Noble Rot is committed to protecting your privacy. We will use the information that we collect about you in accordance with the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003. Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking or purchase, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.We will only share your information with companies if necessary to deliver services on our behalf. For example service providers (e.g. Sevenrooms for the provision of online bookings and Shopify for magazine purchases), third-party payment processors, and other third parties to provide our sites and fulfil your requests, and as otherwise consented to by you or as permitted by applicable law.

You give us your information when you book a table the restaurant, make a purchase from our shop, buy something on our website, sign up for one of our events or communicate with us. We also keep your details when you sign up to receive email from us.

We use Stripe to process card transactions and do not store credit card details.

We keep a record of the emails we send you, and we may track whether you receive or open them so we can make sure we are sending you the most relevant information. We may then track any subsequent actions online.

Like most websites, we receive and store certain details whenever you use the Noble Rot website. We use “cookies” to help us make our site – and the way you might use it – better. There is more information on this below.

When you provide us with personal information to book a table, complete a transaction, verify your credit card or place an order, we hold that information under legitimate interest and you have the right to be informed that we hold it, the right to access that data, to correct it if it is erroneous, to be forgotten, to restrict processing of that data, and to object to our processing of your data. You also have other rights under the GDPR, which you can find out about here.

We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect. If you make a purchase, book a table or sign up for an event we usually collect your name and contact details and your bank or credit card information (if making a transaction via Stripe). Where it is appropriate (and you have the right to decline to give this information) we may also ask for your age and gender.

We use this data to provide you with the products, events, services or information you asked for, ensure we know how you prefer to be contacted, understand how we can improve our communications.

We will include opt-out instructions in any marketing communications you receive from us.

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service.

You may be asked to submit personal information about yourself when you make a booking. We will collect this information so we can fulfil your booking request and you may dine at our restaurant.

We use SevenRooms as our reservation and guest experience software to help provide you with a personalized and hassle-free visit. SevenRooms, working as a data processor on our behalf, does collect, process, and retain some of your personal data for the lawful and legitimate purpose of managing your reservations, visits, and preferences. Examples of this data may include (but is not limited to) information such as name, email, phone, address, picture, food allergies, eating or seating preferences, birthday, anniversary, IP address, and other specific notes you provide. SevenRooms may also send you email or SMS communications before, during and shortly after your reservation for the purposes of confirming your reservation, communicating any changes or edits to your reservation, or gathering feedback about your visit. You may specifically provide consent to receive communications for other legitimate purposes, such as receiving news or offers from Noble Rot Wine Bar that may not be connected to a specific reservation.

SevenRooms is committed to the protection of your personal data and employs the highest standards of internet and web application security to prevent security incidents from occurring. SevenRooms will also never sell or distribute your personal data without (1) your specific, written consent, and (2) a lawful and legitimate purpose. SevenRooms is registered under the EU-US and SWISS-US Privacy Shield framework and is also a compliant services provider under the European Union’s (EU) General Data Protection Regulation (GDPR). You can learn more about how we use your personal data by visiting our privacy policy.

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. 

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

This site, like many others, uses small files called cookies to help customise your experience. ‘Cookies’ are small text files that are stored by the browser on your computer or mobile phone. Websites are able to read and write these files, allowing them store things such as personalisation details or user preferences. Cookies provide a “memory” for the website, enabling it to recognise a user and respond appropriately. 

The cookie settings on this website are set to ‘allow all cookies’ to give you the very best experience. If you continue without changing these settings, we assume you consent to this – but if you do want to disable cookies on your browser you can read how to do so here.

We use a number of different types cookies on the site:

We use the following cookies on our website 

• _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc). 
• _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits * _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer. 
• cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart. 
• _secure_session_id, unique token, sessional 
• _storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Google Analytics is a third-party service that collects standard internet log information about our website visitors. This includes number of visitors to a specific page, whether they are accessing the page via laptop or mobile, and general demographic data. Google Analytics paints a useful picture of who visits our website and how people find out about us online. We do not use Google Analytics to identify anyone.

We use social media to broadcast messages and updates about events and news. On occasion we may reply to comments or questions you make to us on social media platforms. Depending on your settings or the privacy policies social media and messaging services like Facebook, Instagram or Twitter, you might give the third party permission to access information from those accounts or services.

We use Mailchimp for our mailouts. Their system gathers statistics about the number of people who open, click into, and unsubscribe from our newsletter, as this helps us improve our marketing. We may use our database information to deliver our marketing campaigns, but we won’t sell or pass on your data to any other businesses.

You can unsubscribe from our mailing list at any time by clicking the unsubscribe link at the bottom of the email, or by contacting us at hello@noblerot.co.uk.

For more insight, you may also want to read Mailchimp’s Privacy Policy on its website.

We reserve the right to modify this privacy policy at any time. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

You have the following rights related to your personal data: 

• The right to request a copy of personal information held about you 
• The right to request that inaccuracies be corrected 
• The right to request us to stop processing your personal data 
• The right to withdraw consent 
• The right to lodge a complaint with the Information Commissioner’s Office or Fundraising Regulator

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at hello@noblerot.co.uk or by mail at Noble Rot, 51 Lambs Conduit Street, London, WC1N 3NB