Last updated August 2023 – Improved clarity around data usage and legal basis.
Here at Kobas we take client and customer data privacy very seriously indeed. To that end, we will never, ever sell or disclose the personal information we store to third parties unless we are required to do so by law. This policy tells you what information we collect about you when you visit our websites, and what we do with that information.
Who we are
We are Kobas, an online hospitality management service. You may have arrived at this page from a link on our of our client’s web sites. Kobas is a trading name of Kobas Hospitality Ltd, a company registered in Ireland with details as follows:
Company registration number: 666501
VAT number: IE 3695674QH
Registered office: 28 Westland Square, Pearse Street, Dublin 2
Registered with the Irish ICO
Kobas Hospitality Ltd resells services provided by Hospitality Tech Dev Ltd, a company registered in England and Wales with details as follows:
Company registration number: 12368721
VAT number: GB 360234137
Registered office: Lower Ground, 2 Lant Street, London, SE1 1QR
Registered with the UK ICO with reference ZA828453
We have appointed a Data Protection Officer to oversee our handling of personal information. If you have any questions this privacy notice, the information presented on this website, or about how we use and process your personal information, please contact our Data Protection Officer by e-mail at: firstname.lastname@example.org
What we use your information for
We may use personal data provided to us for the purposes described in this privacy notice or as made clear before collecting your personal data. In order to provide our services to you, and to promote our business, we need to collect and process certain personal information about you. We collect personal information from you for one or more of the following purposes:
- To provide you with information that you have requested or that we think may be relevant to a subject in which you have demonstrated an interest.
- To enable us to process and fulfil your online orders, recruitment applications, customer interaction needs, or to use our complete hospitality management suite, all behalf of our clients (as a data processor).
- To allow us to process your requests to receive transactional updates or marketing information from our clients (as a data processor).
- To collect feedback on behalf of our clients.
- To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
- To fulfil a contract that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your personal data.
- To ensure the security and safe operation of our websites and underlying business infrastructure.
- To manage any communication between you and us.
- To provide data analysis in order to assist us with the pricing of our products and detect market trends.
- To administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our website, including as part of our efforts to keep our website safe and secure.
- To allow invoicing and to recover any outstanding payments.
- Where you have given your explicit consent, for marketing purposes.
- For legal, financial reporting and regulatory purposes.
The sections below provide more detail about the personal information we collect for each of these purposes, the lawful basis for doing so, and the retention period applied to each type of data
In addition, to ensure that each visitor to any of our website can use and navigate the site effectively, we collect the following:
- Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
- Your login information, browser type and version, time zone setting, browser plug-in types and versions.
- Operating system and platform.
- Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.
In the “Your Data Protection Rights” section below, we identify your rights in respect of the personal data that we collect and describe how you can exercise those rights:
- To understand how you use our Website, including clickstream and pages viewed (date and time) and length of visits to certain pages.
- To contact you with information about our services and other related matters, via email or other means.
- To enable you to access, use and view the Kobas platform.
- To collect feedback on behalf of our clients (as a data processor) regarding your use of their customer interaction, online ordering service or recruitment portal.
- Where applicable, to maintain a record of your details, including demographic data and online orders, for the purpose of further understanding the effectiveness of our service.
This website – www.kobas.co.uk – may request, capture and store any personal details across the contact forms within our website. We retain this information so that we may respond to your request.
Kobas does run loyalty schemes which store personal consumer information such as email address, address, phone number etc on behalf of our clients. This information is disclosed solely to the loyalty scheme operator for use in their marketing, and in offer redemption. Consumers may access their data by logging into the loyalty scheme portal at a URL advertised by the loyalty scheme operator.
Kobas may additionally collect and store personal consumer information in association with online ordering, ticket sales or reservations within client venues. Information associated with online ordering checkout as guest may be retained for up to 100 days to facilitate complaint or HACCP investigations. Information associated with ticket sales or reservations may be stored for a period of up to 12 months subsequent to that booking or event to assist with any follow up reservations or enquiries.
Our clients and their staff who use the Kobas portal for hospitality management – login.kobas.co.uk – submit their personal information as a part of their human resources record. This information is never disclosed and is always held confidentially on behalf of their employer.
On this website – www.kobas.co.uk – we use this information to anonymously track you as you move around the site. This gives us useful marketing and business information as it shows us which pages you look at and find most useful. It doesn’t mean we know much about you beyond basic information submitted to us by your computer, such as which Internet browser you are using and roughly where in the world you are. You may reject cookies from us which will stop us doing this.
