PRIVACY POLICY – TOKYO BENTO.

Welcome to the TOKYO BENTO privacy policy.

We value your privacy and are committed to protecting your personal information.

This policy pertains to data gathered by us or shared by you, whether within our dining establishments, via our Website (including the mobile-friendly version accessible on your handheld device), third party apps or through any other means (like telephone, logging into our wifi or applying of a job). Its purpose is to aid you in making well-informed choices while using our website and our products and services. We kindly request that you take a moment to review this policy.

PURPOSE OF THIS PRIVACY POLICY 

This privacy policy informs you of how we look after your personal data, informs you of your privacy rights and the laws that protect you.

Our website and services are not intended for persons under the age of 18, and we do not knowingly collect data related to children.

It’s vital that you go through this privacy policy along with any other privacy policies or data processing guidelines we might provide on specific occasions when we collect or process your personal information. This privacy policy works alongside other notifications and privacy policies and doesn’t intend to override them. Our aim is to ensure you fully understand how and why we use your data.

This privacy policy is issued by SEVEN ARCHS SL. When we mention ‘TOKYO BENTO,’ ‘Tokyo Bento,’ ‘We,’ ‘Us,’ or ‘Our’ throughout this policy, we are referring to SEVEN ARCHS SL. SEVEN ARCHS SL is the data controller and is responsible for this website and the protection of your data. In cases where an entity other than SEVEN ARCHS SL will be the controller of your data, we will inform you accordingly to ensure transparency in our data processing practices.

If you have any questions about this privacy policy, or wish to exercise your rights, please contact us in one of the ways;
By email: enquiries@tokyobento.com or.
By post:
ATT: PRIVACY TEAM
TOKYO BENTO Customer Services – Support Centre
Unit 10 Barcelona Business Park,
Calle Sant Roc
08014 Barcelona

When we refer to “personal data” or “personal information,” we mean any data that can identify an individual. This doesn’t encompass data where the identity has been eliminated (anonymous data). We may gather, use, store, and transfer various categories of personal data about you, depending on the circumstances and purposes. These categories of data include:

  • IDENTITY DATA: This category includes your first name, last name, and date of birth.
  • CONTACT DATA: It comprises your email address and telephone numbers.
  • PAYMENT DATA: This covers details such as bank account and payment card information.
  • TECHNICAL DATA: This category encompasses your internet protocol (IP) address, login details, browser type and version, time zone configuration, geographical location, browser plug-in details, operating system, and device technologies you employ to access our website.
  • USAGE DATA: Information within this category pertains to how you use our website.
  • MARKETING & COMMUNICATION DATA: It encompasses your preferences regarding marketing communications when you subscribe to receive emails from us.

Further details on the circumstances which we process your data and how we handle it are as follows:

  • When using WIFI in our venues
  • When providing us with feedback
  • When using our website
  • When captured on our CCTV
  • When applying for a job or are employed by us
  • Other ways we process your data

We have detailed all the ways we intend to utilize your personal data, along with the specific legal bases we rely upon for each circumstance in the respective sections that explain when and how we handle your data. In situations where it’s applicable, we have also identified our legitimate interests.

It’s worth noting that we may process your personal data using more than one lawful basis, depending on the precise purpose for which we are using your data. If you require further information about the legal basis, we are relying on to process your personal data when required on multiple grounds as outlined in the following, please contact us.

PARTNERS

We work alongside various third-party suppliers and partners, and as part of this collaboration, these third parties may need to process your personal information to provide services either to us or on our behalf. These organizations are legally bound to adhere to our data protection policies. They are obligated to handle personal data strictly in line with our instructions and are not permitted to use your personal information for their own purposes.

Please note that when utilizing services provided by third-party suppliers or partners, such as making an order on a delivery app, you should refer to their respective privacy policies. These third parties may have their own privacy practices, and it is important to familiarize yourself with their policies to understand how they handle your personal information.

LEGAL COMPLIANCE AND BUSINESS INTERESTS

We may disclose your personal data when it is necessary to comply with legal requirements, such as sharing information with Agencia Tributaria, the Police, or to meet conditions specified by a licensing authority for premises licenses. In cases where such legal obligations apply, they may take precedence over your rights under the Data Protection Act 2018.

