Privacy policy
Last updated: 21 September 2025
Controller: TableGo Ltd ("TableGo", "we", "us") for our platform operations at tablego.uk
Independent Controllers: Participating Restaurants for diner data they receive about you
Processor role: In some cases we host/process diner data on behalf of Restaurants (e.g., reservation records) — our DPA applies in that case
1. How to read this Notice
This Notice explains how we collect and use personal data when you use tablego.uk to make reservations, pay deposits or purchase gift cards. It complements our Website Terms of Use and Cookie Policy and complies with UK GDPR and the Data Protection Act 2018.
When we decide the purposes/means of processing for our consumer website (account, security, analytics, marketing), we act as Controller.
When a Restaurant receives your booking/gift card details, it acts as an independent Controller for its use of your data.
When we host diner data for a Restaurant in its account, we act as Processor under our DPA.
2. Personal data we collect
Booking & profile data: name, contact (email/phone), party size, date/time, venue, notes (please avoid health info unless necessary).
Payment metadata: transaction IDs, amounts, status, refunds/chargebacks via Stripe (we do not store full card numbers or CVV).
Device/usage data: IP address, device identifiers, browser type, pages viewed, referral URLs, session duration, crash logs.
From channels: where you book via Google Reservations, Facebook/Instagram or Tripadvisor, we receive booking details from those partners.
Special category data. We do not seek health data. If you include allergy details in a note, we process it only with explicit consent and pass it to your chosen Restaurant for safety.
3. Why we use your data (legal bases)
| Purpose | Examples | Legal basis |
|---|---|---|
| Provide booking/deposit/gift card flows | Create bookings, send confirmations, customer support | Art. 6(1)(b) contract |
| Payment processing (via Stripe) | Process payments, refunds; prevent fraud | Art. 6(1)(b) contract / Art. 6(1)(f) legitimate interests |
| Safety & security | Access controls, incident response, misuse prevention | Art. 6(1)(f) legitimate interests |
| Analytics & improvement | Usage metrics, performance; cookies only with consent under PECR | Art. 6(1)(f) legitimate interests; consent where required |
| Service messages & marketing | Operational emails; optional marketing with opt‑out | Art. 6(1)(b) contract / Art. 6(1)(a) consent / soft opt‑in |
| Legal & compliance | Tax/audit, enforcing terms, responding to lawful requests | Art. 6(1)(c) legal obligation |
4. Sharing your data
We share personal data with:
- Restaurants you interact with.
- Stripe/Stripe Connect (payments, fraud/risk).
- Channel partners (Google Reservations, Facebook/Instagram, Tripadvisor) where your booking flows through their systems.
- Hosting/CDN, security, communications and analytics providers acting as our processors (non‑essential cookies/SDKs only with consent).
- Advisers/authorities where required by law.
5. International transfers
Some providers may process data outside the UK. We rely on UK adequacy decisions (e.g., UK‑US Data Bridge) or SCCs/IDTA with supplementary measures as appropriate.
6. Retention
- Bookings/gift card records (Controller): generally up to 24 months for platform integrity and support.
- Transactions (Controller): 6 years for accounting.
- Data we process as Processor: retained according to the Restaurant's instructions; deleted/returned per the DPA.
- Cookie consent records: typically 6–12 months.
7. Your rights
Under UK GDPR you may access, rectify, erase, restrict, object, and request data portability. You may withdraw consent at any time where processing is based on consent.
Request: support@tablego.uk (we respond within one month; extendable for complex cases).
If your request concerns data controlled by a Restaurant, we will notify/redirect it to the Restaurant.
You may complain to the ICO (ico.org.uk).
8. Children
tablego.uk is not intended for children under 16. If you believe a child provided data, contact us to remove it.
9. Security
We implement appropriate technical and organisational measures to protect personal data (encryption in transit, access controls, logging, staff training). No method is 100% secure.
10. Changes & contact
We may update this Notice; we will post the new version with a revised date and, where appropriate, notify you.
Contact: support@tablego.uk
TableGo Ltd, 284 Chase Road A Block 2nd Floor Suite 539, London, N14 6HF, United Kingdom