Privacy Policy
Last update: January 1, 2020.
This Privacy Policy applies to The ONE Group Hospitality, Inc., The ONE Group, LLC, and all subsidiaries and affiliates (collectively, “The ONE Group”, “we”, “us”, and “our”).
The One Group is committed to ensuring the privacy of your data. We are further committed to preventing unauthorized access to that data. Our Privacy Policy details what data is collected from our customers, users, business representatives, and others and explains how we use it, how it is stored, and your choices related to our use of your data.
Who we are
The ONE Group, (“The ONE Group”) is a global leader in the hospitality industry that develops and operates upscale, high-energy restaurants and lounges and provides hospitality management services for hotels, casinos and other high-end venues both nationally and internationally. The ONE Group’s iconic restaurant brands include STK®, Benihana®, RA Sushi®, Salt Water Social®, Samurai®, and Bao Yum®
and Kona Grill®. The One Group also operates ONE Hospitality, a signature turn-key food and beverage service. In association with its restaurants and business, The One Group operates the following websites: https://togrp.com/, https://stksteakhouse.com/, and https://www.konagrill.com/, (“Sites”).
The ONE Group is based in the United States and holds an outstanding reputation in the industry and has received excellent reviews from food critics. The ONE Group respects your privacy and takes safeguarding personal data seriously. Please read the following to understand the privacy practices of The ONE Group.
Definition
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Under specific laws, personal data may include any information relating to a household.
Personal data process
We process personal data that (a) you actively submit to us, (b) we receive from third parties, (c) we obtain for marketing purposes for business opportunities, and (d) we collect automatically. We may process your personal data with or without automatic means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of your personal data. We do not sell the personal data we collect to other parties.
Actively submitted data. You submit personal data to us when you reserve a table, place an online order, purchase a gift card, register an account with us, submit completed forms through our websites, or engage in other interactions or communications with our organization. We process name, email address, phone number, address, and invite you to receive ongoing communication in the form of newsletters and product offerings. We also request a form of payment such as a debit card and credit card and invite you to save the payment method for future transactions. Please note your debit card and credit card information is processed by a third-party payment processor. You will be limited in the use of certain features such as table reservations or online orders if you do not provide a payment method. You may provide us with additional information to participate at your own initiative in surveys, feedback comments or other interaction including promotions. You may also choose to interact with social media and similar services and provide us feedback. Participation is optional. If you do not wish to participate in, or provide personal data in connection with such activities, this will not affect your account status or ability to use available services. In each such case you will know what personal data you provide us with because you actively and voluntarily submit the data.
Data received from third parties. Some content or applications associated with our Services may be provided by third parties, such as the reservations feature provided through OpenTable and other reservation service providers. Our Services also connect with social media and like services such as Facebook, Twitter, LinkedIn and Instagram, where we may receive personal data in relation to your interactions.
Data obtained for marketing purposes for potential business partners, clients, franchisees and customers. We obtain marketing data that we use to reach out to inform representatives potential business partners, clients, franchisees, and customers of The ONE Group Services and to advance business opportunities. The personal data collected generally includes the representative’s name, email address, phone number, job title, and the name of the organization they represent.
Data collected automatically. We collect non-personal information that is technical in nature, such as device type, browser and domain, website navigation, and track activity and navigation on The ONE Group Services so we can personalize your experience and improve our services.
Personal data not actively collected or processed. We do not actively collect or otherwise process personal data from minors. The age of a minor varies by country. For the purposes of personal data collected from the European Union, the age of a minor is under age sixteen (16). We do not actively collect or otherwise process personal data relating to criminal convictions and offences. We do not actively collect or otherwise process personal data revealing racial origin, ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
California Consumer Privacy Act. Pursuant to the § 1798.110 of the California Consumer Privacy Act (“CCPA”) the categories of personal information we have collected about consumers in the preceding 12 months are:
Identifiers such as a real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers;
Commercial information, including products or services purchased;
Internet or other electronic network activity information, including, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement; and
Professional or employment-related information.
Tracking technologies, cookies and clear gifs
We use tracking technologies, cookies and clear GIFs to collect information. Tracking technologies are used to collect information from your web browser through our servers or filtering systems when you visit any of our sites.
