Privacy Policy for Bonbird UK

Last Updated: 4 August 2025

Welcome to Bonbird UK (“we”, “our”, “us”). We are committed to protecting your
privacy and ensuring that your personal information is handled in a safe and responsible
manner. This Privacy Policy explains how we collect, use, store, and share your personal
data when you use our website, place an order, or otherwise interact with Bonbird UK.

Bonbird UK is operated by City Restaurants Group Limited, the master franchisee for
Bonbird in the United Kingdom.

1. Who are we?

Bonbird UK
Company Number: 13116471
Registered Office: Unit 15 Beecham Business Park, Aldridge, WS9 8TZ
Email: [email protected]
City Restaurants Group is the data controller for the purposes of this Privacy Policy.

2. What Data We Collect

We may collect and process the following personal data:

Information you provide directly:
 Full name
 Email address
 Phone number
 Postal address
 Payment details (processed securely by third-party payment providers)
 Order history
 Marketing preferences
 Customer service inquiries

Information we collect automatically:
 IP address
 Browser type and version
 Device identifiers
 Pages visited and actions taken on our site
 Location data (if permitted)

Special Categories of Data:

We do not intentionally collect special category data (e.g., health, religion, race) unless explicitly provided by you (e.g., allergen information). Such information is treated with enhanced care.

3. How We Use Your Information

We use your data for the following purposes:
 To process and deliver your orders
 To communicate with you about orders, promotions, and services
 To personalise your website experience
 To provide customer support
 To improve our products and services
 To detect and prevent fraud or other illegal activity
 To comply with legal or regulatory obligations

4. Legal Bases for Processing

We rely on the following legal bases under the UK GDPR:
 Contractual necessity: to fulfil our agreement with you (e.g., food orders)
 Consent: for marketing and location services
 Legal obligation: to meet legal requirements (e.g., tax, food safety)
 Legitimate interests: to improve our services, prevent fraud, and ensure website security

5. How We Share Your Data

We may share your personal data with:

 Service providers (e.g., payment processors, delivery platforms, hosting providers)
 Marketing and analytics providers
 Franchisor (Bonbird HQ in Dubai), for reporting and brand oversight (only aggregated or necessary data)
 Legal or regulatory bodies, where required
 Business partners, if you opt in to receive promotions or if we undergo restructuring

We ensure all third parties handle your data with appropriate safeguards in compliance
with UK data protection law.

6. International Data Transfers

Where data is transferred outside the UK (e.g., to Bonbird HQ in Dubai), we ensure:

 Data transfers are covered by appropriate safeguards, such as standard contractual clauses (SCCs) or adequacy decisions.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary:

 Orders and transactions: 6 years (for accounting/legal compliance)
 Marketing data: until you withdraw consent or after 24 months of inactivity
 Website usage logs: up to 12 months for analytics and security

8. Your Rights

Under the UK GDPR, you have the right to:

 Access your personal data
 Rectify inaccurate or incomplete data
 Erase your data (“right to be forgotten”)
 Restrict processing
 Object to processing (especially for direct marketing)
 Data portability
 Withdraw consent at any time (where applicable)
 Lodge a complaint with the Information Commissioner’s Office (ICO)

Contact the ICO: https://ico.org.uk/

9. Cookies and Tracking

We use cookies to:

 Enable website functionality
 Understand user behaviour (analytics)
 Deliver relevant advertising (if consented)

You can control cookies via your browser settings or our cookie banner.

For more details, see our Cookie Policy.

10. Marketing Communications

We will only send you marketing if you have:

 Given explicit consent via our website or in-store
 Have an existing customer relationship and have not opted out

You can opt out at any time by:
 Clicking “unsubscribe” in emails
 Contacting us directly via email or phone

11. Data Security

We take appropriate technical and organisational measures to protect your personal
data, including:

 SSL encryption
 Secure servers
 Limited access by authorised personnel only
 Regular data audits and reviews

12. Children’s Data

Our website and services are not directed at children under 13. We do not knowingly
collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page
with the updated date.

If significant changes occur, we may notify you by email or site notification.

14. Changes to This Policy

Data Protection Officer
City Restaurants Group Limited
Email: [email protected]
Address: Unit 15 Beecham Business Park, Aldridge, WS9 8TZ