Privacy Policy

FIRST TABLE PRIVACY POLICY

Effective 2 June 2026

1. Introduction and Scope

This Privacy Policy explains how First Table Limited (FTL), together with its relevant local operating and marketing entities, collects, uses, discloses, stores, transfers, and otherwise Processes Personal Information in connection with its Restaurant Booking platform, website, mobile interfaces, related services, and any associated customer support or marketing activities (collectively, the Services).

This policy should be read in conjunction with:

• Our Terms and Conditions, which you can find here
• Our Cookie Policy, which you can find here
• Our Cancellation policy which you can find here
• Our Frequent Foodies loyalty programme Terms and Conditions, which you can find here

This Privacy Policy applies to all users of the Services, including visitors, account holders, Restaurant guests, Restaurant partners, prospective customers, and other individuals whose Personal Information is Processed by or on behalf of FTL in the course of operating the Services. It is intended to apply on a consistent basis for users located in New Zealand, Australia, the United Kingdom, Ireland, and any other jurisdiction from which the Services may be accessed, including by cross-border users and travellers.

By using the Services, submitting Personal Information, making or managing a Booking, or otherwise interacting with the Services, you acknowledge that your Personal Information will be handled in accordance with this Privacy Policy and applicable data protection laws. Nothing in this Privacy Policy` limits any mandatory rights or protections available to individuals under applicable law.

This Privacy Policy is intended to be interpreted in a manner consistent with applicable privacy and data protection legislation in the jurisdictions in which the Services are offered, including laws governing transparency, lawful Processing, security, cross-border transfers, data subject rights, and complaint handling.

Table of contents

1. Introduction and Scope
2. Who We Are and How the Group Works
3. Information We Collect
4. How We Use Your Information
5. Legal Bases for Processing
6. How We Share Information
7. Cross-Border Transfers
8. Cookies and Similar Technologies
9. AI Use
10. Data Retention
11. Security
12. Your Rights and Choices
13. Children
14. Contact Us
15. Supervisory Authorities and Complaint Rights
16. Glossary of Defined Terms
17. Changes to This Policy

2. Who We Are and How the Group Works

For the purposes of this Privacy Policy, the website, mobile interfaces, Booking platform, customer support channels, and related features through which the Services are made available are operated by or on behalf of FTL.

FTL is part of a group of companies that may include local subsidiaries or affiliated entities established in the United Kingdom, Ireland, Australia, New Zealand, and other jurisdictions from time to time. These local entities may support the Services by carrying out Restaurant marketing, onboarding and relationship management, local account support, commercial administration, and the handling of Restaurant-facing queries, complaints, and disputes. Where a local subsidiary or affiliate collects, uses, or discloses Personal Information in connection with those activities, it will do so as a Processor or service provider on behalf of FTL, for the purposes described in this Privacy Policy and in accordance with applicable data protection laws.

For example, a local entity may contact Restaurants, manage local commercial relationships, assist with Booking-related issues, or coordinate dispute resolution, while FTL remains responsible for the operation of the Services and the central administration of user accounts, platform functionality, and customer support unless otherwise specified. FTL is responsible for making all decisions as to the means and purposes of Processing Personal Information.

Where payments are Processed through third-party payment Processors such as Stripe, those providers act as separate data controllers or Processors, as applicable, and their use of Personal Information is governed by their own privacy notices and applicable terms.

Nothing in this section limits or overrides any rights you may have under applicable law, or any additional disclosures, notices, or consents provided to you in connection with particular features of the Services.

3. Information We Collect

We collect  Personal Information about Users in a variety of ways in connection with the Services, including directly from Users, automatically through the Services, from Restaurants and Local Subsidiaries, from payment and fraud-prevention providers, and from other third parties where permitted by applicable Data Protection Laws.

The categories of information we may collect include the following:

• Identity Data includes first name, last name and any identifier we give you.

• Contact Data includes billing address, email address and telephone numbers.

• Financial Data includes credit card details. However, please note that we use secure third-party payment Processors such as Stripe to Process credit card information and do not store or Process credit card payments ourselves.

