2. Personal Data We Collect

We may collect, use, store, and transfer different types of personal data, including:

A. Information You Provide to Us

• Identity Data: First name, last name, title.

• Contact Data: Email address, telephone number, postal address.

• Reservation Data: Date and time of booking, special requests (e.g., dietary requirements, accessibility needs).

• Payment Data: Cardholder name, payment card details (processed via secure third‑party payment processors — we do not store card numbers).

• Marketing & Communication Preferences: Your choices for receiving promotional emails, SMS, or event invitations.

• Feedback Data: Reviews, feedback, or survey responses.

B. Information Collected Automatically

When you visit our website, we may automatically collect:

• Technical Data: IP address, browser type and version, time zone setting, device type, operating system.

• Usage Data: How you use our website, pages visited, time spent on site.

• Cookie Data: Information from cookies and similar tracking technologies (see Section 8 for our Cookie Policy).

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to, including:

• To manage bookings and reservations (legal basis: performance of a contract).

• To communicate with you about your reservation (performance of a contract).

• To provide you with marketing communications and event invitations if you have consented (consent).

• To process payments for reservations or events (performance of a contract).

• To respond to your queries and feedback (legitimate interest).

• To personalise your experience on our website (legitimate interest).

• To comply with legal and regulatory obligations (legal obligation).

4. Marketing and Communications

We may send you marketing communications about:

• Special offers or promotions.

• Upcoming events at Fiorenza.

• News and updates about the restaurant.

You can opt out of marketing at any time by clicking the “unsubscribe” link in our emails or by contacting us directly at [Insert Email].

5. Sharing Your Personal Data

We do not sell your personal data. We may share your data with:

• Service Providers: e.g., reservation platforms, payment processors, email marketing services.

• Professional Advisors: e.g., accountants, legal advisors, insurers.

• Regulatory Authorities: e.g., HM Revenue & Customs, Information Commissioner’s Office (ICO), if required by law.

• Event Partners: If you sign up for an event jointly hosted with another company (only with your consent).

All third parties are required to respect your privacy and protect your personal data in accordance with the law.

6. International Data Transfers

If we transfer your personal data outside the UK, we ensure that appropriate safeguards (such as Standard Contractual Clauses or an adequacy decision) are in place.

7. Data Retention

We keep your personal data only as long as necessary to fulfil the purposes for which it was collected, including:

• Reservation records: Up to 3 years after your last booking.

• Marketing preferences: Until you unsubscribe or request deletion.

• Payment records: 6 years for tax and accounting purposes.

8. Cookies & Tracking

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website performance.

Types of Cookies We Use:

• Strictly Necessary Cookies – Required for website functionality.

• Performance Cookies – Help us understand website usage and improve performance.

• Functional Cookies – Remember your preferences.

• Targeting Cookies – May be used for marketing purposes.

You can control cookies through your browser settings. For more details, see our Cookie Policy [Insert Link].

9. Your Data Protection Rights

Under UK GDPR, you have the following rights:

• Right to Access – Request a copy of your personal data.

• Right to Rectification – Request correction of inaccurate or incomplete data.

• Right to Erasure – Request deletion of your personal data.

• Right to Restrict Processing – Request restriction on how we process your data.

• Right to Data Portability – Receive your personal data in a portable format.

• Right to Object – Object to processing for direct marketing or legitimate interests.

• Right to Withdraw Consent – Withdraw consent at any time (without affecting prior processing).

To exercise these rights, contact us at [Insert Email]. We will respond within one month as required by law.

10. Security of Your Personal Data

We use technical, administrative, and physical safeguards to protect your personal data against:

• Unauthorised access

• Loss or theft

• Misuse or alteration

While we take all reasonable measures, no data transmission over the internet can be guaranteed 100% secure.

11. Links to Other Websites

Our website may include links to third-party websites (e.g., booking platforms, social media). We are not responsible for their privacy practices, and we encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date.

13. Contact Us

If you have any questions about this Privacy Policy, or if you wish to make a complaint, please contact us at:

Fiorenza – Privacy Officer
74 Blackfriars Road, London, SE1 8HA, United Kingdom
Email: info@fiorenza.co.uk

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: https://ico.org.uk/
Helpline: 0303 123 1113