Privacy Policy

We are committed to protecting and respecting Your privacy and Your Personal Data. For the purpose of the EU General Data Protection Regulation 2016/679 (otherwise referred to as the GDPR):

STEIN’S TRADING LIMITED is a Data Controller: (ICO registration number: ZA228344).

SEAFOOD RESTAURANT (PADSTOW) LIMITED is a Data Controller: (ICO registration number: ZA228346).

For all matters relating to privacy and data protection, please contact David Lawley (Systems Coordinator & Data Protection Manager) by email to [email protected] by telephone to 01841 5560777.

In this Statement, references to ‘You’, ‘Your’ and ‘Rick Stein Customer’ are references to the person who use the Site. When You use the Site to access the Services, You are consenting to the practices set forth in this Statement.

We aim to be as clear as possible in this Statement in respect of Your Personal Data. This Statement applies to Your Personal Data that We collect about You when You use the Site, how and when it is used, how We protect it and who has access to it (the ‘Terms’).

These Terms together with the Site Terms of Use, the Cookie Policy, the Rick Stein Group Shop Terms and Conditions, the Table Booking Terms, the Cookery Course Booking Terms and the Guest Accommodation Booking Terms and any other terms on this Site (which are hereby incorporated by reference) together constitute the entire agreement between You and Rick Stein Group (together the ‘Agreement’). All defined terms that are not defined in here can be found in these.

Your Acceptance of this Privacy Statement

What Personal Data is collected & how?

How is Your Personal Data used?

Who has access to Your Personal Data?

How do We protect Your Personal Data and for how long?

Do We use cookies?

Complaints or queries

Your rights under Data Protection Legislation?

Definitions & Interpretations

Changes to this Privacy Statement

1. YOUR ACCEPTANCE OF THIS PRIVACY STATEMENT

This Statement governs Your use of the Services, including any dispute concerning privacy. By using the Services, You accept this Statement in full. You should read the Statement carefully and ensure that You understand its effect before proceeding to use the Site to access the Services. We reserve the right to make reasonable changes to any of the Terms herein at any time. Any changes We do may make will be posted on this page and, where appropriate, notified to You by email, or, when You next log in, the new Terms may be displayed on-screen and You may be required to read and accept them to continue.

2. WHAT PERSONAL DATA IS COLLECTED & HOW?

PERSONAL DATA SUBMITTED VOLUNTARILY BY YOU TO US:

2.1 In order for Us to provide You with the Services, We collect various types of Personal Data. We are committed to ensuring that the information We collect and use is appropriate, relevant and proportionate for the stated purpose. Some types of Personal Data may be voluntarily provided by You which is to be shared with Us (and Rick Stein Group Service Providers as applicable) in respect of Yourself (or in respect of one or more other individuals where lawful authority is granted to You by those other individuals) which shall include as follows:

