Privacy Policy


This Privacy Policy (the “Policy”) sets out how White Brasserie Co Ltd headquartered at Wizard House, 2A Cambridge Road, Teddington, TW11 8DR processes the Personal Data of its website visitors and customers.


  1. Important information and who we are

    1. Purpose of this Policy

      This Policy aims to give you information on how we collect and process your Personal Data through your use of this website, including any data you may provide to us when you use our Wi-Fi services, visit one of our restaurants or bars, subscribe to our newsletter and loyalty scheme, use our website, apply for a job with us or otherwise provide us with your personal data.

      It is important that you read this Policy together with any other Policy or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Policy supplements the other notices and is not intended to override them.

    2. Controller

      The White Brasserie Co Ltd is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this Policy).

      We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights in relation to your data, please contact the data privacy manager using the details set out below.

    3. Contact details

      Our full details are:

      1. Full name of legal entity: Brasserie Bar Co Limited
      2. Name or title of data privacy manager: Data Privacy Manager
      3. Email address:
      4. Postal address: Wizard House, 2A Cambridge Road, Teddington, TW11 8DR

      You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

    4. Changes to the Policy and your duty to inform us of changes

      We keep our Policy under regular review. This version was last updated in June 2022. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

    5. Third-party links

      This website may include links to third-party websites. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

  2. Cookies

    Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent on the site and the websites visited just before and just after ours.

    Cookies, in conjunction with our web server’s log files, allow us to calculate the average number of people visiting our site and which parts of the web site are most popular. This helps us gather feedback so that we can improve our service to customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.

    Cookie data collected is sent to Acteol who deliver our newsletters, manage the distribution of points in our Frequent Diner scheme, provide information on email opening and click-throughs which help us monitor and improve our services. Acteol’s privacy policy can be found here

    We use ‘session’ cookies which enable you to carry information across pages of the web site and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the site is being used and to improve the navigation and content.

    We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor.

    You can amend your preferences here.


    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    Name Provider Purpose Expiry Type Data sent to
    CookieConsent Stores the user’s cookie consent state for the current domain 1 year HTTP Cookie Ireland
    CONSENT Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 2 years HTTP Cookie United States
    CONSENT Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 2 years HTTP Cookie United States
    JSESSIONID Preserves users states across page requests. Session HTTP Cookie United States
    wc_cart_hash_# Used to retain cart content. Persistent HTML Local Storage Germany
    wc_fragments_# Used to retain cart content. Session HTML Local Storage Germany
    wordpress_test_cookie Used to check if the user’s browser supports cookies. Session HTTP Cookie Germany
    test_cookie Used to check if the user’s browser supports cookies. 1 day HTTP Cookie United States
    __cf_bm This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 1 day HTTP Cookie United States
    aka_debug Used by Vimeo to track usage of their embedded video player Session HTTP Ireland
    yt.innertube::nextId Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent HTML United States
    yt.innertube::requests Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent HTML United States
    ytidb::LAST_RESULT_ENTRY_KEY Stores the user’s video player preferences using embedded YouTube video. Persistent HTML United States
    utm_campaign_params This cookie is used to track visitor campaign links. 7 days HTTP Cookie Germany
    toggle_basket Stores shop preferences. Persistent HTML United Kingdom
    toggle_persisted Stores shop preferences. Persistent HTML United Kingdom

    Statistics & Marketing

    Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

    Name Provider Purpose Expiry Type Data sent to
    _ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years HTTP Cookie USA & Germany
    _gat Used by Google Analytics to throttle request rate 1 day HTTP Cookie USA & Germany
    _gid Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP Cookie USA & Germany
    IDE Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year HTTP Cookie USA & Germany
    AtreemoUniqueID_cookie Acteol is a third party CRM provider that uses tracking script to collect information about: page visits, device ID and browsers. This information may be used for marketing purposes. 10 years HTTP Cookie Germany
    WebEcasts/savetracking.aspx Acteol is a third party CRM provider that uses tracking script to collect information about: page visits, device ID and browsers. This information may be used for marketing purposes. Session Pixel Tracker Germany
    collect Used to send data to Google Analytics about the visitor’s device and behavior. Tracks the visitor across devices and marketing channels. Session Pixel United States
    NID Registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads. 6 months HTTP United States
    events/1/# Used to monitor website performance for statistical purposes. session Pixel United States
    jserrors/1/# Used to monitor website performance for statistical purposes. session Pixel United States

    You can refuse to accept cookies by activating the setting on your browser however, if you select this setting you may be unable to access certain parts of the Website. You can find out more about cookies at

  3. What is Personal Data?

    Personal data means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history (“Personal Data”).

