Privacy Policy

This Privacy Policy applies to our iOS and Android Mobile Applications (our “App”). In the below policy, we inform you about the scope of the processing of your Personal Data.

GENERAL INFORMATION

  • a) What law applies?

    Our use of your Personal Data is subject to the UK’s Personal Data Protection Act (“DPA”) and the EU General Data Protection Regulation (“GDPR”), and of course, we process your Personal Data accordingly.

  • b) What is Personal Data?

    Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address and device ID.

  • c) What is processing?

    Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

  • d) Who is the data controller?

    A “data controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. In this sense, Bites Limited, 6 Shelburne Court, High Wycombe, England, HP12 3NH (“Bites”, “we”, “us”, “our”) is the data controller. If you have any questions about data protection at Bites Limited in general, you can reach us by email using contact@highwycombebites.co.uk.

  • e) The Legal Bases for processing Personal Data

    In accordance with the above-mentioned laws, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfilment of a contract / pre-contractual measures, c) the data is necessary for the fulfilment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.

PROCESSING OF AUTOMATICALLY COLLECTED DATA

  • a) Downloading our App

    The App can be downloaded from the “Google Play Store” a service offered by Google LLC, or the Apple App service “App Store” a service of Apple Inc, to install our App. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.

  • b) Installing our App

    As far as we are aware, Google collects and processes the following data: Licence check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.

    As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, and it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.

  • c) Device information

    Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass and Payment Data and Billing confirmations.

  • d) Authorizations and Access

    We may request permission to store your App data including your Internet Connection and Network, Location (Precise Location), Push Notifications and Calendar. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures and your consent. You can deny access on your device via the Settings/Notifications/options of your device; however, this means that our App may not function as intended.

  • e) Precise Location Information

    When you use one of our location-enabled services, we may collect and process information about your mobile device’s GPS location (including the latitude, longitude or altitude) and the time the location information is recorded to provide the Services with location-based information and features (for example, to inform you about restaurants in your area). Some of these services require your Personal Data for the feature to work and we may associate location data with your device ID and other information we hold about you. We keep this data for no longer than is reasonably necessary for providing services to you. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.

  • f) Push messages

    When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract using Firebase Cloud Messaging for Push Notifications for Android devices and the Apple Push Notification service (APNs) for iOS devices. You can adjust or stop receiving push messages at any time via a) the device settings of your device or b) or by enabling or disabling specific types of notifications within the App. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.

  • g) Firebase

    We use the Google Firebase developer App and related features and services provided by Google. We use the following Google Firebase services in our App: a) Firebase Analytics, and b) Firebase Crashlytics. By integrating Google services, Google may collect and process information (including personal data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy. The legal basis is the implementation of the user contract for the use of the App.

  • h) Crashlytics

    The app uses the tool Crashlytics to log crashes of our App. No personal data is transmitted. Only real-time crash reports with precise details of code locations and device information are sent, which is intended to simplify maintenance and improve the resulting stability of our App. The legal basis for data processing is our legitimate interest. In the settings under data services, you can select whether you want to send crash reports or not.

  • i) Google Analytics for Firebase

    Our App uses the web analytics service Google Analytics for Firebase, which uses tracking technologies to track your use of our App. In this respect, information is generated about, among other things, the number of users and their sessions, the session duration, the operating system used by the users, their device model, the region from which our App is accessed, the first start of our App, our App execution and any updates.

    In order to provide the relevant data for analysis, Firebase Analytics uses your a) device's advertising ID, b) an App instance ID (a randomly generated number that identifies a single app installation), c) and the IP address, which is shortened (IP masking) before being processed on Google's servers (which may be located outside the EEA) to generate the usage analysis. You can object to the use of Firebase Analytics at any time by disabling the sending of usage statistics in your device settings (Reset Advertising ID). We have no influence on these data processing operations. The basis for processing is our legitimate interest and your consent.

DATA PROCESSING BY US

  • a) Contacting us

    Personal data is processed depending on the contact method. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also include certain Personal Data. The personal data collected when you contact us is used to process your request and the legal basis is your consent.

  • b) Registration

    If you register, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form. The entry of your data is encrypted so that third parties cannot read your data when it is entered. Your data will remain stored for as long as the registration lasts, in particular if the storage is necessary for the fulfilment/execution of the contract, to enforce our rights or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).

  • c) Profile

    As a registered user, you have the opportunity to create a user profile with just a few clicks and details and the relevant profile data you provide will be posted on your profile. Of course, you can change the information and delete your account at any time via the settings in your profile. You have choices about the information on your profile. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add Personal Data to your profile that you would not want to be available. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of our App.

  • d) Providing our services

    The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data as is absolutely necessary. This depends on how you are using our App and typically includes:

    Your content: such as reviews, comments, current and prior restaurant reservation details, food ordering details and history, favourite restaurants, special restaurant requests, contact information, restaurant reservations through our Services, names, and other information you provide. Nevertheless, we rely on the processing of certain Personal Data, to fulfil our contractual obligations to you or to carry out pre-contractual measures.

  • e) Aggregated Data

    We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose including improving our App and Services. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.

  • f) Administration, financial accounting, office organisation, contact management

    We process data in the context of administrative tasks as well as organisation of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

  • g) Payment Data

    If you make a payment will be processed via our payment service provider Stripe and payment will solely be processed through the payment system of Stripe. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.

  • h) Promotional use of your data

    We use your data within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive sales, promotions, or special events. The legal basis for processing is our legitimate interest.

GENERAL PRINCIPLES

  • a) What we do not do

    • We do not request Personal Data from minors and children;

    • We do not process special category data without obtaining prior specific consent;

    • We do not use Automated decision-making including profiling; and

    • We do not sell your Personal Data.

  • b) Sharing

    We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Bites Limited (or a part of Bites) is sold to or merged with a company; or if we have reason to believe that disclosure is necessary to protect our business.

  • c) International Transfer

    We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.

  • d) Storage

    All data collected is generally transferred to our own server. The legal basis for the data processing is our legitimate interest in providing our App.

  • e) Data Security

    Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organisational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through our App.

    Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

YOUR RIGHTS AND PRIVILEGES

  • a) Privacy rights

    You can exercise the following rights:

    • Right to information
    • Right to rectification
    • Right to object to processing
    • Right to deletion
    • Right to data portability
    • Right to withdraw consent
    • Right to complain to a supervisory authority
    • Right not to be subject to a decision based solely on automated processing.

    If you wish to exercise any of your rights, please contact us.

  • b) Updating your information

    If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

  • c) Withdrawing your consent

    You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

  • d) Access Request

    In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

  • e) Complaint to a supervisory authority

    The supervisory authority in the UK is the Information Commissioner's Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other supervisory authority.

  • f) What we do not do

    • We do not request Personal Data from minors and children;

    • We do not process special category data without obtaining prior specific consent; and

    • We do not use Automated decision-making including profiling.

HELP AND COMPLAINTS

If you have any questions about this policy or the information we hold about you please contact us by email using contact@highwycombebites.co.uk

CHANGES

The first version of this policy was issued on Monday, 9th of December, 2024 and is the current version. Any prior versions are invalid and if we make changes to this policy, we will revise the effective date.

High Wycombe Bites