Privacy Policy

1. Who We Are

Grand Bazaar London operates the restaurant and reservation website for Grand Bazaar, 22 James Street, London W1U 1EJ. For privacy questions, booking data requests or marketing preferences, contact us at info@grandbazaarlondon.uk.

2. Scope Of This Policy

This policy explains how we collect, use, store, disclose and protect personal data when you visit our website, make a reservation, contact us, consent to marketing, redeem an offer or interact with our restaurant team.

3. Personal Data We Collect

We may collect identification and contact details such as name, email address, telephone number and booking reference; reservation details such as date, time, party size, table area, occasion, dietary notes, allergies and special requests; technical information such as IP address, browser, device type, pages viewed, consent choices and security logs; marketing data such as consent status, unsubscribe status, offer codes sent and offer redemption activity; and correspondence you send to us by email, form, telephone or in person.

4. Special Category Data

Allergy, dietary and accessibility notes may reveal health, religious or other sensitive information. We only request this information so we can safely provide restaurant services. Please do not provide sensitive information unless it is relevant to your visit.

5. How We Use Personal Data

We use personal data to receive, manage, confirm, amend and cancel reservations; allocate tables and plan restaurant capacity; communicate with guests about bookings; handle requests, complaints and service issues; improve our website and booking process; protect the website against spam, fraud and misuse; comply with legal, accounting, tax, safety and regulatory obligations; send marketing or one-time offers where we have consent or another lawful basis; and maintain records needed to defend or exercise legal rights.

6. Lawful Bases

Our lawful bases may include contract, where processing is necessary to handle your reservation; legitimate interests, where we operate and protect the business, improve services and manage guest relationships; consent, where you opt into marketing or optional cookies; legal obligation, where records must be kept for compliance; and vital interests, where allergy or emergency information is necessary to protect someone.

7. Marketing And Remarketing

If you choose to receive offers, we may use your email address, booking history, offer redemptions and preferences to send relevant Grand Bazaar promotions. We do not sell customer lists. You can unsubscribe at any time by using the unsubscribe link in an email or contacting us. One-time offer codes may be linked to your customer record to prevent reuse and measure redemption.

8. Cookies And Consent

Essential cookies are used for security, sessions, forms and consent storage. Functional, analytical and marketing cookies are optional and controlled through the privacy settings banner. See our Cookie Policy for full details.

9. Sharing Personal Data

We may share limited personal data with hosting providers, email delivery providers, booking and operations software, analytics providers, professional advisers, payment or fraud prevention providers if introduced, regulators, courts, law enforcement or other parties where required by law. Processors must handle data under confidentiality and security obligations.

10. International Transfers

Some service providers may process data outside the UK or EEA. Where this happens, we rely on appropriate safeguards such as adequacy regulations, Standard Contractual Clauses or equivalent data protection terms.

11. Retention

Reservation records are kept only as long as needed for restaurant operations, customer service, legal protection, accounting and compliance. Marketing consent records are retained while consent is active and for a reasonable period after unsubscribe to evidence compliance. Technical logs are retained for security and troubleshooting for a limited period unless needed for investigation.

12. Security

We use access controls, server-side validation, CSRF protection, rate limiting, secure sessions, encrypted transport, role-based admin access, audit-style booking events and least-privilege operational practices. No system is completely risk free, but we take reasonable steps to prevent unauthorised access, disclosure, alteration and loss.

13. Your Rights

Depending on your location and circumstances, you may have the right to access, correct, erase, restrict, object to or port your personal data, withdraw consent, object to direct marketing and complain to a supervisory authority. In the UK, the supervisory authority is the Information Commissioner's Office.

14. Children

Our reservation website is not directed at children. A parent, guardian or responsible adult should make bookings involving children.

15. Changes

We may update this policy when our website, booking system, legal duties or suppliers change. The latest version will be published on this page.