1.ABOUT THIS POLICY
2.WHAT IS PERSONAL DATA?
Personal data is any data relating to an identified or identifiable natural person who can be directly or indirectly identified from that data, for example, information such as your name, identification number or location data.
3.WHO ARE WE?
Roberto’s is a restaurant and lounge located in Dubai International Financial Centre (DIFC). We are part of the Skelmore Group.
We are authorised and regulated by the Dubai Financial Services Authority (“DFSA”) and our registered address is: Gate Village Building No. 1, DIFC, Dubai, UAE. Roberto’s is registered with the DIFC Data Protection Commissioner (the body that administers Data Protection Law and supervises businesses for compliance with data protection obligations) as a Data Controller. A Data Controller determines the purposes and means of the processing of personal data.
4.SCOPE OF POLICY
This policy applies to personal data that we collect from visitors and customers through our website https://robertosrestaurants.com/dubai/ (“our website”), our mobile application (“our mobile app”), our in-restaurant Wi-Fi or communications that we receive from you via telephone, email, face-to-face or in writing at our registered address.
When you access or use the above platforms or provide us with your personal data, you are accepting and, consenting to us collecting and processing your personal data. If you do not consent you may discontinue use of our platforms.
6.HOW DO WE COLLECT YOUR PERSONAL DATA?
We may collect and process the following information about you including but not limited to:• Identity data: Your title, full name, and date of birth (for any birthday promotions);
• Contact details: contact information such as your address details for delivery orders, your mobile number and email address;
• Behavioural & Allergy data: Your food preferences and dietary requirements including information about allergies;
• Transactional/Financial data: Payment information for confirming reservations and for placing orders for food deliveries;
• Contact data: Information you provide to us when you contact us by email, telephone or face to face (in the context of making a reservation for example);
• Responses you provide us in our surveys;
• Behavioural & Lifestyle data: Data from social media profiles and preferences such as:
o Lifestyle information such as seating preferences, ages of children, and other information necessary to fulfill special requests; and
o Photographs taken of you at our events or when you dine in at Roberto’s.
We may source such data when you:
• Subscribe for a newsletter with your email address;
• Place an order for food deliveries online;
• Make an online enquiry;
• Make a reservation with us on our website, over the phone or via our mobile app;
• Voluntarily complete a customer comments card/survey;
• Get in touch with us via email to contact us or provide any feedback;
• Connect to our guest Wi-Fi portal;
• Send us a letter, email or social media message;
• Register on our delivery ordering platform or mobile app;
• Book any of our events;
• Attend events that we host;
• From publicly available sources including information from your social media profile when you like or share our content or when you access our in-restaurant Wi-Fi (please note that the information we receive will depend on the privacy preferences you have set on your social media platforms).
What information is automatically collected by us?
There is “Device Information” about your computer hardware and software that is automatically collected by us, this information can include but is not limited to:• Device type (e.g. mobile, computer, laptop, tablet);
• Operating system;
• IP address;
• Browser type;
• Browser information (e.g., type, language, and history);
• Domain names;
• Access times;
• Referring the website addresses;
• Location information.
7.HOW IS YOUR DATA USED?
We require the information outlined in the previous section for the following reasons:
• To provide you with our goods and services;
• To deliver the food ordered by you;
• To understand and cater to your dietary requirements and to ensure that we take into account information about your food allergies, intolerances and/or preferences when preparing and delivering your order to you;
• To process advance booking payments;
• Send you newsletters with updates;
• Send you communications we think will be of interest to you including emails with special promotions offers on our goods and services;
• To notify you of changes to our services;
• To improve our goods and services;
• For internal record keeping.
Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.
8.‘SPECIAL CATEGORY’ PERSONAL DATA
Special Category Personal Data is personal data revealing or concerning (directly or indirectly) data that is sensitive in nature (e.g. biometric data pertaining to your religion or health).
We may use certain sensitive (or “special category”) personal data where you have given your explicit consent to us doing so, to better serve and meet your needs. Examples of sensitive personal data we may collect and process include but is not limited to:
• Information about food allergies or food intolerances;
• Dietary requirements, which may imply or suggest your religion, health or other sensitive personal data; and
• Information about any mobility requirements.
9.SHARING YOUR PERSONAL DATA
We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under the DIFC Data Protection Law.We will only share your personal data if we are required to do so by law or with the following entities:
Our third-party service providers, who help deliver services to you on our behalf including but not limited to our payment processor, delivery provider, our delivery platform, email verification, email marketing services, SMS campaign, customer relationship management system and guest Wi-Fi;
Our partner companies within the Skelmore Holdings, so you can be offered related goods and services, which we think may be of interest to you.
