Privacy policy

1. About Us
1.1 We are Dishoom Limited (referred to in this Policy as “we”, “us” or “our”). Our head office is located at 141–143 Shoreditch High Street, London, E1 6JE and our registered office address is Suite 5, 7th Floor 50 Broadway, London, United Kingdom, SW1H 0DB. We are registered at Companies House with company number 06226963. 


1.2 Personal data is, in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers (collectively, “Personal Data”). We understand that your privacy is important to you and that you care about how your Personal Data is used.


1.3 We respect and value the privacy of everyone who visits our websites, https://www.dishoom.com, https://store.dishoom.com or https://www.permitroom.co.uk (“Our Sites”), our social media platforms and/or interact with us in other ways, including accessing wi-fi in our cafes.  We will only collect and use Personal Data in ways that are described in this Policy, and in a way that is consistent with our obligations and your rights under the law.


1.4 For the purposes of applicable data protection law (including the EU law version of the General Data Protection Regulation (EU 2016/679) and the Data Protection Act 2018)(collectively the “Data Protection Legislation”) we are a ‘data controller’ of your Personal Data.


1.5 Where applicable, this policy should be read alongside our: (i) Cookie Policy; (ii) reservation terms (or the reservation terms of any third party who processes bookings on our behalf); (iii) Shipping Policy; and (iv) Wi-fi Terms of Use (or the wi-fi terms of any third party who provides this service on our behalf).  
 
2. What Personal Data do we collect?
2.1 We may collect Personal Data when you visit our Sites, participate in promotional or marketing activity, come to one of our cafes, sign in for our wi-fi or contact us. This information may include:

  • Information you provide when you reserve a table (contact name, phone number, email address and any additional notes you may provide, for example if you are celebrating a special occasion);
  • Transaction and billing information when you purchase food and drink in our cafes (e.g. your purchase and credit/debit card details used to process a payment);
  • Information you are required to provide when making a purchase from our online store (contact name, phone number, email address, delivery address and transaction and billing information); 
  • Records of your communications with us via phone, email or social media;
  • Feedback you provide;
  • Information you provide when entering a competition or promotion, such as name, address, email address, phone number;
  • Information you provide when you buy or redeem vouchers or loyalty cards; and
  • Information we receive from other sources, for example Google Analytics, when you visit our Sites, such as web browser type and version, operating system, the website you came from and exit to, your  Internet Protocol address, your browser settings, the date and time of your visits.
3. How do we use Personal Data?
3.1 We process Personal Data for the following purposes:  
  • fulfilling an agreement with you, communicating with you and providing customer services;
  • managing, operating and improving our services online, by email, or phone or in our cafes (including enabling you to manage your marketing preferences);
  • managing access to wi-fi services whilst in the restaurant;
  • monitoring our restaurants via CCTV cameras to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
  • communicating, investigating and handling any queries, complaints or feedback;
  • to administer our Sites and for internal operations, including trouble shooting, data analysis, testing and research;
  • in connection with legal claims which concern our company, group or partners, as necessary, including disclosure of information in connection with legal process or litigation;
  • to ensure compliance with applicable laws and regulations, including for regulatory, tax and investigative purposes; 
  • to deliver tailored and targeted advertising (including via Facebook look-a-like and custom audiences);
  • to carry out market research and surveys including by using service providers and third-party CRM systems; and
  • with your consent and/or where permitted by law, we may also use your Personal Data for marketing purposes, for example to deliver tailored and targeted marketing and to contact you with information, news and offers. If you change your mind you can always opt out of receiving such communications by clicking the unsubscribe link in an email. 
4. Who will your Personal Data be shared with, and where?
4.1 We will share your Personal Data:
  • With our suppliers and service providers working for us such as payment providers, reservations service providers, communications providers, wi-fi service providers and advertising platforms;
  • With our professional advisers and insurers;
  • With third parties engaged in credit verification, fraud prevention or detection;
  • With government, regulatory and law enforcement authorities if required; 
  • Purchasers (and prospective purchasers) of shares or business assets or  investors (and prospective investors) in us (together with their professional advisers);
  • We will obtain your express opt-in consent before sharing your Personal Data with third parties for marketing purposes and you will be able to opt-out at any time.

5. What cookies will be used on the website?
5.1 Our Sites uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our Sites,  to collect information to help us improve our Sites and to target marketing and advertising to Site visitors.
 
6. How long will you hold my Personal Data?
6.1 We will keep Personal Data for as long as necessary to fulfil the purpose for which we obtained it. Thereafter, subject to certain exceptions, we will retain Personal Data until the earlier of: (i) a short period of time after you ask us to stop doing so (to allow us to implement your request); or (ii) 24 months after your last active engagement with us.  If almost 24 months have expired since your last active engagement with us, we will contact you to check if you still want to hear from us.  If you confirm you do, this will re-set the 24 month period to zero. 


