Quandoo for Restaurants Privacy Policy

Effective: March 2024

This Privacy Policy explains to you how your personal data is processed when you use the Quandoo website's offers and online services on the "Quandoo for Restaurants" website (hereinafter "Platform"). This Privacy Policy also informs you of your rights and choices to control your personal information and to protect your privacy. 


Who is responsible for data processing and whom can I contact?

Responsible for data processing: Quandoo UK Ltd, WeWork Waterloo, 10 York Road, London, SE1 7ND. This company is also meant if the terms "we" or "us" are used below.

You can contact our Data Protection Officer at: dataprotection.UK@quandoo.com


What personal data do we process and from which sources does such data originate?

When we make our platform available to you for use, we process personal data from various sources. On the one hand, this is data that we automatically collect when you use the platform. However, this may also include data which you have voluntarily provided to us.


Data that we collect automatically when you use our platform

As soon as you visit the Platform, you send technical information to our web servers. In this case, we collect the following access data and web access data (which we refer to collectively as "access data"):

  • the date and time of the visit and the duration of the use of the platform
  • the IP address of your device
  • the reference URL (the website from which you may have been redirected)
  • the visited subpages of the website; and
  • further information about your device (device type, browser type and version, settings, installed plug-ins, operating system)

We process access data so that we can ensure the functionality of the platform. We also process access data to carry out performance analyses on the platform, continuously improve the platform and correct errors to ensure IT security and the operation of our systems, and to prevent or detect misuse, particularly fraud. The legal basis for the collection of this data is our legitimate interest (Art. 6 sec. 1 lit. f GDPR).

In addition, we process access data to adapt the platform to your needs (personalisation). To this end, we also assign you what is known as a "Unique User ID".

We also use cookies to process such data. Cookies are small text files that you download to your device when you visit our websites and that store the above information about you. To learn more about how cookies work, which cookies we use, and how to disable them, read our cookie policy. It also tells you what information is collected by cookies and tracking tools from third parties. To ensure the legibility of this privacy statement, we have summarised this information  on a separate page.


Data that you transmit to us yourself

In addition to the data we receive from all visitors, we also process other data in case you use the services we offer.


Contact Us

You can get in touch with us using different channels. To this end, we process all data that you provided us with, e.g. your name, email address, data relating to your restaurant and the content of your request. In case you use our chat-tool, we also process a User ID as well as browser data (such as browser language and version) and data regarding your use of the chat-tool. We will always only use the data in order to get in contact with you as per your request (Art. 6(1)(f) UK GDPR).


Newsletter

If you wish to receive our newsletter, we need your consent for this. We use the so-called double opt-in process for our newsletter, so that you are only subscribed to the newsletter once you click on the link in the confirmation email. This way we can make sure that you are the rightful owner of the email address. The newsletter contains information about Quandoo, restaurants and current offers. Legal basis for the sending of newsletters is your consent (Art. 6 (1) (a) UK GDPR).

When subscribing to the newsletter, we collect your IP address, the date and the exact time of your subscription. This data is stored in order to prove that you signed up to the newsletter. Also, we need the data in case your email address was fraudulently used.

Furthermore, when interacting with the newsletter, we collect device and usage data. For example, we record if the newsletter was delivered, if you opened the newsletter or if you clicked on a link in the newsletter. We link your email address to this data in order to personalise and statistically analyse the newsletter.

You can withdraw your consent to receive newsletters and the connected data collection at any time without incurring any costs other than the transmission costs in accordance with the basic tariffs. Just click on the unsubscribe link at the end of each newsletter or send an email to the address set out above.


Other data collected

Facebook Fanpage

We maintain what is referred to as a fan page on the Facebook platform. When you visit our fan page, data may be collected for market research and advertising purposes, which are stored in user profiles using pseudonyms. Cookies are set for this purpose. Based on these cookies, we can carry out statistical evaluations, for instance. This serves our legitimate interest in accordance with Art. 6 (1) (f) UK GDPR on an optimised presentation (for further information on the legal foundations, see below). Data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 UK GDPR. You can find detailed information about data processing by Facebook, contact options and your rights in Facebook's privacy policy, where you can also exercise your right of appeal.


Google Tag Manager

We also use Google Tag Manager that allows us to manage tools which are implemented via Google Tag Manager. Google Tag Manager itself does not set any cookies and does not collect any personal information. However, the tool is used to trigger other tags, which might collect data.


For what other purposes do we process your data?

We possibly process your data for additional purposes according to Art. 6 (1) (c), (d) UK GDPR.

These include the following:

  • passing on your personal data to third parties if we are legally obliged to do so;
  • assertion of legal claims and defence in legal disputes;
  • compliance with legal requirements for data retention due to tax legislation, etc.

To whom do we transmit your data?