Your explicit consent will be obtained should your data be shared with any other entity not specified above.
10. WILL WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF DIFC?
We will take all steps reasonably necessary to ensure your data is processed fairly and lawfully, in accordance with the DIFC Data Protection Law, other applicable laws and this Policy.When sharing your personal data with our service provider or our partner companies as set out in this
Please note that your personal data will only be transferred outside the DIFC on one of the following bases:
• The jurisdiction where we send the personal data is providing an adequate level of protection for personal data;
• The third party to which the data is transferred to has provided appropriate safeguards that ensure the security of your personal data, in line with the DIFC Data Protection Law.
11. CUSTOMER PROFILING
We may analyse (or appoint of third-party to analyse) your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. Please note that we may also make use of additional information about you when it is available from external sources to help us do this effectively.
However, you do have the right to object to us carrying out this type of automated processing. If you wish to do so please get in touch with us in writing – please refer to “Our contact details” section to obtain the relevant contact information.
Data security is very important to us, and to protect your personal data we have taken suitable measures to safeguard and secure data collected about you.
We train people who work for us on how to handle personal data appropriately and we restrict access to what is necessary for specific job functions. In addition, our employees and third-party service providers are subject to confidentiality and may not disclose your personal data unlawfully or unnecessarily.
We will send you the latest updates and promotions on our goods and services, which we think may be of interest to you. This information will be sent to you via email or SMS.
If you wish to opt out of our promotional emails, please click on the unsubscribe link, which can be found at the bottom on each promotional email. Similarly, if you wish to opt out of our SMS campaigns, please send us a text message with opt out code, this code will be detailed in any of the SMS’ you have received from us.
Please note that opting out of our email and SMS marketing campaigns only removes you from future marketing, but the personal data collected for the purpose of providing you with our goods and services will remain in our systems.
If you no longer wish to be contacted for marketing purposes, you can also email us at the following address: firstname.lastname@example.org
14. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will retain your personal data for as long as necessary for the purpose for which we obtained it, unless you explicitly request for us to erase your personal information, or we are required by law to keep the data for longer.
15.YOUR DATA PROTECTION RIGHTS
Under DIFC Data Protection Law, you have certain rights over the personal information that we hold about you. Here is a summary of your rights:
• Obtain access to, and copies of, the personal data that we hold about you;
• Require us to correct the personal data we hold about you if it is incorrect;
• Require us to erase your personal data;
• Object at any time to the processing of your personal data;
• Require us to restrict our data processing activities;•
Require that we cease processing your personal data if the processing is causing you damage or distress;
• Withdraw the consent you have previously given us to process your personal data, if your consent was the basis under which your personal data was processed;
• We will inform all third parties to whom we sent your personal data to of your request to access, rectify, erase and restrict data processing activities or objection to the way your data is being processed, to the best of our abilities. We can inform you, if you so request, who the recipients of your personal data are;
• Ask us to transfer your personal data directly to you or to another company.
Please note that the above rights are not absolute, and we may be entitled to refuse certain requests where exceptions apply.
16.HOW TO EXERCISE YOUR RIGHTS?
If you would like to exercise any of the above rights, you can contact us in writing – please refer to “Our contact details” section to obtain the relevant contact information. We will endeavour to get back to you as soon possible but not later than within 28 days. In the event your request is particularly complex, we will notify you and keep you updated should it take longer than 28 days to process your request.
Please note: We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.
• To verify your account and device and determine when you log in, so we can make it easier for you to access the services and provide the appropriate experiences and features; and
• To assist with analysing performance, we may use third-party cookies, such as Google Analytics.
Please note that you can set your browser to not accept cookies, but this may limit your ability to use the services. If you would like more information on cookies, we encourage you to visit www.aboutcookies.org/.
18. PRIVACY POLICIES OF OTHER WEBSITES
20. OUR CONTACT DETAILS
If you have any questions about how we use your personal data, or you wish to exercise any of your data protection rights as provided by the law and described in this policy, please contact us:
By post at: Gate Village Building No. 1, Dubai International Financial Centre, Dubai, UAE.
By email at: email@example.com.
By phone on: +971 4 3860066
21. DIFC DATA PROTECTION COMMISSIONERIf you are not satisfied with how we are processing your personal data, you can make a complaint to the DIFC Data Protection Commissioner. You can contact them:
By post at: Dubai International Financial Centre Authority Level 14, The Gate Building.
By email at: firstname.lastname@example.org
By phone on: +971 4 362 2222
You can find out more about your rights at https://www.difc.ae/business/operating/data-protection/ https://www.difc.ae/files/4115/9350/4012/Commissioners_Guide_to_DP_Law__Regs_2020.pdf