Introduction This policy covers the processing of personal data by LASMORERASRESTAURANTE.ES, whose registered address is at Quay House, The associated group companies (“LASMORERASRESTAURANTE.ES”, “we” or “us”). LASMORERASRESTAURANTE.ES is committed to protecting the privacy of your personal information whilst striving to provide the very best user experience. We want our websites to be safe and enjoyable for everyone. Under the General Data Protection Regulation (GDPR) and related laws, we have a legal duty to protect the personal information we collect from you. GDPR says that ‘personal data’ is any information relating to a living individual who can be identified, either directly or indirectly, from that information. This could include your name, email address, postal address or telephone number, or information collected online and used to identify you.
For the purposes of GDPR, the ‘Data Controller’ for all LASMORERASRESTAURANTE.ES services based in the UK is LASMORERASRESTAURANTE.ES Publishing Limited. For all services based in the United States, the Data Controller is LASMORERASRESTAURANTE.ES US, Inc, and in Australia it is LASMORERASRESTAURANTE.ES Publishing (Overseas) Limited. As Data Controller we are responsible for, and control, the processing of your personal data for the purposes of LASMORERASRESTAURANTE.ES services. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any comments, concerns or questions, including any requests to exercise your legal rights, you can contact our DPO.
We encourage you to read this policy in full but please click on the links below for a shortcut to the following sections: Contact details What data do we collect and how do we use it? What lawful bases do we rely on for processing? Who may we share your data with? What data is collected on our websites? Links to other websites Storage and retention of data Security Protecting children’s privacy Your rights Website notifications (pop-ups) and opt out instructions Policy changes Further information Contact details LASMORERASRESTAURANTE.ES’s Data Protection Officer can be contacted: By email: DPO@LASMORERASRESTAURANTE.ES By post: Data Protection Enquiries, LASMORERASRESTAURANTE.ES Publishing Limited. What data do we collect and how do we use it?
|Information you provide to us||When you participate in, access, purchase or sign up to any of our services, activities or online content, such as magazine subscriptions, newsletters, surveys, competitions or events, we receive personal information about you which we use to provide these services. This may consist of data such as your name, email address, postal address and telephone number. You will be able to select how we use your information for marketing purposes and you can update your marketing preferences at any time.|
|Ordering a product or service from us||If you order a product or service from us, you will need to provide certain personal details, including payment information, so the order can be fulfilled. In some cases, we will use or direct you to a third party which will collect this information from you and fulfill your order. For example, if you order a subscription to our publications, you may be able to access those products through a digital newsstand such as Apple Newsstand.|
|Attending an event||If you attend one of our events, awards or conferences we may receive personal information about you, including your name and contact details and any dietary and accessibility requirements.|
|Content you share with us||When you choose to share comments, photos, videos and other content with, us we may receive personal information about you.|
|Information collected online||We may collect information about how you use our websites or other content online, and the device you use to access the services. Please see What data is collected on our websites? and our Cookies Policy for further details about how we use this data and information on opting out.|
|Some of our websites contain links to products and services offered by third party websites. If you click on those links we will use data collected about your activity on our site to direct you to the third party site. We and the third party may collect data to show us that you have clicked on the link and whether you purchased any products and services. We may receive a commission from the third party if you link to their site from a LASMORERASRESTAURANTE.ES site and purchase goods and services from them.|
|Email communications||We use web beacons in our emails to track the success of our marketing campaigns. If you open an email from us, we can see which of the pages of our website you visited. Our web beacons don’t store any information on your computer but, by communicating with our cookies on your computer, they can tell us when you have opened an email from us. We may keep track of the emails that we send you. We also keep a record of what communications you have selected to receive or not to receive. If you would like to opt out of receiving such emails you can unsubscribe at any time or contact our DPO.|
|Information from other sources||We may receive information about you from other sources (for example, missing information about your postal or email addresses) and add it to the personal information we hold about you. We may also receive data from other sources, such as our business partners, and social media platforms.|
What lawful bases do we rely on for processing? In order to process your personal data, we must have a lawful reason for doing so. GDPR sets out six lawful bases under which organisations can collect, use and store personal data. We rely on four of the lawful bases: Necessary for the performance of a contract If you are our customer, for example a subscriber of a magazine or an attendee at one of our events, we will process your personal data on the basis that it is necessary for us to provide our products and services to you. Consent In some instances we rely on your specific consent to process your personal information. This is where you have actively agreed and ‘opted-in’, for example to receive marketing communications from us, and you have the right to withdraw your consent at any time. Compliance with laws We may have to process and share your personal data in order to comply with our legal obligations, or to protect our rights or the rights of others. For example, we are required to collect certain information from you when processing your subscription payment for tax or financial reporting reasons. Legitimate interests In some situations we rely on our legitimate business interests in order to collect and use your personal data. In these situations, we have conducted a balancing test to carefully consider the impact of the processing on your interests, rights and freedoms. We will only undertake the processing if we are satisfied there is no negative impact on you. We rely on Legitimate Interests for the following activities:
- providing, maintaining, improving and developing our products and services;
- sending direct marketing communications about our products and services to customers;
- sending marketing communications related to the products and services of carefully selected companies in a business-to-business context;
- managing suppression and unsubscribe requests;
researching publicly available business contact details;
- managing certain aspects of our events;
- analysing the use of our products and services;
- using analytics to identify usage trends and determining the effectiveness of campaigns;
- allowing you to comment on on our sites;
- dealing with queries and complaints;
- personalising your experience on our sites;
- identifying fraudulent behaviour and ensuring our websites and systems are secure.
