Privacy Policy

For the purposes of the Data Protection Act 1998, we confirm that the data controller of the sites at (each “the Site”) is Tiffin Group Eateries Limited, a limited liability company registered in England and Wales with its registered office address at 11 The Beach Clevedon BS21 7QU (company registration number  08173196) (“we” or “us”). Tiffin Eateries Limited is a registered information controller with registration number 00010419187.This privacy policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us in accordance with the Data Protection Act 1998 and applies to data provided by you to us via our website or any other way such as at the Restaurant or on the Telephone. Please read the following policy carefully to understand our views and practices regarding your personal information and how we will treat it. By visiting this the Site, you are accepting and consenting to the practices described in this policy.

Information we may collect about you

We may collect and process the following information about you:

• Personal information you provide to us, when you register for the Loyalty Club, subscribe to our email newsletters, place an order, buy something from the Tiffin Shop, post on our social media or other social media functions, enter a competition, promotion or survey, contact us with feedback, purchase a gift voucher, phone the restaurant with a question or to make a booking, by booking a table, downloading our offers, or applying for a job with us or if you report a problem with the Site. Such information may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph or any other information from which you may be personally identified.

• Information we automatically collect when you visit the Site, such as technical information detailing your visits to the Site including but not limited to traffic data, location data and other communication data.

• Information we receive from other sources, for example if you use any of the other websites we operate or the other services we provide or if you use third party reservation widgets on our Site to make a reservation at one of our restaurants. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this Site.

Social Media

If you contact us using Facebook Messenger, Instagram or Twitter we receive your basic account information that you publicly share (first name, last name, gender, locale, profile picture, time zone) from the relevant social media site. We may use this information to respond to your message. We do not keep this information longer than necessary to do this. We do not combine it with data collected on this Site.

Loyalty Club and Table Booking

What Information do we collect from our Loyalty Club and Table Booking system?

When using opting in to our Loyalty Club and using our Table Booking system, you may provide us with the following Information:

1. your name and contact details (email address and mobile telephone number), if you go through our Site to book a table at one of our restaurants;

2. further information (mobile phone number, date of birth, favourite restaurants, dining requirements including allergen information, details about other members of your family who might be interested in our services, other data relating to your personal characteristics, a unique customer identification number that we allocate to you and a four digit passcode set by you to give access to your secure payment cards and other account details, if you sign up to our Loyalty Club to register as a registered user or subscribe to receive updates or offers from us. To become a registered user you must provide us with your name, address, email address, and date of birth, but you may also provide us with additional information if you choose to do so:

3. information which allows us to identify your credit or debit account details to complete a transaction with you, should you elect to pay for your takeaway or pay your restaurant bill using a PayPal account via the App;

4. your physical location (geo-location), where you have agreed to it being used for the ‘Find a Restaurant’ feature on the Site; and

5. other Information that may be provided by you when adding content to, or to our social network pages such as Facebook. When you use the Table Booking system or Website, we may also automatically collect and store certain information in our server logs to get a better understanding of how people use the Table Booking system and Website, for system administration purposes, and to ensure we provide a good user experience and customer service. This type of information includes “clickstream” data (i.e. information about when, how, and what parts of the Table Booking system or Website you use), viewed and exit pages as well as date or time stamps.

Your information may be used to:

– deliver the Services to you;

–  send you confirmation of payments you have made using via the Website;

–  send you receipts for venue bill payments and takeaway order payments;

–  check you are over 18 years of age;

–  verify your identity;

–  to improve and personalise your user experience within the Website;

–  with your permission, send you marketing communications (including advertising) relating to our products and services, as well as third party products and services, that we think may be of interest to you. We may collect information about the device you use to access the Website, including, where available, the device’s unique device identifiers, operating system and mobile network information, for system administration purposes. We may also collect information about the computer you use to visit the Website, including session data and your IP address. We may associate this kind of device information with the registration information referred to in the sections above for customer services and system administration purposes and will treat the combined information as personal data in accordance with this policy for as long as it is combined.

Your Venue Visits or online Orders

We may also collect point of sale or ‘POS’ system data relating to your venue visits or orders placed online via the Website, including:

– the name and location of the venue you visited or ordered from;

– the time and date of your order or the transactions you made at the venue;

– the food and drink that you purchased;

– the value of your transactions made at the venue or online;

– payment data including how you paid, whether the bill was split and who with; and any customer dining experience and feedback information that you choose to provide in relation to the venue.

