Privacy Policy
Updated September 3, 2021
SEVENROOMS INC. (“SevenRooms“), along with its subsidiaries and affiliated companies, is committed to safeguarding your privacy. This Privacy Policy (the “Policy”) describes SevenRooms’ policies and procedures regarding the collection, use and disclosure of the information collected through the SevenRooms website, www.sevenrooms.com, mobile applications, and other affiliated websites owned and operated by SevenRooms (the site, and any products and services provided by SevenRooms are collectively referred to as the “Services,” which includes the Platform, as defined below). By using our Site or Services, you agree to the terms of this Policy.
1. SevenRooms Service Overview
Each of the restaurants and other locations available through the Service (a “Venue”) has adopted SevenRooms’ proprietary reservation and inventory management system (the “Platform“). The Platform interacts with the Venue to find available reservations, to secure, change or cancel online reservations, and to confirm that reservations were honored. Where reservations are placed directly with a Venue that uses the Platform, or through other third party reservation services that the Venue may use, information about patrons of a Venue (each, a “Guest”) is recorded in (or transferred to) the Platform to assist the Venue in managing the reservation and provide services to such Guest. While an individual Venue’s reservation inventory is accessible to the Platform to perform these functions, other information that may be stored by a Venue (for example, credit card numbers) is not accessible to the Platform. Where a Guest may pay or enter payment information via the Platform (either to hold a reservation, or for services received at a Venue), payment is processed by a third party payment processor such as Stripe and information about that payment is subject to such processor’s policies. Note that in no case does SevenRooms store credit card or payment information on the System; all such information is held by our third party payment processor(s) or the Venue itself.
2. Types of Data We Collect
“Personal Data” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data or that may independently, or in connection with other information, be used to identify you. “Anonymous Data” means data that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. We collect Personal Data and Anonymous Data, as described below.
A Note on Users. SevenRooms’ customers are the Venues (or agents that Venues have contracted to handle their reservations), and only Venue employees or agents have Accounts (as defined below) with SevenRooms. Guests do not have Accounts on the Platform. Except where provisions are specific to Registered Users, Accounts, or Guests, all the terms of this Policy apply equally to both Guest and Registered User information.
Information You Provide to Us.
- We may collect Personal Data from you, such as your first and last name, gender, e-mail and mailing addresses, and password when you create an account to use the Services (“Account”). Only representatives of a Venue may create an Account (each such individual, a “Registered User”).
- If you access the Services on your mobile device, we may collect your phone number and the unique device id number (Registered Users only).
- When connecting to our Services via a service provider that uniquely identifies your mobile device, we may receive this identification and use it to offer extended services and/or functionality (Registered Users only).
- If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail, in order to send you a reply.
- If you participate in a survey conducted via the Services, we may collect additional profile information.
- We may also collect Personal Data at other points in our Site or Services that state that Personal Data is being collected.
Information Collected From Third Parties.
- When a Venue takes a reservation directly from a Guest, or receives such information from a third party service or platform (i.e., Google, Yelp), Personal Data about the Guest is recorded in the Platform. In addition, Guest notes (such as dining preferences) may be recorded in the Platform by Venue staff.
- When a Guest makes a financial transaction with a Venue via the Platform, we will collect all information necessary to complete the transaction, including credit card information. We do not store payment information directly on our servers, but this information may be shared with Venues and third parties as set forth herein.
- Purchase histories of Guests may be linked to the Platform by the Venue point of sale systems.
Information Collected Via Technology.
Information Collected By Our Servers. To make our Site and Services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including your browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, administer the Site, track users’ movements around the Site, gather demographic information about our user base as a whole, and better tailor our Services to our users’ needs. For example, some of the information may be collected so that when you visit the Site or the Services again, it will recognize you and the information could then be used to serve advertisements and other information appropriate to your interests. Except as noted in this Privacy Policy, we do not link this automatically collected data to Personal Data.
Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. Site areas accessible only to Registered Users require that your browser accept Cookies. SevenRooms uses Cookies to verify that you are properly signed in, to display information for your primary location, and to highlight your pending reservations, for example. We may also use Cookies from time to time to measure your response to new aspects of the Services and/or emails in an effort to continually improve customer service and Services usability. Please be aware that a Cookie cannot spread computer viruses, retrieve any other data from your hard drive, or capture your email address.