Like many other web sites and applications, Kobas makes use of log files. Every time we serve you a page web or asset (such as an image) we make a note of it on our servers.
Information we store includes Internet Protocol (IP) addresses, type of device you use, a unique device identifier, operating systema and platform, browser type, Internet Service Provider (ISP), date/time stamp and referring/exit pages.
This information is used to analyse trends, administer the site, track your movement around the site and gather demographic information. IP addresses and other such information are not linked to any information that is personally identifiable.
What is our lawful basis for processing your personal information?
Under the GDPR, the lawful bases we rely on for processing your personal information are:
(a) Your consent. You can withdraw your consent at any time by contacting: email@example.com
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest.
Third-party data processors
Kobas uses the following third parties to process your personal information on our behalf.
Amazon Web Services
The Kobas Cloud platform resides on AWS (Amazon Web Services) infrastructure with all data held within the EU (Ireland) and the United Kingdom. AWS is a well-respected and fully GDPR compliant hosting service.
For more information on that, please see the AWS Privacy Notice.
We use Microsoft Clarity across kobas.co.uk to capture how users interact with our website through heatmaps, session replays, and behavioural metrics. This information helps us to optimise the site to provide better browsing experiences and improve the way we market our products and services.
Microsoft Clarity processes information such as: clicks, mouse movements, scrolling movements, pages viewed, operating system, device, and session duration. The data obtained by Microsoft Clarity does not collect any personal information.
For more information about how Microsoft obtains and uses your data, visit the Microsoft Privacy Statement.
Some Kobas clients use MailChimp for email marketing purposes. Use of the customer-facing aspects of Kobas, such as ticket sales and the customer loyalty scheme, will present a check-box option to receive email marketing. If this box is checked, your information will be sent to the MailChimp platform for this purpose.
Kobas also permits the following third parties to process Client Staff information in order to provide additional services.
Who else do we share your personal information with?
Companies engaged by us to provide contracted services. For example:
- Managed Service Providers
- Software Providers
- Debt Collectors
- Survey companies
- Data analytics advisors
- Query search engine operators
Companies engaged by us to manage our communications with you. For example:
- Recording our incoming and outgoing calls
- Online chat provider
- Web hosting
- Email service providers
Your personal information will only be shared with a third party where the third party has agreed to keep your information strictly confidential and to only use your personal information for the specific purpose for which it was provided.
We may also share your personal information with:
- Search engine operators who can assist us in the improvement of our website
- Prospective buyers, in the event that we sell any part of our business or assets
- Regulators and other authorised bodies, whenever we are required to do so by law
- With competent authorities for law enforcement purposes where the sharing is necessary for the prevention or detection of crime, the investigation and prosecution of offenders, or there is an overriding public interest for doing so
Where we keep your personal information and how we keep it safe
We take data protection very seriously and have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way.
In addition, we limit access to your personal information to our clients and other third parties as required in the fulfilment of our services. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
Your data will be stored in our production environment, Amazon Web Services (EU & UK Regions), which is contracted by use for the provision of technical services. We remain responsible at all times for the security of your personal information, but if you want to know more about how we interact with Amazon Web Services you can view their privacy notice, amongst their other policies.
As we use the AWS Simple Email Service to send emails, until the email is routed to your email service provider, your email address data is held within AWS, though some emails may be routed via the AWS USA regions. In these instances your email address, name, and a body for the email will be routed via the USA. No other personal information is routed or stored outside of the EU and UK regions prior to email dispatch.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your data protection rights
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email: firstname.lastname@example.org
To process your request, we may ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
- The right to be informed
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.
- The right of access
As an end customer, you may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
- The right to be informed
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
- The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
- The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
- The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:a) The accuracy of the personal data is contested.
b) Processing of the personal data is unlawful.
c) We no longer need the personal data for processing but the personal data is required for part of a legal process.
d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
- The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
- The right to object
You have the right to object to our processing of your data where:
- Processing is based on legitimate interest
- Processing is for the purpose of direct marketing
- Processing is for the purposes of scientific or historic research
- Processing involves automated decision-making and profiling
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our services and we may need to deactivate your customer account(s).
You can always unsubscribe from our email communications at any time by following the unsubscribe link in our email communications.
Thank you for using Kobas.