Privacy
Last updated: June 20, 2018.
NOBU RESTAURANT PRIVACY STATEMENT
At Nobu we take your privacy very seriously and we are committed to protecting your personal data.
This privacy statement (together with the terms of service, which you can find ) describes how we collect, use, protect and share personal data we collect from you, or that you provide to us when you visit our restaurants, use our website (https://www.noburestaurants.com/) (the “Website”) or the Nobu mobile app (the “App”), and otherwise interact with us.
If you wish to contact us regarding this privacy statement, we may be reached at privacy@noburestaurants.com .
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
• ABOUT NOBU AND THE NOBU FAMILY
• DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA
• PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
• MARKETING AND YOUR CHOICES
• PERSONAL DATA OF CHILDREN
• DISCLOSURE OF YOUR PERSONAL DATA
• WHERE WE STORE YOUR PERSONAL DATA
• SECURITY
• RETAINING PERSONAL DATA
• YOUR LEGAL RIGHTS
• COOKIES AND OTHER TECHNOLOGIES
• CHANGES TO THIS STATEMENT
• WHO IS PART OF THE NOBU FAMILY
• HOW TO CONTACT US ABOUT NOBU AND THE NOBU FAMILY
ABOUT NOBU AND THE NOBU FAMILY
The Nobu companies worldwide are described further below. This privacy statement applies to handling of personal data by each Nobu restaurant worldwide, as run by any company within the Nobu Family (“Nobu” / “we” / “our” / “us”).
The Nobu company within the Nobu Family to which you supplied your personal data will be your point of contact for data processing and marketing activities undertaken by it and, if applicable, any other member of the Nobu Family.
We explain below the role of the “data controller” which exists under the EU General Data Protection Regulation and how this could apply to the processing of your personal data by the Nobu Family.
This privacy statement does not apply to:
- the processing of your data by the operator of our mobile app to the extent that such operator is using the data for its own purposes as a data controller; and
- websites that you may be able to access via links, third party apps, tools, widgets and plug-ins on the Website or App (the “Online Services”), for example the Facebook “Like” buttons, and/or activities that are not run by us but by third parties.
We are not responsible for the policies and practices of these third parties. Any information you give to those organizations is dealt with under their privacy statement, terms and conditions, and other policies so please ensure that you review them.
DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA
The information we use about you falls into three categories: (a) data you give us; (b) data any member of the Nobu Family collects about you; and (c) data we collect from or are provided by third parties.
We may collect, use, store and transfer the following personal data about you:
- Data you give us
- when you visit our restaurants;
- when you make a reservation in person, on the Website, on the App or by phone to visit one of our restaurants;
- when you inform us of any dietary requirements you may have (for example, allergies or food intolerances);
- by filling in a form on the Online Services;
- by downloading and registering with our mobile app;
- when you use the Online Services;
- when you sign up to receive insider access to the World of Nobu (although this only applies to our US restaurants);
- when entering into a prize draw or competition;
- if you ask us to provide you with marketing communications such as newsletters or updates, or information about special events or promotions;
- if you ask us to keep in touch with you;
- if you ask us to provide you with personalized content such as targeted advertising;
- if you contact us or correspond with us (for example, by phone, email or otherwise) for any reason, for example, when making an enquiry about a private event or for press enquiries; or
- when you provide us with comments, opinions and/or feedback about our restaurants, our food and our service.
- Data we collect about you when you visit or use our Online Services or access our in-restaurant technology
- technical information, including the type of device (and its unique device identifier) you use to access the Online Services, the Internet protocol (IP) address used to connect your device to the Internet, your unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, your device and component serial numbers, your login information, browser type and version, time zone setting, browser plug in types and versions, operating systems, mobile network information and platform and details of any referring website or application; and
- information about your visit to the Online Services including full Uniform Resource Locators (URL), clickstream to, through and from the Online Services (including date and time), pages you viewed, page response time, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Data other Nobu Family members collect about you. Any information you provide to a member of the Nobu Family will be shared with us (for example, when you attend one of the Nobu Family restaurants).
- Data we collect from or are provided with by third parties. We may be given information about you from third parties, such as the operator of the Nobu app, the gift card website, food delivery websites, social media platforms or anyone making a reservation on your behalf to attend one of our restaurants. We may also collect information that is publicly available. For example, we may collect information about you when you interact with us through social media.
PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR DATA
We will use the personal data held about you for the purposes stated below:
Purpose of Processing |
Type of personal data |
Legal basis for processing |
To process any reservations or bookings for private events |
Your name, contact details, details of any allergies and dietary requirements (including any dietary or access assistance requirements you may provide) and your reservation details |
Performance of a contract and consent (in respect of any dietary or access assistance requirements) |
To process any payments you make |
Your name, bank details, credit card and/or debit card details |
Performance of a contract |
To process any payments you make using a gift card |
Your name and gift card details |
Performance of a contract |
To manage our relationship with you, including: - deal with any enquiries, correspondence, concerns or complaints you have raised; - notifying you about changes to the terms of service or this privacy statement; or - asking you to provide us with your comments or feedback. |
Your name, information about the issue raised, phone number and email address (if applicable) |
Legitimate interest – to allow us to improve the overall customer experience at Nobu Restaurants |
To ensure we adhere to your dietary requirements and allergies |
Your name, contact details, details of any dietary requirements and allergies (including any medical information you may provide) and details of any pre-booked reservations |
Consent |
To process any take away orders you make |
Your name, contact details, details of your order, details of any allergies and dietary requirements (including any dietary requirements you may provide) and your bank details, credit card and/or debit card details |
Performance of a contract and consent (in respect of any dietary requirements) |
To process your registration to use our Online Services |
Your name, email address, address, phone number, date of birth and any other contact information |
Performance of a contract |
To process your request to access our Wi-Fi at the Nobu restaurants |
Your name, email address, address, phone number, date of birth and any other contact information |
Performance of a contract |
To send you our newsletter or update and to keep in touch with you |
Your name and email address |
Consent |
To tell you about our restaurants, services, products, offers, promotions or special events that we believe may interest you |
||
To provide you with marketing communications, for example, newsletters, updates and notifications |
Your name, postal address, phone number or email address |
Consent |
To enable you to partake in a prize draw, competition or survey |
Your name, email address, phone number and address details |
Consent |
To provide personalized online content to you (via the Online Services, social media platforms and our online partners) |
The technical information mentioned above, your name and email address. |
Consent |
To enable us to keep the Online Services safe and secure |
Your contact details and the technical information mentioned above |
Legitimate interest – to improve and ensure the safety of the Online Services |
To compile reports (which do not personally identify you) about the use of the Online Services |
The technical information mentioned above |
Legitimate interest – to improve the Online Services |
To ensure that the content on the [Online Services / Website] is presented in the most effective manner for you and for your device |
The technical information mentioned above |
Legitimate interest – to improve the Online Services / the Website |
To deliver relevant online content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
The technical information mentioned above |
Legitimate interest – to understand our customers better, keep the Online Services updated and relevant and to develop our business and to inform our marketing strategy |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
The technical information mentioned above |
Legitimate interest – to understand our customers better, keep the Website updated and relevant and to develop our business and to inform our marketing strategy |
To better understand our customers |
The technical information mentioned above, location data and information about product choices etc |
Legitimate interest – to allow us to prepare statistical information to be used internally to better understand our customers, but also to understand the effectiveness of our sales, marketing and advertising |
To enable us to share your personal data with other members of the Nobu Family |
Your name, email address, phone number, address detail, date of birth (day and month only) |
Legitimate interest – to allow us to understand our customers better, to ensure that our offerings are updated and relevant and to develop our business and inform our marketing strategy |
Where we have a legal basis to use your personal data without consent (as we have described above), this privacy statement fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.
Where consent is required for our use of your personal data as described above, we will request your consent. Typically, we would collect your consent by you performing an action such as ticking the appropriate consent box or otherwise communicating your consent to us (for example, by email or by you providing us with non-mandatory information), you consent to our use of that personal data as set out in this privacy statement. For example, we will only process your personal data for marketing purposes if we have your consent to do so.
We do not sell your personal data to third parties and only share your information as described in this privacy statement.
MARKETING AND YOUR CHOICES
We will, if you have given us your consent and in line with your choices, provide you with information by post, telephone, email and SMS, which may be of interest to you in respect of the Nobu restaurants.
We will only provide you with marketing communications if you would like us to. You will have the opportunity to clearly set out whether you wish to receive marketing messages from us by ticking the relevant boxes.
PERSONAL DATA OF CHILDREN
We do not knowingly collect information from children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please email us at privacy@noburestaurants.com.
DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with selected third parties in accordance with this privacy statement, as follows:
- within the Nobu Family.
- with Facebook (if you use your account with them to sign up / in with us), if applicable.
- service providers (for example, IT services or CRM services), business partners (for example, delivery services or booking services), suppliers and sub-contractors for the performance of any contract we enter into with you, but also when sending out marketing communications.
- professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- with vendors who provide services to us, such as fulfilling orders, providing data processing and other information technology services, managing promotions, carrying out research and analysis, and personalizing individual Nobu customer experiences. We do not allow these vendors to use this information or to share it for any purpose other than to provide services on our behalf.
- with analytics and search engine providers that assist us in the improvement and optimization of the Website and the Online Services.
- with government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information.
- with third parties, who acquire us or substantially all of our assets, in which case your personal data (including any sensitive personal data) will be one of the transferred assets (however, we will let you know before this happens).
WHERE WE STORE YOUR PERSONAL DATA
The personal data that we collect from you may be transferred to, processed and stored at, destinations outside the European Economic Area (EEA). This includes any country where the Nobu Family has a restaurant, which you can find this information but also countries where our external service providers may be based or hosting your personal data on our behalf.