You can erase or block Cookies from your computer if you wish to do so (your internet browser help screen or manual will thoroughly explain this process), but certain parts of the Services, as well as parts of the Site, may not work correctly or will not work at all if your browser is set not to accept Cookies.
The Site may contain electronic images (called a “single-pixel GIF” or “web beacon”) that are used to count users who have visited that page, or to access certain cookies.
View our Cookie Declaration page.
How We Respond to Do Not Track Signals. We do not currently respond to “do not track” signals or other mechanisms that might enable Users to opt out of tracking on our Site.
Mobile Services. (Registered Users only). We may also collect non-personal information from your mobile device if you have downloaded our mobile application (the “Application”). This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include your geographic location, how you use the Application, and information about the type of device you use. In addition, in the event our Application crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our Application. This information is sent to us as aggregated information and is not traceable to any individual and cannot be used to identify an individual.
Analytics Services. In addition to the tracking technologies we place, other companies may set their own cookies or similar tools when you visit our Site. This includes third party analytics services, such as Google Analytics (“Analytics Services”), that we engage to help analyze how users use the Site, as well as third parties that deliver content or offers. We may receive reports based on these parties’ use of these tools on an individual or aggregate basis. We use the information we get from Analytics Services only to improve our Site and Services. The information generated by the Cookies or other technologies about your use of our Site and Services (the “Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on user activity. The Analytics Services may also transfer information to third parties where required to do so by law, or where such third parties process Analytics Information on their behalf. Each Analytics Services’ ability to use and share Analytics Information is restricted by such Analytics Services’ Terms of Use and Privacy Policy. By using our Site and Services, you consent to the processing of data about you by Analytics Services in the manner and for the purposes set out above. For a full list of Analytics Services, please contact us at [email protected]. We may also partner with ad companies to support our marketing efforts, including by serving you ads better tailored to your likely interests. If you don’t want to take advantage of these services, you may be able to opt-out by visiting http://www.aboutads.info/ or http://networkadvertising.org/choices/ , or if you are located in the EU, http://www.youronlinechoices.eu/.
Location of Servers. We maintain servers around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy.
3. Use of Your Data
3.1 By SevenRooms
Personal Data. In general, Personal Data you submit to us is used either to deliver the Services or respond to requests that you make. We use your Personal Data in the following ways:
- facilitate the creation of and secure your Account (Registered Users only);
- identify you as a user of the Services;
- provide improved administration of our Site and Services;
- provide the Services you request, including by communication this information to the applicable Venue;
- improve the quality of experience when you interact with our Site and Services;
- send Guests email and SMS text confirmations and other communications, like reminders, for each of your reservations. Venues may also use the Platform to send such messages directly to Guests;
- send you administrative e-mail notifications, such as security or support and maintenance advisories (Registered Users only);
- respond to your inquiries related to employment opportunities or other requests;
- send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes of SevenRooms. (Registered Users only).
Anonymous Data. We may create Anonymous Data records from Personal Data of both Guests and Registered Users by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. We reserve the right to use Anonymous Data and aggregated and other de-identified information for any purpose and disclose Anonymous Data to third parties in our sole discretion.
3.2 By Venues
When you make a reservation using the Services, your name is provided to the applicable Venue, just as would occur if you were making a reservation over the phone. Your email address and phone number are also provided to the Venue in case the Venue needs to contact you regarding your reservation. You may also provide special preferences or comments regarding your reservation, which the Services will pass on to that Venue. And if you are interested in receiving promotional or other communications from the Venue you may “opt-in” to receive such communications from the Venue, either via the Platform or directly, as applicable, and subject to such Venue’s marketing policies, as set forth below.
SevenRooms will only share the information specified above with the Venue at which a Guest has made reservations using the Service. Venues cannot use the Services to access information pertaining to Guests, reservations or related information from other Venues, except that Venues with the same corporate ownership may elect to share such information.
Venues primarily use reservation information provided through the Services to secure and manage reservations. Additionally, as noted above, if you have given permission to a Venue to communicate with you, the Venue may do so, subject to the Venue’s policies and procedures, including those relating to the storage and management of Personal Data.
Venues want to provide you with the best possible service so that you will visit them again. As noted above, Venues may use the Platform to record purchases via integration with POS systems and to take note of your special requests, allergies, special occasions or other pertinent information that will help the Venue serve you better during your next visit. If a Venue chooses to note your preferences, that information may be typed into the Platform manually, just as a Venue might write a note on an index card. This data belongs to the Venue, since it is a product of that Venue’s relationship with you. As mentioned in Section 3.1 above, we may aggregate such preference information and Guest notes into Anonymous Data. SevenRooms also creates backup copies of all information stored on the Platform for each Venue, to assist in the restoration process in the event of data loss.