What Personal Data is processed?Source: Where is it collected from/ via?(1)    What is the ‘purpose’ of processing? & (2)    What is the lawful basis (Article 6 of the GDPR) for processing?Retention: For how long is it held?
Name, Email, telephone numberCustomer, via Res Diary and Design My Night – Collins (Restaurant Table Reservations)(1)     To facilitate the booking of restaurant tables.(2)     6(1)(b) GDPR processing is necessary for the performance of a contract 5 years after last reservation date
Name, Email, Address, telephone number, card payment detailsCustomer, via Guestline (accommodation reservations)(1)     To facilitate the booking of guest accommodation.(2)     6(1)(b) GDPR processing is necessary for the performance of a contract5 years after last reservation date
Name, Email, Address, telephone number, card payment details, dietary requirementsCustomer, via Booking Live (School course reservations)(1)     To facilitate the booking of restaurant tables.(2)     6(1)(b) GDPR processing is necessary for the performance of a contract 5 years after last reservation date
Name, Email, Address, telephone number, card payment detailsCustomer, Via Shopify (Online Shop)(1)     To facilitate the purchase and delivery of goods.(2)     6(1)(b) GDPR processing is necessary for the performance of a contract 7 years (or longer if required by Law)
Name, Address and Product informationMintsoft, via Shopify (Online Shop) (1)     To facilitate the purchase and delivery of goods.(2)     6(1)(b) GDPR processing is necessary for the performance of a contract  7 years (or longer if required by Law)
Card payment detailsCustomer, Via Sage Pay(1)     To facilitate the payment of goods and/or services(2)     6(1)(b) GDPR processing is necessary for the performance of a contract 7 years (or longer if required by Law)
Card payment detailsCustomer, Via Stripe(1)     To facilitate the payment of goods and/or services(2)     6(1)(b) GDPR processing is necessary for the performance of a contract7 years (or longer if required by Law)
Card payment detailsCustomer, Via Secure Trading(1)     To facilitate the payment of goods and/or services(2)     6(1)(b) GDPR processing is necessary for the performance of a contract7 years (or longer if required by Law)
Card payment detailsCustomer, VeriFone(1)     To facilitate the payment of goods and/or services(2)     6(1)(b) GDPR processing is necessary for the performance of a contract7 years (or longer if required by Law)
Name, Email, telephone number, birthday, countryCustomer, via Klaviyo(1)     To facilitate marketing activity(2)     6(1)(a) GDPR the data subject has given consent to the processing of his or her personal data for one or more specific purposes Forever, removed after 12 months of inactivity
Name, Email, telephone numberCustomer, via We Are Pumpkin https://rickstein.com(1)     To facilitate communication with the business(2)     6(1)(f) GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party 2 Years
Email AddressCustomer, via Mojo (WIFI)(1)     To facilitate the connection to guest WIFI and marketing activity(2)     6(1)(b) GDPR processing is necessary for the performance of a contract18 Months

2.2 Some of the information collected in the table above is essential for Us to provide You with the Services but it is Your choice whether You provide all the information We request. Not providing information may affect Our ability to provide all the Services to You.

2.3 We will retain Your Personal Data only for as long as is necessary to provide the Services which You request and in accordance with the retention periods set out in column 4 of the table at Clause 2.1. We shall then delete it unless you ask Us not to, or We have a legitimate reason to retain it. We need to retain sufficient information about You in compliance with legal or statutory requirements, for example, in the event of a legal or insurance claim in the future so that We can identify You.

2.4 We may from time to time offer a range of additional services. We may need to collect additional information about You as part of this. This may include but is not limited to promotions, prize draws, competitions and surveys. Additional notices about the information that We collect and how We will use it will be provided to You at the point that You are invited to avail of these additional services.

2.5 Where We state that We rely on consent under Article 6(1)(a) to process Your Personal Data for a particular purpose as per column 3 of the table at Clause 2.1, You have the right to withdraw Your consent at any time. This will not affect the lawfulness of processing carried out by Us which was based on consent before its withdrawal.

B. PERSONAL DATA AUTOMATICALLY COLLECTED BY US:

2.6  As part of the process of using the Services, We may also collect the following types of Personal Data automatically about You via Your use of cookies and other technologies:

•    Your visits to the Site and the Rick Stein Group Content that You download;

•    Your IP address;

•    Your geographical location;

•    Your browser type and version;

•    Your operating system;

•    Your referral source;

•    Your length of visit;

•    Your page views and Site navigation and exit;

To learn more, please see Our Rick Stein Group Cookie Policy.

2.7    Rick Stein Group agrees and warrants that it will adhere to all Data Protection Legislation and will take appropriate technical and organisational security measures against the unauthorised or unlawful processing of Your Personal Data and against accidental loss or destruction of, or damage to Your Personal Data.

2.8    Rick Stein Group shall process Personal Data list in the table at Clause 2.1 only to the extent, and in such a manner, as is necessary for the sole purpose of fulfilling the Services (including making improvements to the Services). For the avoidance of doubt, Rick Stein Group is the exclusive owner (or lawful licensee) of the Site as well as the Rick Stein Group Content.

