Privacy Policy
DIFC DATA PROTECTION NOTICE
Saltbae Restaurant Limited and D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (hereinafter also “Nusr-et”, “we”, “us”) wish to inform you below of how your personal data are Processed within the context of our website. We would be considered “Joint Controllers” per the definition in the DIFC Data Protection Law (DIFC Law No. 5 of 2020). Reference in this notice to “Data Controller” refers to us collectively.
Any personal data such as your name, identification number, location data, an online identifier, or one or more factors specific to your biological, biometric, physiological, mental, genetic, economic, cultural or social identity (“Personal Data”) Processed in connection with this Data Protection Notice is controlled by Nusr-et, which is considered the “Data Controller” of your Personal Data under the DIFC Data Protection Law (DIFC Law No. 5 of 2020) (“DIFC DPL”).
We are committed to protecting the privacy and security of your Personal Data as a Data Controller. Therefore, we are committed to ensuring that your Personal Data is handled lawfully, fairly and in a transparent manner in accordance with the principles set out in the DIFC DPL. This Data Protection Notice explains how we will collect, use, disclose, retain and protect your Personal Data.
2. WHEN DOES THIS DATA PROTECTION NOTICE APPLY?
This Data Protection Notice applies to your Personal Data that we collect, use and Process in connection with the transaction you take when you visit our website www.nusr-et.com.tr as a website visitor, job applicant, customer or potential customer.
“Process” in the context of this Data Protection Notice means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting (meaning the marking of stored Personal Data with the aim of limiting Processing of it in the future), erasure or destruction, but excluding operations or sets of operations performed on Personal Data by:
- (a) a natural person in the course of a purely personal or household activity that has no connection to a commercial purpose; or
- (b) law enforcement authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security.
3. HOW DO WE COLLECT PERSONAL DATA?
We may obtain your Personal Data from the following sources:
- a) from you directly: for example, at the time of subscribing to, or registering for any services offered on our website, including but not limited to email mailing lists, using interactive services, downloading content, or requesting further goods or services);
- b) from your device or browser: data that is automatically collected (which will vary depending on your browser settings) by your browser or device, for example, the IP address of your internet service provider, the operating system you use, the name and version of your internet browser. The information provided by your browser does not identify you personally.
- c) from correspondence with us (for example, by e-mail or any other digital or electronic form, including social media).
4. CATEGORIES OF PERSONAL DATA AND PURPOSES AND LAWFUL BASIS FOR PROCESSING
We may Process your Personal Data in different ways. In all cases we are committed to protecting your Personal Data. In each of the subheadings listed below, we describe how we obtain your Personal Data and how we treat it.
4.1. WEB SITE VISITORS
We may collect Personal Data related to web site visitors.
4.1.1. Personal Data that we collect and Process
| Category of Personal Data | Personal Data |
|---|---|
| Personal identification data | First name, last name |
| Contact information data | Address, email address |
| Technical data | This is data about your computer hardware and software that is automatically collected by us and includes cookie data (for more information please see our Cookie Policy) device type (eg mobile, computer, laptop, tablet), browser information (e.g. browser type, language and history), IP address, operating system, access times, settings and referring website addresses. |
4.1.2. Why do we collect your Personal Data and what are our lawful bases for it?
| Purpose of Data Processing | Lawful Basis |
|---|---|
| Provide our website services to website users | Your prior consent (in accordance with Article 12 DIFC DPL) |
| Remembering website users’ preferences | Your prior consent (in accordance with Article 12 DIFC DPL) |
| Marketing and advertising | Your prior consent (in accordance with Article 12 DIFC DPL) |
| Monitor any external security threats to our systems (such as hacks) | Legitimate Interest (in accordance with Article 13 of the DIFC DPL). |
4.1.3. How long do we keep your Personal Data?
We will keep your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.
4.2. JOB APPLICANTS
We may collect Personal Data related to job applicants for positions advertised on our website.
