OPENTABLE FOR RESTAURANTS

Guide to General Data Protection Regulation (GDPR) and UK GDPR

The Basics

GDPR and the new GDPR are laws that protect the rights and freedoms of EU and UK individuals with respect to their personal data.

DOES IT APPLY TO MY RESTAURANT?

If your restaurant is established in the EU/UK, yes it does. If your restaurant is not established in the EU/UK, then it only applies with respect to diners and prospective diners who are residents of the EU/UK.

WHAT DATA DOES IT COVER?

Personal data of EU and UK individuals. Personal data is data that can be linked to an identified or identifiable person. It includes direct identifiers (e.g., name and email) and indirect identifiers if they can be used to identify a person (e.g., IP address and online identifiers).

WHAT TYPES OF PROCESSING DOES IT COVER?

All types, whether or not automated, such as the access, collection, storage, retrieval, use, disclosure or erasure of personal data.

DOES IT COVER CITIZENS OF THE UNITED KINGDOM?

Yes, the UK GDPR applies to the UK and mirrors the EU version of GDPR.

**DOES GDPR/UK GDPR REQUIRE CONSENT TO PROCESS PERSONAL DATA? **

No, consent is only one of the legal bases for processing data. For example, data can also be processed: – To fulfill a contract with that person – Sometimes for “legitimate interests,” such as for marketing and commercial objectives (these legitimate interests must, however, outweigh detriment to the privacy of that person) – When there is a legal obligation to do so. Country-specific laws, like the Privacy and Electronic Communications Regulations (PECR) may also apply and govern activities such as direct marketing.

Understanding Controller vs. Processor: You control the data in your OpenTable Guestbook

Rights and responsibilities for data processing under GDPR/UK GDPR depend on whether your business is a data controller or data processor.

AT A HIGH LEVEL

The controller uses the data for its own business purposes. The controller determines the purposes and means of processing personal data. The processor performs data processing services for the controller. Here is how it applies to your restaurant’s use of OpenTable’s products:

YOUR OPENTABLE GUESTBOOK

Your restaurant is the controller of personal data in your OpenTable Guestbook. This data includes both online reservation data OpenTable shares with your and data that you input into your OpenTable guestbook, such as your phone-in reservations, guest notes and tags.

OpenTable is the processor of personal data in your OpenTable Guestbook. As such, OpenTable processes this data in your OpenTable guestbook on behalf of your restaurant by powering the product. Your guestbook may live in any of our restaurant products, such as GuestCenter, OpenTable Connect, Electronic Reservation Book (ERB) or ResPAK.

OPENTABLE’S CONSUMER PRODUCTS

OpenTable is the controller of personal data in our consumer products, including OpenTable’s websites, apps and booking flows. Diners who make reservations through our sites and apps, including our booking tool on your restaurant’s website, agree to OpenTable’s terms of use and privacy policy as part of completing the reservation. This data is bifurcated from person data that resides in your OpenTable guestbook, for which OpenTable acts as your restaurant’s data processor.

Your OpenTable contract

OpenTable maintains a data processing addendum to your online restaurant contract. If you do not have an online contract, we will make this update available to you as an addendum to your current contract.

OpenTable will also be maintaining certain records of our data processing as required by GDPR/UK GDPR. As the processor of personal data in your restaurant’s OpenTable guestbook, OpenTable’s records will include your restaurant’s contact information, together with your Data Protection Officer and local representative, if you have one. If this information changes, please inform your OpenTable Account Manager.

Data Subject Rights: The Right to Erasure

EU/UK diners have certain personal rights under GDPR/UK GDPR, including the right to erasure.

If OpenTable receives a request for erasure from a diner who booked a reservation at your restaurant through OpenTable, we will:

Process the diner’s request for erasure from our consumer systems.
Provide your restaurant with notice of the request, because GDPR/UK GDPR requires us to inform recipients to whom we passed the diner’s data of these sorts of requests.
Your restaurant, as the data controller of your OpenTable guestbook, will then decide how to handle this request with respect to your guestbook. If you elect to erase the diner from your OpenTable guestbook, OpenTable is here to assist you upon your request.

If a diner submits a request for erasure directly to your restaurant, OpenTable, as your data processor, is also here to help you upon your request with respect to your OpenTable guestbook.

Changes to our Sites & Apps

Our Privacy Policy
OpenTable regularly reviews and updates its privacy policy to comply with GDPR/UK GDPR and other obligations under relevant data protection laws. These updates will include, for example, information for EU/UK individuals on how to exercise their GDPR rights, as well as clarifying the legal bases for processing their data.
Email Marketing
Our sites and apps give the diner the opportunity to provide their email address to your restaurant for email marketing purposes. As we explain at the end of paragraph 1 (The Basics), consent is just one legal basis for processing data for marketing purposes. OpenTable passes the preference made by the diner at the time of booking, but it is up to you to decide how you wish to fulfill those requests.

GDPR/UK GDPR Tips for your Restaurant

Know your data. Be aware of what data your restaurant collects, where it is stored, and who can access it. From there, you can take necessary actions to secure access.
Secure your data. Use the security features that may be contained in your OpenTable guestbook in order to only permit access to personal data on a need-to-know basis.
Consult with experts, as needed. To answer questions specific to your restaurant, it may help to consult with tech and legal experts who can assess your restaurant’s particular situation.
Take advantage of what OpenTable has to offer. Review your contract and restaurant contact information with OpenTable and follow the security tips outlined in this Guide. We encourage you to reach out to your Account Manager with any questions about OpenTable products.