Please upgrade your browser

It appears you are using an older browser. This site will function better if you upgrade to the latest version

Privacy Policy

PRIVACY NOTICE FOR OUR CUSTOMERS AND OTHER BUSINESS RELATED PERSONAL DATA

1. Who is responsible for processing your data?
2. What personal data do we collect and why? 
3. Who do we share your personal data with? 
4. Transfers of Personal Data outside the EEA
5. Your Rights
6. Children
7. California Residents 
8. Changes to this privacy notice 

 

Annex 1 – List of Gordon Ramsay Restaurants Limited’s Affiliates

 

For our DO NOT SELL POLICY - Please Click Here

 

1. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA AND HOW TO CONTACT US

Who we are

Gordon Ramsay Restaurants Ltd (“GRR”, “we”, “us”, “our”) is the data controller in respect of your personal data. We provide hospitality services on a global scale and aim to please our customers with our approach to the quality of service. We are committed to respecting your privacy, and this privacy notice explains how we collect, use, disclose, retain and protect your personal data. Please take the time to read this privacy notice, since it contains important information about the way that we process personal data.

How to contact us

Questions, comments, complaints and requests regarding this privacy notice, or our privacy practices in general, are welcomed and should be addressed to datarequest@gordonramsay.com  or by post to attn: Data Subject Requests, 539-547 Wandsworth Rd, London SW8 3JD.

 

2. WHAT PERSONAL DATA WE COLLECT AND WHY?

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting your personal data. In each of the sections listed below, we describe how we obtain your personal data and how we treat it.

 

Section 2.1           

Individual Customers

 

Section 2.2          

Representatives of our Existing or Prospective Corporate Customers, Business Partners, and Vendors

 

Section 2.3           

Website Visitors

 

Section 2.4           

Job applicants

 

Section 2.5           

Visitors to our premises

 

Section 2.6           

Users of WiFi

 

 

2.1 INDIVIDUAL CUSTOMERS

We collect personal data related to individual customers.

A - Sources of personal data

B - Personal data that we collect and process

C - Why do we collect your personal data and what are our lawful bases for it?

D - How long do we keep your personal data?

 

A - SOURCES OF PERSONAL DATA

 

We may obtain your personal data from the following sources:

a) from you directly (over the phone, email, website or paper forms or in person);

b) from GRR’s affiliates, where we have your permission to access it or are allowed to access it based on lawful grounds (see the list in Annex 1);

c) from third party service providers that are assisting us in providing you with a service (for example, partner organisations, such as websites of OpenTable or Book-A-Table); and/or

d) from our systems, such as wifi, if you have used our internet connection services at our restaurants.

 

B - PERSONAL DATA THAT WE COLLECT AND PROCESS

 

We may collect the following categories of personal data relating to our existing or prospective individual customers:

a) name;

b) email;

c) title;

d) personal and/or business email address;

e) home address;

f) home and/or business telephone number;

g) date of birth;

h) credit card details;

i) details of your request, for example, for booking a table in one of our restaurants this will include the date, time, party size, menu selection, table preferences;

j) dietary requirements,

k) voucher or other discount details, if you provide them to us;

l) social occasion information;

m) details and records of your request, complaint or query;

n) details of orders (amount spent, date, time, table number, vouchers or offers used);

o) categorisation of you as a customer based on the information we have about you from various sources (for example, if this is your first experience with us or you are a regular customer);

p) any feedback you submitted about your experience with us; and

q) your marketing preferences.

 

C - WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT?

Individual Customers

We may use your personal data to:

Provide you with our products or services (for example, to book a table at our restaurants or a hotel room)

 

 Our lawful basis for doing so is: 

Contract

 

  

We may use your personal data to:

Our lawful basis for doing so is: 

Our legitimate interests in doing so are:

Establish and manage our relationship (this covers making your experience with us personalised, adapting our services to your requirements, such as your food preferences, dealing with complaints or maintaining your account with us)

Legitimate Interest of GRR and the customer

Account Management

Management Reporting (including at an intra-group level)

Exercise or defend legal claims

Learn about how our products and services are or may be used (for example, when we ask you to fill out surveys about the experience you had with us)