6.2 We also keep a record of your email address if you have unsubscribed, or you have asked us not to send you direct marketing, so that you do not receive marketing emails in future.


6.3 By law we have to keep some information about our customers for extended periods after they cease to be a customer.  This might be for contractual, financial, tax or regulatory purposes.  We may also keep a record of correspondence relating to queries and complaints for as long as reasonably necessary if we believe there is a prospect of litigation or an insurance claim.  


6.4 In some circumstances you have a right to ask us to delete your Personal Data: see paragraph 11 below for further information.


6.5 In some circumstances we will anonymise your Personal Data (so it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without the need to notify you.
 
7. Where will we send your Personal Data?
7.1 Whilst our servers are kept in the UK, Dishoom uses service providers around the world. Consequently your Personal Data may be transferred, stored and/or processed in countries outside of the UK and Europe (the “EEA”).  This may include countries where the local laws do not provide the same level of data protection as those in EEA or the UK. For example, some of our suppliers are based in India.


7.2 Where this is the case and we transfer Personal Data outside of the UK/EEA we use specific approved contracts which ensure the same levels of Personal Data protection that apply under the Data Protection Legislation. Please email all-ears@dishoom.com if you would like more details.
 
8. Telephone call monitoring
8.1 If you contact us by telephone we may monitor or record the call for training purposes, and to improve the quality of services that we provide to you.
 
9. Third party links
9.1 Our Sites sometimes contain links to other websites.  If you follow these links please be aware that such sites have their own privacy policies which you should check - we don’t accept any liability for these sites or the information they collect.
 
10. Minors
10.1 We do not knowingly collect or store any Personal Data about children under the age of 13 and we do not offer any of our products or services directly to children under the age of 13.
 
11. How can you access your Personal Data?
11.1 If you want to know what Personal Data we hold about you, you can ask us for details and a copy of it. This is known as a “subject access request”.


11.2 All subject access requests should be made in writing and sent:

  • By email to all-ears@dishoom.com; or
  • By post to: The Data Protection Officer, 141–143 Shoreditch High Street, London, E1 6JE. There is no charge for a subject access request unless your request is ‘manifestly unfounded or excessive’ in which case we may charge you a fee.
We will respond to your subject access request in accordance with the ICO guidelines.  Please see: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/ for more information. 
 
12. What rights do you have regarding Personal Data?
12.1 Under Data Protection Legislation, subject to some exceptions, you have the following rights:
  • The right to be informed about our collection and use of your Personal Data; 
  • The right to access the Personal Data we hold about you; 
  • The right to have your Personal Data rectified if any of your Personal Data held by us is inaccurate or incomplete; 
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your Personal Data that we hold; 
  • The right to restrict (i.e. prevent) the processing of your Personal Data;
  • The right to object to us using your Personal Data for a particular purpose or purposes;
  • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your Personal Data, you are free to withdraw that consent at any time;
  • The right to data portability. This means that, if you have provided Personal Data to us directly, you can ask us for a copy of that Personal Data to re-use it elsewhere or ask us to transfer it to a third party; and
  • Rights relating to automated decision-making and profiling.

12.2 For more information about our use of your Personal Data or exercising your rights as outlined above, please contact us using the details provided in paragraph 14.


12.3 Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.


12.4 If you have any cause for complaint about our use of your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would hope however that you give us the chance to resolve any complaint before you do this. 
 
13. Facebook Ads
13.1 We may use Facebook advertising services to deliver content to you while you are using the Facebook platform. You can control how Facebook uses data to show you ads by turning off ads which may be based on interests and / or your relationship with specific advertisers, in your ad preference settings. For further information, please visit the various Facebook pages which allow you to learn more about Facebook ads and tracking technologies and to update your settings:

  • https://www.facebook.com/policies/cookies/
  • https://www.facebook.com/about/ads
  • https://www.facebook.com/ads/preferences/edit/

Further, by visiting ‘Your Online Choices’, you can opt-out from seeing Facebook’s interest-based ads. You can also use your mobile device settings to configure your advertising preferences.


13.2 Please note that even when you have opted out via the methods described above, you may still see our non-targeted adverts whilst you are online if your interests’ settings on Facebook are aligned to an audience segment (pre-defined by Facebook) which our business is also associated with. We do not control this.
 
14. Contact us
14.1 If you have any questions or concerns about how we use your Personal Data or this Privacy Policy, please get in touch with us:

  • By email at: all-ears@dishoom.com; or
  • By post to: The Data Protection Officer, 141–143 Shoreditch High Street, London, E1 6JE.
15. Changes to this policy
15.1 We may change this policy from time to time.  The latest version will be uploaded to the Dishoom website and will take precedence over earlier versions.  If we consider any changes represent an important change to how we use your Personal Data we will notify you. 

This policy was last updated on 22nd March 2024.