• Transaction Data includes details about payments to and from you and other details of products and Services you have purchased from us or using our Services.

• Technical Data includes IP address, browser type, device identifiers, operating system, language settings, referring and exit pages, pages viewed, clickstream data, timestamps, session information, approximate location derived from IP address, and other usage analytics.  This also includes data collected through Cookies and similar tracking technologies, including preferences, authentication status, analytics data, advertising or marketing identifiers, and information about interactions with the Services.

• Profile Data includes your password, purchases or orders made by you, your location, interests, favourite Restaurants, preferences, Restaurant reviews, feedback and survey and competition responses. This also includes information about Restaurants, and your status points and benefits earned under our Frequent Foodies loyalty programme.

• Usage Data includes information about how you use our website, mobile applications, and Services and includes information relating to a Booking, including the Restaurant selected, Booking date and time, party size, whether children are included, seating or dining preferences, special requests, cancellation or amendment history, confirmation details, and related communications.

• Marketing and Communications Data includes your preferences in receiving marketing from us, Restaurants and other third parties and your communication preferences together with all direct communications between us, for example where you give feedback on our Services and in relation to queries, complaints and enforcement of this policy and our terms and conditions.

We may also infer or derive information from the data we collect, such as likely preferences, interests, dining patterns, or service usage trends, to the extent permitted by applicable Data Protection Laws.

If a User chooses not to provide certain information, we may be unable to provide some or all of the Services, Process a Booking, respond to a request, or enable certain features, including Account functionality and customer support.

Where information is collected from or shared with Local Subsidiaries, Stripe, Braze, Restaurants, or other third parties, such collection and sharing will be subject to the relevant contractual arrangements and applicable Data Protection Laws.

4. How We Use Your Information

We use, and may instruct our Local Subsidiaries, service providers, and other third parties to use, Personal Information for the purposes described in this Privacy Policy as itemised in section 5 below, and as otherwise permitted or required by applicable Data Protection Laws.

We may combine information collected through the Services with information obtained from other sources, including Restaurants, Local Subsidiaries, service providers, public sources, and other third parties, for the purposes set out in this Privacy Policy.

We may use Cookies and similar technologies for essential functionality, authentication, preferences, analytics, performance measurement, security, and marketing, subject to applicable consent and opt-out requirements.

5. Legal Bases for Processing

We Process Personal Information only where we have a lawful basis to do so under applicable Data Protection Laws. The lawful basis we rely on will depend on the purpose for which we are Processing the relevant information and the context in which it is collected or used.

We have set out below, in a table format, a description of all the ways we plan to use your  Personal Information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

We may Process your  Personal Information for different purposes and on more than one lawful basis  from time to time. Using the categories referred to above, the bases on which we Process  Personal Information include:

We strive to provide you with choices regarding certain  Personal Information uses, particularly around marketing and advertising. We have established the following  Personal Information control mechanisms:

Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which Services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased Services from us, provided that you have either: 

(a) opted-in to receive such marketing; or

(b) the marketing relates to similar Services, you were given a clear opportunity to opt out when your data was first collected, and you have not subsequently opted out of receiving that marketing. 

Every marketing communication will include an easy way to unsubscribe.

You may also receive marketing communications from us where a User has given us your contact details so that they can claim referral credit.  If you are a User who provides us with someone else’s contact details, you confirm to us that you have the authority to do so (e.g., because you have checked with them first).

Third-party marketing

We will get your express opt-in consent before we share your  Personal Information with any third party, such as Restaurants, for marketing purposes. Where you opt-in to receive communications from a particular Restaurant they will download your contact details from us and will be the Controller in respect of your Personal Information that they hold.

Note that we also provide your Personal Information to Braze, our marketing communication Processor, which handles aspects of our marketing engagement on our behalf.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by clicking the "unsubscribe" link in any marketing email, by updating your communication preferences in your account settings, or by contacting us using the details in the "Contact Details" section below.