We treat your personal data with care and confidentiality and pass such data on to third parties only to the extent described below and no further. We only transmit data to public authorities if there is a legal obligation to do so as a result of a request for information from the competent authority.

Beyond statutory obligations to public authorities, we will only share your information with our third-party providers who assist us in providing the platform, or within the Quandoo Group of Companies.


Other third parties

In addition, we transmit data to external service providers who enable us to provide the platform. Please note in this connection that all of our server hosting and cloud services are made available by Google Ireland Limited. This provider process all data on our behalf and is subjected to a strict data processing agreement to ensure the security of the processing in accordance with the requirements of the GDPR.


Within the Quandoo Group of Companies

We are part of a worldwide group of affiliated companies of Quandoo GmbH, KulturBrauerei, Schönhauser Allee 36, 10435 Berlin, Germany ("Quandoo DE"). Quandoo DE itself is a wholly owned subsidiary of Recruit Holdings Co., Ltd, 8-4-17 Ginza, Chuo-ku, Tokyo 104-0061 Japan ("Recruit"). Accordingly, we are obliged to provide Quandoo DE or Recruit with certain information either in accordance with legal reporting requirements or in the normal course of business as a global company. As a rule, all business intelligence data is anonymised to ensure that your right to privacy is respected. However, Quandoo DE or Recruit may also have access to personal, non-anonymised information, such as an internal audit or an audit required by public authorities.

 

Do we transfer your data to countries outside the EU or the EEA?

We do not host your data in countries outside of the EU (so-called "third-countries") and all our servers are located in the EEA (Ireland, to be precise). In some cases, however, we do transfer your data to third countries. In these cases we make sure that the data transfer complies with all applicable legal obligations.


How long will my data be stored?

We process and store your personal data as long as this is necessary for compliance with our contractual or statutory obligations. Afterwards the data is deleted.

 

How do I request the deletion of my account?

As soon as the contract with you is terminated, your user account will be automatically deleted. This means that your restaurant will no longer be bookable via Quandoo.

 

Do I have to provide data? What happens if I do not provide my data or no longer provide it?

You are not legally obliged to provide us with the personal data specified in this Privacy Policy.


What rights do I have in relation to processing?

You may assert the following rights against us pursuant to the UK GDPR:

  • your right to information under Article 15 UK GDPR
  • your right to rectification under Article 16 UK GDPR
  • your right to erasure under Article 17 UK GDPR
  • your right to restriction of processing under Article 18 UK GDPR
  • your right to data portability under Article 20 UK GDPR
  • your right of objection pursuant to Article 21 UK GDPR

Moreover, you have a right to complain to the competent data protection supervisory authority (Article 77 UK GDPR).

You can revoke your consent to the processing of your personal data at any time. However, such revocation is only effective for the future. Any data processing that took place before revocation will not be affected by this.


Information on your right to object pursuant to Article 21 UK GDPR

1. Right of objection in individual cases

In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Art. 6 (1) UK GDPR (data processing in the public interest) and Art. 6 (1) (e) GDPR (data processing on the basis of a reconciliation of interests); this also applies to the profiling based on this provision within the meaning of Art. 4 (4) UK GDPR. If you object, then we will no longer process your personal data unless we can prove that there are compelling reasons for processing that override your interests,  rights and freedoms, or that the processing serves to assert, exercise or defend legal claims. Please also refer to the information in Section 8 of this Privacy Policy: If we terminate the processing due to your objection, it may be that the platform can no longer be made available to you or only to a limited extent.


2. The right to object to the processing of data for advertising purposes

You also have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing (including a subscription to our newsletter); this also applies to profiling insofar as it is associated with such direct marketing. If you object, then we will no longer process your personal data in the future. The objection can be made informally and should be sent to the following address: dataprotection.UK@quandoo.com


Quandoo Cookie Policy

Cookies and other tools on the Quandoo platform

This information complements the Privacy Policy. Below, we provide you with a list of all the cookies and other web tracking tools provided on our platform either by us orby third parties.

We use the following types of cookies only within the scope of legal regulations and on the basis of the legal foundations specified:

  • Necessary cookies: Necessary cookies enable the basic functions on a homepage, such as its navigation or access to protected areas. Our homepage does not function without cookies, or only in a limited manner, meaning that these cookies cannot be deactivated. These cookies are therefore used to execute the contract concluded with you through the use of our website (Article 6 (1) (b) UK GDPR).
  • Preference cookies: Preference cookies help us to improve functionality and personalisation. For example, settings can be stored regarding the preferred language. The cookies are used by us or by third parties integrated by us. If they are "first-party cookies", we use the cookies on the basis of our legitimate interest in presenting our website as user-friendly (Article 6 (1) (f) UK GDPR). In all other cases, the legal basis is your consent (Article 6 (1) (a) UK GDPR).
  • Statistics cookies: Statistics cookies help us to understand how our users interact with the website. For example, this means that we can analyse how users access our website and how they use it. We use these cookies on the basis of our legitimate interest in the statistical evaluation of the use of our website or your consent (Article 6 (1) (a) and (f) UK GDPR).
  • Marketing cookies: Marketing cookies help us to track users via various channels and address them in a targeted manner. The aim is to only display interesting and relevant promotional content for users. This is done solely on the basis of your consent (Article 6 (1) (a) UK GDPR).

