It provides information on what personal data we collect, why we collect the personal data, how it is used and the lawful basis on which your personal data is processed and what your rights are under the applicable data protection and privacy laws, including the “General Data Protection Regulations or GDPR”.
We are committed to ensuring that your privacy is protected and understand the need for appropriate protection of all personal information provided by you to us.
Who we are
28 Market Place is operated by 28 Market Place Ltd, a company registered in England and Wales under registration number 11081298 (“28 Market Place”, “we”, “us” and / or “our”). 28 Market Place is the controller and responsible for your personal data as further described in this policy.
Our registered address is New Farm, Hartlake, Glastonbury, Somerset, BA6 9AB.
We collect data from you when you make a booking, use our restaurant, and use our services, via our team, either in person or over the phone, and also when you book online via our website.
Services and facilities include guest wi-fi. You will be asked to accept terms and conditions of use when logging on by obtaining the up to date password from our team. Your information will then be used under these terms and conditions.
We also collect Data from you when you subscribe to any of our marketing communications. These may be carried out online, by telephone or in person.
Some of the Data we collect may be classed as personal Data (as defined in GDPR), that is, it is information about an individual who can be identified from it. It may be collected any time you submit it to us, whatever the reason may be.
Any third party services or contractors we employ (to produce websites and send marketing information via email for example) that need access to your personal Data (IP addresses, email addresses) are bound by a contract that requires them to implement appropriate technical and organisational measures to keep the information secure and not to use it for their own direct marketing purposes.**
Our email database is kept securely password protected Mailchimp, you can see their privacy policies by clicking here.
Without limitation, any of the following “Data”, meaning collectively all information that you submit to us, including but limited to, personal details and information submitted using any of our services or collected by us via our website including:
- Your full name
- Your contact information such as email addresses and telephone/mobile numbers
- Your demographic information such as preferences and interests
- Your geographic information such as home address and post code, where applicable
- Your date of birth
- Your IP address, automatically collected
- Your web browser type and version, automatically collected
- Your operating system, automatically collected
- Your credit or debit card details where you make a payment
- A list of URLS starting with a referring site, your activity on our website, and the website you exit to, automatically collected
- Your Cookie information see below
If you choose to connect with us via social media websites, for example such as Instagram or Twitter, we may collect your user name, which may contain your name and surname, by you “liking” or “following” our page. We may also run competitions via these social media websites which will send you to a separate competition website link. By connecting with us via social media websites you are bound by their terms and conditions and privacy policies.
How we will use your data
We use the information we collect about you to;
• process your restaurant booking (to perform a contract)
• answer your queries (our legitimate interests)
• process your voucher purchases (to perform a contract)
• to write to you about our events (either based on your consent or our legitimate interests)
We have indicated above the legal bases that we will rely on to process your data for these purposes.
Where we use your personal Data for our mailing list we will only send direct marketing communications where those marketing communication relate only to our products and services and we have obtained consent to do so, or where you are an existing customer and were given the opportunity to opt out when data was initially collected. Unless you unsubscribe we will contact you via our marketing channels via email, phone or post about other related products and services we provide which we think may be of interest to you. Our marketing communications are generally sent by email but we may sometimes use other methods of delivery such as by post or SMS. At any time you may stop these communications by texting “STOP” or unsubscribing.
We may use your Data collected from our website, via cookies or direct input, to personalise your repeat visits to our website. Our legal basis for processing is your consent.
We operate a centralised reservation system use of which is only used by ourselves. This means that any personal Data you have shared with us for booking purposes is available in that system to 28 Market Place.
Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience. Specifically, Data may be used by us for the following reasons;
- internal record keeping;
- improvement of our offers, products and website
- transmission by email of promotional materials that may be of interest to you
- to pass on to the police and government authorities as requested by them, for example in cases of fraud and theft
- to comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory body which are binding on us
- linking you with third party payment collecting companies for payments
We adhere to the following principles:
* All our relevant employees have received training in how to handle Data. This includes ensuring they are aware of the importance of handling Data safely and securely, and understanding the procedures in place to ensure this happens
• When collecting Data for third party clients all Data is anonymised, save for payment details where we use a third party payment collecting company Global payments
• Once every year we will evaluate our database and securely delete any contacts no longer engaged or any Data no longer needed by us
• We have measures in place to keep the personal Data we hold safe and secure
• All personal information is stored on 28 Market Place secure web server hosted site to which access is only granted to key personnel. Where data is downloaded to be updated, and as a backup to the cloud, it is only stored on personal drives, only accessible via individual log in
• We can be contacted via email on firstname.lastname@example.org, please put the topic of your enquiry in the header title
• We may share your Data (only where necessary for the purposes described in this policy) with; our employees, agents, consultants, third parties (including Mailchimp for email services, Visa or Mastercard for payment services,[●], analytic and search engine providers that assist with the improvement and optimisation of the website, such as Google Analytics.
We may also disclose your personal data to third parties when:
• you specifically request this
• in the event we buy or sell any business assets, in which case we may disclose your personal data to the prospective buyer or seller of such business or assets, or (c) if 28 Market Place or substantially all of its assets are acquired by a third-party, in which case personal data held by 28 Market Place about its customers will be one of the transferred assets.
Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our website. Specifically, Data may be used by us for the following reasons:
• internal record keeping
• improvement of our products, services and website
• transmission by email of promotional materials that may be of interest to you
• to pass on to the police and government authorities as requested by them, for example in cases of fraud and theft
• linking you with third party payment collecting company for payments
Transaction and data security
Whilst we take reasonable, appropriate technical and organisational measures to safeguard the personal Data that you provide to us, no transmission over the internet can ever be totally guaranteed secure. Consequently, please be aware that we cannot guarantee the complete security of any personal Data that you transfer over the internet to us whilst in transit.