Where you opt-out of receiving these marketing messages, this will not apply to the  Personal Information provided to us as a result of using our service or in connection with the non-marketing purposes described in the table above.  Opting-out with us will not affect any consent you have given to receive communications from Restaurants.

Consent

Where required by law or notified to you from time to time, we will rely on your consent to Process some of your  Personal Information. This may include, for example, sending certain marketing communications or placing Cookies. Where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of Processing carried out before withdrawal. If you withdraw consent, we may be unable to provide some features or services to you.

Where we rely on consent, we will seek it in a manner that is informed, specific, freely given, and unambiguous, and where required, by a clear affirmative act. You may be able to manage certain consent choices through your device settings, browser settings, account settings, or other preference tools we make available.

Nothing in this clause limits any rights you may have under applicable Data Protection Laws, including rights to object to Processing based on legitimate interests, to withdraw consent, or to request access, correction, deletion, restriction, portability, or other remedies where available.

6. How We Share Information

We may disclose, transfer, or otherwise make available  Personal Information to the following categories of recipients, and for the purposes described below, to the extent permitted or required by applicable Data Protection Laws:

Restaurants. We may share Booking details, Account details, contact details, special requests, dietary preferences, attendance information, and other information reasonably necessary to facilitate a Booking, confirm reservations, manage cancellations or amendments, communicate with you about your Booking, provide customer support, market to you, and otherwise operate the Services. Restaurants act as independent Controllers in respect of  Personal Information they receive for their own purposes, including managing reservations, guest communications, marketing, and in-venue operations.

Group entities and Local Subsidiaries. We may share  with our parent, subsidiary, affiliate, and related entities, including any Local Subsidiary, for internal administration, customer support, local relationship management, Restaurant onboarding and account management, marketing and commercial operations, fraud prevention, analytics, product development, compliance, and the operation, maintenance, and improvement of the Services. Where a Local Subsidiary Processes Personal Information on our behalf, it will do so as a Processor or service provider, as applicable based on local regulatory definitions.

Service providers. We may share Personal Information with vendors, contractors, and other service providers that perform services for us or on our behalf, including hosting and infrastructure providers, customer support providers, communications providers, analytics providers, advertising and marketing partners such as Braze, identity verification providers, fraud prevention providers, security providers, and AI Tools providers. Such recipients may Process Personal Information only for the purposes of providing services to us or otherwise in accordance with our instructions, unless they act as independent Controllers for their own lawful purposes.

Payment Processors. Where payments, refunds, chargebacks, or other payment-related transactions are made available through the Services, we may share relevant Personal Information with payment Processors such as Stripe or any payment service provider used in connection with the Services. This may include name, contact details, payment card or account details, transaction information, billing information, and fraud-related information. Payment Processors act as independent Controllers or Processors, depending on the purpose for which data is Processed and the relevant Data Protection Laws.  We do not retain credit card details.

Analytics, advertising, and AI providers. We may share Personal Information with analytics providers, measurement providers, advertising technology providers, and AI Tools providers to understand usage of the Services, improve functionality, personalise content, detect fraud or abuse, generate insights, support customer service, and develop or operate features such as recommendations, ranking, content generation, chatbots, or automated assistance. Where required by law, we will obtain any necessary consent before using Cookies or similar technologies for these purposes or before sharing Personal Information for targeted advertising or similar activities.

Professional advisers. We may share Personal Information with our lawyers, accountants, auditors, insurers, consultants, and other professional advisers where reasonably necessary for the provision of advice, risk management, corporate governance, dispute resolution, insurance, or legal compliance.

Regulators, authorities, and law enforcement. We may disclose Personal Information to Supervisory Authorities, courts, tribunals, law enforcement agencies, government bodies, and other public authorities where we believe disclosure is required or appropriate to comply with applicable law, regulation, legal process, or enforceable governmental request; to protect our rights, property, or safety, or that of our Users, Restaurants, or others; to investigate or prevent fraud, security incidents, or other unlawful activity; or to respond to complaints or inquiries.