The following applies to all of the tools specified below:

Consent granted once for the collection of data using the tools stated can be withdrawn using the relevant setting in the cookie settings. You can object to data processing on the basis of our legitimate interest by using the relevant opt-out option specified below. In addition, you can prevent the acceptance of cookies by adjusting your browser settings so that no cookies are accepted at all. However, if you configure this setting in this way, you may not be able to use certain current or future elements of our website.


Quandoo's own cookies (referred to as "first-party cookies"):

Name booksession

Lifespan 90 days

Purpose helps to validate the respective user session

Users can prevent the acceptance of first-party cookies by adjusting their browser settings so that no cookies are accepted at all. However, if you configure this setting in this way, you may not be able to use certain current or future elements of our website.


Cookies and plugins provided by third parties (referred to as "third-party cookies")

Furthermore, we also use the following cookies and tools from third-party providers:


Google Analytics

Our platform uses the web analysis service Google Analytics, from Google LLC, 1600 Amphitheatre Parkway MountainView, California 94043, USA, for the purpose of analysing and continuously optimising our website.

Google Analytics uses cookies which allow website use to be analysed (e.g. sites surfed by you, conversions, your  interactions with our webpages, technical information of your browser, shortened IP-address). Pseudonymised user profiles are created for this purpose. We use Google Analytics only with activated IP anonymisation. Furthermore, we use the User-ID function. This function allows us to assign sessions and all activities during those sessions to a permanent User ID. It is therefore possible to analyse user behaviour across different devices.

You can prevent cookies from being stored by configuring the operating system settings on your browser or mobile device or within our cookie consent management tool accordingly. However, please bear in mind that, in this case, you may not be able to make full use all of the functions on our platform. You can also prevent the data produced by the cookie and information relating to your use of our website (including your IP address) being collected by Google and being processed by Google by downloading and installing the browser plug-in.

Further information on conditions of use and data protection can be found in Google Analytics Terms of Service and Google Privacy Policy

Legal basis: Article 6 (1) (a) GDPR (consent).


HubSpot

We use the services of HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany, a subsidiary of the PrivacyShield certified HubSpot Inc. Hubspot helps us build landing pages and analyse the use of these pages. For this purpose, Hubspot collects certain usage data from your use of the respective pages (e.g. average time on the website, click behaviour, bounce and exit rates, IP address, geolocation data such as your city) which are then stored in user profiles under a pseudonym. We base this data processing on our legitimate interest to optimise our offer to you. If you wish to opt out of this data collection, you can adjust your cookie settings accordingly. Furthermore, we use Hubspot to contact you when you use the contact form or subscribe to our newsletter.

You can find more information about the data processing for this purpose in our privacy policy above. More information about Hubspot can be found in HubSpot Privacy Policy.

Legal basis: Article 6 (1) (a) UK GDPR (consent).


Hotjar

We use the technology service Hotjar, from Hotjar Ltd. Level 2, St Julian's Business Centre, 3, Elia Zammit Street, StJulian's STJ 1000, Malta, to better understand the needs of our users and to optimise this service. For example, Hotjar shows us how much time is spent on which websites, which links users click on, what users like and dislike, and allows us to develop and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users' behaviour and their devices (notably the device IP address (collected and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor ourselves will ever use this information to identify individual users or to verify additional data on an individual user. Further information can be found in the Hotjar Privacy Policy.

You can object to the creation of a user profile, the storage of data on your use of our website by Hotjar and the use of tracking cookies by Hotjar on other websites by opting out

Legal basis: Article 6 (1) (a) UK GDPR (consent).


Cookiebot

To manage your cookie preferences, we use the tool Cookiebot from Cybot A/S Havnegade 39, 1058 Copenhagen, Denmark. The cookie settings selected by you are stored with the aid of a cookie. You can find further information on data privacy in Cookiebot Privacy Policy.

Legal basis: Article 6 (1) (b) UK GDPR (contract).


Google Ads & Google Remarketing

With Google Ads & Google Remarketing, users who have already visited our platform and are interested in the relevant offer can be addressed again by targeted advertising on the pages of the Google partner network. Advertising is inserted with the aid of cookies.