 

Legitimate Interest of GRR and the customer

Understand the market in which we operate

Management Reporting (including at an intra-group level)

Security (ensuring confidentiality of personal information or preventing unauthorised access and modifications to our systems)

Legitimate Interest of GRR and the customer

Managing security, risk and fraud prevention

Management Reporting (including at an intra-group level)

Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication

Legitimate Interest of GRR and the customer

Promote our goods and services

Management Reporting (including at an intra-group level)

 

If you object to us using your personal data for these purposes, including direct marketing, please let us know using the email address provided in section 1. Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

 

2.2 REPRESENTATIVES OF OUR EXISTING OR PROSPECTIVE CORPORATE CUSTOMERS, BUSINESS PARTNERS, AND VENDORS

We may collect personal data related to employees, directors, authorised signatories, or other individuals associated with GRR’s existing or prospective corporate customers, business partners, and vendors.

A - Sources of personal data

B - Personal data that we collect and process

C - Why do we collect your personal data and what are our lawful bases for it?

D – How long do we keep your personal data?

 

A - SOURCES OF PERSONAL DATA

We may obtain your personal data from the following sources:

a) from you directly,

b) from a company that employs you, if you are an employee of our existing or prospective customer, business partner, or vendor,

c) from GRR’s affiliates (see the list in Annex 1);

d) during networking events that we have either hosted, or sponsored, or attended; and/or

e) from publicly available sources (for example, your company website or social media sites, such as LinkedIn).

 

B - PERSONAL DATA THAT WE COLLECT AND PROCESS

 

We may collect the following categories of personal data relating to our existing or prospective customers’, business partners’, and vendors’ employees, officers, authorised signatories, and other associated individuals:

a) name;

b) business address;

c) business email address;

d) business telephone number;

e) job title;

f) details of booking (venue, date, party size, previous functions); and/or

g) any feedback you submitted about your experience.

 

C - WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT?


Representatives of our Existing or Prospective Corporate Customers, Business Partners and Vendors

 

We may use your personal data to:

Our lawful basis for doing so is: 

Our legitimate interests in doing so are:

Provide you with our products or services or receive products or services from you

 

Legitimate Interest

Efficiently fulfil our contractual and legal obligations

Management Reporting (including at an intra-group level)

Establish and manage our relationship

Legitimate Interest

Efficiently fulfil our contractual and legal obligations

Account Management

Understand the market in which we operate

Management Reporting (including at an intra-group level)

Exercise or defend legal claims

Learn about how our products and services are or may be used

 

Legitimate Interest

Understand the market in which we operate

Management Reporting (including at an intra-group level)

Security

Legitimate Interest

Managing security, risk and fraud prevention

Management Reporting (including at an intra-group level)

Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication

Legitimate Interest

Promote our goods and services

Management Reporting (including at an intra-group level)

If you object to us using your personal data for these purposes, including direct marketing, please let us know using the email address provided in section 1. Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your business relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

 

2.3 WEBSITE VISITORS

A - Sources of personal data of personal data

B - Personal data that we collect and process

C - Why do we collect your personal data and what are our lawful bases for it?

D - How long do we keep your personal data?

 

A - SOURCES OF PERSONAL DATA

We may obtain your personal data from the following sources:

a) from you directly (for example, at the time of subscribing to any services offered on our website, including but not limited to email mailing lists, interactive services or requesting further goods or services); and/or

b) from your device or browser.

If you contact us, we may keep a record of that correspondence.

 

B - PERSONAL DATA THAT WE COLLECT AND PROCESS

a) name;

b) title

c) data of birth, and post code, if you are signed up to our e-newsletters;

d) email address;

e) operating system;

f) browser type;

g) information on the use of our website (for example, pages visited, geographical location, time spent on the website, online transactions);

h) cookie data (for more information please see our Cookie Notice);

i) preferences regarding online marketing; and/or

j) IP address.

 

C - WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT?