Business transfers. We may disclose Personal Information in connection with, or during negotiations of, any merger, acquisition, financing, reorganisation, sale of assets, bankruptcy, insolvency, or similar corporate transaction, in which case Personal Information may be transferred as part of the transaction subject to applicable confidentiality and legal requirements.

At your direction or with your consent. We may share Personal Information with other third parties where you request or direct us to do so, or where you otherwise consent to the disclosure.

Where permitted by law, we may also disclose Personal Information where we believe in good faith that such disclosure is necessary or appropriate to: (a) enforce our terms and policies; (b) protect and defend our rights, property, or safety, or those of our Users, Restaurants, or others; (c) detect, prevent, or address fraud, criminal activity, security, technical, or operational issues; or (d) support the administration, operation, or improvement of the Services.

We may use and disclose aggregated, de-identified, anonymised, or otherwise non-identifiable information for any lawful purpose, including analytics, research, reporting, marketing, and service improvement, provided that such information is not reasonably capable of identifying you and in accordance with any applicable laws.

7. Cross-Border Transfers

FTL may transfer, store, access, or otherwise Process  Personal Information in jurisdictions other than the country in which it was collected, including, without limitation, New Zealand, Australia, the United Kingdom, Ireland, and any other country in which FTL, a Local Subsidiary, a Processor, a service provider, or other recipient maintains operations, systems, personnel, or infrastructure.

Where Personal Information is transferred across borders, FTL will take reasonable steps to ensure that such transfers are carried out in accordance with applicable Data Protection Laws and are subject to appropriate safeguards designed to protect the confidentiality, integrity, and security of the data. Such safeguards include, as applicable:

• standard contractual clauses, international data transfer agreements, or equivalent approved transfer mechanisms;

• binding corporate rules or intra-group transfer arrangements, where applicable;

• data Processing agreements and confidentiality obligations with recipients;

• technical and organisational measures, including encryption, access controls, pseudonymisation, and least-privilege access; and

• assessments of the legal environment and transfer risks in the destination jurisdiction, where required by applicable Data Protection Laws.

The transfer methods relied upon at present are:

FTL may transfer  Personal Information to Local Subsidiaries for purposes including Restaurant marketing, local relationship management, customer support, operational administration, analytics, fraud prevention, and the provision and improvement of the Services. FTL may also transfer data to third-party service providers, including Stripe and Braze, where necessary to facilitate payment Processing, transaction administration, FTL marketing, fraud detection, chargeback handling, and related support functions.

Where a transfer is made to a country that does not provide an adequate level of protection under applicable Data Protection Laws, FTL will take steps intended to ensure that the transfer remains lawful, including by implementing one or more of the safeguards described above or by obtaining any required consent or relying on any other permitted transfer basis.

Nothing in this clause limits any rights or remedies available to a User under applicable Data Protection Laws, including rights relating to access, correction, deletion, restriction, objection, portability, or complaint to a Supervisory Authority.

FTL may update its transfer mechanisms and safeguards from time to time to reflect changes in law, regulatory guidance, or operational requirements, provided that any such changes remain consistent with applicable Data Protection Laws.

8. Cookies and Similar Technologies

FTL and, where applicable, the Local Subsidiaries use Cookies and similar technologies on and through the Services to operate, secure, maintain, improve, and personalise the Services, to understand how Users interact with the Services, and to support marketing and analytics activities.  You can find our Cookie policy here.

9. AI Use

We may use AI Tools in connection with the Services to operate, improve, secure, and support the Services, including to help with customer support, Booking management, fraud prevention, content moderation, personalization, ranking or recommendation of Restaurants, analytics, and the generation or summarisation of content or communications.

Depending on how you interact with the Services, AI Tools may Process  Personal Information such as your name, contact details, Account details, Booking details, preferences, device and usage information, Cookies, location information, communications with us, and information you choose to provide through the Services. Where permitted by applicable Data Protection Laws, AI Tools may also Process aggregated, de-identified, or pseudonymised data for the purposes described in this clause.

