Privacy Policy
1. Introduction
This privacy notice explains how Spaghetti House (“we”, “us”, “our”) collects and uses your personal data when you use our website, make a booking, place an order, sign up to marketing, or otherwise interact with us.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This notice should be read alongside our Cookie Policy.
2. Data controller
Spaghetti House is operated by White Gardenia Ltd, which is the data controller responsible for your personal data.
Contact details:
White Gardenia Ltd (Company No. 17173023)
66 Paul Street, EC2A 4NA
Email: info@spaghettihouse.co.uk
Telephone: 020 7724 9615
3. Personal data we collect
We may collect and process the following categories of personal data:
Identity data (name, title)
Contact data (email address, telephone number, address)
Transaction data (orders, bookings, payments)
Financial data (processed securely via payment providers)
Technical data (IP address, browser type, device information)
Usage data (how you interact with our website)
Marketing and communications data (preferences and consent choices)
We do not intentionally collect special category personal data.
4. How we collect your data
We collect personal data through:
Direct interactions (bookings, orders, enquiries, newsletter sign-ups)
Automated technologies (cookies and similar tracking technologies)
Third-party services including:
Squarespace (website hosting and infrastructure)
Google (analytics and advertising services)
Meta Platforms (Facebook and Instagram advertising and remarketing)
OpenTable (reservation system)
Square (payment processing and ordering systems)
Email marketing providers (newsletter delivery services)
5. How we use your data
We use your personal data where lawful to:
Manage bookings and provide services (contract)
Process payments and transactions (contract)
Send service communications (contract or legal obligation)
Improve website performance and user experience (legitimate interests)
Carry out analytics and reporting (consent where required)
Send marketing communications (consent only)
We will only send marketing emails where you have given your consent or where we are otherwise permitted to do so under applicable law.
We do not carry out automated decision-making with legal or similarly significant effects.
6. Lawful bases for processing
We rely on the following lawful bases:
Contract – to provide services you request
Legal obligation – for tax, accounting, and regulatory requirements
Legitimate interests – to operate, improve and secure our business
Consent – for marketing communications and non-essential cookies (including analytics and advertising cookies where required)
Where we rely on legitimate interests, we balance our interests against your rights and freedoms.
7. Marketing communications
We only send marketing communications where you have actively opted in.
You may withdraw consent at any time using the unsubscribe link in our emails or by contacting us.
We do not sell your personal data or share it with third parties for their own marketing purposes without your consent.
8. Cookies and tracking technologies
We use cookies and similar technologies on our website.
Non-essential cookies (including analytics, advertising, and marketing cookies) are only used where you have given consent via our cookie banner.
We use cookies for:
Website functionality (Squarespace)
Analytics (Google Analytics)
Advertising and remarketing (Meta Pixel / Instagram Ads)
Reservations (OpenTable)
Payments and ordering (Square)
You can manage your cookie preferences at any time via our cookie settings tool.
9. Sharing your data
We may share your personal data with:
Squarespace (website hosting and infrastructure)
Google (analytics and advertising services)
Meta Platforms (advertising and remarketing tools)
OpenTable (reservation management)
Square (payment processing and ordering systems)
Email marketing providers
Professional advisers (legal, accounting, insurance)
HMRC and regulators where required by law
All third parties are required to process your personal data securely and only for specified purposes.
10. International transfers
Some of our third-party providers may transfer your personal data outside the UK.
Where this occurs, we ensure appropriate safeguards are in place, including:
UK adequacy regulations (where applicable), or
UK International Data Transfer Agreement (IDTA), or
UK Addendum to EU Standard Contractual Clauses
These safeguards ensure your personal data is protected to UK GDPR standards.
11. Data retention
We retain personal data only for as long as necessary:
Bookings and transactions: up to 6 years (legal and accounting requirements)
Customer enquiries: up to 2 years
Marketing data: until you withdraw consent
Analytics data: typically up to 26 months (depending on configuration)
12. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse.
Access is restricted to authorised personnel and trusted third-party providers.
13. Your rights
You have rights under UK data protection law, including:
Right to access your personal data
Right to rectification
Right to erasure
Right to object to processing
Right to restrict processing
Right to data portability
Right to withdraw consent at any time
You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk
14. Changes to this policy
We may update this privacy policy from time to time. Any changes will be posted on this page.
Last updated: 23 June 2026

