Privacy Policy

1. Introduction

  1. This privacy notice (notice) applies to the processing of personal data by Arcade Opco Ltd and Arcade SBPS 22 Ltd (company number 11864283 / 12969926) and member of the Arcade Food Hall (as set out in Section 1.4) in connection with the processing of personal data on this website, including any personal data you may provide though the use of the website when you sign up to receive newsletters, make online booking reservations at our restaurants, buy gift cards or use our contact forms (referred to through this notice as this Website).
  2. Arcade Opco Ltd and Arcade SBPS 22 Ltd are registered with the Information Commissioner’s Officer with registration number ZA243678.
  3. This Website is not intended for children and we do not knowingly collect personal data relating to children.
  4. References in this notice to “you” or “your” are references to individuals who use this Website and references in this notice to “Arcade Food Hall”, “we”, “us” or “our” are references to Arcade Opco Ltd and Arcade SBPS 22 Ltd.
  5. This notice is issued on behalf of Arcade Opco Ltd and Arcade SBPS 22 Ltd as controllers. Unless we notify you otherwise at the time your personal data is collected, Arcade Opco Ltd and Arcade SBPS 22 Ltd is the controller for your personal data.

2. Purpose of this notice

This notice aims to give you information about how AFH collects and processes your personal data when you use this Website. It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.

3. How to make a complaint about the use of your personal data by us

If you have any concerns or questions about this notice, including any requests to exercise your rights, please contact us using the contact details set out below:

A: Arcade Opco Ltd t/a Arcade Food Hall, 46a Carnaby Street London W1F 9PS

If you are unhappy with how we process your personal data you can contact the Information Commissioner’s Office to make a complaint directly (www.ico.org.uk). However, we would encourage you to contact us in the first instance so we may resolve any issues you have.

4. Changes to the notice or to your personal data

  1. This notice takes effect from 25 May 2018. We will inform you of any changes made to this notice by posting these on this Website or emailing or posting a copy to you.
  2. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

5. Third party links

  1. This Website may include links to third-party websites (including social media sites), plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave this Website, we encourage you to read the privacy notice of every website you visit.

6. The personal data we collect about you

  1. Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).
  2. Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
  3. We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this notice.
  4. We do not collect any special categories of personal data about you through this Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
  5. We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this notice:
    Contact Data including your address, email address and telephone numbers
    Financial Data includes bank account and payment card details
    Identity Data including your first name, last name and title
    Marketing and Communications Data including your marketing and communication preferences
    Profile Data including your purchases or reservations made by you
    Technical Data includes information collected when you access this Website your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using
    Transaction Data includes details about payments from you and other details of products you have purchased from us for example, gift cards
    Usage Data information about how you use this Website

7. If you fail to provide personal data to us

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with a gift card you have requested to purchase). In this case, we may have to cancel your purchase with us or decline to enter into a contract with you but we will notify you if this is the case at the time.

8. How your personal data is collected

  1. We use different methods to collect personal data from and about you, including through the channels set out below.
    1. Direct interactions: You give us your Contact Data, Identity Data and Profile Data directly, for example, when you:
      1. make a reservation for one or our restaurants who are part of our Group;
      2. submit a contact form on this Website; or
      3. visit one of our restaurants and sign up to use the free Wifi provided (please note additional terms will also be provided at the point you sign-up to use our Wifi); or
      4. request marketing to be sent to you for example a newsletter or special offers.
    2. When you visit some of our websites you will have the ability to purchase a gift card and /certain products and gifts through those websites. To the extent that you are purchasing any gift cards, products or services through this Website, we will also use your Financial and Transaction Data.
  2. Automated technologies or interactions: We receive Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy for further details of the information collected.
  3. Third parties or publicly available sources: We receive Technical Data from analytics providers for example Google Analytics.

9. How we use your personal data

  1. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
    1. Where we need to perform the contract we are about to enter into or have entered into with you (for example to fulfil on the purchase of a gift card through this Website or to book a table for you).
    2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example it is within our legitimate interests to know who has made a booking at one of our restaurants).
    3. Where we need to comply with a legal or regulatory obligation to which we are subject.
    4. In certain circumstances we may rely on your consent to process your personal data, for example for certain email marketing.
  2. Section 11 below sets out further information about the legal bases that we rely on to process your personal data.
  3. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

10. How we use Cookies on this Website

More information about Cookies and how we use these on this Website can be found here

11. How we will use your personal data

  1. We set out below, in a table format, a description of the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate, we have also identified our legitimate interests in processing your personal data.
  2. We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data. Please contact us at hello@arcade-london.com if you need further details about the specific legal basis we are relying on to process your personal data where more than one legal basis has been set out in the table below.
    Purpose and/or activity Type of data Legal basis for processing
    To notify you about changes to this Website, our terms and conditions or privacy notice
    • Contact Data
    • Identity Data
    • Profile Data
    • Necessary to comply with a legal or regulatory obligation
    • Necessary for our legitimate interests: to ensure that you have the most up-to-date terms regarding the use of this Website and to ensure that this Website is functioning as intended and if this can be improved
    To manage our relationship with you which will include notifying you of any changes to terms and conditions or privacy policy

