Privacy policy
WHO WE ARE
–
TORTILLA.CO.UK
This is the privacy policy for the customers of Tortilla. The purpose of this policy is to inform you on how we collect and use your data when you visit our Tortilla restaurants, access our website or use our online services, including loyalty, feedback and click & collect.
At Tortilla, we are strongly committed to protecting your personal information. As such, this policy also aims to inform you on what your rights are in relation to your data and how you can exercise these rights.
We are Tortilla Mexican Grill plc, and are the data controller for the personal data which we collect from you at Tortilla restaurants, and when you use the Tortilla website and associated apps.
Tortilla Mexican Grill plc is a limited company registered in England and Wales with registered number 13511888 and VAT registered number 310 0475 61.
Our registered office is 142-144 New Cavendish Street, London, W1W 6YF.
PERSONAL DATA
–
HOW WE USE PERSONAL DATA
Information on how we use your personal data, along with the types of data we use and why we need to use this data have been listed below:
How We Use Personal Data | Types of Personal Data | Why We Need This Data | Why It Is Important |
Payments |
Financial information: transaction amount, date, branch name & the last 4 digits of your card. |
We need this information to process your order |
We need to process this data to enter into and perform contracts with you |
Find Food Service |
Your GPS location and how |
To help you find our nearest restaurant |
It is in our interests to help you find us easily |
Analytics |
Your browsing details, including time of visit, how long you stay at each page and your interaction with |
To ensure both our website and app are working as intended, and to continually improve these platforms |
Where you have consented to analytics, it is in our interests to maintain and improve accessibility and functionality of our website and app |
Marketing |
Your browsing details including other websites visited, browser and device details, IP address, other cookies stored on your device and your public social media information |
To carry out marketing campaigns and send you communications |
Where you have consented to marketing, it is in our interest to send you marketing communications |
CCTV |
Your static or moving imagery via CCTV surveillance in our restaurants |
To ensure your safety and security when you visit our restaurants, assist in the detection and prevention of crime and to abide by health and safety standards |
It is in our interests to protect our customers and staff, and maintain health and safety standards in our restaurants |
Customer Notices |
Your contact details |
To notify you of any important changes to our products, services and our organization |
It is in our interests to provide you with notice of any changes to our products, services and our organization |
PERSONAL DATA FROM 3RD PARTY SOURCES
In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), we also collect certain of your Personal Data from third party sources. These sources are broken down in the table below, together with a description of whether they are publicly available or not.
Third party data source | Publicly available? | Category(ies) or other types of personal data received. |
Social Media sites |
Yes |
Identity Data Contact Data |
Recruiters, CV search companies, background check providers and referees, including ATS |
No |
Identity Data Job Application Data |
Analytics Providers |
No |
Behavioural Data Technical Data |
Collectors of feedback – Reputation.com and any online surveys |
No |
Feedback Data |
Free Wifi login – Wireless Social |
No |
Identity Data Contact Data Technical Data |
Click & Collect system – Ritual |
No |
Identity Data |
Loyalty system – MCR |
No |
Identity Data |
WHO WE SHARE PERSONAL DATA WITH
We share your personal data amongst entities within the Tortilla family, and with third party companies providing services to us. Your personal data may be:
- Transferred to third party organisations that provide services to us
- We use third party information technology companies to support us in providing our services to you, and to help provide, run and manage our internal administrative systems. For example, we use service providers for payment systems, identity management, website hosting and management, data analysis, data back-up, security and storage services.
- Transferred to government agencies and/or regulators
- We may also transfer your data to government agencies or regulators to adhere to any legal requirements.
YOUR RIGHTS
You have a number of rights with regards to your personal data. A list of these rights and how you may exercise them has been included below:
- Rights to Access Personal Data and Right to Data Portability: You have the right to access your personal data at any point, and may make a request to do so either verbally or in writing. You also have the right to data portability, meaning you may request to receive your personal data in a standard use, machine readable format.
- Right to Rectification of Personal Data: You have the right to request us to rectify any inaccurate or incomplete personal data we may have on you. If you make this request, we will update your personal data with the correct information provided.
- Rights to Objection, Restriction and Erasure of Personal Data: You have the right to restrict how your data is being used, and the right to request us to delete your personal data.
- Right to Withdraw Consent: In any circumstances in which we process data based on consent, you may withdraw your consent at any time.
- Right to be Informed: You have the right to be informed about how we collect, use and retain your data, which is why we have set out this information within this policy. If you would like further information regarding your data, you may contact us at any time.