C.     FINANCIAL PERSONAL DATA

2.9    Each monetary transaction made via the Site shall be processed by a third-party payment processing partner who is a Rick Stein Group Service Provider – Stripe, SagePay, Secure Trading. You will be required to provide each one as applicable with Your Personal Data including financial data in order to use the payment processing services.

2.10  To make and complete a financial purchase via the Site, the privacy terms and service terms of Stripe, SagePay, Secure Trading shall apply.

3.      HOW IS YOUR DATA USED?

3.1    Rick Stein Group will process i.e. collect, store and use the Personal Data You provide in a manner that is compatible with the Data Protection Legislation.

3.2    We will endeavour to keep Your Personal Data accurate and up-to-date and not keep it for longer than is necessary. Our aim is not to be intrusive and We undertake not to ask irrelevant or unnecessary questions. Moreover, the information You provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

3.3    NON-MARKETING COMMUNICATIONS: You acknowledge that, Your Personal Data may be used by Rick Stein Group to contact You when necessary in connection with Your use of the Site to access the Services as follows:

What Type of Non-Marketing Communication?Method of presentation/ sending?Legal Basis for processing?
Reservation Confirmation/CancellationElectronic Mail: includes email, text, video, voicemail, picture and answerphone messagesTelephone CallWe do not need Your explicit consent for this as the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR. 
Purchase confirmationEmailWe do not need Your explicit consent for this as the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR. 
Parcel Dispatch ConfirmationEmailWe do not need Your explicit consent for this as the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR. 
Visit Feedback RequestsEmail6(1)(f) GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party 

MARKETING COMMUNICATIONS: From time to time and with Your permission, Rick Stein Group may contact You and send you Marketing Communications which shall be of the type (and via the method(s)) referred to in the table. By looking at Your participation profile as well as any additional information which You have agreed can be shared with Us, We can identify news, offers and services that are most likely to be most relevant and will meet Your needs. When We send You a Marketing Communication, We may monitor whether You have opened the communication and clicked on any included links.This will enable Us to track and analyse Your level of engagement/ interest in the communication We are sending to You and will provide Us with further insight on what type of communications are of most interest to You.

What Type of Marketing Communication?Method of presentation/ sending?Legal Basis for processing?How can you opt out of continuing to receive direct marketing communications?
NewslettersemailWe will only send You these where You have provided Us with specific consent for this specific purpose as permitted under Article 6(1)(a) GDPRUnsubscribe on all newsletters via the links in the communication itself using Klaviyo.
Event Invitation (VIP)Letter via post or hand deliveredWe will only send You these where You have provided Us with specific consent for this specific purpose as permitted under Article 6(1)(a) GDPRUnsubscribe information on all letters

3.4 If You agree to receiving any of the above Marketing Communications but later change Your mind, You can opt out at any point, by amending Your Account preferences via the email You receive from Us. Our Third Party Service Provider – Klaviyo manages Our email marketing. You can use the ‘unsubscribe’ link at the end of any Electronic Mail communication received by You.

3.5 LEGITIMATE INTERESTS TO PROCESS YOUR PERSONAL DATA: We process Personal Data about You where We have a legitimate interest to do so. In some cases, this may require Us to collect additional information from You or from other sources. Where We do rely on legitimate interests under Article 6(1)(f) GDPR to process Your Personal Data, You have the right to object to any of the processing We undertake. If You wish to object please complete Our Data Subject Rights Request Form.

3.6  Please bear in mind that if You object, this may affect our ability to provide to You the benefits of the Services.

4.  WHO HAS ACCESS TO YOUR DATA?

4.1 To minimise the risk of unauthorised access to Your Personal Data, We use some of Your Personal Data to authenticate Your identity when You use the Site to access the Services.

