Skip to main content Skip to content

Privacy Policy

Last Updated: 3 November 2025

Five Rivers Rotisserie is committed to protecting your privacy and respecting your personal data. This Privacy Policy explains how we collect, use, and protect information when you use our website, join our Rewards Club, or subscribe to our newsletter. It also outlines your rights under UK GDPR and PECR.

1) Who we are (Data Controller)

Shamshad-NAR Limited (Company No. 16340582), trading as Five Rivers Rotisserie, 145–147 The Food District, Edgware Road, London, W2 2HR, United Kingdom.
Email: team@five-rivers-rotisserie.co.uk
For privacy matters, please contact our data lead at the email above.

2) The data we collect

  • Website visitors: device and usage data (pages viewed, referrers) and cookie preferences. Analytics only run if you accept non-essential cookies.
  • Rewards Club members: name, email, password (securely hashed), account activity (points earned/redeemed), and simple usage logs for fraud prevention.
  • Email subscribers: name (if given) and email address, plus subscription and unsubscribe preferences.
  • Customer support: details you provide when contacting us (e.g. order issue descriptions).

3) Why we use your data (purposes) & lawful basis

  • Provide services: to operate our site, Rewards accounts, and respond to queries. Lawful basis: contract or legitimate interests.
  • Rewards Club: to manage accounts, issue/redeem points, and prevent abuse. Lawful basis: contract; legitimate interests (security and fraud prevention).
  • Email marketing: to send news and offers if you opt in. You can unsubscribe anytime. Lawful basis: consent (PECR electronic mail rules apply).
  • Analytics & improvement: to understand site usage and improve UX. Lawful basis: consent (non-essential cookies only after acceptance).
  • Legal & compliance: to keep accounting and record-keeping obligations. Lawful basis: legal obligation.

4) Cookies and analytics

We use an explicit opt-in cookie banner to record your preferences. Non-essential cookies (like Google Analytics 4) only load if you click “Accept.” GA4 anonymises IP addresses and complies with UK data protection standards. You can change your choice anytime by clearing cookies or adjusting browser settings. See our Cookie Policy for details.

5) Where your data comes from

  • Directly from you: through sign-up forms, support messages, or in-store interactions.
  • Automatically: via your device/browser if you consent to non-essential cookies.
  • Third-party delivery platforms: If you order via Deliveroo, Uber Eats, or Just Eat, they are separate controllers. They may share limited details (order ID, items, timestamps) only to resolve issues.

6) Sharing your data (processors & recipients)

We never sell your data. We share only what’s necessary with trusted service providers (“processors”) who help us operate securely, such as:

  • Google Cloud / Firebase: to host Rewards accounts and authentication.
  • Email marketing platform: to manage newsletters and opt-outs.
  • Analytics provider: to measure website performance (only if you consent).

All processors are bound by data processing agreements and may only act on our instructions.

7) International transfers

If any service provider stores data outside the UK (for example, Google LLC in the USA), we ensure appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or equivalent clauses. Contact us for details of current safeguards.

8) How long we keep data (retention)

  • Rewards accounts: while active and for up to 24 months after inactivity, to investigate fraud or resolve queries.
  • Email subscriptions: until you unsubscribe; we retain a minimal opt-out record to ensure compliance.
  • Support communications: up to 24 months unless a longer period is legally required.
  • Analytics data: retained per our provider’s settings (typically 26 months) and only collected if you consent.

9) Your rights

You have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability where applicable. Where we rely on consent (e.g. marketing), you can withdraw it anytime by emailing team@five-rivers-rotisserie.co.uk.

10) Children’s data

Our services are not directed at children under 16, and we do not knowingly collect their data. If you believe a child has provided personal data, please contact us and we will delete it.

11) Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, password hashing, and supplier security reviews.

12) Marketing choices

You can unsubscribe from marketing emails anytime via the link in our emails. We will continue to send essential service messages (e.g. account or transaction notices) as needed.

13) Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk.

14) Changes to this policy

We may update this policy periodically and will post the new version here with an updated “Last Updated” date. Material changes may also be highlighted on our site.

Burger Chicken Drinks Falafel Fries Halloumi Sauce Pots Rice Salad