact us in one of the following ways:

Email: [email protected]

By Post:

ATT: Privacy Team
Wasabi Customer Services – Support Centre
Unit 5 Origin Business Park,
Rainsford Road,
Park Royal,
London, England, NW10 7FW. 

You retain the right to file a complaint with the Information Commissioner’s Office (ICO), which is the UK’s regulatory authority overseeing data protection matters (www.ico.org.uk), at any point. Nevertheless, we kindly request the opportunity to address your concerns before you reach out to the ICO. Please consider contacting us initially so that we can attempt to resolve any issues promptly.

We routinely revisit our privacy policy for updates. This version was most recently revised on 14th September 2023

Ensuring that the personal information we have about you remains accurate and up to date is crucial. We kindly request that you notify us of any changes to your personal data during your association with us.

 

Your Data

When we refer to “personal data” or “personal information,” we mean any data that can identify an individual. This doesn’t encompass data where the identity has been eliminated (anonymous data).

We may gather, use, store, and transfer various categories of personal data about you, depending on the circumstances and purposes. These categories of data include:

  • Identity Data: This category includes your first name, last name, and date of birth.
  • Contact Data: It comprises your email address and telephone numbers.
  • Payment Data: This covers details such as bank account and payment card information.
  • Technical Data: This category encompasses your internet protocol (IP) address, login details, browser type and version, time zone configuration, geographical location, browser plug-in details, operating system, and device technologies you employ to access our website.
  • Usage Data: Information within this category pertains to how you use our website.
  • Marketing and Communications Data: It encompasses your preferences regarding marketing communications when you subscribe to receive emails from us.

Further details on the circumstances which we process your data and how we handle it are as follows:

 

Lawful Bases

We’ve detailed all the ways we intend to utilize your personal data, along with the specific legal bases we rely upon for each circumstance in the respective sections that explain when and how we handle your data. In situations where it’s applicable, we’ve also identified our legitimate interests.

It’s worth noting that we may process your personal data using more than one lawful basis, depending on the precise purpose for which we’re using your data. If you require further information about the legal basis, we’re relying on to process your personal data when multiple grounds are outlined in the table below, please contact us.

 

Partnering with Suppliers and Third Parties

We work alongside various third-party suppliers and partners, and as part of this collaboration, these third parties may need to process your personal information to provide services either to us or on our behalf. These organizations are legally bound to adhere to our data protection policies. They are obligated to handle personal data strictly in line with our instructions and are not permitted to use your personal information for their own purposes.

Please note that when utilizing services provided by third-party suppliers or partners, such as making an order on a delivery app, you should refer to their respective privacy policies. These third parties may have their own privacy practices, and it is important to familiarize yourself with their policies to understand how they handle your personal information.

Partner/purpose Data Shared Reason for sharing
Wireless Social Name, contact information, date of birth, delivery address, restaurant/branch Use of Wi-Fi service
The Access Group, Acteol and Atreemo Name, contact information, date of birth, restaurant/branch purchase history, spending Sending marketing communications after receiving opt-in confirmation, making a contact us enquiry, when using loyalty program
Yumpingo First name, Surname, Phone number, Email, venue, information about your visit Customer feedback survey
Deliveroo Name, contact information, delivery address, restaurant/branch Making a food order or making enquiry about existing or previous order
Uber Eats Name, contact information, delivery address, restaurant/branch Making a food order or making enquiry about existing or previous order
Just Eat Name, contact information, delivery address, restaurant/branch Making a food order or making enquiry about existing or previous order
Just Eat for Business (Citypantry) Name, contact information, delivery address, restaurant/branch Making a food order or making enquiry about existing or previous order
Ignite Name, contact information, delivery address, enquiry details, photo attachment Website hosting, contact us enquiry details

Sharing Data for Legal Compliance and Business Interests

We may disclose your personal data when it is necessary to comply with legal requirements, such as sharing information with HMRC, the Police, or to meet conditions specified by a licensing authority for premises licenses. In cases where such legal obligations apply, they may take precedence over your rights under the Data Protection Act 2018.

Additionally, your personal data may be shared if it becomes essential to safeguard our business interests. This could involve enforcing contractual terms, pursuing outstanding debts, or defending our legal rights.

Sharing Data in Business Transactions and Legitimate Interests

We might also share your personal data with third parties in cases where we decide to sell, transfer, or merge segments of our business or our assets. Alternatively, we may explore opportunities to acquire other businesses or merge with them. If such changes occur within our business, the new owners may utilize your personal data in alignment with the practices described in this privacy policy.

