Privacy Policy

1. Introduction

The Bank at Bude ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. The Data We Collect

We may collect and process the following data about you:

• Identity Data: First name, last name, title.
• Contact Data: Billing address, email address, and telephone numbers.
• Transaction Data: Details about payments (processed securely via our partners) and details of your restaurant bookings.
• Health Data: Specific dietary requirements or allergies you explicitly disclose to us for your safety.
• Loyalty Data: Information relating to your participation in our loyalty club.

3. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To fulfill a contract with you, such as processing your table reservation or dining pod booking.
• To ensure your health and safety by recording dietary requirements and allergen information.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• To manage the loyalty club and administer rewards.
• Where we need to comply with a legal or regulatory obligation.

Where you choose to tell us about allergies or dietary requirements, this is treated as “special category” health data under UK GDPR. We process it only on the basis of your explicit consent (Article 9(2)(a)), given at the point you share it with us, and we use it for the single purpose of preparing and serving your food safely. You can ask us to delete it at any time.

4. Third-Party Services

To provide our services, we utilize trusted third-party data processors. Your personal data may be shared securely with:

• OpenTable: Our reservation and loyalty club partner, which handles your booking requests, loyalty membership and associated contact information.
• Square: Our payment processing and gift voucher provider.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

5. International Data Transfers

Some of our third-party processors — including OpenTable and Square — are based outside the United Kingdom, so your personal data may be transferred to, and stored at, a destination outside the UK and the European Economic Area (EEA). Whenever your data is transferred internationally, we ensure a similar degree of protection is afforded to it by relying on one of the safeguards permitted under UK GDPR: transfers to countries the UK Government has deemed to provide an adequate level of protection, or transfers made under the UK’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses. You can ask us for a copy of the relevant safeguard by contacting us using the details in section 9.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law we have to keep basic information about our customers for tax purposes for six years after they cease being customers.

7. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

• Request access to your personal data (a "data subject access request").
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing of your personal data.
• Request the transfer of your personal data to you or to a third party.
• Withdraw consent at any time where we are relying on consent to process your personal data.

8. Cookies & this website

We follow UK GDPR and the Privacy and Electronic Communications Regulations (PECR). Our OpenTable booking widget loads when you open the Reservations page so you can book straight away, and sets OpenTable’s cookies; the embedded Google Map is not set until you opt in via our cookie banner. You can review the full list and change your choices any time on our Cookie Policy page.