Privacy Policy

1. Introduction

This privacy notice explains how Spaghetti House (“we”, “us”, “our”) collects and uses your personal data when you use our website, make a booking, place an order, sign up to marketing, or otherwise interact with us.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This notice should be read alongside our Cookie Policy.

2. Data controller

Spaghetti House is operated by White Gardenia Ltd, which is the data controller responsible for your personal data.

Contact details:

White Gardenia Ltd (Company No. 17173023)
66 Paul Street, EC2A 4NA
Email: info@spaghettihouse.co.uk
Telephone: 020 7724 9615

3. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity data (name, title)

  • Contact data (email address, telephone number, address)

  • Transaction data (orders, bookings, payments)

  • Financial data (processed securely via payment providers)

  • Technical data (IP address, browser type, device information)

  • Usage data (how you interact with our website)

  • Marketing and communications data (preferences and consent choices)

We do not intentionally collect special category personal data.

4. How we collect your data

We collect personal data through:

  • Direct interactions (bookings, orders, enquiries, newsletter sign-ups)

  • Automated technologies (cookies and similar tracking technologies)

  • Third-party services including:

    • Squarespace (website hosting and infrastructure)

    • Google (analytics and advertising services)

    • Meta Platforms (Facebook and Instagram advertising and remarketing)

    • OpenTable (reservation system)

    • Square (payment processing and ordering systems)

    • Email marketing providers (newsletter delivery services)

5. How we use your data

We use your personal data where lawful to:

  • Manage bookings and provide services (contract)

  • Process payments and transactions (contract)

  • Send service communications (contract or legal obligation)

  • Improve website performance and user experience (legitimate interests)

  • Carry out analytics and reporting (consent where required)

  • Send marketing communications (consent only)

We will only send marketing emails where you have given your consent or where we are otherwise permitted to do so under applicable law.

We do not carry out automated decision-making with legal or similarly significant effects.

6. Lawful bases for processing

We rely on the following lawful bases:

  • Contract – to provide services you request

  • Legal obligation – for tax, accounting, and regulatory requirements

  • Legitimate interests – to operate, improve and secure our business

  • Consent – for marketing communications and non-essential cookies (including analytics and advertising cookies where required)

Where we rely on legitimate interests, we balance our interests against your rights and freedoms.

7. Marketing communications

We only send marketing communications where you have actively opted in.

You may withdraw consent at any time using the unsubscribe link in our emails or by contacting us.

We do not sell your personal data or share it with third parties for their own marketing purposes without your consent.

8. Cookies and tracking technologies

We use cookies and similar technologies on our website.

Non-essential cookies (including analytics, advertising, and marketing cookies) are only used where you have given consent via our cookie banner.

We use cookies for:

  • Website functionality (Squarespace)

  • Analytics (Google Analytics)

  • Advertising and remarketing (Meta Pixel / Instagram Ads)

  • Reservations (OpenTable)

  • Payments and ordering (Square)

You can manage your cookie preferences at any time via our cookie settings tool.

9. Sharing your data

We may share your personal data with:

  • Squarespace (website hosting and infrastructure)

  • Google (analytics and advertising services)

  • Meta Platforms (advertising and remarketing tools)

  • OpenTable (reservation management)

  • Square (payment processing and ordering systems)

  • Email marketing providers

  • Professional advisers (legal, accounting, insurance)

  • HMRC and regulators where required by law

All third parties are required to process your personal data securely and only for specified purposes.

10. International transfers

Some of our third-party providers may transfer your personal data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, including:

  • UK adequacy regulations (where applicable), or

  • UK International Data Transfer Agreement (IDTA), or

  • UK Addendum to EU Standard Contractual Clauses

These safeguards ensure your personal data is protected to UK GDPR standards.

11. Data retention

We retain personal data only for as long as necessary:

  • Bookings and transactions: up to 6 years (legal and accounting requirements)

  • Customer enquiries: up to 2 years

  • Marketing data: until you withdraw consent

  • Analytics data: typically up to 26 months (depending on configuration)

12. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse.

Access is restricted to authorised personnel and trusted third-party providers.

13. Your rights

You have rights under UK data protection law, including:

  • Right to access your personal data

  • Right to rectification

  • Right to erasure

  • Right to object to processing

  • Right to restrict processing

  • Right to data portability

  • Right to withdraw consent at any time

You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk

14. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page.

Last updated: 23 June 2026