Our Privacy Policy

This document is provided for informational guidance only. It is NOT legal advice. Marco's Trattoria must comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We strongly recommend seeking professional legal counsel to ensure the final policy meets all specific operational requirements and that you have registered with the Information Commissioner's Office (ICO).

Marco's Trattoria (Effective Date: [Insert Date]; Last Updated: [Insert Date])

1. Introduction & Contact Details

Marco's Trattoria ("we," "us," or "our") is the Data Controller responsible for your personal information. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions or wish to exercise your legal rights, please contact our Data Protection Lead:

• Manager: Marco Branciamore

• Address: 91 Heol Llanishen Fach, Rhiwbina, Cardiff Cf14 6LS

• Email: marcostrattoriarhiwbina@gmail.com

• Phone: 07902097605

2. The Data We Collect and Why

We collect data to provide our services, manage bookings, and improve your dining experience. For every activity, the law requires us to have a clear Lawful Basis.

Data for Bookings and Orders

We collect your Contact Information (name, phone number, email) to process, confirm, and manage your table reservation or takeaway order. The Lawful Basis for this processing is the Performance of a Contract with you.

Sensitive Data (Allergies)

We collect Dietary and Allergy Information to ensure the safe preparation of your meal and to meet your specific health requirements. The Lawful Basis for processing this sensitive data is typically your Explicit Consent, or in an emergency, our Vital Interests (to protect your life/health).

Payments

We process your Payment Details (via a secure third-party processor) to handle secure transactions for orders and checkouts. The Lawful Basis for this is the Performance of a Contract with you.

Security and Safety

We use CCTV Footage inside and outside the restaurant to ensure the safety and security of our premises, staff, and customers, and for crime prevention. The Lawful Basis for this is our Legitimate Interests (protection of business assets and people).

Marketing

We collect your Email Address for marketing purposes (promotional offers, events, and news) only if you have explicitly given us your Consent (opted-in). You are free to withdraw this consent at any time.

Website Usage

We collect Website Data (such as your IP address and cookies) to monitor site traffic, performance, and identify technical issues. The Lawful Basis is our Legitimate Interests (running and securing our IT systems).

​

3. How We Share Your Information

Marco's Trattoria does not sell your personal data. We only share it with trusted third parties who help us run our restaurant and manage your service. These third parties act as our Data Processors and are also required to comply with UK GDPR.

We may share your data with:

• Reservation Platforms: (e.g., OpenTable, Resy) to manage your table bookings.

• Payment Processors: (e.g., Stripe, your card machine provider) to handle secure transactions. We do not store full payment card details ourselves.

• Delivery Partners: (e.g., Deliveroo, Just Eat) to fulfil your food delivery orders.

• Email Service Providers: (e.g., MailChimp, Constant Contact) to send you newsletters, but only with your consent.

• Legal Authorities: If required by law (e.g., police, HMRC, court order).

4. Data Retention (How Long We Keep Your Data)

Marco's Trattoria will only keep your personal information for as long as necessary to fulfil the purposes we collected it for.

• Reservation/Order Data: Retained for a period of [e.g., 2 years] after your visit to handle any post-service queries and for financial record-keeping.

• Marketing Data: Kept until you unsubscribe from our marketing list.

• CCTV Footage: Automatically deleted after [e.g., 30 days], unless needed for a formal investigation.

5. Your UK GDPR Rights

Under UK GDPR, you have strong rights over your personal data. You can exercise these rights by contacting our Data Protection Lead (see Section 1).

• Right of Access: You can ask for a copy of the data we hold about you (a Subject Access Request, or SAR).

• Right to Rectification: You can ask us to correct any data that is inaccurate or incomplete.

• Right to Erasure (The Right to be Forgotten): You can ask us to delete your personal data where there is no legal reason for us to continue holding it.

• Right to Object: You can object to us processing your data, particularly for direct marketing.

• Right to Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.

6. International Data Transfers

If Marco's Trattoria transfers your personal data outside the UK (e.g., using a US-based cloud service), we ensure it receives a similar level of protection by implementing specific legal safeguards required by the UK Government.

7. How to Complain

If you are unsatisfied with how Marco's Trattoria has handled your privacy query or request, you have the right to lodge a complaint with the UK's supervisory authority:

The Information Commissioner's Office (ICO)

• Website: https://www.ico.org.uk

• Helpline: 0303 123 1113