4.2.1. Personal Data that we collect and Process
| Category of Personal Data | Personal Data |
|---|---|
| Identity Details: | Name, surname, date of birth, place of birth, ID number/tax number, nationality, driving license, marital status. |
| Contact Details: | Telephone number, e-mail address, address information. |
| Personnel information: | CV, work/performance details, professional/personal skills, registration number. |
| Professional Experience: | Taken course details, vocational education details, certificates, profession details. |
| Visual and Audio Records: | Photograph, voice records, visual records (such as video records, etc.). |
4.2.2. Why do we collect your Personal Data and what are our lawful bases for it?
| Purpose of Data Processing | Lawful Basis |
|---|---|
| Creating an Employee Candidate CV archive | Your prior consent (in accordance with Articles 10(a) and 12 of the DIFC DPL) |
| Execution of the Employee Candidate application process through the website | Performance of a contract with you or to take steps at your request, before entering a contract/ To comply with its legal obligations as employer (in accordance with Articles 10(b) and 10(c) of the DIFC DPL) |
| Performing Reference Check | Company’s legitimate interest. (in accordance with Article 10(f) of the DIFC DPL) |
| Verification of training certificate records | Company’s legitimate interest. (in accordance with Article 10(f) of the DIFC DPL) |
4.2.3. How long do we keep your Personal Data?
We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates only if they consent to us doing so and only for a specified period of no longer than 6 months, unless we obtained their consent to keep it for longer.
4.3. CUSTOMER
We may collect Personal Data related to our existing customers.
4.2.1. Personal Data that we collect and Process
| Category of Personal Data | Personal Data |
|---|---|
| Identity Details: | Name, surname, date of birth, place of birth, ID number/ tax number, driving license, marital status, signature. |
| Contact Details: | Telephone number, e-mail address. |
| Personnel information: | Registration number, Education information, certificate of employment records, professional/personal skills. |
| Your Professional Experience: | Vocational education details, certificates. |
| Visual and Audio Records: | Photograph. |
| Vehicle Details: | License plate information. |
| Your Special Categories of Personal Data: | Health data (personal health details, disability details). |
4.3.2. Why do we collect your Personal Data and what are our lawful bases for it?
| Purpose of Data Processing | Lawful Basis |
|---|---|
| Opentable reservation process | Performance of a contract with you or to take steps at your request, before entering a contract (in accordance with Article 10(b) DIFC DPL). |
| Supplier, subcontractor, visitor OHS Basic Requirements Control | Processing is necessary for compliance with a legal obligation to which the Data Controller is subject to under the applicable law (in accordance with Article 10(1)(c) DIFC DPL). |
Some of the information we collect (such as personal health details, disability details) may be deemed to fall within the Special Categories of Personal Data under the DIFC DPL (in the above example, health information). We are not prohibited from Processing such data if you explicitly consent to the same under Article 11(a) DIFC DPL.
4.3.3. How long do we keep your Personal Data?
We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.
4.4. POTENTIAL CUSTOMER
We may collect Personal Data related to potential customers.
4.4.1. Personal Data that we collect and Process
| Category of Personal Data | Personal Data |
|---|---|
| Identity Details: | Name, surname. |
| Contact Details: | Telephone number, e-mail address. |
| Your Special Categories of Personal Data: | Health data (personal health details). |
4.4.2. Why do we collect your Personal Data and what are our lawful bases for it?
| Purpose of Data Processing | Lawful Basis |
|---|---|
| Opentable Reservation Process | Performance of a contract with you or to take steps at your request, before entering a contract (in accordance with Article 10(1)(b) of the DIFC DPL). |
4.4.3. How long do we keep your Personal Data?
We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
In Sections 5 and 6 of this Website Data Protection Notice, the following words shall have the following meanings:-
“Affiliate” means in relation to Saltbae Restaurant Limited or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş, any other Person directly or indirectly controlling or controlled by or under direct or indirect common control with Saltbae Restaurant Limited or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. For the purposes of this definition, “control” when used with respect to either Saltbae Restaurant Limited or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş means the power to direct the management and policies of such Person, directly or indirectly, whether through the ownership of voting securities, by contract or otherwise; and the terms “controlling” and “controlled” have meanings correlative to the foregoing.
“DIFC Affiliate” means an Affiliate registered in the DIFC;
"Non-DIFC Affiliate” means an Affiliate registered outside the DIFC; and
“Person” means any natural person, corporation, limited liability company, trust, joint venture, association, company, partnership, governmental authority or other entity.
We do not sell your Personal Data to third parties.
We may share your Personal Data with Nusr-et’s DIFC Affiliates and Non-DIFC Affiliates because we share the same guest management and IT systems. Such transfers are governed by jurisdiction-compliant agreements between the Affiliates for the integrity and confidentiality of Personal Data.
Service Providers
We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your Personal Data confidential and will comply with the DIFC DPL, GDPR, and any other relevant data protection laws.
We may share your information with the following types of service providers:
- a) technical support providers who assist with our website and IT infrastructure,
- b) third party software providers, where the provider hosts the relevant Personal Data on our behalf;
- c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
- d) providers that help us generate and collate reviews in relation to our goods and services;
- e) our advertising and promotional agencies and consultants and those organisations or online platforms selected by us to carry out marketing campaigns on our behalf (for example, Facebook, Google, Instagram);
- f) service providers that assist us in providing our services; and/or
- g) our business associates based in the DIFC and outside the DIFC.
