Privacy Policy

 

1.

 

Summary of how we use your data

1.1

BlackOwl uses your personal data to enable you to make a reservation or purchase a ticket at one of our participating restaurants and to allow us to provide you with support.

1.2

Where we rely on your consent, such as for direct marketing, technical support, software updates and analytics, you can withdraw this consent at any time.

 

 

2.

What does this policy cover?

2.1

This policy describes how The BlackOwl Group and its affiliates (also referred to as "BlackOwl", "we" or "us") will make use of your data in relation to any reservations made or tickets purchased at one of our participating restaurants. You can identify the relevant BlackOwl entity that hosts a particular site or app and is responsible for your information under this policy. In addition, we will use your data in order to provide help and support to you.

2.2

This policy also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.

 

 

3.

What information do we collect?

3.1

We collect and process personal data about you when you interact with us, our websites and our apps, and when you purchase goods and services from us. This includes:

 

3.1.1

your name, username and password;

3.1.2

date of birth;

3.1.3

your email address and phone number;

3.1.4

your home address;

3.1.5

your payment and delivery details, including billing address and credit card details, where you make purchases from us;

3.1.6

your IP address and browser location when visiting our website and at the time of purchase;

3.1.7

information related to the browser or device you use to access our website or apps;

3.1.8

your physical location when using our apps;

3.1.9

analytical information regarding your usage of our app; and

3.1.10

your marketing preferences, including any consents you have given us.

   

 

 

3.2

Our website and our apps include a text box which is designed for you to provide us with certain information regarding your dining preferences. You should be aware that any information that you provide to us in that text box may be shared with the relevant restaurant (as detailed in the "who will we share this data with" section, below).

3.3

In addition, we may receive personal data from sources other than you, such as from third-party websites, applications, services, restaurants and other third parties, including individuals who have added you as a guest to their reservation. If you are an existing BlackOwl user we may combine this information with information we have on you and use it for the purposes described below.

3.4

Safe operation and risk control verification: In order to ensure the safe operation of the software and services, prevent your personal information from being illegally obtained, prevent fraud and protect account security more accurately, we will collect your device information [including device model, device name, SIM card serial number, device unique identifier (including: IMEI, IMSI, AndroidID, IDFA, OAID), geographic location, storage (photo albums, media, and other files), language Settings, operating system and application version, network device hardware address (MAC address), login IP address, access mode, network quality data, mobile network information (including carrier name), product version number and software usage record information. If you do not agree with us to collect such information, risk control verification may not be completed. Please understand that in order to dynamically detect any abnormal login on your account, we may read it again every time you switch BlackOwl to the background or restart the program, and we will keep the read frequency within a reasonable range.

 

 

4.

How do we use this information, and what is the legal basis for this use?

4.1

We process this personal data for the following purposes:

 

4.1.1

Performance of a contract - To fulfil a contract, or take steps linked to a contract: this is relevant where you make a reservation or purchase a ticket from us. This includes:

 

4.1.1.1

verifying your identity;

4.1.1.2

taking payments;

4.1.1.3

communicating with you;

4.1.1.4

making a restaurant reservation for you, to put you on a waitlist or delivering to you a ticket that you have purchased; and

4.1.1.5

providing after-sales support to you.

4.1.2

Legitimate purpose - Where we have a legitimate interest. This includes:

 

4.1.2.1

where we use information you provide to personalise our website, products or services for you;

4.1.2.2

responding to or following up on your comments and questions;

4.1.2.3

where we monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;

4.1.2.4

monitoring use of our websites and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline; and

4.1.2.5

conducting research, analysis and analytics;

4.1.3

Consent - Where you give us consent:

 

4.1.3.1

we will send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected restaurant partners;

4.1.3.2

we place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used;

4.1.3.3

on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.

4.1.4

Required by law - For purposes which are required by law:

 

4.1.4.1

where we need parental consent to provide services to children under 16. However, most of our websites are not designed for children under 16.