    To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
    • Contact Data
    • Identity Data
    • Profile Data
    • Technical Data
    • Usage Data
    • Necessary to comply with a legal or regulatory obligation
    • Necessary for our legitimate interests: ensuring the efficient and secure running of this Website, including through maintaining information technology services, network and data security and improving
    To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you
    • Contact Data
    • Identity Data
    • Profile Data
    • Technical Data
    • Usage Data
    • Necessary for our legitimate interests: reviewing how visitors and customers use this Website, improving this Website and identifying ways to grow our business
    To make suggestions and recommendations to you about services or content that may be of interest to you
    • Contact Data
    • Identity Data
    • Marketing and Communications Data
    • Profile Data
    • Technical Data
    • Usage Data
    • Necessary for our legitimate interests: developing our services and growing our business
    To use data analytics to improve this Website, our services, marketing, customer relationships and experiences
    • Technical Data
    • Usage Data
    • Necessary for our legitimate interests: reviewing how visitors and customers use this Website, improving this Website and identifying ways to grow our business
    To process any purchase from this Website for example gift cards and products
    • Identity Data
    • Contact Data
    • Financial Data
    • Transaction Data
    • Profile Data
    • Usage Data
    • Marketing and Communications Data
    • Necessary to perform a contract: to provide you with a gift card or products once purchased.
    To monitor and manage any reservation you make at one of our restaurants
    • Identity Data
    • Contact Data
    • Technical Data
    • Profile Data
    • Usage Data
    • Marketing and Communications Data
    • Necessary for our legitimate interests: to make a reservation for you at one of our restaurants in line with your request and contact you in regard to your booking.
    If you make a reservation for one of our restaurants for a Group over 8 people, we may require a deposit from you, which will include us collecting your Financial Data and Transaction Data
    • Identity Data
    • Contact Data
    • Financial Data
    • Contractual Necessity
    If you visit one of our restaurants, and sign up to use the free Wifi provided
    • Contact Data
    • Identity Data
    • Marketing and Communications Data
    • Technical Data
    • Necessary for out legitimate interests: to monitor who is accessing our free Wifi service, and how they are using such service.

12. Change of purpose

  1. We will only use your personal data for the purposes for which we collected it as detailed in Section 9 and Section 11, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at hello@arcade-london.com.
  2. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

13. Marketing and exercising your right to opt-out of marketing

  1. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
  2. We may use your Identity, Contact, Technical Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which restaurants we believe will be of interest to you.
  3. You will receive marketing communications from us if you have requested information from us or purchased goods from us and, in each case, you have not opted out of receiving that marketing.
  4. You can ask us to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you. You can also opt-out by contacting us at any time at hello@arcade-london.com.Third-party marketing

We do not share your personal data with any organisations outside of the Group for marketing purposes. We will get your express opt-in consent before we share your personal data with any company outside of the Group for marketing purposes.

14. Disclosures of your personal data

  1. We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data, as detailed in Section 9 and Section 11.
    1. Your personal data will be shared within our Group. We share your personal data between our Group to ensure the efficient operation of the Group for instance, to provide the highest quality of service across our restaurants.
    2. Where required, we will disclose your personal data to:
      1. any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
      2. our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us; and
      3. service providers who provide information technology and system administration services to us.
    3. We may share your personal data with persons or entities outside of the Group to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this notice.
  2. We require any person or entity to whom we disclose personal data pursuant to this Section 14 to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your personal data to use it for their own purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
  3. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with their instructions.

15. International transfers

  1. In some cases, the parties who we use to process personal data on our behalf are based outside the European Economic Area (EEA), therefore their processing of your personal data will involve a transfer of such data outside the EEA.
  2. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
    1. we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
    2. where we use certain service providers, we may use specific contracts approved by the European Commission which gives personal data the same protection it has within the EEA; and
    3. where we use providers based in the US, we may transfer personal data to them if they are certified under the EU-US Privacy Shield which requires certified providers to have in place and maintain a similar level of protection to the personal data as if it was processed within the EEA.
  3. Please contact us at hello@arcade-london.com if you would like further information about the specific mechanism used by us when transferring your personal data out of the EEA.

16. Data security

  1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  2. We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
  3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

17. Data retention

  1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims.
  2. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  3. If we have your personal data, and you have not been active on our website for a period of 6 months, we will delete your personal data.
  4. Details of retention periods for cookies on this website are set out in our Cookie Policy. If you would like to know more about the retention periods we apply to your personal data, please contact us at hello@arcade-london.com.
  5. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

18. Your legal rights

  1. Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is the Group’s policy to respect your rights and the Group will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
  2. Details of your rights are set out below:
    1. right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
    2. right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
    3. right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
    4. right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
    5. right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
    6. right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
    7. right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
  3. You may exercise any of your rights at any using the contact details set out in Section 3. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
  4. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  5. We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
ajax-loader.gif