Each Venue is a separate business from SevenRooms. While SevenRooms encourages Venues to comply with data protection requirements, SevenRooms will not be responsible for a Venue’s failure to comply with laws applicable to the use of Personal Data. Any complaints or inquiries regarding use of your information by a Venue, or marketing communications from a Venue, should be addressed directly to the Venue in question.
In no event will SevenRooms be responsible for information, management, and use of data collected by Venues from their own websites and not stored on the Services.
3.3 Third Parties
We disclose your Personal Data as described below and as described elsewhere in this Policy.
Service Providers. We may share your Personal Data with third party service providers to: provide you with the Services; to conduct quality assurance testing; to facilitate creation of Accounts; to provide technical support; and/or to provide other services to the SevenRooms. We use third party payment processors, such as Stripe, to process payments made through the Platform to Venues. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to these third party payment processors, whose use of your personal information is governed by their privacy policies.
Social Networking Sites. We allow Guests to place reservations with Venues on the Platform via social networking sites (e.g., Facebook or Twitter, and each an “SNS”). Guests who access the Platform via an SNS (i.e., by choosing to “sign in via FaceBook” or the equivalent) consent to SevenRooms receiving information required to make the reservation from the SNS. The Platform may also enable you to post content to an SNS. If you choose to do this, we will provide information to such SNS in accordance with your elections. You agree that you are solely responsible for your use of an SNS and that it is your responsibility to review the terms of use and privacy policy of such SNS. Any information that we collect from an SNS account will depend on the privacy settings you have with that SNS, so please consult the SNS’ privacy and data practices. We will not be responsible or liable for: (i) the availability or accuracy of such SNS; (ii) the content, products or services on or availability of such SNS; or (iii) your use of any such SNS.
Affiliates. We may share some or all of your Personal Data with our parent company, subsidiaries, joint ventures, or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy.
Partner Marketing. In the event you provided your contact information to SevenRooms in conjunction with a co-marketing initiative with another company, such as downloading a white paper written in conjunction with an integration partner, SevenRooms will share your information with that party. In these events, the partner will be explicitly represented on the landing page or other marketing materials so that you are aware it is a co-marketing initiative.
Corporate Restructuring. We may share some or all of your Personal Data in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.
4. Communications and Disclosures.
From SevenRooms. SevenRooms sends automated service messages to Guests via email and / or text pertaining to upcoming or recent Venue reservations or other core functions of the Services, such as confirmations, reminders, and/or invitations to provide customer feedback (“Service Communications”). In addition, Guests and Registered Users may also opt in to receive promotional notices, special offers, and other related information from SevenRooms (“Marketing Communications”). You may always unsubscribe from Marketing Communications. However, so long as you use the Service, we may send essential Service Communications to the contact information associated with your Account.
From Venues. Venues may independently use the Platform to send Guests Service Communications and, if opted in by a Guest, Marketing Communications. Communications sent directly from a Venue via the Platform are subject to this Policy, but communications sent by a Venue outside of the Platform are subject to the Venue’s policies and practices.
Third Parties. SevenRooms will never sell, rent, loan or otherwise distribute any of your personal information (including but not limited to your name, email address, phone number or any other identifiable information about you) to any third party except as set forth in this Policy without your prior, express written consent.
Legally Mandated Disclosure. Notwithstanding anything to the contrary in this Policy, SevenRooms may be required to disclose Personal Information in response to inquiries by formal law enforcement, or in cases permitted by the United States’ CAN-SPAM Act of 2003 (CAN-SPAM), the European General Data Protection Regulation and its implementing laws, Japan’s Personal Information Protection Act, or other laws governing the use and disclosure of Personal Information.
5. Accounts
Registered Users can view and manage their Account information, including any associated Personal Data, by clicking on the “Account” link at the top of the login page. Guests and Registered Users may at any time contact SevenRooms at [email protected] or as set forth in Section 10 to request that all Personal Data be deactivated.
6. How SevenRooms Protects Data
SevenRooms uses a state-of-the-art, multi-layer encryption algorithm and makes its best efforts to ensure that all of your Personal Data and Account information is secure. SevenRooms stores all Personal Data on secure servers. SevenRooms continually monitors and implements changes and improvements that become available in the electronic data security industry to maintain the security of Personal Data in our possession.
