Privacy Policy – Chung Ku Restaurant

for Chung Ku Restaurant
Website: chungku.co
Last updated: 27.12.2025

1. About this Privacy Policy

This Privacy Policy explains how we collect and use personal data when you use our website, contact us, or make an enquiry about a table booking at Chung Ku Restaurant.

We aim to keep this notice clear and practical. If anything is unclear, please contact us using the details below.

2. Who is the data controller

The data controller is: Chung Ku Restaurant
Trading as: Chung Ku Restaurant

Operating address:
2 Columbus Quay, Riverside Drive, Liverpool L3 4DB

Contact details:
Email: chungku@live.co.uk
Phone: 0151 726 8191

We have not appointed a Data Protection Officer (DPO).

3. The personal data we collect

We collect personal data in the following categories.

A. Booking and reservation enquiry forms

If you use a booking or reservation enquiry form, we may collect:
• Name and surname
• Email address
• Phone number
• Number of guests
• Date and time requested
• Message content, including any special requirements you choose to share

Important: Please avoid sharing sensitive details in the message box unless it is necessary for your request. If you choose to include allergy or health related information, we will only use it to handle your booking or enquiry.

B. Contact you send to us

If you contact us by email, phone, or via the website, we may collect:
• Your contact details
• The content of your message
• Our replies and any follow up notes needed to deal with your request

C. Cookies, analytics, and similar technologies

When you browse our website, cookies and similar technologies may collect information about how you use the site, such as pages viewed and interactions. Some cookies are essential for the website to function. Others, such as analytics cookies, are optional and only used if you consent.

More detail is in our Cookies Policy.

D. Server logs and security data

Our website and hosting infrastructure may automatically record:
• IP address
• Browser and device information
• Date and time of access
• Pages requested and technical logs (for example, error logs)

This is typically used for security, performance, and troubleshooting.

E. Links to social media and third party sites

Our website may include links to social media pages or third party websites. If you follow those links, your use of those services is governed by the third party’s own privacy information.

4. How we use your data and our lawful bases

We only use personal data where we have a lawful basis under UK GDPR.

A. Handling booking requests and reservation enquiries

What we do: respond to your booking request, confirm details, manage changes or cancellations, and communicate with you about the reservation.
Lawful basis: contract, or steps before entering into a contract (because you are asking us to take action to arrange a booking).

B. Customer service and general queries

What we do: respond to questions, resolve issues, keep a record of communications so we can provide consistent service.
Lawful basis: legitimate interests (running our business and providing customer support).

C. Special requirements, including allergy information you choose to provide

What we do: use the information only to handle your booking or enquiry and to communicate with you about it.
Lawful basis: your consent. If the information is health related, we rely on your explicit consent because you voluntarily provide it for this purpose.
If you prefer not to share this online, contact us by phone instead.

D. Website security and technical operation

What we do: protect the website, prevent fraud and abuse, maintain performance, and diagnose technical problems.
Lawful basis: legitimate interests (keeping our systems secure and reliable).

E. Analytics to understand and improve the website

What we do: measure website usage and understand which pages are helpful, so we can improve the site and our services.
Lawful basis: consent (where required for non essential cookies and similar technologies).
Current tool: Google Analytics 4 (GA4).

F. Future tools and changes

As we develop the website, we may add new tools (for example, additional analytics, testing, or marketing tools). If we do, we will:
• Update this Privacy Policy and our Cookies Policy
• Use consent where the law requires it
• Provide clear choices and controls for users

5. Who we share personal data with

We may share personal data with service providers that help us run the website and communicate with you. These providers act as processors on our instructions, where applicable. Categories include:
• Website hosting and infrastructure providers
• Website platform and plugins (for example content management system and form plugins)
• Email and communications providers
• Analytics providers (for example Google Analytics 4)
• Security and anti spam services
• IT support and website maintenance providers

We do not sell personal data.

6. International transfers

Some suppliers may process personal data outside the UK. Where this happens, we use appropriate safeguards as required by UK data protection law, such as recognised transfer mechanisms and contractual protections, and we take a risk based approach to ensure the data remains protected.

7. How long we keep your data

We keep personal data only for as long as necessary for the purposes described above.

Typical retention periods (may vary depending on context and legal obligations):
• Reservation enquiries and related messages: up to 12 months after the enquiry is closed
• Confirmed bookings and related communications: up to 24 months after the booking date
• Allergy or health related details: kept only as long as needed to handle the booking and follow up, then deleted or minimised
• Server logs and security logs: typically 30 days (longer if needed to investigate security issues)
• Analytics data: depends on our Google Analytics settings. User level data retention is typically set to 2 months or 14 months (and may change if settings change). Aggregated reporting may be kept longer

If you ask us to delete data, we will do so unless we need to keep it for a valid legal or operational reason.

8. Your rights

Under UK GDPR, you have rights in relation to your personal data, including:
• Access: request a copy of your personal data
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion in certain circumstances
• Restriction: ask us to limit how we use your data in certain circumstances
• Objection: object to processing based on legitimate interests
• Data portability: receive certain data in a portable format (where applicable)
• Withdraw consent: where we rely on consent, you can withdraw it at any time (this does not affect processing already carried out)

To exercise your rights, contact us using the details in section 2.

9. Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

10. Security

We take appropriate technical and organisational measures to protect personal data, such as access controls, routine maintenance, and security monitoring. No website or system can be guaranteed 100 percent secure, but we work to reduce risk and respond promptly to issues.

11. Children

Our services are intended for adults. We do not knowingly collect personal data from children. If you believe a child has provided personal data through our website, please contact us and we will take appropriate steps.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the website, our services, or legal requirements. The latest version will always be published on our website with the updated date at the top.

If you have questions about this policy, contact us at chungku@live.co.uk.