4.1.4.2

in response to requests by government or law enforcement authorities conducting an investigation.

4.2

The age of majority is 21 years (in Indonesia). In those jurisdictions, we will require parental consent if you are below the age of majority.

4.3

In certain jurisdictions, consent is the primary ground on which personal data may be processed by an organisation. In those jurisdictions, processing personal data in connection with the performance of a contract or legitimate purposes is not recognised as an accepted ground on which personal data may be processed. Accordingly, if you are a resident in such a jurisdiction, you agree that consent will be the ground on which BlackOwl will process your personal data instead of performance of a contract or legitimate purposes.

 

 

5.

Withdrawing consent or otherwise objecting to direct marketing

5.1

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.

5.2

Please note that even if you opt-out of receiving marketing communications, we may need to send you service-related communications such as confirmations of any future reservation you may make.

 

 

6.

Who will we share this data with, where and when?

6.1

We will share your personal data with other companies in the BlackOwl group in order to provide reservation and support services to you.

6.2

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.

6.3

Personal data will also be shared with third party service providers, who will process it on our behalf for the purposes identified above. Such third parties include providers of customer and technical support services, logistics and delivery providers, and technology development partners.

6.4

Personal data will also be shared with restaurants when a reservation is made or if a ticket is purchased. This can include your name, email address, phone number, profile, time and date of visit, party size, dining preferences, special requests, guest information and other comments that you chose to submit to us.

6.5

We may also share with restaurants any feedback that we receive from you or any comments that you might submit through our site or our app. Any feedback or comments may be shared with or may be accessible by that restaurant so as to enable that restaurant to respond directly to you.

6.6

In the event that our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

6.7

Where information is transferred outside of your home jurisdiction, and where this is to a stakeholder or restaurant in a country that is not subject to an adequacy decision by the relevant regulator in your home jurisdiction, we will ensure that data is adequately protected by appropriate contractual clauses or binding corporate rules.

 

 

7.

How is your data protected?

7.1

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers, restaurants and agents is only on a need-to-know basis.

7.2

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

 

 

8.

What rights do I have?

8.1

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers, restaurants and agents is only on a need-to-know basis.

8.2

You have the right to ask us for a copy of your personal data; to correctdelete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.

8.3

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

8.4

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

8.5

To exercise any of these rights, you can get in touch with us – or our data protection officer (support@blackowl.id)– using the details set out below. If you have unresolved concerns, you have the right to complain to an appropriate data protection authority where you live, work or where you believe a breach may have occurred.

8.6

In order to make a restaurant reservation or to buy a ticket from us, the provision of certain information (for example your name, email address, telephone number, payment information and IP address) is mandatory to enable us to make that reservation for you or the sell you that ticket. If relevant data is not provided or if you require us to delete, restrict or cease the processing of that data, then we will not be able to reserve that restaurant for you or sell you the ticket.

8.7

For technical support the provision of certain information (for example your name or email address) is mandatory. If relevant data is not provided, then we may not be able to provide you with technical support.

8.8

All other provision of your information is optional.

8.9

Where you provide us with the personal data of any other individual, including any individual whom you might like to notify that a reservation at a particular restaurant has been made using BlackOwl's services, you confirm that you have notified the individual of the purposes to which you are providing BlackOwl with that third party's personal data and you have obtained the person's consent to providing BlackOwl with the person's personal data.

 

 

9.

How long will you retain my data?

9.1

Where we process personal data in connection with performing a contract (for example in relation to any restaurant reservation or the purchase of a ticket), we keep the data for 6 years from the date of the reservation or purchase.

9.2

Where we process personal data for site security purposes, we retain it for 12 months or such other long period as may be required in certain jurisdictions.

9.3

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.

 

 

10.

