Benugo Privacy Notice

Benugo is committed to protecting and respecting your privacy. We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

a)  the personal data we collect about you;

b)  how we look after your personal data when you visit our website (regardless of where you visit from);

c) with whom your personal data might be shared; and

d) your privacy rights and how the law protects you.

Who we are

Benugo Limited is the controller and responsible for your personal data (collectively referred to as “Benugo”, “we”, “us” or “our” in this Privacy Notice).

Personal data which we collect

Personal data provided by you

We collect personal data about you when you:

a) book a table at one of our venues;

b) book an event at one of our venues;

c) sign up to receive our newsletter;

d) purchase delivery products from us;

e) contact us through our website;

f) apply for a job with us;

g) access Wi-Fi at one of our venues; and

h) enquire about having a Benugo in your office.

The personal data collected in the above manner may include your:

a) reservation and/or booking details;

b) full name;

c) date of birth (optional);

d) email address;

e) telephone number;

f)  delivery orders;

g) postal address;

h) payment details;

i) venues which you are interested in;

j) CV, covering letter and other application details; and

k) enquiry informations.

Special categories of personal data

We do not proactively collect special category personal data via our website such as health information. However, our website does include text boxes which are designed for you to provide us with further information, and you should be aware that information you freely submit may reveal to us certain information that may be considered special category personal information such as information relating to your allergens.

We do not ask for any special categories of personal data to be disclosed to us as part of your job application process via our website. Depending on the nature of the role, we may have to conduct further checks at a later stage and where those checks will involve special categories of personal data, we will explain why we need that information and how we intend to use it in our recruitment and selection privacy notice.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

a)  give consent on his/her behalf to the processing of his/her personal data;

b) receive on his/her behalf any data protection notices;

c) give consent to the transfer of his/her personal data outside the United Kingdom (“UK”) and or European Economic Area (“EEA”); and

d) give consent to the processing of their special category personal data (further details relating to special category personal data is detailed in this privacy notice).

Monitoring and recording communications

We may monitor and record communications with you (such as emails) for the purpose of quality assurance, fraud prevention and compliance activities.

How we use your personal data

Under data protection law, we can only use your personal data if we have a legal basis, e.g.:

(a) where you have given consent;

(b) to comply with our legal and regulatory obligations;

(c) for the performance of a contract with you or to take steps at your request before entering into a contract; or

(d) for our legitimate interests or those of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests. When relying on this legal basis, we will carry out an assessment to balance our interests against yours.

The table below explains what we use your personal data for and why:

When we might share your personal data with third parties

We do not, and will not, sell any of your personal data to any third party – including your name or email address. As an essential part of being able to provide our services to you, we do however share your data with the following categories of third parties:

(a) service providers that help us to run our business, such as website hosting providers, website developers, and newsletter distributors;

(b) professional advisers, including lawyers, bankers, auditors and insurers who provide advice to us when we require it;

(c) law enforcement agencies in connection with any investigation to help prevent unlawful activity; and

(d) third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.  If you would like any more information about the third parties which we work with to provide our services to you, please contact us on the contact details provided in this Privacy Notice.

How we ask for consent

In those cases where we need your consent to hold and process your personal data, we will ask you to check a box on any form requiring consent. By checking these boxes, you are confirming that you have been informed as to why we are collecting the information, how this information will be used, for how long the information will be kept, who else will have access to this information and what your rights are as a data subject (all of which is set out in this Privacy Notice).

How we keep your personal data secure

To protect your information, we have policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner, and all systems that can access the information have the necessary security measures in place.

All employees, contractors and sub-contractors receive the necessary training and resources to ensure they understand their responsibilities in relation to all of our policies and procedures.

In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies and procedures, including ensuring that:

(a) access to personal data is strictly restricted to those employees who need access to this information as part of their role;

(b) unauthorised external access to personal data is prevented through the use of a firewall; and

(c) your personal data is stored on secure servers.

To make sure that these measures are suitable, we run vulnerability tests regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled.

How long do we keep your personal data

We shall only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you would like more information about how long we retain specific types of your information, please contact us on the contact details provided in this Privacy Notice.

Transfers of your personal data out of the UK and EEA

All information you provide via our website is stored on our secure servers within the UK and or EEA.  If any data that we collect from you is transferred to, or stored at, a destination outside the UK and or EEA at any time, we will update this Privacy Notice accordingly.

Your rights

The right to access information we hold about you

At any point you can contact us to request the information we hold about you as well as why we have that information, who has access to the information and where we got the information. Once we have received your request, we will respond within 30 days.

The right to correct and update the information we hold about you

If the information we hold about you is out of date, incomplete or incorrect, you can inform us, and we will ensure that it is updated.

The right to have your information erased

If you feel that we should no longer be using your information or that we are illegally using your information, you can request that we erase the information we hold. When we receive your request, we will confirm whether the information has been deleted or tell you the reason why it cannot be deleted.

The right to object to processing of your information

You have the right to request that we stop processing your information. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your information to comply with your other rights.

The right to ask us to stop contacting you with direct marketing

You have the right to request that we stop contacting you with direct marketing.

The right to data portability

You have the right to request that we transfer your information to another controller. Once we have received your request, we will comply where it is feasible to do so. For your security we may need to verify your identity before we process your instructions above.

The right to withdraw consent

If you have provided us with your consent to use your personal data, you have a right to withdraw that consent at any time. You may withdraw your consent by contacting us.

For further information on each of those rights and/or if you would like to exercise any of those rights including the circumstances in which they do and do not apply, please contact us on the contact details provided below.

Take care when linking to our social media sites

Our website provides links to our social media sites. Once on any of these social media sites, please take care if you choose to post any information as this will be on a public domain and may be widely accessible. If you would like more information about how any information posted on these sites will be used, please read the sites’ privacy notice carefully.

How to complain

Please contact us if you have any queries or concerns about our use of your personal data (see “Contacting us” below). We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) directly. Further information, including contact details, is available at https://ico.org.uk.

Contacting us

If you have any queries about this Privacy Notice, need further information about how we use your personal data or wish to lodge a complaint, please contact us by any of the following means:

• email us at: dataprotection@wshlimited.com; or
• write to us at: Benugo, TVP 2, 300 Thames Valley Park Drive, Reading, Berkshire, RG6 1PT; or
• Contact us using our “Get in Touch” page on the website.

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.

This Privacy Notice was last updated on 10 June 2024.