7. A Note About Children
We do not intentionally gather Personal Data from visitors who are under the age of 13. If we learn that a child under the age of 13 has submitted Personal Data to SevenRooms, we will attempt to delete such data as soon as possible. If you believe that we might have any Personal Data from a child under 13, please contact us at [email protected] or as set forth in Section 10.
8. Changes to this Policy
Any changes to this Policy will always be posted to this page of the Site, along with the effective date of the updated Policy. You should check this page periodically to stay abreast of any such changes. SevenRooms will never make changes to the Policy that violate any applicable privacy laws. For any material changes to the Policy, we will notify you via email or by placing a prominent notice on the homepage of our Site.
9. Disclosure, Correction, Control of Personal Data
If you wish to have SevenRooms disclose what Personal Data of yours it holds, and / or how SevenRooms obtained such information, or if you desire the correction, suspension of use, or to be informed of the purpose of use of Personal Data by SevenRooms, please contact SevenRooms as set forth below. SevenRooms will process such request in compliance with all applicable privacy laws, but may first confirm that such request has been made by you personally.
10. Standard Contractual Clauses and Privacy Shield
For Venues located in the European Union and other locations and instances where the General Data Protection Regulation applies, SevenRooms and such Venues enter into the Standard Contractual Clauses (the “SCCs”) as the mechanism to transfer personally identifiable information to our servers and locations in the United States for processing.
While the EU-U.S. Privacy Shield Framework is no longer a valid transfer mechanism, SevenRooms complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. SevenRooms has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles govern, and if there is a conflict between the Privacy Shield Principles and the SCCs, the SCCs govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
SevenRooms commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to data transferred from the EU and Switzerland.
SevenRooms has further committed to refer unresolved Privacy Shield complaints to UK ICO, a Data Protection Authority in the United Kingdom. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://ico.org.uk/make-a-complaint/eu-us-privacy-shield/ for more information or to file a complaint. The services of UK ICO are provided at no cost to you.
As a result of its commitment to Privacy Shield, SevenRooms is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
11. California Consumer Privacy Act Rights – Applicable only to California Residents
The California Consumer Privacy Act (“CCPA”) places obligations with respect to processing of personal information of California consumers (“Personal Information”) primarily on “businesses” as defined under the act. A “business” as defined under the CCPA is a business that operates in California and determines the purposes and means of processing of Personal Information.
A “service provider” under the CCPA is an entity that processes Personal Information on behalf of a business. Service providers have very limited obligations under the CCPA, primarily to process Personal Information on behalf of a business in strict adherence to a written contract with, and on instructions from, such business.
SevenRooms determines the purposes and means of processing of California consumers’ personal information solely with respect to the information SevenRooms collects from the Venues that are its customers, and is obligated as a “business” under the CCPA solely with respect to personal information it collects from natural persons that are California residents and that supply such information as employees or agents of Venues in the initiation or administration of Accounts.
With respect to personal information of Guests of the Venues that are SevenRooms’ customers, SevenRooms processes such information as a service provider to such Venues. Such Venues determine the purposes and means of processing of any personal information collected from Guests, constitute the “businesses” under the CCPA with respect to such personal information and consequently, with respect to such information, the privacy policies of such Venues govern.
THE FOLLOWING RIGHTS WITH RESPECT TO PERSONAL INFORMATION ARE LIMITED TO THE PERSONAL INFORMATION OF NATURAL PERSONS THAT ARE CALIFORNIA RESIDENTS AND THAT SUPPLY PERSONAL INFORMATION TO SEVENROOMS IN THE COURSE OF INITIATING OR ADMINISTERING ACCOUNTS OF CUSTOMERS OF SEVENROOMS (i.e. AS EMPLOYEES OR AGENTS OF A VENUE THAT IS A CUSTOMER OF SEVENROOMS). A GUEST OF A VENUE THAT IS A CUSTOMER OF SEVENROOMS SHOULD CONSULT THE PRIVACY POLICY OF THE RELEVANT VENUE TO UNDERSTAND SUCH GUEST’S RIGHTS UNDER THE CCPA, IF ANY, WITH RESPECT TO PERSONAL INFORMATION COLLECTED BY OR ON BEHALF OF SUCH VENUE.