We do not intend for AI Tools to make decisions that produce legal or similarly significant effects about you without appropriate human involvement, review, or oversight where required by applicable Data Protection Laws. Where an AI Tool is used to assist with a decision affecting you, we will take reasonable steps to ensure that the output is reviewed by a person where required or appropriate, and that the use of such tool is subject to safeguards designed to reduce errors, bias, and inappropriate outcomes.

AI Tools may be operated by FTL, a Local Subsidiary, Braze, Stripe, or other service providers or third parties acting on our behalf or integrated into the Services. Such parties may Process data only for the purposes of providing, maintaining, improving, or securing the relevant functionality, or as otherwise disclosed in this Privacy Policy and permitted by applicable Data Protection Laws.

Where required by applicable Data Protection Laws, you may have rights to object to or restrict certain Processing involving AI Tools, including profiling or automated decision-making. You can exercise any applicable rights by contacting us using the details set out in this Privacy Policy.

10. Data Retention

We retain data which is Personal Information only for as long as reasonably necessary to fulfil the purposes for which it was collected, to provide and administer the Services, to manage Bookings and Accounts, to respond to support requests, to comply with legal and regulatory obligations, to establish, exercise, or defend legal claims, and to enforce our agreements and policies.

The length of time for which we retain particular categories of information depends on the nature of the data, the purpose for which it was collected, the sensitivity of the data, the risk of harm from unauthorised use or disclosure, the applicable legal requirements, and whether the data is needed for ongoing business, operational, accounting, tax, fraud prevention, dispute resolution, or compliance purposes.

Without limiting the foregoing, we generally retain data as follows:

Booking and transaction records. We retain Booking records, reservation history, cancellation and amendment records, communications relating to Bookings, and related transaction information for as long as necessary to administer the Booking, handle customer service issues, manage Restaurant relationships, maintain records of completed or failed transactions, and comply with legal, tax, accounting, and audit requirements.

Account data. We retain Account information for as long as the Account remains active and for a reasonable period thereafter to allow for account recovery, to resolve disputes, to detect and prevent fraud or abuse, and to comply with legal obligations. If an Account is closed or inactive, we may retain certain information for a further period where necessary for legitimate business, compliance, or legal purposes.

Support and correspondence records. We retain customer support enquiries, complaints, feedback, correspondence, and related records for as long as needed to investigate and resolve the matter, improve the Services, maintain service quality, and comply with legal obligations.

Payment-related records. Where payment-related information is Processed through Stripe or other payment providers, we retain records only to the extent necessary for payment administration, reconciliation, chargeback handling, fraud prevention, accounting, and legal compliance. We do not collect or retain card details.

Legal and compliance records. We retain records that we are required to keep under applicable Data Protection Laws, consumer protection laws, tax laws, accounting rules, anti-fraud requirements, or other legal obligations for the period required by those laws or for any longer period necessary to establish, exercise, or defend legal claims. In the event a dispute arises or could arise in the context of any other records or data we hold, we will retain such data for the duration of the limitation period applicable to that dispute (or, if longer, the length of the dispute itself). 

Cookies and similar technologies. We retain information collected through Cookies and similar technologies for the period necessary for the relevant functionality, analytics, security, or advertising purpose, subject to any consent, preference, or retention settings that apply.

When  Personal Information is no longer required for the purposes for which it was collected, we will take reasonable steps to delete, destroy, or anonymise it, or to irreversibly de-identify it where permitted by applicable law.

We may retain anonymised, aggregated, or de-identified data for longer periods for research, analytics, reporting, product improvement, and business planning, provided that such data does not identify an individual and is used in accordance with applicable law.

Retention periods may vary by jurisdiction and may be extended where required by a Supervisory Authority, court order, litigation hold, or other legal process. Nothing in this section limits any right or obligation under applicable Data Protection Laws to request deletion, restriction, or erasure of information, where such rights apply.