    We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

      1. Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.
      2. Contact Data includes billing address, delivery address, email address and telephone numbers.
      3. Financial Data includes bank account and payment card details.
      4. Transaction Data includes details about payments to and from you and other details of products you have purchased from us.
      5. Technical Data includes information about whether you have opened our emails or clicked on any of the links in those emails, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
      6. Marketing and Communications Data includes your preferences for receiving marketing from us and our third parties and your communication preference.
      7. Special Category Data including information relation to your health if you apply for a job and such information is necessary as part of the application process. 

    We may also collect, use and aggregated data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

  4. Purposes for which we process Personal Data

    We will only process your Personal Data, in accordance with applicable law, for the following purposes:

    1. creating and maintaining your customer account, if you become our registered customer, member of our loyalty scheme (“Frequent Diner”) and/or sign up for our e-newsletters;
    2. to process and administer your booking requests;
    3. to process a job application, should you make one;
    4. offering our services to you in a personalised way, for example, we may provide suggestions based on your previous searches to enable you to identify suitable goods and services quicker or send you offers on your birthday. This may also include, where legally permitted, processing data related to your location;
    5. obtaining payment from you, if you purchase any of our goods and/or services like our e-gift vouchers and gift cards;
    6. enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, verification, technical, logistical or other functions, as may be required, in order to fulfil your orders or requests;
    7. resolving any refunds or disputes, if you lawfully exercise your rights or if you wish to dispute any part of our offering;
    8. sending you personalised marketing communications including offers and discounts, where you have agreed that we may do so, in order to keep you informed of our and our selected partner’s products and services, which we consider may be of interest to you. Please note we do not share your Personal Data with those partners;
    9. ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;
    10. to help us identify you, for example, when you are using our Wi-Fi services;
    11. developing and improving our products and services, for example, by reviewing visits to our website and its various subpages, demand for specific goods and services and user comments;
    12. to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
  5. How is your Personal Data collected?

    We use different methods to collect data from and about you including through:

    1. Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
      1. apply for a job or as part of the application process;
      2. sign up to our newsletter;
      3. join our loyalty scheme;
      4. login to our Wi-Fi services;
      5. enter a competition, promotion or survey;
      6. give us some feedback; or
      7. when you visit one of our establishments and use your Frequent Diner card.
    2. Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources as set out below:
      1. Technical Data from Google Analytics including details about your use of our website, browsing actions and patterns.
      2. Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Acteol who deliver our newsletters and manage the distribution of points in our Frequent Diner scheme. In particular, they give us data about email opening and click-throughs which help us monitor and improve our newsletter. Acteol privacy policy.
      3. Contact, Technical and Transaction Data from our WiFi provider Wireless Social
      4. Contact, job application, right to work and CV data from harri
  6. Our grounds for processing your Personal Data

    Your consent, as the Data Subject, to the processing as specified in this Policy is the primary legal ground for our processing of your Personal Data. However, there may be circumstances where we may also rely on other valid legal grounds for the processing of your Personal Data, such as:

    1. your request for content, goods or services or a job enquiry necessitating steps including processing of your Personal Data to be taken prior to entering into contract with you and any processing that is necessary for the performance of such contract; and
    2. legitimate interests pursued by us as a business, except where such interests are overridden by your interests and fundamental rights and
    3. compliance with a legal obligation to which we are subject.

    If we are processing special category data in connection with a job application you have made, we will rely on your explicit consent which you can withdraw at any time. 

  7. Disclosure of customer information

    There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:

    1. to our subsidiaries, branches or associated offices;
    2. to our outsourced service providers or suppliers to facilitate the provision of our services or goods to you, for example, the disclosure to our data centre provider for the safe keeping of your Personal Data or webhosting provider through which your Personal Data may be collected;
    3. to our advertising partners who enable us to deliver personalised ads to your devices or similar advertising;
    4. subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, please unsubscribe by emailing us at or by clicking the unsubscribe link on any of our emails;
    5. to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
    6. to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company;
    7. to public authorities where we are required by law to do so; and
    8. to any other third party where you have provided your consent.

