Call Us
The Saffron Table

Privacy Policy

Last Updated: January 1, 2025

The Saffron Table ("we," "our," or "us") operates the website at your-domain.com. We are committed to protecting your personal data and respecting your privacy rights. This policy explains what information we collect, how we use it, and the rights you have regarding your data under the General Data Protection Regulation (GDPR) and other applicable privacy legislation.

1. Data Controller

The Saffron Table is the data controller responsible for your personal information. If you have any questions or concerns about this policy or our data practices, please contact us using the details provided in Section 9 below.

2. Information We Collect

We collect information in the following ways:

a) Information You Provide Directly

  • Contact & Enquiry Forms: Name, email address, phone number, and message content when you contact us.
  • Reservation Requests: Name, contact details, date, time, party size, and dietary requirements when booking a table.
  • Newsletter Sign-Up: Email address and name if you subscribe to our mailing list.
  • Order & Payment Data: If online ordering is available, billing address and payment information (processed securely via third-party payment processors — we do not store full card details).

b) Information Collected Automatically

  • Usage Data: IP address, browser type, operating system, referring URLs, pages visited, and time spent on pages.
  • Cookies & Tracking Technologies: As described in Section 4 below.
  • Log Files: Server logs recording site activity for security and performance monitoring.

3. How We Use Your Information

We process your personal data for the following purposes and legal bases:

Purpose Legal Basis (GDPR)
Responding to enquiries and reservations Legitimate Interests / Contractual Necessity
Processing orders and payments Contractual Necessity
Sending marketing emails and newsletters Consent (withdrawable at any time)
Improving website performance and user experience Legitimate Interests
Complying with legal obligations Legal Obligation
Security monitoring and fraud prevention Legitimate Interests

4. Cookies

Our website uses cookies — small text files stored on your device. We use:

  • Essential Cookies: Required for the website to function correctly (e.g., session management). These cannot be disabled.
  • Analytics Cookies: We use Google Analytics to understand how visitors interact with our site. Data is anonymised where possible. You may opt out via Google's opt-out tool.
  • Functional Cookies: Remember your preferences to enhance your experience (e.g., language settings).
  • Marketing Cookies: Used only with your explicit consent to deliver relevant advertising.

You can control cookies through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality. For more information, visit allaboutcookies.org.

5. Third-Party Services & Data Sharing

We may share your data with trusted third parties only where necessary:

  • Google Analytics & Google Maps: For website analytics and location services. Subject to Google's Privacy Policy.
  • Payment Processors: (e.g., Stripe, PayPal) for secure transaction processing. We do not receive or store full payment card details.
  • Email Marketing Platforms: (e.g., Mailchimp) for sending newsletters — only to subscribers who have given explicit consent.
  • Reservation Systems: Third-party booking tools used to manage table reservations.
  • Hosting & IT Providers: Our website hosting provider who maintains data security standards.
  • Legal Authorities: Where we are required to disclose data by law, court order, or regulatory authority.

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

6. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy:

  • Enquiry & Contact Data: Up to 12 months after last contact, unless an ongoing relationship exists.
  • Reservation Data: Up to 24 months for operational and safety records.
  • Transaction & Financial Records: 7 years to comply with legal and accounting obligations.
  • Marketing Email Lists: Until you withdraw consent or unsubscribe.
  • Website Analytics Data: Typically 26 months (Google Analytics default), anonymised after this period.

After the relevant retention period expires, data is securely deleted or anonymised.

7. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include SSL/TLS encryption for data transmission, secure server environments, restricted staff access on a need-to-know basis, and regular security reviews. While we strive to protect your data, no internet transmission is completely secure; we cannot guarantee absolute security.

8. Your Rights Under GDPR

If you are located in the EEA, UK, or a jurisdiction with applicable privacy law, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data where there is no legitimate reason for us to continue processing it ("right to be forgotten").
  • Right to Restrict Processing: Ask us to pause processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
  • Right to Lodge a Complaint: You have the right to complain to your national data protection supervisory authority (e.g., the ICO in the UK at ico.org.uk).

To exercise any of these rights, please contact us using the details in Section 9. We will respond within 30 days and may require identity verification before processing your request.

9. Contact Us

For any privacy-related questions, requests, or concerns, please contact our Data Privacy representative:

The Saffron Table

📧 Email: [email protected]

🌐 Website: your-domain.com

📬 Postal Address: [Restaurant Address], [City, Postcode, Country]

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or via a notice on our website. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

This Privacy Policy was last reviewed and updated on January 1, 2025. © 2026 The Saffron Table. All rights reserved.