Website Visitors

We may use your personal data to:

Our lawful basis for doing so is: 

 

Our legitimate interests in doing so are:

 

Provide our website services to you

Legitimate Interest

 

 

 

 

 

Website Management

 

Promote our goods and services

 

Account Management

 

 

Establish and manage our relationship

Legitimate Interest

Understand the market in which we operate

 

Management Reporting (including at an intra-group level)

 

Account Management

 

 

Learn about our websites(s) users’ browsing patterns and the performance of our website(s)

Legitimate Interest

Website Management

 

 

Security

Legitimate Interest

Managing security, risk and crime prevention

Management Reporting (including at an intra-group level)

 

Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication

 

Legitimate Interest

Promote our goods and services

Management Reporting (including at an intra-group level)

 

Learn about how our products or services may be used

 

Legitimate Interest

Understand the market in which we operate

Management Reporting (including at an intra-group level)

 

 

 If you object to us using your personal data for the above purposes, including direct marketing, please send us an email using the email address in section 1. Where we use cookies or similar technologies we will seek your prior consent where required to do so by law. Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will keep your personal data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.

 

2.4 JOB APPLICANTS

We may collect personal data related to job applicants for positions advertised on our website.


A - Sources of personal data

B - Personal data that we collect and process

C - Why do we collect your personal data and what are our lawful bases for it?

D - How long do we keep your personal data?

 

A - SOURCES OF PERSONAL DATA

We may obtain your personal data from the following sources:

a) from you directly;

b) from a third party, for example, individual referrals or a recruitment agency;

c) from our affiliates see the list in Annex 1;

d) via web-based application forms;

e) during networking events that we have either hosted, or sponsored, or attended; and/or

f) from publicly available sources (for example, professional networks, such as LinkedIn).

 

B - PERSONAL DATA THAT WE COLLECT AND PROCESS 

We may collect the following categories of personal data, which may differ, depending on the content of your CV or baseline documents you submit to us:

a) name;

b) residence address;

c) personal email address;

d) telephone number;

e) date of birth;

f) career and education history;

g) skills, experience, and qualifications;

h) personal interests, languages spoken, questionnaire results;

i) gender;

j) names and contact details for references. Please note that it is your responsibility to obtain consent from your references prior to providing us personal information about them;

k) current and historic salary details together with salary expectations;

l) details of your current benefit entitlements; and/or

m) information about your entitlement to work in the country in which the GRR EU affiliate is located.

 

C - WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT?


Job Applicants

We may use your personal data to:

Our lawful basis for doing so is: 

 

Check your eligibility to work in the country in which GRR affiliate is located

Legal obligation

 

 

Where you provide us with information regarding your disability, we will process it as part of our legal obligation to make reasonable adjustments for recruitment process

Legal obligation

 

 

We may use your personal data to:

Our lawful basis for doing so is: 

Our legitimate interests in doing so are:

Facilitate the selection process

Assess and confirm your suitability for employment

Communicate with you

Legitimate interests

Talent Management (including at an intra-group level)

 

 

Execute business process and internal management

Legitimate interests

Management Reporting (including at an intra-group level)

Safeguard the security of our infrastructure, premises, assets and office equipment, including prevention of criminal activity, defending legal claims

Legitimate interests

Managing security, risk and crime prevention

 

Exercise or defend legal claims

 

 D – HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will keep and process your personal data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates for no longer than six months, unless we obtained their consent to keep it for longer. 

 

2.5 VISITORS TO OUR PREMISES

A - Sources of personal data

B - Personal data that we collect and process

C - Why do we collect your personal data and what are our lawful bases for it?

D - How long do we keep your personal data?

 

A - SOURCES OF PERSONAL DATA

We may obtain your personal data from you directly and from our systems’ records.

 

B - PERSONAL DATA THAT WE COLLECT AND PROCESS

a) name;

b) business or personal contact details;

c) organisation;

d) role;

e) time and date of your visit; and/or

f) image (for example, from CCTV cameras at our premises).

 

C - WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT?

Visitors to our Premises

We may use your personal data to:

Our lawful basis for doing so is: 

 

Our legitimate interests in doing so are:

 

Security

Legitimate Interest

Managing security, risk and crime prevention

 

 

Maintain records of visitors to our premises

Legitimate Interest

Management Reporting

 

 

 

If you object to us using your personal data for the above purposes, please let us know using the email address provided in section 1.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We keep your personal data for as long as necessary to ensure security of visitors to our premises and as soon as it is no longer necessary, usually after 90 days for CCTV, we delete it.