11. Security

FTL shall implement and maintain appropriate technical and organisational measures designed to protect  Personal Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised Processing. Such measures shall be appropriate to the nature of the data, the risks presented by the Processing, and the reasonably available technology at the time of collection,, taking into account the costs of implementation and the context, scope, purposes, and risks of the Processing.

While FTL uses reasonable safeguards, no method of transmission over the internet or method of electronic storage is completely secure, and FTL cannot guarantee absolute security. Users are responsible for maintaining the confidentiality of their Account credentials, using secure devices and networks, and promptly notifying FTL of any suspected unauthorised access to their Account or any security concern relating to the Services.

FTL may update its security measures from time to time to reflect changes in technology, legal requirements, operational practices, and risk profile, provided that any such updates are intended to maintain a level of protection appropriate to the Processing undertaken through the Services.

12. Your Rights and Choices

You may have certain rights and choices in relation to our Processing of your  Personal Information, subject to applicable Data Protection Laws and any lawful limitations, exemptions, or exceptions. These rights vary depending on your place of residence, the nature of our relationship with you, and the role in which we are Processing your information.

Subject to applicable law, you may have the right to:

• request access to the  Personal Information we hold about you and obtain information about how we Process it;

• request correction or rectification of inaccurate, incomplete, or outdated information;

• request deletion, erasure, or anonymisation of your information, where applicable;

• request restriction of Processing in certain circumstances;

• object to Processing based on our legitimate interests, including any direct marketing or profiling activities, where applicable;

• request portability of certain information in a structured, commonly used, and machine-readable format, where applicable;

• withdraw consent at any time where Processing is based on your consent, without affecting the lawfulness of Processing carried out before withdrawal; and

• opt out of marketing communications and certain Cookies or similar tracking technologies, subject to technical and legal limitations.

You may also have the right not to be subject to a decision based solely on automated Processing, including profiling, where such a right applies under Data Protection Laws. Where we use AI Tools or other automated systems in connection with the Services, we will take appropriate steps to ensure any such Processing is carried out in accordance with applicable law.

If you wish to exercise any of these rights, you may contact us using the contact details provided in this Privacy Policy. We may need to verify your identity before responding to your request and may ask for additional information necessary to confirm your identity and locate your records.  Where allowed by applicable Data Protection Laws, we may charge a reasonable fee for provision of data.

We will respond to your request within the timeframe required by applicable law. If we are unable to comply with your request in whole or in part, we will explain the reasons, subject to any legal restrictions on providing that explanation.

You may also have the right to lodge a complaint with a Supervisory Authority if you believe our Processing of your  Personal Information does not comply with applicable Data Protection Laws. Information on how to make a complaint is set out in section 15 below. 

We will not discriminate against you for exercising any privacy rights granted under applicable law, except to the extent permitted by law and reasonably necessary to provide the Services.

Some rights may be limited where, for example, we must retain information to comply with legal obligations, resolve disputes, enforce agreements, protect the rights of others, or where an exemption under applicable Data Protection Laws applies.

13. Children

The Services are intended for adults and are not directed to children under the age of 18. FTL does not knowingly collect, use, disclose, or otherwise Process  Personal Information from any child under 18 through the Services, and no person under 18 may create an Account, make a Booking, or otherwise use the Services without the involvement and consent of a parent or legal guardian where required by applicable Data Protection Laws.

If FTL becomes aware that it has collected  Personal Information from a child under 18 in circumstances not permitted by applicable law, FTL will take reasonable steps to delete or de-identify such information as soon as reasonably practicable, unless retention is required or permitted by law, including to comply with legal obligations, enforce rights, prevent fraud, or protect the safety and security of the Services, Users, Restaurants, or others.

Where a parent, legal guardian, or other authorised adult submits information on behalf of a child in connection with a Booking, account, inquiry, or other interaction with the Services, that adult represents and warrants that they have the authority to do so and that any required consents have been obtained. To the extent the Services permit family Bookings or similar arrangements, FTL may Process limited information about a child only as necessary to administer the relevant Booking, provide requested Services, comply with law, or protect legitimate interests, and only in accordance with applicable Data Protection Laws.