To exercise any of these rights, please send an email using the feedback form on this site: https://www.tortilla.co.uk/feedback/ and selecting ‘Data Request’ in the enquiry form. Depending on your request, we may ask for further confirmation of your identity or additional information to fulfil your request.
- The Right to Complain to the ICO: If you wish to make a complaint to us about how we use or retain your personal data, please send an email using the feedback form on this site: www.tortilla.co.uk/feedback/ and selecting ‘Data Request’ in the enquiry form. You also have the right to lodge a complaint with the data protection authority. The relevant authority for the UK is the Information Commissioner’s Office (ICO). If you wish to file a complaint with the ICO, you may find the following information helpful: www.ico.org.uk/make-a-complaint/
COOKIES
–
You can read our full cookie policy here.
CONTACT INFORMATION
–
QUESTIONS, COMMENTS & COMPLAINTS
If you have any questions about this privacy statement or have a question, comment or complaint about our use or retain your personal data, please send an email to our Data Protection Officer using the feedback form on this site: www.tortilla.co.uk/feedback/ and selecting ‘Data Request’ in the enquiry form.
POLICY CHANGES
–
CHANGES & UPDATES
This is the latest version of our privacy policy, and is in effect as of the “Last Update” date which may be found at the top of the statement. As we may change this policy from time to time, you should check here regularly for the most up-to-date version. The privacy policy can be found on our company website.
3RD PARTIES
–
RITUAL – CLICK & COLLECT
For privacy policy regarding our click & collect system, please visit our system provider Ritual.
REPUTATION.COM – FEEDBACK
For privacy policy regarding our feedback system, please visit our system provider Reputation.com.
WIRELESS SOCIAL – FREE WIFI LOGINS
For privacy policy regarding our public wifi system, please visit our system provider Wireless Social.
LOYALTY – MCR
What is this Privacy Policy for?
This privacy policy is for the loyalty and cashless website and mobile application (On Android, iPhone and Windows Phone) maintained and served by MCR Systems and governs the privacy of its users who choose to use it.
The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the mobile app, the website and website owners. Furthermore the way the website and mobile app processes, stores and protects user data and information will also be detailed within this policy.
The Website and App
The website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. The website complies to all UK national laws and requirements for user privacy.
Use of Cookies
This website uses and requires cookies to better the users experience while visiting the website. A notice of cookie use is displayed on the users first visit to the website to comply with recent legislation requirements.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information.
Information Collected
On some parts of the website and app, you may be required or asked to provide some limited personal information in order to enable the provision of certain servers (e.g sales enquiry, gain access to our solutions). MCR may store this information manually or electronically. By supplying this information you are consenting to MCR holding and using it for the purposes for which it was provided. Information provided will be kept for as long as is necessary to fulfil that purpose.
We may also collect information about your computer, including where available; your IP address, operating system and browser type, for system administration and to report aggregate information to our webmasters. This is statistical data about our users’ browsing actions and patterns which does not identify any individual and allows us to ensure that content from our site is presented in the most effective manner for you and for your computer.
How Collected Information Is Used
Personal information provided to MCR Systems by you will only be used for the purpose stated when the information is requested. Personal information will not be sold to third parties, or provided to direct marketing companies or other such organisations without your permission. Personal information collected and/or processed by MCR Systems is held in accordance with the provisions of the Data Protection Act 1998.
Demographical and statistical information about user behavious may be collected and used to analyse the popularity and effectiveness of MCR Systems website and solutions. Any disclosure of this information will be in aggregate form and will not identify individual users.
How Collected Information Is Stored
Information which you provide to us will ordinarily be stored on our secure servers. Which are hosted by third party contractors. No information is transferred to a destination outside the European Economic Area (“EEA”). By submitting personal information, you agree to allow us to store and process the data. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
We may disclose your personal information to third parties if we are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of MCR systems, its customers or others.
Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to view any purchase or sale information made by you. These details are not passed on to any third parties.
External Links
Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites, similar to; Google or MCR Systems)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
RESOURCES & FURTHER INFORMATION
–
Privacy and Electronic Communications Regulations 2003
Privacy and Electronic Communications Regulations – The Guide
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.
Any queries or concerns about privacy on MCR websites or applications should be sent by email to support@mcr-systems.co.uk or addressed to the Data Protection Officer, MCR Systems, Vantage House, Vantage Park, Leicester, LE4 9LJ.
This policy was last updated 18.03.2021