Privacy Notice

Your data is incredibly important to you and to us. Pastaus uses and stores your data for fulfilling a contract with you to manage your event or private dining, and/or for marketing with your consent. You may withdraw consent for marketing at any time.

Your Personal Data (the “Data”) is incredibly important to Pastaus (hereinafter “We/Us/Our”). We process, store and retain your Data for the following Intended Purposes (the “Purposes”):

  • Use of Our Website;
  • Fulfilling a contract with you to manage your attendance at events, or private dining;
  • For marketing purposes, where you opt-in and provide your consent to receive marketing communications.

Please note that you may withdraw your consent at any time, indicating that you wish to withdraw such consent. Please note that this does not affect the processing of your Data for other purposes when utilising another legal basis.

Controller Details:

For the purposes of this Privacy Notice (hereinafter, the “Notice”), Pastaus shall be the Data Controller (hereinafter, the “Controller”) of your Data.

Who Are We?

Pastaus | Fresh Home-Made Pasta

Quick Guide to contents

  • What Data do we collect about you?
  • Where We collect your Data from
  • Information you give Us
  • Information We collect automatically when you use Our services
  • Information We receive from third parties
  • Security

How do we use your Data?

  • Where this is necessary for the performance of a contract which you are party to
  • Where We are under a legal obligation to process your Data
  • Where We have a legitimate interest
  • Where We have your consent
  • In your vital interest
  • How long do We keep your Data for?
  • Who do We share your Data with?
  • Your Rights
  • How will you know if We change this privacy notice?

What Data do we collect about you?

Types of Data

We collect and use different kinds of Data to provide Our dining experiences and services. The Data We may collect about you is listed below so you can see what we may know about you.

  • Contact Details: Your name, phone number, where you live and how to contact you.
  • Age: Your date of birth and/or age.
  • Demographic data: Your gender, nationality, and preferred language.
  • Communications: What We learn about you from communications and conversations between Us including reservations and information necessary to fulfil your special requests.
  • Usage: Usage data about how you use Our products and services.
  • Technical: Details on the devices and technology you use (incl. cookies).
  • Financial: Your credit card details, billing address, and bank account information.
  • Contractual data: Details about any products or services that We may provide for you.
  • CCTV: Information is provided through CCTV recordings at Our restaurants.
  • Providing personal data belonging to others. If you provide the Data of anyone other than yourself (e.g., your family members or friends), you are responsible for informing that person that We are collecting their Data and for ensuring that you have valid permission to provide such Data to Us.
  • If you are a minor under 16 years of age, please obtain consent from your parent or guardian by using the provided consent form, before you submit any Data to Us. If you are a parent or guardian of a minor and you have reason to believe your child or ward has provided Us with their Data without your prior consent, please contact us using the abovementioned e-mail address to request for the erasure of their personal data or for the minor to be unsubscribed from Our mailing lists.

Where We collect your Data from

Generally, we collect and process your information in the following ways:

Information you give Us

  • When you access Our website.
  • When you make a reservation at Pastaus.
  • When you purchase gift vouchers.
  • When you visit or make transactions in the establishments that We own or manage.
  • When you respond to Our promotions or subscribe to Our mailing lists.
  • When you participate in competitions, contests or games organised by Us.
  • When you attend events or functions organised by Us, or conducted at Our establishments, for example, property launches, private dining, ticketed events and hosted events, promotional and marketing events, and other social events.
  • When you use Our services (or express an interest in doing so) including services and transactions in respect of properties that We own or manage.
  • When you communicate with Us by telephone, email, via Our website or through other communication channels, for example, through social media platforms.
  • When you visit Our websites or register a user account with Our websites or mobile applications.
  • When we seek information about you and receive your personal data in connection with your relationship with Us; and
  • When you submit your personal data to Us for any other reason.

Information We collect automatically when you use Our services;

  • Payment and transaction data.
  • Profile and usage data. This includes:
    • your IP address.
    • the security details you create and use to connect to Our services.
    • your settings and marketing choices.
    • data We gather from devices you use to connect to Our online services; and
    • data We gather from cookies We use and other internet tracking software whilst you are using Our website or mobile device applications. information, please refer to Our cookie policy.