 

2.6 USERS OF WIFI

A - Sources of personal data

B - Personal data that we collect and process

C - Why do we collect your personal data and what are our lawful bases for it?

D - How long do we keep your personal data?

 

A - SOURCES OF PERSONAL DATA

We may obtain your personal data from you directly and from our systems’ records.

 

B - PERSONAL DATA THAT WE COLLECT AND PROCESS

a) name;

b) title

c) email;

d) date of birth;

e) gender;

f) number of times wi-fi used; and/or

h) device used.

 

C - WHY DO WE COLLECT YOUR PERSONAL DATA AND WHAT ARE OUR LAWFUL BASES FOR IT?

Users of Wifi

We may use your personal data to:

Our lawful basis for doing so is: 

 

Our legitimate interests in doing so are:

 

Provide our wifi services to you

Legitimate Interest

Account management

Promote our goods and services

 

Security

Legitimate Interest

Managing security, risk and crime prevention

 

 

If you object to us using your personal data for the above purposes, please let us know using the email address provided in section 1.

 

D – HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We keep your personal data for as long as necessary for you to use our internet connection. If you submitted other personal data about yourself, we will add it to your profile as a customer and keep it as long as you are our customer.

 

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH

We do not sell your personal data to third parties.

 

GRR’s Affiliates

We may share your personal data with GRR’s affiliates (see the list in Annex 1) because we share the same guest management and IT systems. Transfers of personal data are to GRR affiliates in the UK only. Such transfers are governed by legally compliant agreements between the affiliates for the integrity and confidentiality of personal data.

 

Our Partner Organisations and Service Providers

We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your personal data confidential and will comply with the UK data protection laws and other relevant data protection laws.

We may share your information with the following types of service providers:

a) technical support providers who assist with our website and IT infrastructure,

b) third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;

c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;

d) providers that help us generate and collate reviews in relation to our goods and services;

e) our advertising and promotional agencies and consultants and those organisations or online platforms selected by us to carry out marketing campaigns on our behalf (for example, Facebook, Google, Instagram); and/or

f) service providers that assist us in providing our services.

 

Law enforcement or government bodies

We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

 

Company Mergers and Takeovers

We may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business.

 

4. TRANSFERS OF PERSONAL DATA OUTSIDE THE UK/EU/EUROPEAN ECONOMIC AREA

We share personal data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the UK/EU/EEA, we ensure that they are contractually obligated to comply with the UK/EU data protection laws.  We also ensure in our contracts with these organisations that they only process personal data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of your personal data entrusted to them.

 

We may also disclose personal data to our advisers, consultants, law enforcement and other public authorities (such as tax and social security bodies), the police, prosecutors, courts and tribunals.  All these recipients are themselves responsible to comply with the UK/EU data protection laws (as applicable).

 

Some of the vendors that we engage are located outside of the UK/EU/EEA including in countries which have less strict, or no data protection laws, when compared to those in the UK/EU/EEA. Whenever we transfer your information in this way, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal data and to make sure it is treated securely and in accordance with this privacy notice. In these cases, we rely on approved data transfer mechanisms (such as standard contractual clauses) to ensure your information is subject to adequate safeguards in the recipient country.

 

If you are located in the UK/EU/EEA, you may request a copy of these safeguards by contacting us using the email address in section 1.

 

5. YOUR RIGHTS

You have certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any inaccurate information we hold about you corrected.
  • Request personal data provided by you to be transferred in machine-readable format (“data portability”).
  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
  • Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on our legitimate interests, as explained above.
  • Withdrawal of consent. If we rely on your consent (for example, when setting cookies on your device or for direct marketing), you may withdraw your consent at any time.

These rights listed may be subject to various conditions under applicable data protection and privacy legislation. We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions. If you would like to exercise any of your rights set out above, you can contact us by emailing using the email address in section 1. You may also have the right to complain to a data protection authority if you think we have processed your personal data in a manner which is unlawful or breaches your rights. The data protection authority in the UK is the Information Commissioner’s Office (ICO). If you have such concerns we request that you initially contact us (using the contact details above) so that we can investigate, and hopefully resolve, your concerns.

