Last Updated: April 2024
1. Introduction
Pan Asian Plaza is committed to complying with the General
Data Protection Regulation (GDPR) and the UK Data Protection
Act 2018. This page explains how we meet our obligations
under these regulations and protects your personal data.
2. Our Role Under GDPR
Pan Asian Plaza acts as a Data Controller
for the personal data we collect from you when you:
- Visit our website
- Make a reservation
- Contact us via email, phone, or our website form
-
Subscribe to our newsletter or marketing communications
- Dine at our restaurant
3. Data Protection Principles
In accordance with GDPR Article 5, we adhere to the
following principles when processing your personal data:
-
Lawfulness, Fairness, and Transparency:
We process your data lawfully and are transparent about
how we use it
-
Purpose Limitation: We only collect data
for specified, explicit, and legitimate purposes
-
Data Minimisation: We collect only the
data necessary for our purposes
-
Accuracy: We keep your data accurate and
up to date
-
Storage Limitation: We retain data only
as long as necessary
-
Integrity and Confidentiality: We ensure
appropriate security of your data
-
Accountability: We can demonstrate
compliance with these principles
4. Legal Basis for Processing (Article 6)
We rely on the following legal bases for processing personal
data:
-
Consent (Article 6(1)(a)): When you
explicitly consent to marketing communications or specific
processing activities
-
Contract (Article 6(1)(b)): When
processing is necessary to fulfil a contract with you
(e.g., processing a reservation)
-
Legal Obligation (Article 6(1)(c)): When
we must comply with legal requirements (e.g., tax records)
-
Legitimate Interests (Article 6(1)(f)):
For purposes such as improving our services, fraud
prevention, and security
5. Your Rights Under GDPR
GDPR provides you with the following rights regarding your
personal data:
Right to Information (Article 13 & 14)
You have the right to receive clear, transparent information
about how we process your data, which we provide through our
Privacy Policy.
Right of Access (Article 15)
You can request a copy of all personal data we hold about
you. To make a Subject Access Request (SAR), please contact
us at info@panasianplaza.co.uk. We will respond within one
month of receiving your request.
Right to Rectification (Article 16)
You can request correction of inaccurate personal data or
completion of incomplete data we hold about you.
Right to Erasure (Article 17) - "Right to be Forgotten"
You can request deletion of your personal data in certain
circumstances, such as when the data is no longer necessary
for the purposes for which it was collected.
Right to Restriction of Processing (Article 18)
You can request that we restrict processing of your personal
data in certain situations, such as when you contest the
accuracy of the data.
Right to Data Portability (Article 20)
You can request your personal data in a structured, commonly
used, and machine-readable format, and have the right to
transmit this data to another controller.
Right to Object (Article 21)
You can object to processing of your personal data based on
legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based
solely on automated processing that produce legal effects or
similarly affect you.
6. How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us:
-
Email: info@panasianplaza.co.uk (subject line: "GDPR
Request")
- Phone: (+44) 0238 112 2811
-
Address: Marlands Shopping Centre, Civic Centre Rd,
Southampton, SO14 7SJ, UK
We will verify your identity before processing your request
and respond within one month. Complex requests may take up
to three months, in which case we will inform you of the
delay.
7. Data Security Measures
We implement appropriate technical and organisational
measures to ensure data security:
- Encryption of personal data in transit and at rest
- Regular security assessments and updates
-
Access controls limiting data access to authorised
personnel
- Staff training on data protection obligations
- Secure backup and recovery procedures
8. Data Breach Notification
In the event of a personal data breach that poses a risk to
your rights and freedoms, we will:
-
Notify the Information Commissioner's Office (ICO) within
72 hours of becoming aware of the breach
-
Notify affected individuals without undue delay if the
breach is likely to result in a high risk to their rights
and freedoms
9. International Data Transfers
If we transfer personal data outside the UK or EEA, we
ensure appropriate safeguards are in place, such as:
-
Standard Contractual Clauses approved by the European
Commission
- Adequacy decisions where applicable
- Binding Corporate Rules
10. Data Retention
We retain personal data only for as long as necessary to
fulfil the purposes for which it was collected:
- Reservation data: 2 years after the booking date
- Marketing data: Until consent is withdrawn
- Financial records: 6 years (legal requirement)
- Website analytics: 26 months
11. Complaints
If you believe we have not properly handled your personal
data or responded appropriately to your rights request, you
have the right to lodge a complaint with the Information
Commissioner's Office (ICO):
-
Website:
ico.org.uk
- Phone: 0303 123 1113
-
Address: Information Commissioner's Office, Wycliffe
House, Water Lane, Wilmslow, Cheshire, SK9 5AF
12. Data Protection Officer
For questions about our GDPR compliance or data protection
practices, please contact our Data Protection lead at:
info@panasianplaza.co.uk
13. Updates to This Policy
We review and update this GDPR compliance statement
regularly to ensure it remains accurate and reflects any
changes in our data processing activities or regulatory
requirements.
14. Contact Information
For any GDPR-related enquiries, please contact us:
- Email: info@panasianplaza.co.uk
- Phone: (+44) 0238 112 2811
-
Address: Marlands Shopping Centre, Civic Centre Rd,
Southampton, SO14 7SJ, UK