Black Oak Tavern

Privacy Policy

Last updated: [Insert Date]

  1. Introduction

This Privacy Policy explains how Black Oak Tavern ("we", "us", or "our") collects, uses, discloses, and protects your personal data when you visit our restaurant, use our website, make a reservation, or otherwise interact with us. We are committed to safeguarding your privacy and handling your information in a lawful, fair, and transparent manner.

We operate in England and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

  1. Who we are

Black Oak Tavern Category: Restaurant Region: England

We are the data controller for the personal data we process in connection with our business operations.

  1. Personal data we collect

We may collect and process the following categories of personal data:

3.1 Identification and contact details

  • Name
  • Email address
  • Telephone number
  • Postal address (where applicable)

3.2 Booking and visit information

  • Reservation details (date, time, party size)
  • Special requests (e.g. seating preferences)
  • Information about events or private bookings

3.3 Payment information

  • Limited payment details required to process your payment (for example, last four digits of your card number, payment method, transaction amount and date)
  • We do not store full card details; card payments are processed by secure, third‑party payment providers.

3.4 Dietary and health-related information (special categories of data)

  • Dietary preferences
  • Food allergies or intolerances
  • Other relevant health information you choose to share with us (for example, accessibility requirements)

We only collect this information when you voluntarily provide it so we can accommodate your needs. We process this data on the basis of your explicit consent and our legitimate interest in ensuring your safety and comfort.

3.5 Marketing and communication data

  • Your preferences for receiving marketing communications
  • Records of your consent to marketing
  • Your communication history with us (emails, enquiries, feedback)

3.6 Technical and usage data (when you use our website or online services)

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring website
  • Pages you visit on our site, time and date of visit, time spent on pages
  • Cookies and similar tracking technologies (see section 9)
  1. How we collect your data

We may collect your personal data in the following ways:

  • Directly from you when you:
    • Make a reservation (online, by phone, or in person)
    • Dine at our restaurant
    • Contact us by email, phone, social media, or through our website
    • Sign up for our newsletter or marketing communications
    • Participate in a survey, promotion, or competition
    • Leave a review or provide feedback
  • Automatically when you:
    • Visit our website (via cookies, server logs, and similar technologies)
  • From third parties, such as:
    • Reservation and booking platforms
    • Payment service providers
    • Social media platforms (in accordance with their privacy policies and your settings)
  1. Legal bases for processing

We process your personal data only where we have a lawful basis to do so, including:

  • Contract: To enter into and perform our contract with you, for example to manage reservations, process payments, and provide our services.
  • Legitimate interests: To operate, improve, and secure our business (for example, managing bookings efficiently, responding to enquiries, preventing fraud, ensuring network security), provided your interests and fundamental rights do not override those interests.
  • Legal obligation: To comply with applicable laws and regulations, such as tax and accounting obligations, health and safety requirements, or responding to lawful requests from authorities.
  • Consent: Where required, for example for certain types of marketing communications or the processing of special category data such as allergy information. You can withdraw your consent at any time (see section 10).
  1. How we use your personal data

We may use your personal data for the following purposes:

  • To manage your reservations and bookings
  • To provide our restaurant services and customer support
  • To process payments and issue receipts or invoices
  • To communicate with you about your booking, enquiries, or complaints
  • To manage dietary requirements, allergies, and accessibility needs
  • To send you marketing communications (where permitted by law and in line with your preferences)
  • To improve our services, menu offerings, and customer experience
  • To operate and improve our website, including analysing usage patterns
  • To maintain the security of our systems, premises, and data
  • To comply with legal and regulatory obligations
  • To establish, exercise, or defend legal claims
  1. Sharing your personal data

We do not sell your personal data. We may share your data with:

7.1 Service providers (processors) Trusted third parties who provide services to us, such as:

  • Reservation and booking systems
  • Payment processors
  • IT and website hosting providers
  • Email and marketing platforms
  • Professional advisers (e.g. accountants, legal advisers, insurers)

These parties are required to process your data only on our instructions and to implement appropriate security measures.

7.2 Other third parties

  • Law enforcement, regulators, government authorities, or courts where we are legally required to do so or where it is necessary to protect our rights, property, or safety or that of others.
  • Successors in title in the event of a business sale, merger, restructuring, or similar transaction, in which case your personal data may be transferred as part of the business assets, subject to appropriate safeguards.
  1. International data transfers

We primarily process your personal data within the UK. If we transfer personal data outside the UK (for example, when using service providers located abroad), we will ensure appropriate safeguards are in place, such as:

  • An adequacy decision by the UK government; or
  • Standard contractual clauses or other lawful transfer mechanisms.

You may contact us for more information about the safeguards applied to international transfers of your personal data.

  1. Cookies and similar technologies

Our website may use cookies and similar technologies to:

  • Ensure the site functions correctly
  • Remember your preferences
  • Analyse website traffic and usage patterns
  • Improve the performance and usability of the site

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings and, where available, our cookie banner or settings tool. Disabling some cookies may affect the functionality of the website.

  1. Your rights

Under UK data protection law, you have certain rights regarding your personal data. Subject to conditions and legal limitations, these include:

  • Right of access: To obtain confirmation as to whether we process your personal data and to receive a copy of that data.
  • Right to rectification: To have inaccurate or incomplete personal data corrected.
  • Right to erasure: To request deletion of your personal data in certain circumstances (also known as the "right to be forgotten").
  • Right to restriction of processing: To request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: To receive your personal data in a structured, commonly used, and machine‑readable format and have it transmitted to another controller where technically feasible.
  • Right to object: To object to our processing of your personal data where we rely on legitimate interests or where we use your data for direct marketing.
  • Rights related to consent: Where we process data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

To exercise these rights, please contact us using the contact details provided in section 13. We may need to verify your identity before fulfilling your request. We aim to respond within one month, or longer if your request is complex, in which case we will inform you of any delay.

  1. Data security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include, where appropriate:

  • Access controls and authentication
  • Secure networks and encryption in transit where reasonable
  • Regular updates and maintenance of our systems
  • Staff training on data protection and confidentiality obligations

While we strive to protect your personal data, no system can be completely secure. You share information with us at your own risk.

  1. Data retention

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Retention periods may vary depending on the type of data and the purpose of processing. For example:

  • Reservation and transaction records: retained for the period required for tax and accounting purposes and to handle any disputes.
  • Marketing data: retained while you remain subscribed or until you withdraw consent or object to processing, plus a short period to implement your request.

When personal data is no longer required, we will securely delete or anonymise it.

  1. Contact us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your data protection rights, please contact us using the contact details made available on our website or at our premises.

Please include enough information to allow us to identify you and respond to your enquiry.

  1. Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK data protection authority:

Information Commissioner's Office (ICO) Website: https://www.ico.org.uk Telephone: 0303 123 1113 (within the UK)

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons. The updated version will be posted on our website with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

We respect your privacy at Black Oak Tavern

Black Oak Tavern uses cookies and similar technologies to improve your browsing experience, analyse how our website is used, and help us tailor content and offers that are relevant to you. We only process personal data that is necessary for reservations, communication, and essential analytics, and we do not sell your information to third parties. You can read our full Privacy Policy at any time to understand what data we collect, why we collect it, and how you can manage or withdraw your consent. By choosing to accept, you agree to the use of cookies described there. View full Privacy Policy