If you are a California resident who supplied Personal Information to SevenRooms in the course of employment by, or agency of, a Venue that is a customer of SevenRooms, you have the right to (a) know what categories of Personal Information SevenRooms has collected during the preceding 12 months, including the categories of sources from which that information was collected, the business or commercial purpose for which it was collected, and the categories of third parties with whom the information was shared (see Section 11.1. below); (a) request to know what Personal Information SevenRooms has collected, used, disclosed, and sold about you during the preceding 12 months (see Section 11.2. below); (c) subject to important limitations, request that SevenRooms delete your Personal Information (see Section 11.3. below); and (d) to the extent SevenRooms sells any Personal Information, to opt-out of the sale of your Personal Information to third parties (see Section 11.4. below). These rights, which are discussed more fully below, are subject to some important exceptions, which are intended, among other things, to protect the integrity and privacy of your Personal Information. You have the right not to be discriminated against for exercising your CCPA rights. You also have the right to designate an authorized agent to exercise your CCPA rights on your behalf.
If you need information on how to exercise your CCPA rights in an alternative, accessible format due to a disability, please contact SevenRooms at (212) 242-5607 or send an email with your name and contact information to [email protected].
11.1 Categories of Personal Information Collected
The categories of personal information SevenRooms has collected about California consumers (and, more specifically, with respect to Registered Users that are California consumers) during the preceding 12 months, including the categories of sources from which that information was collected, the business or commercial purpose for which it was collected, and the categories of third parties with whom the information was shared, is set forth above under Section 2. Types of Data We Collect, Section 3. Use of Your Data and Section 4. Communications and Disclosures.
11.2 Requests to Know About your Personal Information
You have the right to request that SevenRooms disclose to you, for the 12-month period preceding the date SevenRooms receives your request, the following: (1) the categories of Personal Information SevenRooms has collected about you, (2) the categories of sources from which Personal Information was collected about you, (3) the business or commercial purpose for which your Personal Information was collected or sold, and (4) the categories of third parties to whom SevenRooms has sold or disclosed your Personal Information, if any. In addition, you have the right to request that SevenRooms disclose to you the specific pieces of Personal Information SevenRooms has about you. If you are a California resident who supplied Personal Information to SevenRooms in the course of employment by, or agency of, a Venue that is a customer of SevenRooms, and wish to request this information, please contact SevenRooms at (212) 242-5607 or at [email protected] and indicate that you wish to request this information and provide the identifying information requested. All requests are subject to verification of your identity to protect the privacy and security of your Personal Information. SevenRooms is required to fulfill these requests no more than twice within a 12-month period.
11.3 Requests to Delete your Personal Information
You have the right to request that SevenRooms delete your Personal Information, subject to certain exceptions such as our need to comply with legal obligations, fulfill orders, complete transactions, etc. If you are a California resident who supplied Personal Information to SevenRooms in the course of employment by, or agency of, a Venue that is a customer of SevenRooms, and wish to request deletion of your Personal Information, please contact SevenRooms at (212) 242-5607 or at [email protected] and indicate that you wish for SevenRooms to delete your Personal Information and provide the identifying information requested. All deletion requests are subject to verification of your identity. If SevenRooms verifies your request, we will also instruct our service providers (if any) to delete your Personal Information from their records, subject to applicable legal requirements.
11.4 No Sale of Personal Information
SevenRooms does not sell any Personal Information to third parties. Please note that SevenRooms may still share your Personal Information with service providers and other entities for business purposes consistent with the CCPA.
11.5 Verification Procedures
In order to verify requests made pursuant to the CCPA, SevenRooms may require at least two (2) pieces of identifying information that match information maintained by us. In some cases, SevenRooms may require additional identifying information and a signed declaration attesting to your identity. In situations where SevenRooms receives a request from an authorized agent on your behalf, it may require written proof that the agent is, in fact, authorized to act on your behalf and may take additional steps to verify your identity and the authorized agent’s identity.
In certain circumstances, SevenRooms may decline a request to exercise the Right to Know (11.2) or Right to Delete (11.3) described above, particularly where SevenRooms is unable to verify your identity. If SevenRooms is unable to comply with all or a portion of your request, it will explain the reasons for declining to comply with the request.
12. Contacting SevenRooms
If you have any questions or concerns or complaints about our Policy or our data collection or processing practices, or if you want to report any security violations to us, please contact us at the following address, phone number or email:
- By phone at: 1-212-242-5607
- By email at: [email protected]