Additionally, your personal data may be shared if it becomes essential to safeguard our business interests. This could involve enforcing contractual terms, pursuing outstanding debts, or defending our legal rights.

BUSINESS TRANSACTIONS AND LEGITIMATE INTERESTS

We might also share your personal data with third parties in cases where we decide to sell, transfer, or merge segments of our business or our assets. Alternatively, we may explore opportunities to acquire other businesses or merge with them. If such changes occur within our business, the new owners may utilize your personal data in alignment with the practices described in this privacy policy.

Furthermore, we may share your personal data in situations where there is a legitimate interest to do so under the Regulation (EU) 2016/679) (‘GDPR’) Data Protection Act 3/2018. For instance, this may include sharing data to detect or prevent criminal activity, fraud, or money laundering; facilitating investigations by regulators or ombudsmen in response to complaints you’ve lodged with them; or safeguarding the rights of other individuals or organizations.

SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION 

We will keep your personal data only for a duration that is reasonably necessary to fulfil the purposes for which it was collected. This includes meeting legal, regulatory, tax, accounting, or reporting obligations.

In certain situations, such as when a complaint arises or if there is a reasonable anticipation of legal proceedings related to our relationship with you, we may retain your personal data for an extended period.

To determine the appropriate retention period for personal data, we consider several factors, including the amount, nature, and sensitivity of the data, the potential risks associated with unauthorized access or disclosure, the purposes for which we process the data, and whether those purposes can be achieved through alternative means. Additionally, we consider relevant legal, regulatory, tax, accounting, or other requirements.

In specific cases, we may anonymize your personal data (also known as hashing), rendering it unidentifiable to you. We use this anonymized information for research, statistical analysis, and profiling. In such instances, we may retain this information indefinitely and without prior notice to you.

  • To make a delivery order No personal information retained after fulfilment of order, unless otherwise required for another purpose in this policy. Note that your data may be retained as per the privacy policy of the delivery partner. Please refer to their privacy policy
  • To conduct customer surveys and receive customer feedback – 3 years, after which the data is hashed.
  • To deliver relevant website content and advertisements to you and to measure or understand their effectiveness – 13 months, after which the data is hashed.
  • To use website analytics to enhance our website, products, services, marketing strategies, customer interactions, and overall customer experience – 14 months, after which the data is hashed.
  • To contact you about the latest news, promotions, make suggestions and recommendations based on information you have provided – 3 years after opting out or after 3-year period of inactivity (haven’t opened or clicked any communications), after which the data is hashed.
  • To record CCTV footage – 30 days from date of recoding. We may retain this data for longer if required to do so because of an investigation, claim or if requested by licensing authority or the police.
  • To verify your identity or age – No information retained, unless required for another purpose in this policy.
  • To provide competitions, special events and prize draws – 3 years, unless required for another purpose in this policy, after which the data is hashed.
  • To record promotional videos or take photos – Indefinitely, unless consent is withdrawn, and a request is made to remove the content.
  • When you apply for a job with us – 6 months, unless required for another purpose in this policy, after which the data is deleted.
  • When you are employed by us – 10 years, unless required for another purpose in this policy, or if required by law, after which the data is deleted

CHANGE OF PURPOSE

We will use your personal data only for the purposes for which it was originally collected, unless we reasonably believe we need to use it for another purpose that is compatible with the initial one. If you’d like an explanation of how the new purpose aligns with the original one, please contact us.

If we ever need to use your personal data for a purpose unrelated to the one it was collected for, we will inform you and explain the legal basis that permits this change.

Please be aware that we may process your personal data without your knowledge or consent when required or allowed by law, in accordance with this policy.