Furthermore, we may share your personal data in situations where there is a legitimate interest to do so under the Data Protection Act 2018. For instance, this may include sharing data to detect or prevent criminal activity, fraud, or money laundering; facilitating investigations by regulators or ombudsmen in response to complaints you’ve lodged with them; or safeguarding the rights of other individuals or organizations.

 

Security 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

Data Retention

We will keep your personal data only for a duration that is reasonably necessary to fulfil the purposes for which it was collected. This includes meeting legal, regulatory, tax, accounting, or reporting obligations.

In certain situations, such as when a complaint arises or if there is a reasonable anticipation of legal proceedings related to our relationship with you, we may retain your personal data for an extended period.

To determine the appropriate retention period for personal data, we consider several factors, including the amount, nature, and sensitivity of the data, the potential risks associated with unauthorized access or disclosure, the purposes for which we process the data, and whether those purposes can be achieved through alternative means. Additionally, we consider relevant legal, regulatory, tax, accounting, or other requirements.

In specific cases, we may anonymize your personal data (also known as hashing), rendering it unidentifiable to you. We use this anonymized information for research, statistical analysis, and profiling. In such instances, we may retain this information indefinitely and without prior notice to you.

Information we collect Retention period
To make a delivery order No personal information retained after fulfilment of order, unless otherwise required for another purpose in this policy. Note that your data may be retained as per the privacy policy of the delivery partner. Please refer to their privacy policy.
To conduct customer surveys and receive customer feedback 3 years, after which the data is hashed.
To deliver relevant website content and advertisements to you and to measure or understand their effectiveness 13 months, after which the data is hashed.
To use website analytics to enhance our website, products, services, marketing strategies, customer interactions, and overall customer experience. 14 months, after which the data is hashed.
To contact you about the latest news, promotions, make suggestions and recommendations based on information you have provided 3 years after opting out or after 3-year period of inactivity (haven’t opened or clicked any communications), after which the data is hashed.
To record CCTV footage 30 days from date of recoding. We may retain this data for longer if required to do so because of an investigation, claim or if requested by licensing authority or the police.
To verify your identity or age No information retained, unless required for another purpose in this policy.
To provide competitions, special events and prize draws 3 years, unless required for another purpose in this policy, after which the data is hashed.
To record promotional videos or take photos Indefinitely, unless consent is withdrawn, and a request is made to remove the content.
When you apply for a job with us 6 months, unless required for another purpose in this policy, after which the data is deleted
When you are employed by us 10 years, unless required for another purpose in this policy, or if required by law, after which the data is deleted

Change of Purpose

We will use your personal data only for the purposes for which it was originally collected, unless we reasonably believe we need to use it for another purpose that is compatible with the initial one. If you’d like an explanation of how the new purpose aligns with the original one, please contact us.

If we ever need to use your personal data for a purpose unrelated to the one it was collected for, we will inform you and explain the legal basis that permits this change.

Please be aware that we may process your personal data without your knowledge or consent when required or allowed by law, in accordance with this policy.

 

Your legal rights

Under certain circumstances, you have rights regarding your personal data under data protection laws. If you wish to exercise any of the rights listed below, please contact us using the provided contact information. Under the UK Data Protection Act 2018, you have:

  • The right to be informed: You have the right to receive information about how your personal data is collected and used. This includes details about why it’s processed, what kinds of data are involved, and who it’s shared with.
  • The Right of Access: You can request access to your personal data held by organizations. This allows you to confirm if your data is being processed and for what purposes. This is commonly known as a “data subject access request.”
  • The Right to Rectification: If your personal data is inaccurate or incomplete, you can ask for corrections to ensure that the information about you is accurate and up to date.
  • The Right to Erasure (Right to Be Forgotten): You have the right to request the deletion or removal of your personal data when there’s no compelling reason for us to keep processing it. You can also make this request if you’ve objected to processing, if there has been unlawful processing, or if local law mandates erasure; however, we may not always be able to fulfil your erasure request due to specific legal reasons, which we will notify you of if applicable when you make the request.
  • The Right to Restrict Processing: In specific situations, you can request restrictions on how your personal data is processed. This means your data can be stored but not actively used. Us may exercise this right:
    • When you want us to confirm if your data is accurate.
    • If we’re using your data unlawfully, but you prefer us to retain it.
    • When you need us to hold onto the data, even if we don’t need it anymore, because you’re using it to establish, exercise or defend any legal claim.
    • If you’ve objected to us using your data, but we need to check if we have compelling legal reasons to continue using it.
  • The Right to Data Portability: You can ask for your personal data in a format that’s structured, commonly used, and machine-readable so you can reuse it or transfer it to another data controller for your own purposes.
  • The Right to Object: You have the right to object to the processing of your personal data, where we, or those of a third party are relying on a legitimate interest, and there’s something specific about your circumstances that makes you want to object because you believe it affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Rights Related to Automated Decision-Making and Profiling: You have the right to be informed when automated decision making and profiling are used in a significant way. You have the right to and explanation, object and request human intervention.