4.2 We have a legitimate interest in sharing Your Personal Data with Our Rick Stein Group Service Providers who We engage to provide some of Our business and daily operational functions on Our behalf to provide the Services. Consequently, We need to disclose Your Personal Data to them for the sole purpose of fulfilling the Services only (including making improvements to the Services) and not for the purposes of those Rick Stein Group Service Providers sending Marketing Communications to You. We limit the Personal Data that We share to the minimum required to provide the Service and the Rick Stein Group Service Provider will only be able to use Personal Data for the specific purposes for which it was shared. We do not need Your express consent for this as the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR.

4.3 Disclosure of Your Personal Data in Compliance with Laws or by way of a Legal/Statutory Obligation

4.4 You should be aware that We may release Your Personal Data when We believe it is necessary to comply with laws or regulations, to assist law enforcement, to enforce the terms under which You transact or communicate with Rick Stein Group, or to protect the rights, property or safety of Rick Stein Group, a Rick Stein Customer or other third parties. We may need to process Personal Data about You to comply with a legal or statutory obligation including but not limited to:

(a)   accounting, auditing, compliance and administration practices; and,

(b)   the maintenance of amendments to consents and to create suppression lists to ensure Rick Stein Customers who object to processing are excluded from the relevant processing activity in the future.

4.5 Transfer of Your Personal Data

From time to time, We may transfer Your Personal Data to a related company, agent or contractor (also known as Rick Stein Group Service Providers) in order to improve Our Services or to assist our security, credit risk or fraud protection activities and as permitted by Data Protection Legislation from time to time.

Name of Rick Stein Group Service ProviderRick Stein Group Service Provider ActivityWhere is the data transferred to? & what level of protection is given to it?
Booking LiveCookery school course booking systemYour Personal Data will only be stored within the United Kingdom. You are deemed to consent to this by using the Services. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement. Booking Live Policy
FacebookMarketingYour Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called Facebook on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework – https://www.privacyshield.gov/welcomeFacebook Policy
GuestlineRoom booking softwareSome or all of Your Personal Data is transferred and stored within the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein) in compliance with the Data Protection Legislation. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement.Guestline Policy
MOJOWIFI providerYour Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called MOJO on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework. MOJO Policy
KlaviyoEmail marketing softwareSome or all of Your Personal Data is transferred and stored within the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein) in compliance with the Data Protection Legislation. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement. Klaviyo Policy
Res Diary / Design My NightRestaurant Table Booking SystemsSome or all of Your Personal Data is transferred and stored within the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein) in compliance with the Data Protection Legislation. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement. Res Diary PolicyDesign My Night
Sage PayPayment system (online shop and School Courses)Your Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called Sage on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework. Sage Pay Privacy Policy
Secure TradingPayment system (Room booking)Some or all of Your Personal Data is transferred and stored within the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein) in compliance with the Data Protection Legislation. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement. Secure Trading Policy
StripePayment system restaurant table bookingYour Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called Stripe on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework. Stripe Privacy Policy
TwitterSocial media platformYour Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called Twitter on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework. Twitter Privacy Policy
VerifoneCredit Card Payment SystemYour Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called Verifone on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework. Verifone Privacy Policy
Website – We Are Pumpkinhttps://rickstein.comSome or all of Your Personal Data is transferred and stored within the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein) in compliance with the Data Protection Legislation. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement. We Are Pumpkin Privacy Policy
Shopifyshop.rickstein.comYour Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called Shopify on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework. Shopify Privacy Policy
MintsoftOrder management systemYour Personal Data is transferred and stored outside of the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein.). It is stored in the US by Our Rick Stein Group Service Provider called Shopify on Our behalf. You are deemed to consent to such transfers by becoming Customer. All Rick Stein Group Service Provider Service Providers that are third party data processors based in the US participate in and have certified compliance with EU-US Privacy Shield Framework. Mintsoft Privacy Policy

4.6 Transfer of Personal Data in the Event of the Sale of or its Assets

In the event that Rick Stein Group is sold or transfers some of its assets to another party, Your Personal Data could be one of the transferred assets. If Your Personal Data is transferred, its use will remain subject to this Privacy Statement. Your Personal Data will be passed on to a successor in the event of a liquidation or administration.

