Hibiscus Caribbean Kitchen and our other associated trading companies (“We”) respect your data and are committed to protecting and respecting your privacy.
Hibiscus Caribbean Kitchen owns and runs the following websites:
This website is owned Hibiscus Kitchen
We are committed to protecting your data and privacy in accordance with our obligations as established under government data protection legislation. The current data protection law is found in the Data Protection Act 1998 and other UK legislation. After 25th May 2018 the EU General Data Protection Regulation and related legislation came into effect.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
How and what Information we may collect on you
You are in control of what information we collect about you. By submitting your information on any of our websites you consent to the use of that information as set out in this policy. However, if you choose not to share your information some areas of our websites may not be accessible or useable.
We collect data and information in the following ways:
2a. Information that you provide us, including:
• Information you actively provide when using our website including when you purchase a product or complete an online enquiry or booking form. For example, when you reserve a guest bedroom or book a table in the restaurant we will ask for your personal information in order to for us to process your request. This information is likely to include identity data (may include your first name, last name, username, title, date of birth and gender), contact data (may include your billing address, delivery address, email address and telephone numbers) and financial data (may include your bank account and payment card details).
• If you contact us by post, email or telephone, we may keep a record of any correspondence.
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to these.
• Marketing and Communications data, such as your name and email address, if you choose to opt-in to receive marketing material from us.
• Contact and Identity data should you choose to enter into any competitions or prize-draws.
2b. Information that is automatically collected by our websites
We use passive means to collect information such as tracking what pages you visit on our sites. This information is used by our websites to determine how visitors use our sites. This then feeds into the development of the sites as we aim to make them more enjoyable and easy to use. Such collected data may include:
We use ‘cookies’ to enhance your experience on our websites. Cookies are small data files that are sent to your browser and stored temporarily on your computer to help retain the information that you have entered whilst you browse our sites.
A cookie will typically contain the name of the domain from which the cookie has come and the ‘lifetime’ of the cookie. Cookies do not give us your personal information, they provide us with non-personal information such as remembering your browser settings, what types of software you are using etc., so that we can work with the sites to make them as easy to use as possible for you and all our visitors.
Certain cookies sent to your browser will help us to save you time. For example, if you’re halfway through an online purchase our cookies will allow you to browse other areas of our websites and then return to your purchase.
Most browsers automatically accept cookies but you can both delete existing cookies from your browser and, by editing your browser options, choose not to receive cookies in future. Please visit for more information on this.
Please note that if you choose not to receive cookies then some areas of our websites may fail to function as intended so degrading your user experience.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. Your IP address may also be used to diagnose problems with our server, monitor visitor traffic patterns and site usage to help us develop and improve our sites further.
2c. Sensitive Data
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, criminal history, information about your health and genetic and biometric data. Usually we don’t record any sensitive data. However, in some circumstances we may need to collect sensitive information relating to your health or dietary requirements (which may also relate to your religious beliefs). However, we would only request this information where this is required and relevant to your booking, for example, if you are registering to take part in an experience in which your health may affect how we deliver the product.
How we use your personal data
• We will only ever use your data when legally permitted. The most common uses of your personal data are:
• When we need to perform the contract between us. Such as emailing you an e-ticket and details of your purchase.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• When you have given us consent to process your personal data in order to send marketing information to you.
Administration and other non-marketing uses of data
We will use the information you enter onto our websites for administration purposes and any other purposes made clear in the data entry forms themselves, or referenced within our terms and conditions.
4a. Third Parties and disclosure of your personal data
Disclosure of your data to others may be necessary to ensure the smooth provision to you of the products, services and information you request.
We will not sell your data or share personal data with third party organisations for marketing purposes, but we do use third parties to outsource functions when we do not have the in-house capacity or capability required, such as the use of a mailing house for mailings, fulfilment of an electronic booking or service and analytical services that enable us to target our communications to you more effectively. In such cases we will only use reputable and well vetted firms and have contracts and processes in place that ensure the safe and confidential processing of personal data at all times. We may also disclose personal information where required or otherwise permitted by law.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
4b. Online Advertising
If you visit our websites, you may subsequently see banner advertisements from us whilst browsing other websites. These adverts are placed by us by approved, specialist media providers. These adverts may be targeted at you based on cookies placed on your computer or other devices when you visit our websites.
If you are active on Social Media you may also see our adverts on your Social Media channels. We may make use of existing profiling tools provided by Social Media companies to try and ensure you are seeing adverts from us that may be of interest to you. We may also utilise existing data we hold on you in combination with these existing social media tools to make our marketing more targeted.