Where we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded to it by ensuring that one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. To find out which countries are covered by this, please see .
- Where there is no adequacy decision by the European Commission in respect of these countries (to the extent that they are outside the EEA), which means they are not deemed to provide an adequate level of protection to your personal data, we will still ensure that your personal data receives an adequate level of protection. We have therefore put in place the following measures to ensure that your personal data is treated by those third parties in a way that is consistent with EU and UK laws on data protection:
- EU-US Privacy Shield; and/or
- EU standard contractual clauses.
If you would like to find out more about this, please contact us via email at privacy@noburestaurants.com.
INFORMATION SECURITY
We are committed to taking appropriate measures designed to keep your personal data secure. Our technical and organizational procedures are designed to protect your personal data from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the Internet or any other public network can be guaranteed to be 100% secure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorized access or inadvertent disclosure.
Where we have given you (or where you have chosen) a password which enables you to access the Online Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
RETAINING PERSONAL DATA
We will only keep your information for the length of time needed to carry out the purposes outlined in this privacy statement and for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Even if you request that we erase your data, we may still need to keep it (please see below) or may keep it in a form that does not identify you.
If you have not agreed that we may use your personal data for marketing purposes, we will keep it for a period of 6 years after you have attended one of our restaurants or last used the Online Services, whichever is longer.
YOUR LEGAL RIGHTS
You have the following rights with regard to your personal data:
- You have the right to access data we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
- Rectification or erasure
- Restriction. You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful or we no longer need to your personal data for the purposes for which we hold it.
- Data portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller if the legal basis for processing such personal data is consent.
- Object /change of preferences. You have a right to request that we stop processing your personal data where we are relying on a legitimate interest (or those of a third party). You have the right to object where we are processing your personal data for direct marketing purposes. For example, if you have given your consent to receive updates or other marketing communications, but have changed your mind, you have the ability to opt out from receiving such communications going forward by contacting us using the details provided below or by clicking the relevant link in any communications you receive.
- If for any reason you are not happy with the way that we have handled your personal data, please contact us. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.
Please note that if you ask us to stop processing your personal data in certain ways or erase your personal data, and this type of processing or data is needed to facilitate your use of the Online Services or the provision of products or services to you, you may not be able to use the Online Services or receive products or services from us as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restrictions. Please allow at least 3 working days for your request to be actioned.
Please note that the rights mentioned above do not extend to non-personal data (or anonymized data).
If you would like to exercise any of the rights mentioned above, please contact us using these contact details.
COOKIES AND OTHER TECHNOLOGIES
A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user and a “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity, which are also sometimes referred to as pixels and tags.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of the Website and the Online Services. They include, for example, cookies that enable you to log into the Online Services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. They also enable us to see how users use the Online Services. This helps us to improve the way the Website and the Online Services work.
- Functionality cookies. These are used to recognize you when you return to the Online Services. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to the Website or the Online Services, the pages you have visited and the links you have We will use this information to make the website and the advertising displayed on it more relevant to your interests.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
Cookie | Type of Use | How its used |
---|---|---|
PHPSESSID | Strictly necessary | Created by backend PHP language to keep track of information traveling between pages. It is a random generated number. It does not keep any specific information of the user (https://cookiepedia.co.uk/cookies/PHPSESSID) |
__cfduid | Strictly necessary | Set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information. (https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-) |
_ga & _gid | Analytical/performance cookies | Google Analytics. In order for Google Analytics to determine that two distinct hits belong to the same user, a unique identifier, associated with that particular user, must be sent with each hit. (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookies-user-id) |
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Online Services.
For more detailed information about cookies and how they can be managed and deleted, please visit www.allaboutcookies.org.
CHANGES TO THIS PRIVACY STATEMENT
This privacy statement is in effect as of the date noted at the top of the statement. We may change this privacy statement from time to time. If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement. You should check here regularly for the most up-to-date version of the statement. Continued use of the Online Services will signify that you agree to such changes, however, if we need to seek updated, additional or different consents from you, we will, of course, do so.
HOW TO CONTACT US
Questions, comments and requests regarding our privacy statement are welcome and should be addressed to:
Privacy at Nobu
Nobu Restaurants
40 West 57th St, Suite 320
New York, NY 10019
Tel: + 1 212.757.3374
Privacy@noburestaurants.com
Please also contact us if you would like to know more about our data processing activities, to update or amend any of your personal data which you have provided to us or if you believe our records relating to your personal data are incorrect.
WHO IS PART OF THE NOBU FAMILY
There will typically be one member of the Nobu Family to whom you have given your personal data. This entity would be a “data controller” in relation to your personal data. The term “data controller” broadly means that the person who determines the purpose and means for which your data is processed. It is possible that you have given your data directly to more than one member of the Nobu Family in which case each such member could be a data controller of your data in that context. The Nobu Family also has a shared customer database and may have shared customer relationship initiatives across the Nobu Family.