Information we receive from third parties:

  • Our business partners such as tour operators, booking agencies, reservation systems, food delivery couriers, and third parties providing advertising, marketing, and promotional services to Us.
  • Social networks.
  • Event organiser for private dining.
  • Family members or friends who provide your Data to Us on your behalf; and/or
  • Public agencies, public bodies, law enforcement or other public sources.

Security

When your images are captured by Us via CCTV cameras while you are within the restaurants, or when photographs or videos of you are taken when you attend events or functions organised by Us.

How do We use your Data?

We collect and process your Data for several purposes. The law states that for each purpose We must explain to you what legal basis We are using to justify Our processing. Where We process your Data, we will only do so upon the following bases:

  • Where this is necessary for the performance of a contract which you are party to.
  • Where We are under a legal obligation to process your Data.
  • Where We have a legitimate interest (as detailed below).
  • Where We have your consent; and/or
  • In your vital interest.

When We process your Data based on Our legitimate interest, this means that We have an interest in business continuity or commercial endeavours. We will only rely on such interests after carrying out a Legitimate Interest Assessment (“LIA”). The scope of this LIA is to ensure that the processing of your data is strictly necessary and that Our legitimate interests do not outweigh your fundamental rights. Processing will only occur once the LIA has been conducted and We ascertain that Our legitimate interests do not severely impact your rights.

The processing of your data is not a statutory requirement. In certain instances, it is a contractual requirement imposed by Us in order to provide Our products and/or services to you. The consequence of failing to provide Us with your Data is that We will be unable to provide you with the necessary products and/or services.

Notwithstanding the above mentioned Purposes, We may process your Data for the specific purposes detailed below, in relation to a particular legal basis:

Where this is necessary for the performance of a contract to which you are a party.

  • To manage Our relationship and communicate with you.
  • To process your payments, if you purchase Our products such as gift vouchers, to provide you with order updates and deal with your inquiries.
  • To authenticate the identity of individuals contacting Us by telephone, electronic means or otherwise.
  • To administer and manage your account and associated services including updating your records and answering your queries.
  • To manage how We work with other companies that provide services to Us and Our customers.
  • To exercise Our rights set out in agreements and contracts; and
  • Sharing your personal data with certain third-party service suppliers such as payment service providers.

Where We are under a legal obligation to process your Data;

  • To comply with laws and regulations that apply to Us.
  • To establish, defend and enforce Our legal rights; and
  • To deal with requests from you to exercise your rights under data protection laws.

Where We have a legitimate interest

  • To manage Our relationship with you.
  • For internal training and quality assurance purposes.
  • To administer and manage your account and associated services including updating your records.
  • To manage and audit Our business operations including accounting.
  • To run Our business in an efficient and proper way. This includes managing Our financial position, business capability, IT and governance requirements.
  • To develop and carry out marketing activities and to conduct market research and analysis and develop statistics.
  • To study how Our customers use products and services from Us and other organisations.
  • For security and safety purposes, in connection with the restaurants that We own or manage, or events organised by Us or conducted at our restaurants.
  • For compliance with internal policies and procedures, including audit, accounting, risk management and record keeping.
  • For carrying out research and statistical analysis, including the development of new products and services or evaluation and improvement of Our existing products and services.

Where We have your consent

  • To develop and carry out marketing activities such as informing you of Our latest activities, activations, and promotions.
  • To study how Our customers use products and services from Us and other organisations.
  • To communicate with you about Our products and services.

We may also from time to time ask you for your consent for other purposes, which We will explain to you at the time.

In your vital interest

  • To provide medical and health care professionals with your Data in the event that you experience an accident or medical emergency while visiting one of our premises.

Where We intend to further process your Data for a purpose other than that for which is was collected (specified above), We will provide you with any additional information required, prior to processing your Data.

How long do We keep your Data for?