If you believe that a child under 18 has provided  Personal Information to FTL through the Services, please contact FTL using the contact details set out in this Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the Processing of your  Personal Information in connection with the Services, you may contact FTL using the contact details set out below.

Data Controller / Website Operator

First Table Limited (FTL)
Contact: privacy@firsttable.co.nz
Postal address: Level 2, 50 Stanley Street, Queenstown 9300, New Zealand

UK and Ireland Local Subsidiary / Restaurant Marketing and Local Relationship Processor

• FTNZ UK Limited
• Contact: privacy@firsttable.co.uk
• Postal address: FTNZ UK Limited, 10 John Street, London, United Kingdom, WC1N 2EB ]

The above entity is also FTL’s representative for the purposes of the UK Data Protection Act 2018.

EU Representative for the purposes of the GDPR and the Irish Data Protection Act 2018 

European Data Protection Office (EDPO), appointed pursuant to Article 27 of the General Data Protection Regulation (GDPR)

• Contact: On-line Request form: https://edpo.com/gdpr-data-request
• Postal Address: EDPO at Ground Floor, 71 Lower Baggot Street, Dublin, D02 P593, Ireland 

Australia Local Subsidiary / Restaurant Marketing and Local Relationship Processor

• First Table (Australia) Pty Limited
• Contact: privacy@firsttable.com
• Postal address: 5 Quarterhouse Parade Wadalba NSW 2259 

General Privacy Enquiries

You may also contact us by email at privacy@firsttable.com  for general privacy enquiries, including questions about how we collect, use, disclose, store, or otherwise Process  Personal Information, or to exercise any rights available to you under applicable Data Protection Laws.

Payment-Related Enquiries

If your enquiry relates to a payment Processed through the Services, you may also need to contact Stripe directly using the contact information provided by Stripe in connection with the relevant transaction. FTL does not control Stripe’s independent Processing of payment information, and any such enquiries may need to be addressed by Stripe in accordance with its own privacy practices.

Supervisory Authorities

If you are not satisfied with our response, or if you believe that our Processing of your  Personal Information may not comply with applicable Data Protection Laws, you may have the right to lodge a complaint with the relevant Supervisory Authority, including, where applicable, the Irish Data Protection Commission, the UK Information Commissioner’s Office, the Office of the Australian Information Commissioner, or the New Zealand Privacy Commissioner.

Response Times

We aim to acknowledge privacy-related enquiries within a reasonable time and, where required by applicable Data Protection Laws, to respond within the applicable statutory timeframe. If we need more time to deal with your request, we will let you know and, where permitted, explain the reason for the delay.

Verification

Before responding to a privacy request, we may need to verify your identity or authority to make the request. If you are making a request on behalf of another person, we may require evidence of your authority to act for that person.

Local Contact Routing

Where appropriate, we may route your enquiry to the relevant Local Subsidiary or service team best placed to assist with your request, including for Restaurant relationship matters, local support, or jurisdiction-specific privacy issues.

15. Supervisory Authorities and Complaint Rights

If you are concerned about how we handle your  Personal Information, we encourage you to contact us first so that we can try to resolve your concern promptly and informally. 

Depending on your location and the nature of your complaint, you may also have the right to lodge a complaint with a Supervisory Authority.

• United Kingdom: the Information Commissioner's Office (ICO) is the UK supervisory authority for data protection matters. You can contact the ICO at https://ico.org.uk/make-a-complaint/ or by any other method made available by the ICO from time to time.

• Ireland: the Irish Data Protection Commission (DPC) is the competent supervisory authority. You can contact the DPC at https://forms.dataprotection.ie/contact or by any other method made available by the DPC from time to time.

• Australia: the Office of the Australian Information Commissioner (OAIC) is the relevant privacy regulator. You can contact the OAIC at https://www.oaic.gov.au/privacy/privacy-complaints or by any other method made available by the OAIC from time to time.

