AURUM
+44 20 7946 0000

Legal

Privacy Policy

Last updated: 1 April 2026

Aurum Restaurant Ltd ('we', 'us', 'our') is committed to protecting your personal data. This policy explains what information we collect when you use our website or make a reservation, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The data controller is Aurum Restaurant Ltd, registered in England and Wales (Company No. 12345678), with its registered office at 1 Placeholder Street, Mayfair, London W1X 0XX. You can contact us at privacy@example.com or by post at the address above.

2. Data We Collect

  • Reservation data: name, email address, telephone number, number of guests, preferred date and time, and any dietary or special requirements you provide.
  • Communications data: messages sent via our contact form or by email.
  • Technical data: IP address, browser type and version, time zone, operating system, and pages visited, collected automatically via server logs and cookies (see our Cookie Policy).
  • Marketing data: your preferences regarding receiving marketing communications from us, if you have opted in.

3. How We Use Your Data

We process your data on the following legal bases:

  • Contract performance: to confirm, manage, and fulfil your reservation.
  • Legitimate interests: to improve our services, prevent fraud, and maintain the security of our website.
  • Legal obligation: where we are required to retain records by law (e.g., financial records for HMRC).
  • Consent: to send you marketing emails or newsletters, where you have opted in. You may withdraw consent at any time.

4. How Long We Keep Your Data

  • Reservation records: retained for 2 years from the date of your visit.
  • Financial records: retained for 7 years to comply with HMRC requirements.
  • Marketing consent records: retained for 3 years from the date of last consent or activity.
  • Technical/log data: retained for 90 days.

5. Who We Share Your Data With

We do not sell your personal data. We may share it with:

  • IT and hosting providers who support our website infrastructure.
  • Reservation management software used to process bookings.
  • Legal or regulatory authorities where required by law.

All third-party processors are bound by data processing agreements and may not use your data for any other purpose.

6. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate data.
  • Erasure ('right to be forgotten') where there is no lawful basis to continue processing.
  • Portability of data you provided to us under consent or contract.
  • Object to processing based on legitimate interests.
  • Restrict processing in certain circumstances.
  • Withdraw consent at any time for consent-based processing.

To exercise any right, contact us at privacy@example.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies

We use cookies to operate the website and, where you consent, to analyse traffic. For full details please read our Cookie Policy.

8. Changes to This Policy

We may update this policy from time to time. The “last updated” date at the top of this page will reflect any changes. Continued use of our website after an update constitutes acceptance of the revised policy.

Back to Home