YOUR LEGAL RIGHTS 

Under certain circumstances, you have rights regarding your personal data under data protection laws. If you wish to exercise any of the rights listed below, please contact us using the provided contact information. Under the UK Data Protection Act 2018, you have:

  • THE RIGHT TO BE INFORMED: You have the right to receive information about how your personal data is collected and used. This includes details about why it’s processed, what kinds of data are involved, and who it’s shared with.
  • THE RIGHT OF ACCESS: You can request access to your personal data held by organizations. This allows you to confirm if your data is being processed and for what purposes. This is commonly known as a “data subject access request.”
  • THE RIGHT TO RECTIFICATION: If your personal data is inaccurate or incomplete, you can ask for corrections to ensure that the information about you is accurate and up to date.
  • THE RIGHT TO ERASURE (Right to Be Forgotten): You have the right to request the deletion or removal of your personal data when there’s no compelling reason for us to keep processing it. You can also make this request if you’ve objected to processing, if there has been unlawful processing, or if local law mandates erasure; however, we may not always be able to fulfil your erasure request due to specific legal reasons, which we will notify you of if applicable when you make the request.
  • THE RIGHT TO RESTRICT PROCESSING: In specific situations, you can request restrictions on how your personal data is processed. This means your data can be stored but not actively used. Us may exercise this right:
    – When you want us to confirm if your data is accurate.
    – If we’re using your data unlawfully, but you prefer us to retain it.
    – When you need us to hold onto the data, even if we don’t need it anymore, because you’re using it to establish, exercise or defend any legal claim.
    – If you’ve objected to us using your data, but we need to check if we have compelling legal reasons to continue using it.
  • THE RIGHT TO DATA PORTABILITY: You can ask for your personal data in a format that’s structured, commonly used, and machine-readable so you can reuse it or transfer it to another data controller for your own purposes.
  • THE RIGHT TO OBJECT: You have the right to object to the processing of your personal data, where we, or those of a third party are relying on a legitimate interest, and there’s something specific about your circumstances that makes you want to object because you believe it affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • RIGHTS RELATED TO AUTOMATED DECISION-MAKING AND PROFILING: You have the right to be informed when automated decision making and profiling are used in a significant way. You have the right to and explanation, object and request human intervention.

COOKIES

Pieces of information transferred to your computer’s hard disk from a website are known as cookies. they allow our website to store information about your browsing patterns, making the website more useful to you. many major sites use cookies: in fact, they are commonly used throughout the internet to offer personalised services. most browsers are automatically set to accept cookies. each time you use our website, the cookie is accessed. this way, we can track the features you use and the pages and content that you view on the website to help personalise your experience.

we use the following categories of cookies for our website:

  • STRICTLY NECESSARY COOKIES: these cookies are essential in order to enable you to move around our websites and use its features. the information collected by these cookies relate to the operation of our website, for example website scripting language and security tokens to maintain secure areas of our website.
  • PERFORMANCE COOKIES: these cookies collect anonymous information about how you use our website, for example which pages you visit most often, whether you receive any error messages, and how you arrived at our website. information collected by these cookies is used only to improve your use of our website and never to identify you. these cookies are sometimes placed by third-party providers of web traffic analysis services, such as google analytics.
  • FUNCTIONALITY COOKIES: these cookies remember choices you make, for example the country you visit our website from, your language and any changes you have made to text size or other parts of web pages that you can customise, to improve your experience of our website and to make your visits more tailored and enjoyable. the information these cookies collect may be anonymised and cannot be used to track your browsing activity on other websites.
  • TARGETING OR ADVERTISING COOKIES: these cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. they are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. the cookies are usually placed by third party advertising networks. they remember the websites you visit and that information is shared with other parties such as advertisers.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. these cookies are likely to be analytical/performance cookies or targeting cookies. we use google analytics. for information on how google processes and collects your information in regard to this product and how you can opt-out, please see [here]. we also use google adsense to publish adverts. when you view or click on an advert a cookie will be set to help better provide advertisements that may be of interest to you on this and other websites. you may opt-out of the use of this cookie by visiting google’s advertising and privacy page.

For more information on managing cookies, please go to www.allaboutcookies.org, or visit www.youronlinechoices.com which has further information about behavioural advertising and online privacy.

You may disable cookie support on your browser but be aware that by doing so, you will lose certain features that require a cookie to work properly. we may use the information collected by the cookie to provide us with various statistics without identifying any individual.

Use of your personal information submitted to other websites
we are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our website. we recommend that you check the privacy policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.