4.7 Other Websites and their Privacy Policies and Cookie Policies

The Site may contain links to other websites or applications. Rick Stein Group is not responsible for the privacy practices or the content of such websites or applications or for the privacy policies, cookie policies and practices of other third parties, so You should be careful to read and understand those policies independently.

5. HOW DO WE PROTECT YOUR PERSONAL DATA & FOR HOW LONG?

5.1 We aim to ensure Our Services are fully inclusive and accessible to everyone. To make this possible We need to collect (and may provide to prospective Rick Stein Group Service Providers) information on Your usage of the Services which will help Us review the accessibility of, and Your usage of, the Services. This information is very important to Us as it also enhances Our understanding of the Rick Stein Customer needs and helps Us to aid the technical administration of the Site, to better understand how the Site is functioning and to draw conclusions upon demographic information. Such information is provided in anonymised and aggregate form and do not include any individually identifiable data.

5.2    RETENTION: How long We keep Your Personal Data collected through the Site depends on the context in which You provide it and the purpose for which We use it. We will only retain it for as long as is necessary for such purposes. Rick Stein Group uses it discretion to decide retention periods in consultation with the advice provided by any organisation by which We are a member of or regulated or governed by as referred to at the top of this Privacy Statement. Our retention periods are set out in the table at Clause 2.1.

6. DO WE USE COOKIES?

For information about cookies and how they are used on the Site, please visit Our Rick Stein Group Cookie Policy.

7. YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION

What is Your right under the GDPR?How do we honour Your right?
The right to be informedWe must provide ‘fair processing information’, typically through a privacy statement such as this in which We describe how and why We collect and use Your Personal Data. Read more guidance from the ICO on what information We should supply to You and when You should be informed (which shall differ depending on whether or not We obtained the Personal Data directly from You or a third party).
The right of accessWe try to be as open and transparent as We can be in terms of giving You access to the information that We hold on You. You are entitled to be able to check the lawfulness of any processing of Your Personal Data. You can log in to Your Account for Our online shop at any time to view the Personal Data that We hold about You on Your Account. You can find out if We hold (and process) any other Personal Data by making a ‘Data Subject Access Request’ (DSAR). To make a DSAR to access Your Personal Data that We may hold, You need to put the request in writing addressing it to the postal address provided or You can send it electronically using Our Data Subject Rights Request Form. We will action Your request without delay and at the latest within one (1) month of Your request subject to any extensions granted. Alternatively, if You agree, We will try to deal with Your request informally, for example, by providing You with the specific information You need over the telephone. If We do hold information about You, We will:Describe the information We hold and tell You why We are holding it;Tell You who it could be shared with; and,Provide You with a copy of the requested information in an easy to understand format.Read more guidance from the ICO. 
The right of rectificationYou are entitled to have Your Personal Data rectified if it is inaccurate or incomplete. If We have disclosed this to third parties, We will inform You. We have one month initially to rectify it subject to a possible extension.Where We decide not to rectify, We shall provide an explanation as to why We are not making changes and inform You of Your further rights.You can also log in at any point to amend information held in Your Account for Our online shop that has changed or is no longer accurate. For other Services, the relevant information on how to make changes will be found in the Non-Marketing Communications e.g. booking confirmations and emails sent to You by Us.Read more guidance from the ICO.
The right of erasureYou have a legal and personal “right of erasure”, the extension of which is also known as the “right to be forgotten”. Upon Your request, We will close Your Account and remove Your Personal Data from Our systems as soon as reasonably possible unless a lawful reason exists for Us to retain some or all of it. You can also log in at any point to delete Your Personal Data held in Your Account for Our online shop. Read more guidance from the ICO. 
The right to restrict processingYou have a right to ‘block’ or ‘suppress’ the processing of Your Personal Data under certain circumstances but We are still entitled to store just enough of Your Personal Data to ensure that the restriction is respected in future.Read more guidance from the ICO. 
The right to objectYou have the right to object to Us processing Your Personal Data:Unless:·         based on legitimate interests or the performance of a (legal) task in the public interest/ exercise of official authority (including profiling);We can demonstrate compelling legitimate grounds for the processing, which override Your interests, rights and freedoms; or, the processing is for the establishment, exercise or defence of legal claims;for purposes of scientific/historical research and statistics provided that You have “grounds relating to Your particular situation”;the processing is necessary for the performance of a public interest task;for direct marketing (including profiling)N.B. There are no exemptions or grounds to refuse. You have an absolute right to object to Us processing Your Personal Data for the purposes of direct marketing. Read more guidance from the ICO. 
The right to data portabilityYou are entitled to obtain (in a commonly used and machine readable form) and reuse Your Personal Data that You have provided to Us (via consent or contract performance) and which We process by automated means for Your own purposes across different services and free of charge under certain circumstances. We must respond to a request without undue delay, and within one month whether or not We decide to action Your request. Where We decide not to, We shall inform You of Your further rights.Read more guidance from the ICO. 
Rights related to automated decision making and profilingSubject to any exceptions, We should not take a potentially damaging decision concerning You as a result of using automated processing operations without human intervention. We must ensure that You have the opportunity to:-       obtain human intervention;-       express Your point of view; and,-       obtain an explanation of the decision and challenge it.Read more guidance from the ICO. 