Specific circumstances which we process in your data.

 

When using WIFI in our venues

How your personal data is collected.

When you use our free Wi-Fi access whilst at one of our venues. We use a company called Wireless Social to provide Wi-Fi and they collect your personal data for us. You can log in to use Wireless Social’s system with a social media account such as Facebook or sign up manually using a form.

We receive:

  • Your personal information (Name, gender, and date of birth)
  • Contact information (email address, social media URL, mobile number)
  • Details of which restaurant you have visited.

Opting into marketing communications

When registering to use our Wi-fi, Wireless Social will ask you if you wish to receive news and exclusive offers from us. We will use this information to contact you about our latest news and offers We will only send this information to you until you unsubscribe or if at the end of our retention period you have not interacted with us or any marketing material further (see retention periods).

Legal basis for processing data

We process your data on the legal basis of legitimate interest to provide Wi-Fi services to our customers and consent to send marketing information to people who have chosen to receive it.

 

When providing us feedback or making enquiries

How your personal data is collected.

  • When you visit one of our restaurants and provide us with your personal data with consent to be contacted, a company called Yumpingo may contact you. You may also give us your personal data by being directed to an online survey via our website, or in store point of sale.
    • Yumpingo, the research company entrusted with collecting this feedback, gathers all your input. The information collected is then shared with us.
  • You may also contact us directly with any queries, complaints, compliments, or suggestions via [email protected], via out website contact form, or via social media channels. We may require you to provide further personal information for us to assist. Any personal data is processed in accordance with this privacy policy.

Legal basis for processing data

We process your data on the legal basis of legitimate interest to analyse feedback, assist with your enquiry, and improve our services. We may also process personal data on the legal basis of contractual necessity or legal obligation where your enquiry requires us to do so.

 

When using our website

How your personal data is collected.

When you use our website (and any subdomain), we collect personal data either by direct interactions or by using automated technologies.

  • Direct Interactions: You may provide us with your personal information by filling in a form or corresponding with us via main, phone or other means. This includes persona data you provide when signing up to receive marketing emails or signing up to our loyalty rewards program.
  • Automated technologies: As you engage with our website, we automatically collect technical data related to your device, browsing activity and internet usage. This data is gathered using cookies and similar technology (see cookie policy)

The data we collect.

We may collect, use, store or transfer your personal data when visiting our website (or subdomains). We may collect:

  • Identity data: Name, date of birth
  • Contact information: Email address, phone number, address.
  • Technology data: Browser information, hardware information, operating system information
  • Usage: How you interact with our website. How you interact with other websites
  • Marketing & communications: Send you emails, SMSs of browser notifications with news, offers and promotions.

Third-party links and applications

This website, including all subdomains, may contain references to third-party websites, plugins, and applications. Engaging with these links or activating such connections may grant third parties the ability to gather or distribute information about you. We lack authority over these third-party websites and bear no responsibility for their privacy policies. As you depart from our site, we strongly recommend that you review the privacy policies of each website you visit or application you use.

Legal basis for processing.

  • We rely on legitimate interest when processing your data, so that we can study how customers use our website, to develop and grow our company and to inform our marketing strategies. We also use this data to define the types of customers we have (pen portraits), keep our website updated with relevant content.
  • For marketing & communications purposes, we rely on explicit consent to process personal data.

You have the right to opt-out of receiving communications at any time by using the unsubscribe link in any of our marketing emails or contacting us using the details above.

 

When you are captured on our CCTV

How your personal data is collected.

  • We use CCTV technology in our restaurants and other premises to enhance the safety of both our customers and our staff. We also use CCTV to facilitate investigations into potential criminal, or unsafe incidents. The maintenance of a CCTV system is a mandatory requirement.
  • Strategic placement of our CCTV cameras is primarily geared towards ensuring the safety and wellbeing of both our customers and staff. Signs are displayed where CCTV is in operation. Should you have any queries concerning the collection of personal data through CCTV, please contact us using the details above.

Legal basis for processing data

We rely on the legal justifications for recording CCTV when you visit our restaurants:

  • We may have a legal obligation to do so by local authorities.
  • We have a legitimate interest in the safeguarding and security of our customer and staff.

 

When applying for a job or are employed by us

When you apply for a job

In connection with your application, we will collect, store and process:

  • The information you have provided us in our CV and covering letter.
  • The information you have provided on your application form.
  • Any information provided to us during an interview.