We will keep your data for as long as you are a customer of Ours. We may keep your data for up to 3 years after your last interaction with Us or where you have made a transaction, your Data will be removed 5 years after such transaction. The reasons We may do this are:

  • To respond to a question or complaint, or to show whether We gave you fair treatment.
  • To study customer data as part of Our own internal research.
  • To comply with rules that apply to Us about keeping records.

We may also keep your data for longer if We cannot delete it for legal or regulatory reasons.

Any CCTV footage shall be retained for 7 days, after which it shall be irretrievably destroyed unless otherwise required under a legal obligation.

After this time, We will securely and irretrievably destroy your Data.

Your Data is important to Us, and We will make sure your privacy is protected.

Who do We share your Data with?

We may share your Data with other parties to provide you with products and services, run Our business and comply with rules that apply to Us. These include the following:

We may share your Data within the group of restaurants, primarily for business and operational purposes. As We continue to develop Our business, We may sell or purchase assets. If another entity acquires Us or merges with Us your Data will be disclosed to such entity. Also, if any bankruptcy or re organisation proceeding is brought by or against Us, all such Data will be considered an asset of ours and as such it is possible, they will be sold or transferred to third parties.

We may share your Data with third parties who perform functions on Our behalf and who also provide services to Us, such as professional advisors, social media networks, data management companies, digital agencies, reservation booking platforms, food delivery services, gift voucher solutions providers, CRM software providers and IT consultants carrying out testing and development work on Our business technology systems and function co-coordinators. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality. We may also share your Data to Our appointed representatives in connection with a contracted transaction between you and Us, including with lawyers. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.

We may also share your Data with the following organisations:

  • Agents and advisers who We use to help run Our business, collect what you owe and explore new ways of doing business.
  • Companies that introduce you to Us.
  • Companies that We introduce you to.
  • Companies you ask Us to share your data with.

Where required We may also share your Data with third parties to comply with a legal obligation; when We believe in good faith that applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise, to protect the rights, property, safety, or security of third parties, visitors to the Our website, Our business or the public.

Your Rights

Rights

What does this mean?

1.          The right to object to processing

You have the right to object to certain types of processing, including processing for direct marketing (i.e., if you no longer want to be contacted with potential opportunities).

2.          The right to be informed

You have the right to be provided with clear, transparent, and easily understandable information about how We use your information and your rights. Therefore, We’re providing you with the information in this privacy notice.

3.          The right of access

You have the right to obtain access to your information (if we’re processing it), and certain other information (like that provided in this privacy notice).

This is so you’re aware and can check that We’re using your information in accordance with data protection law.

4.          The right to rectification

You are entitled to have your information corrected if it’s inaccurate or incomplete.

5.          The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for Us to keep using it. This is not a general right to erasure; there are exceptions.

6.          The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, We can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

7.          The right to data portability

You have rights to obtain and reuse your Data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between Our IT systems and theirs safely and securely, without affecting its usability.

8.          The right to lodge a complaint

You have the right to lodge a complaint about the way We handle or process your Data with your national data protection regulator.  In Malta, the national data protection regulation is the IDPC and their website is available at https://idpc.org.mt/.

9.          The right to withdraw consent

If you have given your consent to anything We do with your Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything We have done with your Data with your consent up to that point is unlawful). This includes your right to withdraw consent to Us using your Data for marketing purposes.

10. The right to be informed of the source

Where We do not collect Data directly from you, you have the right to be informed of the source of such Data.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover Our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, We may be entitled to refuse to act on the request, where such a refusal is justified in terms of any and all relevant data protection legislation.

Please consider your request responsibly before submitting it. We’ll respond as soon as We can. Generally, this will be within one month from when We receive your request but, if the request is going to take longer to deal with, We’ll come back to you and let you know.

If you have any questions about this privacy notice or would like to exercise any of your rights, please contact Us by writing to Us at the address found in the Controller Details section above

If you are unhappy about any aspect of the way We collect, share, or use your Data, please let Us know using the contact details above.

How will you know if We change this privacy notice?

We may need to make changes to this privacy notice at any time. If We make any material change to how We collect your Data, or how We use or share it, We will update the privacy notice on Our website, and We will inform you of these changes by Our normal means of communicating with you, including by email, or by post.