    Please note, save as described above we do not rent or trade email lists with other organisations and businesses.

  8. Retention of personal data

    Your Personal Data will be retained until your last interaction or use or purchase of our services or goods and normally for a period of 5 years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy. The retention of your Personal Data will be subject to periodic review.

    We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

  9. Data subject rights

      1. Opting Out. You can ask us to stop sending you marketing messages at any time by contacting us as above or by following the opt-out links on any marketing message sent to you. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other transactions.
      2. Changing your Personal Data. You can change the Personal Data that we hold about you by contacting us, using the details set out above, and asking us to update your information.

      Data protection law provides data subjects with numerous rights, including the rights to: access, rectify, erase, restrict, transport, and object to the processing of, their Personal Data. Data subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law.

      1. Right to make subject access request (SAR). Data subjects may, where permitted by applicable law, request copies of their Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by writing to the Data Privacy Manager whose contact details are above. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity.
      2. Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.
      3. Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit from certain service features for which the processing of your Personal Data is essential.
      4. Right to object to processing. You may, as permitted by applicable law, request that we stop processing your Personal Data.
      5. Right to erasure. You may request that we erase your Personal Data and we will comply with your request, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
      6. Right to data portability. In certain circumstances, you may request that we provide your Personal Data to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services.

      Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.

  10. Children

    This website is not intended for children and we do not knowingly collect data relating to children.

  11. CCTV

    We use closed circuit television (CCTV) at our establishments and the images produced to prevent or detect crime and to provide a safe and secure environment for our staff and guests.

    We comply with the Information Commissioner’s Office CCTV Code of Practice to ensure that CCTV is used responsibly and safeguards both trust and confidence in its continued use.

    Cameras are situated so that they only capture images relevant to the purposes for which they are installed. Recorded data will not be retained for longer than is necessary. While retained, the integrity of the recordings will be maintained to ensure their evidential value and to protect the rights of the people whose images have been recorded. All retained data will be stored securely at all times and permanently deleted after six months unless we are required to retain the data for legal reasons.



Mobile Ordering Terms & Conditions of Use and Privacy Notice

  1. In order to utilise the Mobile Ordering system, the following requirements must be met:
    1. Admission and service at licensed premises are subject to licensing laws.
    2. If alcoholic or age-restricted products are purchased, the purchaser and any intended consumer must be over 18 and able to provide valid ID, on request.
    3. The Mobile Ordering system requires a PayPal account or suitable payment card to process orders.
      1. Payment processing services are provided by Braintree, a division of PayPal (Europe) S.a.r.l. et Cie, SCA (“Braintree”), which will involve transferring your data to Braintree’s servers located within the United States in accordance with applicable data protection laws.
      2. The application will transfer payment details directly from Braintree to our point of sale system. We will not store your card details on our system. Your personal and card details will be securely stored by Braintree and used only for the purpose of administering payment, verification of transactions, refunds and ease of use in future transactions using the service.
      3. However, your CSC/CVV number will not be stored and must be entered each time you use a card for authentication. We will also share your email address with Omnifi Limited who will generate and send you an electronic receipt on our behalf, following bill payment.
  2. If you have opted-in to receive News, Updates and Promotional offers, your details will be stored and processed by Acteol. Their privacy policy is here.
  3. It is at the manager’s sole discretion to refuse service to any individual or to make any other decision which is aimed at promoting or adhering to the licensing objectives, including promoting any internal or restaurant/pub-specific policies/procedures.
  4. All products and offers are subject to availability. Alternative products or refunds may be offered, where appropriate, at the manager’s discretion.
  5. If you experience technical issues when using the Mobile Ordering system, these may be resolved by speaking to a restaurant/pub team member.
  6. If your order is refunded, owing to product/offer availability or as a customer service goodwill gesture, it will usually be processed through the restaurant/pub’s till, with the funds being returned to the PayPal account or card within 48 hours. All refunds are at the manager’s discretion.
  7. We apologise, but it is not possible to amend or cancel orders, once placed.
  8. If for some reason you are not able to order on the Mobile Ordering system, please order with a member of staff.