We may use POS data for the following purposes:

– for the future provision of a service to access your past receipts;

– to improve and personalise your user experience within the Website;

– with your permission, to send you marketing communications relating to our products and services, as well as third party products and services, that we think may be of interest to you;

– and for analysis and statistical purposes (see further below).

We collect POS data through the Application, the Website and directly from the venue’s point of sale system. We may also collect additional data relating to your venue visits and the surrounding areas, for example:

– local weather at the time you made a transaction in a venue; and

– local footfall in or around the venue that you visited. This additional data is used for analysis and statistical purposes (see further below)

Other Use of your Personal Data by the Site

We may also use your personal data for the purposes of:

– checking your compliance with our terms and conditions;

– administration and maintenance of the Services;

– compliance with legal obligations, or protection and enforcement of our legal rights and those of our partners or other users;

– and/or managing actual or potential corporate transactions (e.g. in the case of an acquisition or merger of our business).


We use cookies to temporarily remember your location and device type so we can provide you with a better user experience. These cookies are completely safe and secure and will never contain any sensitive information. We do not store this information or share it with anyone. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

How we may use your information

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below:



Type of Data

Lawful Basis for processing including basis of legitimate interest

To book a table at our restaurants

  1. Identity
  2. Contact

Performance of a contract with you

To process and deliver your order including manage payments, fees and charges

  1. Identity
  2. Contact
  3. Financial
  4. Transactional
  5. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

  1. Notifying you about changes to our terms or privacy policy
  2. Asking you to leave a review or take a survey
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary to comply with a legal obligation
  3. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake in a prize draw, competition or complete a survey

  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

  1. Identity
  2. Contact
  3. Technical
  1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  2. Necessary to comply with legal obligation

To deliver relevant website content to you and measure or understand the effectiveness of the content we service you

  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve out website, products/services, marketing, customer relationships and experiences

  1. Technical
  2. Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To administer and promote our Loyalty Club and to provide you with Loyalty Club benefits such as offers and rewards

  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

Disclosure of your data

We may share your information with any member of our group, our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We may also share your information with selected third parties including:

? Our agents, business partners, advisors, suppliers and sub-contractors for the performance of any contract we enter into with them or you.

? Our partners for the purpose of contacting you directly about their offers, promotions, goods or services (if you have requested to be contacted for such purposes).

? Analytics and search engine providers that assist us in the improvement and optimisation of the Site.

? If we or substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets.

? If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of us, our customers, or others.

Marketing Communications

If you have consented to receiving email updates from Tiffin Eateries Limited, you agree that we may use your information to contact you by e-mail about offers, events, products, events or related services that you may find useful. If you do not wish to receive marketing communications from us, you can unsubscribe at any time by following the unsubscribe link in any marketing communications received from us. We may also, if you have expressly consented, share your data with other reputable companies both within and outside the European Economic Area (“EEA”) for such marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.

Third party websites

The Site may, from time to time, contain links to and from the websites owned and/or controlled by third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Storage of your data

The data that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order or reservation, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Contact Details

Tiffin Group Eateries Limited

[email protected]

11 The Beach Clevedon BS21 7QU

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Access to your data

The Data Protection Act 1998 gives you the right to access information held about you and, where necessary, to have it amended. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a reasonable fee to meet our costs in providing you with details of the information we hold about you. To request access to your personal information, or if you are concerned that any of the information we hold on you is incorrect, please email us at [email protected]

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 21 June 2018

The data protection law in the UK will change on 25 May 2018. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Changes to our Privacy Policy

We may from time to time review and update this privacy policy. Any changes we may make to our privacy policy will be posted on the Site and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy, as continued use of the Site shall indicate your acceptance of any such changes. All personal information held by us will be governed by the most recent privacy policy posted on the Site.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected]


To ensure your safety and for the prevention and detection of crime, CCTV is in operation during your visit to any of our Restaurants. Please note if we are requested to provide CCTV images of you or any other personal information relating to you by police or any other government authority investigating suspected illegal activities, we are obliged do so.