If you do not wish to receive interest-related advertising, you can deactivate the use of cookies for these purposes. Both services are subject to the Google Privacy Policy available for download.

Legal basis: Art. 6 (1) (a) UK GDPR (consent).


Google Marketing Platform

Google Marketing Platform enables its users to place ads on their websites. Advertisers can determine how often, when, and for how long ads are displayed in a browser, and use cookies to facilitate behavioural targeting by indicating which areas of a website you are browsing. A pseudonymised identification number is assigned to your browser in order to check which advertisements are displayed in your browser and which have been accessed. The cookies do not contain any personal data.

You can deactivate the use of cookies by Google for such purposes. Both services are subject to the Google Privacy Policy available for download.

Legal basis: Art. 6 (1) (a) UK GDPR (consent).


Facebook retargeting

We cooperate with Facebook Inc., 1601 South California Avenue, Palo Alto, California 94304, USA, in order to address users again on Facebook. For this purpose, we have integrated Facebook Pixel into our websites. When you visit websites with one of these integrated pixels, non-personal data is automatically transmitted to Facebook for analysing and marketing purposes, which is assigned a user ID by Facebook. As soon as you register with Facebook, Facebook assigns the transmitted data to your Facebook profile and assigns you to certain groups based on your surfing behaviour (so-called custom audiences).

For further information on the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your settings options for protecting your privacy, please refer to the Facebook Privacy Policy which can be found in Ad Settings and Data Policy. If you wish to object to the use of the user-defined website from Facebook, you can do this via Ad Settings

Legal basis: Article 6 (1) (a) UK GDPR (consent).


Geo Targetly

Geo Targetly, provided by V&T Technologies Pty. Ltd., Level 23 - HWT Tower, 40 City Road, Southbank VIC 3006, Melbourne, Australia, enables us to redirect users to our correct market-specific websites based on country, state or city. The purpose is to boost user experience by redirecting to pages with location-specific content. To achieve this, GeoTargetly uses cookies to monitor user behaviour and location. Data processed for such purposes are website visitor behaviour, IP addresses, browser URLs, Wi-Fi- and GPS signals.

Further information can be found in Geo Targetly Privacy Policy.

Legal basis: Article 6 (1) (a) UK GDPR (consent).


Affiliation Networks

We cooperate with various affiliation and display / native ad networks that allow us to display various advertising materials such as banners or other promotional content on so-called publisher websites. Cookies are used to record which users came to our site via the respective advertising medium clicked on and then made a reservation. These cookies do not contain any personal data, but only a pseudonymous user and, in case of affiliation networks, reservation ID, which make it possible to assign them to the respective network. This information is required for the purpose of reporting and payment processing with the relevant network.

Legal basis: Art. 6 (1) (a) UK GDPR (consent).

Tool Tradedoubler

Privacy Policy

Opt-Out


Intercom

We use the "Intercom" tool (Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111 USA as well as 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2, hereinafter "Intercom") to communicate and provide support to our users. Intercom allows us to contact you directly to answer your questions and help you use our Services. Through the use of Intercom, we collect information such as your email address, name, IP address, and the communication content you share with us. This information is used to provide you with better service and to respond to your inquiries. We have entered into an order data processing agreement with Intercom and implemented EU standard contractual clauses to ensure a sufficient level of data protection. We store communications and chat content for a period of 6 months to ensure that we can resolve any concern. After this period, all related personal data will be deleted. Read more on data protection.

Legal basis: Article 6 (1) (a) UK GDPR (consent).


SmartRecruiters

For recruiting, we use SmartRecruiters, Inc., 225 Bush Street, Suite #300, San Francisco CA 94104 US. This provider uses cookies, to optimise the offer to the user and guarantee an optimised experience on our career page. More information in SmartRecruiters Privacy Policy.

Legal basis: Article 6 (1) (a) UK GDPR (consent).


YouTube

You can find embedded videos of YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website- YouTube uses cookies in order to track the user's interaction with its videos. Based on that, YouTube processes for example user preferences, location and other information and stores them under an Identifier. Read more on data protection.

Legal basis: Article 6 (1) (a) UK GDPR (consent).

 

Calendly

We offer our partner restaurants to book appointments with us via the tool Calendly. For this purpose, we will send you a message with the option to select an available appointment via Calendly. You will be redirected to the website calendly.com of the company Calendly, LLC, 115 E. Main Street Suite A1B, Buford, Georgia, 30158, USA when clicking the respective button. When making an appointment, it is generally necessary to provide personal data (name and email address). When booking an appointment via Calendly, your data entered on the Calendly website will be passed on to us by Calendly and stored and processed by us in order to carry out the appointment. Regarding the processing of your data by Calendly itself, we refer to the privacy policy of Calendly

Legal basis: Article 6 (1) (a) UK GDPR (consent).