We understand how important it is to securely store any Data that you provide. We take the privacy and security of your payment and personal details very seriously.
As part of our security measures, we use encryption technologies for online transactions via our website including “Verified” by Visa and Mastercard secure code.
To use this service, you must first register with the bank or other organisation that issued your card. You can find out more about these services by visiting the relevant Visa and Mastercard websites:
Visit the Verified by Visa website www.visa.co.uk/en/security/online_security/ verified_by_visa.aspx Or visit the Mastercard SecureCode website www.Mastercard.co.uk/securecode.html
Once you have registered and created your own private password with your card issuer, you will be prompted automatically at checkout to provide this password each time you use your card on our website.
We do not have access to your Verified by Visa or Mastercard SecureCode password. This is entirely separate from any website user account you may create with us.
You can tell whether a page is secure as ‘https’ will replace the ‘http’ at the front of the in your browser address window. A small locked padlock will also appear either in the bottom bar of your browser window or alongside the browser address, depending upon which browser software and version you are using.
On pre-payment bookings payment is taken up-front and money taken at the time of booking. It is important that you take note of our cancellation policy in our Terms and Conditions.
In addition to the Data collected via our website when we collect Data in person we keep this information in secure files with restricted access to keys.
We would like to send you information about 28 Market Place & Market Bakery products, offers and services, which we believe may be of interest to you.
If you have consented to receive our marketing, you may opt out at any time.
If you no longer wish to be contacted, you can unsubscribe by any of the following methods; Select the UNSUBSCRIBE link included in our emails Contact our Marketing Team on the email address: email@example.com Please put the subject matter in the email header.
We do not transfer your personal Data outside the UK.
Data subject rights
You have a right to access a copy of the Data which we hold about you. If you would like to do this, please email us at firstname.lastname@example.org and add the subject matter in the email header or write to us at the address above. Wherever possible we will provide the Data within one month of your valid request.
We want to make sure that your personal Data is accurate and up to date.
You may need to modify or update your Data if your circumstances change. Additional Data as to your marketing preferences may also be stored and you may change this at any time.
You also have the right to:
•Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
•Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
•Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
•If you want us to establish the data’s accuracy.
•Where our use of the data is unlawful but you do not want us to erase it.
•Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
•You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
•Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
You are able to exercise your rights described above, or withdraw your consent for use of your personal data at any time, by telling our team in person or by contacting us via email at email@example.com and the subject matter “Opt-out” in the email header.
If you withdraw your consent to any or all use of your personal Data, depending upon the nature of your request, we may not be able to provide or continue providing our products and services to you, or administer any contractual relationship already in place.
Retention of information
Your personal Data will be retained for only as long as it is necessary to fulfil the purpose for which it is collected, for business or legal purposes, or in accordance with applicable laws.
Should you choose to unsubscribe from our mailing list please note that your personal Data may still be retained on our database for up to 12 months or to the extent permitted by law.
We may set and access Cookies on Your “Computer” meaning any computer, laptop, and tablet, mobile or other device that our website can be viewed on.
A “Cookie” is a small file of letters and numbers, which asks permission from your browser to be placed on your Computer’s hard drive. Cookies allow web applications to respond to you as an individual and allow us to distinguish you from other users on our Website. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences and allows us to improve our Website.
Our Cookies use:
- Google Analytics Cookies to identify which pages are being used. This helps us analyse data about web page traffic (the number of visitors and how visitors move around our Website when they are using it) and improve our Website in order to tailor it to your needs.
- third party Cookies within our email campaigns, predominantly sent using third party email marketing tools, as well as Google Analytics. Cookies are used to monitor open rates and improve your experience and also for the tracking of website activity initiated from hyperlinks within email marketing campaigns.
- Session Cookies on our Website. These are temporary Cookies, which only exist in the period you access the Website (or more strictly, until you close the browser after accessing the Website). Session Cookies help the Website remember what you chose on the previous page, therefore avoiding having to re-enter information.
- Cookies used for customer email, customer name, customer id*, token*, customer profile link*, customer flags* (*= generated by our own system) and social media share.
The length of time a Cookie will remain on your Computer will depend on the type of Cookie. On our Website, these Cookies do not contain personal information, and cannot be used to identify you.
To find out more about how to manage cookies through your chosen browser go to:
You may delete/disable your Cookies or manage your Cookies preferences (Please see the link on how to disable Cookies http://windows.microsoft.com/en-gb/internet-explorer/delete-managecookies#ie=ie-11). If you do decide to disable or delete the Cookies altogether our website will not work as well as it could as it relies on Cookies to provide you with the service you have requested.
You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies; however, this can be altered. For further details please consult the help menu in your browser on your Computer and search for “cookies”.
Phishing is the practice of tricking someone into giving confidential information. Examples include falsely claiming to be a legitimate company when sending an e-mail to a user, in an attempt to get the user to send private information that will be used for criminal activities such as identity theft and fraud.
We will never separately ask you to confirm any account or credit card details via email. If you receive an email claiming to be from us asking you to do so, please ignore it and do not respond.
You can contact our reception staff by phone or by contacting us via email at firstname.lastname@example.org and the subject matter “Credit Card Fraud” in the email header to report it or if you are unsure.
We will on occasion take bookings over the phone. We will give our name and name of our company when we do this. If you are anxious about the phone call, revealing your payment details or do not believe that the person on the other end of the phone is us, we suggest you put the phone down and ring us directly using the telephone number on our website asking for the person you spoke to.
Links to other websites
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.