We use this personal data to assess your skills, qualifications, and suitability for the role, communicate with you about the process, retain records relating to our hiring processes and to comply with legal or regulatory requirements.

We may also collect sensitive personal information:

  • Information about your race, ethnicity, religious beliefs, and sexual orientations
  • Information about your health including any existing medical conditions and/or sickness records.
  • Information related to criminal convictions and offences.

We may use this personal data to ensure meaningful equal opportunity monitoring and reporting. We may use information about your health to consider where appropriate adjustments during the recruitment process need to be made. In certain circumstances, we collect information on criminal convictions to ensure suitability for the role.

How we collect your personal data

We collect your personal data from:

  • You, the candidate
  • Recruitment agencies
  • Background check providers
  • Disclosure and Barring service
  • Your named referees

Legal basis for processing data

We will process your personal data in the following ways:

  • It is within our legitimate interest to ensure that we appoint a candidate who is suitable for the role.
  • We will be required to process your personal data as a contractual necessity should we decide to appoint you to a role.
  • We have a legal obligation by the Home Office and other relevant authorities to ensure your right to employment and suitability for the role.

 

When you are or have been employed by us

This information applies to both current and former employees, workers, and contractors. It’s important to understand that this information is not part of any employment contract or service agreement. We have the right to make changes to this information as needed, and if we do, we will provide you with an updated version as soon as we reasonably can.

In connection with your employment, we will collect, store and process:

  • Your contact details like your name, address, phone numbers, and personal email address.
  • Your birthdate.
  • Information about your gender.
  • Your marital status and any dependents you may have.
  • Details of your next of kin and emergency contact.
  • Your National Insurance numbers.
  • Bank account information, payroll records, and tax status details.
  • Information about your salary, annual leave, pension, and benefits.
  • When you started worr with us and, if different, when your continuous employment began.
  • The date you left and the reason for your departure.
  • Where you work or where your workplace is located.
  • A copy of your driving license, passport, visa, and other identity documentations
  • Details from your recruitment process, including proof of your right to work, references, and any information you included in your CV, cover letter, or application.
  • Records of your employment history, including job titles, work experience, hours worked, vacation records, training history, and any professional memberships.
  • Information about your compensation history.
  • Data related to your job performance.
  • Records of any disciplinary actions or grievances.
  • CCTV footage and other electronic data like swipe card records.
  • Information about how you use our computer and communication systems.
  • Results from checks by HMRC (Her Majesty’s Revenue and Customs) to determine your employment status and details of your involvement with the intermediary through which you provide your services.

We may also collect sensitive personal information:

  • Information about your race, ethnicity, religious beliefs, sexual orientation, and political beliefs.
  • Information about your health including any existing medical conditions and/or sickness records.
    • Details of absences from work, including statutory parental and sick leave
    • Where you leave employment for reasons relating to health (information is required for pensions)
  • Information related to criminal convictions and offences.

 

How we collect your personal data

We collect your personal data from:

  • Recruitment process
  • You, the employee
  • Related activities throughout your employment
  • Third parties including former employers, credit reference agencies and other background check providers.

Legal basis for processing data

We require all the types of information listed above as a contractual necessity to you and as a legal obligation. In certain situations, we may also use your personal information for our legitimate interests, so long as your interests and fundamental rights do not outweigh ours.

Situations where we will process sensitive information are:

  • To make sure you’re safe at work.
  • To assess if you’re fit to work.
  • To provide necessary workplace accommodations.
  • To keep track of and manage sick leave.
  • To handle benefits such as statutory maternity pay, statutory sick pay, and pensions.

Additionally, if we reasonably believe that you or someone else is in danger of physical, mental, or emotional harm, and processing the information is needed to protect your or their well-being, we may use this data (public task).

We’ll also use information about your race, national or ethnic origin, religious or moral beliefs, or your sexual life or orientation to ensure fair equal opportunity monitoring and reporting.

 

Other ways we process your data.

Age and identity Verification: We are legally obliged to confirm that we do not sell alcohol to individuals under 18. Therefore, we will perform age checks as needed. We process this data to meet our legal obligation and to ensure that we do not promote alcohol to individuals under 18, which is in our legitimate interest. We may also be required to check your identity to meet legal obligations.

Competitions and Special Events: When we host competitions, special events, or prize draws online or at our restaurants, we’ll need to collect and store your Identity Data (name and date of birth) and Contact Data (email address) to identify and contact you regarding these events or competitions and fulfil our contractual obligations related to the event.

Promotional Content: Occasionally, we may capture photos or record videos at our venues for marketing purposes. These materials may feature our customers, but we will only use this personal data if we have obtained your prior consent. We record promotional content only with the consent of individuals. If you change your mind, you can withdraw your consent at any time by getting in touch with us.