Dumfries & Galloway College (the College) is providing you with this information to comply with data protection law to ensure that you are fully informed and that we are transparent in how we collect and use your personal data.
Your privacy and trust are very important to us and this Privacy Notice provides essential information about how the College handles your personal data and the rights you have in relation to how we use your data. The College is committed to complying with all applicable Data Protection legislation.
Who are we?
Dumfries & Galloway College is the ‘Controller’ and is responsible for looking after the personal data that you provide.
Dumfries & Galloway College
For any queries or concerns about how your personal data is being processed you can contact the Data Protection Officer (DPO) at email@example.com.
The personal information we collect:
The following information will be processed:
- Name and title
- Contact details (phone number and email address)
- Booking details (date, time, party size, dietary requirements)
- Details of source referral
- Financial transaction data (including payment card details)
- Your preferences (direct marketing purposes)
Purpose for processing – why do we collect information about you?
We collect and use your information for the following purposes:
- To confirm your reservation and related notifications
- To contact you to discuss dietary requirements
- To process payment in exchange for services
- To add you to our client database
- To consider concerns or complaints
- Direct marketing: to send you promotional e-communications, if you consent to this
- Request feedback on your restaurant experience through electronic surveys
Our lawful bases (reason) for processing your information are:
- Contract: Collecting your personal information is necessary to create a reservation and therefore for the performance of the contract we have with you to provide restaurant services.
- Public task: This is out additional lawful basis for handling any complaints in line with the Scottish Public Services Ombudsman Act 2002 and in accordance with the Model Complaints Handling Procedure.
- Legal Obligation: Financial transaction data is kept in line with FCA guidelines.
- Explicit Consent: This is our additional lawful basis for processing special category data regarding food allergies and intolerances you may share. Please be aware if you do not disclose food allergies or intolerances in advance of your visit, we may not have adequate ingredients or resources to accommodate last-minute requests.
- Consent: If you opt-in to receive marketing communications, then we will process this under the lawful basis of your consent. You can withdraw your consent at any time by emailing firstname.lastname@example.org.
- Legitimate interests: It is the legitimate interest of the College to request and obtain feedback on your dining experience via paper surveys as your views and ideas may help to improve the running of the restaurant and the services offered. Completion of surveys is optional, and you can opt out with the option at the bottom of any survey to decline your future participation.
The legitimate interest(s) of the controller or third party is/are:
The processing is undertaken under the legitimate interest of: Dumfries and Galloway College.
Summary of legitimate interest: to gather feedback to inform improvements.
How do we collect it?
Your personal information is collected when you enquire about our services in person, on the phone or via email.
If you were to withhold the information we require for this process, the consequences would be:
We would not be able to accommodate your booking.
Who do we share your information with?
Your data will be shared with IT system providers of the restaurant reservation system and client database.
Payments received by debit or credit card will be processed by Clover payment processing company, and the use of personal data can be read in their privacy notice.
Details of data transfers to any third countries or international organisations
Your information will not be shared outside of the UK.
How do we look after your information and how long do we keep it for?
We will take all reasonable steps to prevent the loss, misuse or alteration of information you give us. Your personal information will be stored securely and will only be accessed by authorised staff, agents, contractors and other organisations who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality and must comply with data protection law.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your information will be kept in line with the College’s data retention schedule and then will be destroyed confidentially.
- Booking reservations – your contact reservation details are added to our client database and held for 6 years from the date of your last visit.
- Restaurant receipts – will be stored for 2 years.
- Marketing details – your data will be held for 2 years if you consent to marketing.
- Survey responses – will be stored for 12 months.
Automated decision making processes, including profiling
We do not use any automated decision making about you.
Under Data Protection laws you have certain rights in relation to how the College manages and uses your personal information:
- The right to be informed (this is the Privacy Notice)
- The right to access your personal data
- The right to rectification if the personal data we hold about you is incorrect
- The right to restrict processing of your personal data
In addition the following rights apply only in certain circumstances:
- The right to withdraw consent at any time (if consent is our lawful basis for processing your data)
- The right to request erasure (deletion) of your personal data
- The right to data portability
For more information about your rights please see www.ico.org.uk.
If you have any issues about this notice or the way the College has handled your personal information, please contact our Data Protection Officer in the first instance:
Or write to:
Data Protection Officer
Dumfries & Galloway College
Complaints to UK Information Commissioner’s Office (ICO)
If you are dissatisfied with the response from the College you have the right to lodge a complaint with the Information Commissioner’s Office about our handling of your data:
You can do this online: ICO Online
By telephone: 0303 123 1113
Or write to:
Information Commissioner’s Office