You can make a request in respect of any of Your rights as a Data Subject by filling out Our Data Subject Rights Request Form.

8. COMPLAINTS OR QUERIES

If You have any general requests for information about Our Privacy Statement or You have a complaint about the way in which Rick Stein Group has processed Your Personal Data, please contact the person named in the introduction as Our Data protection Manager by email or telephone. If You have a request with regards to Your rights, You can submit this via Our Data Subject Rights Request Form.

Rick Stein Group tries to meet the highest standards when collecting and using Personal Data. For this reason, We take any complaints We receive about this very seriously. We encourage You to bring it to Our attention. We are happy to provide any additional information or explanation needed in respect of Our processing activities upon request. If You are still not happy with the way in which Your Personal Data is being processed by Us, please contact the UK’s supervisory authority to whom You can lodge a complaint – https://www.ico.org.uk/.

9. DEFINITIONS & INTERPRETATIONS

Article 6(1)(b) GDPR: the “processing is necessary for the performance of a contract”.

Article 6(1)(a) GDPR: You have given Your consent to the processing of Your Personal Data for the specific purpose(s).

Article 6(1)(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by Us as a Data Controller or by a third party and such interests are not overridden by Your interests or fundamental rights and freedoms of the data subject which require protection of Personal Data.

Data Protection Legislation: refers to the GDPR together with any other applicable regulations, orders, code of practice and guidance.

Data Subject Access Request or ‘DSAR’: refers to right of access as further described in the table at Clause 7.

Data Subject Rights Request Form: refers to Our Data Subject Rights Request Form

Electronic Mail: includes email, text, video, voicemail, picture and answerphone messages (including push notifications).

Intellectual Property Rights: patents, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

Marketing Communication(s): refers to any communication whether by an Electronic Mail method or otherwise that We send to You (either directly or via a Rick Stein Group Service Provider) which may include but are not necessarily limited to relevant newsletters and magazines, information about opportunities, products, services and events and relevant information.

Non-Marketing Communication(s): refers to any communication which is functional/ administrative only and are not Marketing Communications.

Personal Data: has the meaning set out in the GDPR.

Rick Stein Group Content: the content including all Intellectual Property Rights therein residing on the Site (which may or may not include Personal Data).

Rick Stein Group Service Providers: refers to the external third party data processors (as distinct from Partner Organisations) with whom We work with from time to time as a necessary part of providing the Services and with whom We therefore need to share Your Personal Data with from time to time which shall include professional and legal advisors in addition to those listed at clause 4.5.

Rick Stein Customer: refers to the person using the Site.

Services: refers to the Services We may provide to You.

10.    CHANGES TO THIS STATEMENT

We keep Our Statement under regular review. This Statement was last updated 1st November 2021.