This can include passing certain data onto Social Media companies (they cannot pass this data onto any other third parties or use this to contact you in anyway) who are based outside the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection with your personal data, so European law has restricted transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
• Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
• Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we will request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
4c. Online Competitions
Hibiscus Caribbean Kitchen will run online competitions intermittently on the website, via its Social Media channels or through on park activity. All and any competitions will be supported by documented Terms and Conditions which will specify what information will be collected and how it might be used – for instance to contact winners about receiving their prizes. Any personal information that is collected from this type of activity will be deleted once the competition entry date has closed, relevant winners have been contacted and all prizes or similar correspondence have been completed, unless you have opted into marketing communications. Personal information provided will not be used for marketing purposes unless specifically authorised to do so.
Occasionally we may email surveys to guests who have reserved rooms or restaurant tables in order that we can improve the experience for future and return guests. Electronic Surveys are automatically sent to guests after the date of their original booking. Completing any surveys you are sent is not mandatory.
4e. Statistical Data
We try to ensure that our websites offer visitors exactly what they are looking for. As already referenced, to help us achieve this goal we and our appointed marketing companies may collect and analyse anonymous data collected by cookies and Google Analytics about how visitors use the websites. We may also collect Internet Protocol addresses to help diagnose problems with our servers and for system administration, but we don’t link these addresses to any person’s name or identity.
4f. When we might contact you if you don’t opt-in to receive marketing
If you have chosen not to opt-in to receive marketing material from us, or since opting in have decided to opt-out, we will only contact you regarding any products you may have purchased from us and when we consider it to be in our legitimate interest to contact you about said products.
This may include:
• Sending confirmation details of your reservations to you via email.
• When a situation has arisen that could directly impact the delivery of a booked room or table.
• Emailing you to ask you to complete a feedback survey so we can study how our customers use our products and services and improve our offering accordingly. We will only ask you to feedback on the product you have purchased and you are not obliged to complete the survey we send you.
You will usually receive marketing communications from us if you have:
(i) opted into receive marketing communications from us during a reservation;
(ii) if you signed up to our newsletter on any of our websites
(iii) in each case, you have not opted out of receiving marketing communication.
(iv) if you request to receive marketing material over the phone, at a event (e.g. business trade show) or directly to our teams on a visit. Verbal requests will be logged, password protected and uploaded to our secure database provider.
The data you give us about yourself will enable us to give you updates via email, phone or postal services using the contact details you provide, on promotions and services we offer that we think may be of use to you or to involve you in market research. How and why we might contact you will be clearly explained whenever you opt-in to receive marketing from us. To improve our picture of your interests we may link the data you give us with any data we have gathered (via cookies) about your use of our websites.
We do not currently share your data with any third parties for marketing processes and will get your express opt-in consent before we share your personal data with any third party for marketing purposes. However, from time to time we may upload email data to Facebook, Twitter or Instagram in order for us to target you with products and services you might be interested in. We will not pass on your personal details to any other organisation without your permission unless they are directly involved in the running/maintenance of our websites or are an outsource function on behalf of the business. Your data will only be used for the purpose of informing and marketing Hibiscus Caribbean Kitchen We will contact you every two years to ensure that your details are correct and you’re still happy to receive marketing material from Hibiscus Caribbean Kitchen
You can ask us to stop sending you marketing messages at any time by following the opt-out (unsubscribe) links on any marketing message sent to you or by emailing email@example.com confirming you wish to stop receiving marketing messages. Please note that if you opt-out of receiving our marketing communications we may still store data relating to you and any purchases you have made and may contact you directly about your bookings.
5a. Children under the age of 16
We do not intend to collect information from and market to children under the age of 16 years. Children under the age of 16 years will not be able to participate in competitions nor sign up to receive marketing communications from us. If you sign up to receive marketing materials from us we will proceed on the basis that you are over 16.
When you’re within our business premises your image may be captured. We have CCTV in operation across our sites. CCTV footage is routinely only stored for a limited time; we will only retain footage for longer than this is if it relates to an ongoing investigation.
If you consent to having your photo taken and used for marketing or PR purposes we will hold your name, image and age (if applicable) on file for future re-use as well as a copy of a photo permission form by which you will have given written consent that we may use the image for marketing purposes.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In order to comply with legal and tax obligations we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least six years after they cease being customers.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Rights to your data
Under the EU General Data Protection Regulation you have the right to request a copy of the personal information we hold about you. You also have the right to request that we erase any personal information we hold, where we have no compelling reason to continue processing this data.
A reminder of all your rights under GDPR:
• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Right to withdraw consent.
If you wish to exercise any of the rights set out above, please email us at
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you (two forms of identification) to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to this policy
Because we are constantly improving our websites there may be developments in how we use your data. All such developments will be promptly notified to you in this policy. Your continued use of our websites will signify that you agree to any such changes.
If you have any queries regarding this policy, the use of your data or what data we might hold on you please feel free to get in touch by contacting the Data Controller c/o The Hibiscus Caribbean Kitchen, 272 Portobello road, London W10 5TY or email firstname.lastname@example.org.
Similarly, it is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com.
Policy last updated: 20th Jan 2021