Law Enforcement or Government Bodies
We may disclose your Personal Data to the required authorities, as permitted by law, in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.
6. TRANSFERS OF PERSONAL DATA OUTSIDE THE DIFC
We share Personal Data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the DIFC, we ensure that they are contractually obligated to comply with the DIFC DPL. Where they are located outside the DIFC, in accordance with Part 4 of the DIFC DPL, we shall ensure that your Personal Data shall only be transferred to a jurisdiction outside the DIFC if that jurisdiction has adequate levels of protection for that type of Personal Data unless that jurisdiction falls into one of the approved jurisdictions in the DIFC DPL or is otherwise listed by DIFC on its website from time to time. We also ensure in our contracts with these organisations that they only Process Personal Data fairly, lawfully and transparently (as required by DIFC DPL), in accordance with our instructions, and in order to provide the agreed services and protect the integrity and confidentiality of your Personal Data entrusted to them.
Some of the vendors/service providers that Nusr-et and Nusr-et Affiliates engage with, are located in jurisdictions where DIFC DPL does not recognise the jurisdictions as locations providing adequate protection for Personal Data. In such cases, we sign the DIFC approved standard contractual clause with the vendor/ service provider to protect your data.
7. LINKS TO OTHER WEBSITES
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Data Protection Notice. Nusr-et has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts in accordance with their relevant privacy policies.
8. YOUR DATA PROTECTION RIGHTS
You have the following rights in relation to your Personal Data in accordance with the provisions of Part 6 of the DIFC DPL;
- Ø Right to be informed: upon request organisations must tell individuals what data of theirs is being collected, how it is being used, how long it will be kept and whether it will be shared with any third parties. Individuals also have the right to be informed before Personal Data is disclosed by us for the first time to third parties or used on their behalf for the purposes of direct marketing and be explicitly offered the right to object to such disclosures or uses.
- Ø Right of access: individuals have the right to request a copy of the information that an organisation holds on them.
- Ø Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.
- Ø Right to erasure and right to be forgotten: in certain circumstances, individuals can ask organisations to erase any Personal Data that is stored with them, including on the Internet.
- Ø Right of portability: individuals can request that organisation transfer any data that it holds on them to another company, provided such transfer does not infringe the rights of any other individuals.
- Ø Right to restrict Processing: individuals can require an organisation to limit the way it uses Personal Data in certain circumstances (Article 35 DIFC DPL)
- Ø Right to object: individuals have the right to challenge certain types of Processing, such as direct marketing
- Ø Rights related to automated decision making, including profiling: Individuals have the right to object to any decision based solely on automated Processing, including profiling, which produces legal consequences concerning him or other seriously impactful consequences and to require such decision to be reviewed manually. Individuals can ask organisations to provide a copy of its automated Processing activities if they believe the data is being Processed unlawfully.
- Ø Right to withdraw consent: Individuals may withdraw consent at any time by notifying us.
- Ø Non-discrimination: Individuals exercising their rights above may not be discriminated against by us (for example by denying services to the individual or charging different prices for goods or services)
9. HOW CAN YOU WITHDRAW YOUR CONSENT?
If you consent to us Processing your Personal Data, please note that you may withdraw this consent at any time. In order to withdraw the consent, please contact privacy@nusr-et.com.tr . Please note that your consent can only be withdrawn for future Processing activities and such a withdrawal does not have any influence on the lawfulness of past Processing activities. In some cases, we may be entitled in spite of your withdrawal to continue to Process your Personal Data on a different legal basis.
10. UPDATING THIS DATA PROTECTION NOTICE
We reserve the right to update this Data Protection Notice at any time. We will let you know about the changes by publishing the updated version of the Data Protection Notice on www.nusr-et.com.tr . We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Data Protection Notice.
11. HOW TO GET IN TOUCH WITH US AND HOW CAN YOU EXERCISE YOUR LEGAL RIGHTS?
If you have any questions about our Data Protection Notice , or if you would like to make a complaint about a possible breach of Personal Data or to exercise one of your data protection rights, please contact us as described below.
Contact us;
Company E-mail address: privacy@nusr-et.com.tr
If you have any concerns about how we Process your Personal Data, please feel free to contact our data protection officer, who will investigate the matter and come back to you, by sending an email to privacy@nusr-et.com.tr.
If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work.