• New Zealand: the Office of the Privacy Commissioner is the relevant privacy regulator. You can contact the Privacy Commissioner at https://www.privacy.org.nz/your-rights/making-a-complaint/ or by any other method made available by the Privacy Commissioner from time to time.

You may also have the right to contact any other Supervisory Authority with jurisdiction over our Processing of your  Personal Information, including where you live, where the relevant Processing takes place, or where an alleged infringement has occurred.

16. Glossary of Defined Terms

In this Privacy Policy, unless the context otherwise requires, the following terms have the meanings set out below. 

Account means an account created by or for a User to access or use any part of the Services.

AI Tools means any artificial intelligence, machine learning, automated decision-making, recommendation, ranking, profiling, content generation, chatbot, large language models, or similar technology used in connection with the Services, whether operated by FTL, a Local Subsidiary, a service provider, or a third party.

Booking means a Restaurant reservation, Booking request, table reservation, waitlist entry, cancellation, amendment, confirmation, or related communication made through or in connection with the Services.

Controller means the person or entity that determines the purposes and means of the Processing of  Personal Information, and includes any equivalent concept under applicable Data Protection Laws.

Cookies means cookies, pixels, tags, SDKs, local storage objects, web beacons, and similar tracking technologies used on or through the Services.

Data Protection Laws means all applicable privacy, data protection, and electronic communications laws and regulations, including, where applicable, the UK GDPR, the EU GDPR, the Irish Data Protection Act 2018, the UK Data Protection Act 2018, the Australian Privacy Act 1988, the New Zealand Privacy Act 2020, and any other applicable laws relating to privacy or the protection of  Personal Information.

Local Subsidiary means, as applicable, FTNZ UK Limited, First Table (Australia) Pty Limited, or any other local affiliate, subsidiary, or related entity that supports Restaurant marketing, local relationship management, customer support, or other Services in a particular jurisdiction.

Personal Information means any information relating to or about an identified or identifiable natural person, and includes any equivalent term such as personal data, personal information, or similar term under applicable Data Protection Laws.

Processing means any operation or set of operations performed on  Personal Information, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transfer, dissemination, alignment, combination, restriction, erasure, or destruction.

Processor means a person or entity that Processes Personal Information on behalf of a Controller, and includes any equivalent concept under applicable Data Protection Laws.

Restaurant means any Restaurant, venue, hospitality business, or other dining establishment listed, promoted, managed, or otherwise made available through the Services.

Services means the websites provided by FTL and its Local Subsidiaries, mobile interfaces, Booking platform, related services, customer support channels, and any associated features operated by or on behalf of FTL in connection with Restaurant Bookings and related activities.

Supervisory Authority means any competent data protection, privacy, or information regulator or authority having jurisdiction over the Processing of Personal Information, including, where applicable, the Irish Data Protection Commission, the UK Information Commissioner's Office, the Office of the Australian Information Commissioner, the New Zealand Privacy Commissioner, and any equivalent authority.

User means you and any visitor, customer, diner, account holder, Restaurant representative, or other individual who accesses or uses the Services.

17. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, the Services, our legal or regulatory obligations, or for other operational, technical, or business reasons.

When we make material changes, we will take reasonable steps to notify Users by posting the updated Policy on or through the Services and, where appropriate, by providing additional notice by email, in-product notice, banner, pop-up, account notification, or other reasonable means. The date of the latest version will be identified at the top of the Policy, where applicable.

Unless a different period is required by applicable Data Protection Laws or the change is otherwise effective immediately for legal, security, or operational reasons, any updated Policy will take effect when it is posted or on the effective date stated in the updated Policy, whichever is later. Your continued use of the Services after the effective date of any updated Policy constitutes acknowledgment of the updated Policy to the extent permitted by law.

If any change requires your consent under applicable Data Protection Laws, we will obtain that consent before the change takes effect for the relevant Processing activities. If you do not agree to an updated Policy, you should stop using the Services and, where applicable, close your Account.

We encourage Users to review this Policy periodically to stay informed about how we collect, use, disclose, and protect  Personal Information.