 

6. CHILDREN

We may collect personal data relating to children with consent of a parent/guardian, for example if a booking is made on a child’s behalf. However, we do not otherwise knowingly solicit personal data from, or market to, children. If, as a parent or guardian, you become aware that your child has provided us with personal data, you should contact us at the contact details found at the top of this privacy notice.

 

7. CALIFORNIA RESIDENTS

This section provides additional information for California consumers. These disclosures are intended to supplement this Privacy Policy with information required by California law.

To understand what personal data we may have collected about you, from where we collected it, and why we collect and use personal data, please see the section What Personal Data We Collect and Why?

We may have disclosed the following categories of personal data for business or commercial purposes to the categories of recipients listed below.

Identifiers (this includes personal data such as name, email address, postal address, and phone number)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

Commercial and Financial Information (this includes personal data such as credit card details, your product and service purchase history, and voucher or discount details)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

Characteristics (this includes personal data such as dietary requirements, gender, skills, experience, qualifications, personal interests, and languages spoken)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

Audio-Visual Information (this includes your image, for example, from CCTV cameras at our premises)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

Professional or Employment Information (this includes personal data such as employer, title or position, career and education history, salary details, and benefit entitlements)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

Device Information (this includes personal data such as device type, browser type, operating system, unique identifiers, and IP address)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

Internet or Other Electronic Network Activity (this includes personal data such as your interaction with our website, including when you access the website and your activity on the website)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

Inferences (we draw inferences from the information that we collect above that may reflect your preferences or characteristics)

  • GRR’s Affiliates
  • Our Partner Organisations and Service Providers

 

For more information on how your personal data is shared, please see the Who Do We Share Your Personal Data With section.

Your Rights

In addition to the rights to access, correct, and request deletion of your personal data that are listed in the Your Rights section above, California residents also have the right to opt out the sale of personal data. You can request access to, correction of, or deletion of your personal data by emailing us at the email address in section 1.

California residents also have the right to limit the use of sensitive personal data (as that term is defined under California law) where a business uses such data to infer characteristics about you. GRR only uses sensitive personal data to provide goods and services to you; to ensure the security and integrity of the payment process and our systems; to detect, prevent, and investigate security incidents and other malicious, deceptive, fraudulent, or illegal actions; and to ensure the physical safety of natural persons. We do not use sensitive personal data to infer characteristics about you.

We will not deny services, charge different prices, offer a different quality of service or otherwise discriminate against you for exercising your rights under California law.

Sale of Personal Data

GRR does not sell or share personal data in exchange for money. However, GRR uses cookies and similar technologies to analyse website usage and assist in marketing efforts (including targeted advertising). In some cases, the use of these cookies may be considered a “sale” under California law. California law defines “sale” broadly to include any disclosure of information in return for any value. The value does not need to be monetary like in a traditional sale.

The categories of personal information disclosed that may be considered a “sale” under California law are: Device Information, Internet or Other Electronic Network Activity, and Inferences.

The categories of third parties to whom personal information is disclosed that may be considered a “sale” under California law are advertising and promotional agencies and consultants and those organisations or online platforms selected by us to carry out marketing campaigns on our behalf (for example, Facebook, Google, Instagram).

You can learn more and opt out of the use of cookies that involve the “sale” of personal data by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of our website and updating your preferences.

We also recognize the Global Privacy Control as a valid request from you to opt out of cookies that involve the “sale” of personal data.

You request to opt-out, including through use of the Global Privacy Control, will be linked to your browser only. As such, you will need to apply these settings on each device and browser from which you wish to opt out. Similarly, if you clear your browser’s cache (such as by deleting cookies), you will have to apply this setting again.

We do not sell, or have actual knowledge of any sale of, the personal information of minors under 16 years of age.

 

8. CHANGES TO THIS PRIVACY NOTICE

We may change this privacy notice at any time. The new privacy notice will be displayed on our website.

 

This privacy notice was last updated in March 2024.

Annex 1

List of Gordon Ramsay Restaurant Limited's affiliates

Back to Top