We may use a third-party network advertiser to serve the advertisements on this website or we may use an audience or traffic measurement service to analyse the traffic on this website. Network advertisers are third parties that display advertisements based on your visits to this website and other websites you have visited. Third-party ad serving enables us to target advertisements to you for products or websites you might be interested in. Audience and traffic measurement services allow us to collect traffic and behavioural information from the website by monitoring anonymous visitor activity. This website’s advertisers, sponsors and/or traffic measurement services may themselves set and access their own cookies on your computer if you choose to have your cookies enabled in your browser. Please see What data is collected on our websites? and our Cookies Policy for further details and information on opting out.
The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as websites or apps, over time.
Please see our Cookies Policy for more information. Links to other websites Our websites may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and, when you leave our website, we encourage you to read the privacy notice of every website you visit. We may monetise some of these links through the use of third party affiliate programmes. Notwithstanding such affiliate programmes, we are not responsible for the content or privacy policies of these websites or for third party advertisers, nor for the way in which they use information they collect about you.
Storage and retention of data
Your information is collected and stored on our secure systems, mainly based in the UK and European Economic Area (EEA). Where we use third party service providers to store data, we have appropriate agreements in place to ensure that your personal data is protected. Your personal data may be transferred to a country outside the EEA if, for example, a supplier or service is based outside the EEA. We will take all steps reasonably necessary to ensure your data is treated securely, including ensuring the location has been granted ‘adequacy status’ by the European Commission, or using our agreement with the supplier contains model contractual clauses approved by the European Commission, or ensuring the company we are transferring the data to is certified under the EU-US Privacy Shield.
We hold personal data for a variety of different purposes and the length of time we keep your data will vary depending on the services or products we are providing. We will only keep your data for a reasonable period of time, which is based on the purpose for which we are using your data. Once that purpose has been fulfilled, we will securely delete that data or anonymise your information (so that we, or anyone else, can no longer tell that data relates to you) unless we are required to retain the data longer for legal, tax or accounting reasons.
We are committed to protecting the personal data we hold. In accordance with GDPR, we adopt appropriate technical and organisational measures to help prevent unauthorised access to your information and ensure data is held securely. We also require any third parties to whom we may transfer personal data to have appropriate security measures in place. We ask third parties to complete Data Security Questionnaires so we can be sure they are a safe place for your data. Protecting children’s privacy
Our products and services are for a general audience and not aimed at children. However, we recognise that some of our publications, for example in our Knowledge and Gaming portfolios, may appeal to a younger audience. We do not knowingly collect any personal information from children under the age of sixteen or send any marketing communications to children. If we are running a competition which might be of interest to children, our competition rules specify that a parent or guardian must consent to entry. If, in the future, we collect personally identifiable information from children in connection with our products and services, we will do so in compliance with all relevant laws and regulations including, without limitation, obtaining parental consent where necessary. The Internet offers children wonderful educational and entertainment resources. Your guidance and involvement are essential to help ensure that children have a safe and rewarding online experience. We encourage you to visit //www.google.co.uk/intl/en/safetycenter/families/start/ for more information about keeping your family safe online. If you are a parent or guardian and are concerned that we may be processing personal data related to your child, please contact our DPO.
Your rights You have the right to request:
- Access to the personal data we hold about you.
- The correction of your personal data when incorrect, out of date or incomplete.
- The erasure of your personal data.
- That we stop using your personal data for direct marketing if you object to it.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- The right to request a transfer of your data to another service provider.
Your right to withdraw consent Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. Where we rely on our legitimate interest In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data. Direct marketing You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. Remember, you can always stop direct marketing messages by clicking on an unsubscribe link in any of our emails or getting in touch with us. Exercising your rights If you wish to exercise any of your rights please contact the Data Protection Officer: By post: LASMORERASRESTAURANTE.ES Publishing Limited. By email: DPO@LASMORERASRESTAURANTE.ES. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. If this is case, we will notify you and keep you updated.
No fee usually required You will not usually have to pay a fee to access your personal data (or to exercise any of the rights), however, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. If we choose not to action your request we will explain to you the reasons for our refusal.
Information Commissioner’s Office If you feel you need to, you also have the right to make a complaint at any time to the ICO, the UK data protection supervisory authority (www.ico.org.uk).
Website notifications (pop ups).