Links to other websites

10.1

Our website or apps may have links to other websites that are not owned or controlled by BlackOwl. We have no control over these third party websites and your use or the third party websites are subject to their privacy policy. Your use of the third parties' website is at your own risk. We encourage you to read the privacy policies of those third party websites.

10.2

In order to ensure the stable operation of BlackOwl App or achieve relevant functions, we may access software development kits (SDKS) provided by third parties to achieve the above purposes. Some third-party SDKS we access may involve collecting user information for providing services to users. We will evaluate the legality, legitimacy and necessity of the information collected by the third party, and require the third party to take measures to protect your information and strictly abide by relevant laws, regulations and regulatory requirements. We may need to adjust the third-party SDK we access in order to provide more services to users, ensure stability and quality of services, or upgrade related features. We will update you on this page about third-party SDK involved in collecting user information:

 

 

 

 

Third-party SDK source: Appsflyer

 

Collecting Personal Information Purpose/Purpose: Collect application page usage to improve product experience

 

Type of personal information to be collected: Common device information

 

Links to third party privacy policy: https://www.appsflyer.com/legal/privacy-policy/

 

 

 

Third-party SDK source: Xiaomi

 

Collecting Personal Information Purpose/Purpose: Push messages to users

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://dev.mi.com/console/doc/detail?pId=1822

 

 

 

Third-party SDK source: Huawei

 

Collect personal information Purpose/Purpose: Collect App crash information to help improve product stability

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://consumer.huawei.com/cn/privacy/privacy-policy

 

 

 

Third-party SDK source: Amap

 

Collection of Personal Information Purpose/purpose: Users select cities in mainland China using BlackOwl location-related services to locate their locations

 

Type of personal information to be collected: common device information, network connection information, precise location information (including network /GPS positioning and wifi positioning information)

 

Links to third party privacy policy: https://lbs.amap.com/home/privacy/

 

 

 

Third-party SDK source: Google Map

 

Collection of Personal Information Purpose/purpose: Users select cities in mainland China using BlackOwl location-related services to locate their locations

 

Type of personal information to be collected: common device information, network connection information, precise location information (including network /GPS positioning and wifi positioning information)

 

Links to third party privacy policy: https://policies.google.com/privacy

 

 

 

Third-party SDK source: Google Firebase

 

Collect personal information Purpose/Purpose: Collect App crash information to help improve product stability

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://policies.google.com/privacy

 

 

 

Third-party SDK source: Branch

 

Collecting Personal information Purpose/Purpose: Enables users to open BlackOwl applications in DeepLink mode

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://branch.io/policies/privacy-policy/

 

 

 

Third-party SDK source: Mixpanel

 

Collecting Personal Information Purpose/Purpose: Collect application page usage to improve product experience

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://mixpanel.com/legal/privacy-policy/

 

 

 

Third-party SDK source: Stripe

 

Collect Personal Information Purpose/Purpose: The way of payment within BlackOwl

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://stripe.com/zh-cn-us/privacy

 

 

 

Third-party SDK source: Alibaba

 

Personal Information Collection Purpose/purpose: For account security environment monitoring, and to provide small program services based on Alipay platform in BlackOwl App

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://terms.alicdn.com/legal-agreement/terms/suit_bu1_taobao/suit_bu1_taobao201703241622_61002.html

 

 

 

 

 

Third-party SDK source: OneSignal

 

Collecting Personal Information Purpose/Purpose: Push messages to users

 

Collect personal information: common device information and network connection information

 

Links to third party privacy policy: https://onesignal.com/privacy

 

 

 

 

 

 

11.

Changes to this policy

11.1

We reserve the right to update this policy from time to time by posting the updates to this policy on our site or app. Any updates will become effective immediately after posting and will apply to all information collected about you, or where required, upon your consent. You are free to decide whether or not to accept a modified version of this policy. If you do not agree to the modifications, you must cease further use of our site or app.

11.2

If we make changes that materially impacts previously collect personal data about you, we will obtain your prior express consent.