Cookies store small text files onto a user’s computer hard drive with the user’s browser, containing the session ID and other data. Cookies enable a web site to track a user’s activities on the website for the following purposes: (1) enable essential features; (2) provide analytics to improve website performance and effectiveness; (3) store user preferences; and (4) facilitate relevant targeted advertising on advertising platforms or networks. Users are free to change their web browsers to prevent the acceptance of cookies. Cookies may also be set within emails in order to track how often our emails are opened.
A clear GIF is a transparent graphic image placed on a website. The use of clear GIFs allows us to monitor your actions when you open a web page and makes it easier for us to follow and record the activities of recognized browsers. Clear GIFs are used in combination with cookies to obtain information on how visitors interact with our websites.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites. We collect this information to better understand how you use and interact with our sites in order to improve your experience. We also collect this information to better understand what services and marketing promotions may be more relevant to you. We may also share this information with our employees, service providers and customer affiliates.
You can change your web browser settings to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, you may not be able to use some sections or functions of our sites.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
Purposes for processing personal data
We process your personal data to enable restaurant reservations, process online orders, operate gift card and rewards programs, and fulfill our contractual obligations in our service contracts with our business partners, clients, franchisees and customers. We also process personal data to operate our Services and for administrative and other business purposes, such as: sales leads, subscription services, payments, employee training, marketing, data analysis, security monitoring, auditing, research, to exercise legal rights, and to meet tax and other regulatory requirements.
In this context, the legal basis for our processing of your personal data is either the necessity to perform contractual and other obligations, our legitimate business interest as a provider of hospitality services, regulatory requirements, or in some instances your explicit consent. Where we process personal data to comply with various laws, we base our processing on the necessity for us to comply with our legal obligations.
Sharing of personal data
We share your personal data with other parties in the following circumstances:
Affiliates and Franchisees. We may share personal data with a parent company, franchisees, subsidiaries, joint ventures, or other companies under common control with us.
Third-Party Service Providers. We may share personal data we collect about you with third-party service providers to perform tasks on our behalf in supporting the Services. The types of service providers, or sub-processors, to whom we entrust personal data include: (i) providers of reservation services; (ii) providers of online order and checkout services; (iii) payment providers; (iv) providers of hosting services; (v) sales and marketing providers; (vi) providers of security services; (iv) providers of analytic data services; and (v) providers of survey services.
Social Media and Similar Services. Our Services include integration with social media features, such as the Facebook “Like” button and other widgets, such as the “Share” button or interactive mini-programs provided by third-parties. Information is shared when you interact with these social media and similar services.
Regulatory Bodies, Public Authorities and Law Enforcement. We may access and disclose your personal data to regulatory bodies if we have a good-faith belief that doing so is required under regulation. This may include submitting personal data required by tax authorities. We may disclose your personal data in response to lawful requests by public authorities or law enforcement, including to meet national security or law enforcement requirements.
Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. Should such an event occur, The ONE Group will endeavour to direct the transferee to use personal data in a manner that is consistent with the Privacy Policy in effect at the time such personal data was collected.
Other Disclosures. We may also disclose your personal data to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the resource, of any individual, or of the general public; to maintain and protect the security and integrity of The ONE Group Services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; or to investigate and defend ourselves against third-party claims or allegations.
California Consumer Privacy Act. Pursuant to the § 1798.115 of the CCPA the categories of personal information we have disclosed about consumers for a business purpose in the preceding 12 months are:
Identifiers such as a real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers;
Commercial information, including products or services purchased;
Internet or other electronic network activity information, including, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement; and
Professional or employment-related information.
Links to other websites
The websites operated by The ONE Group may contain links to third-party website that are not owned or controlled by The ONE Group. We have no control over the content, privacy policies, or practices of any third-party website. You are subject to the policies of those third-party websites where applicable. We encourage you to review the privacy policies of these third-party websites before you disclose your personal data.
Personal data security
The ONE Group uses technical and organizational measures to protect the personal data we store, transmit, or otherwise process, against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. We regularly consider appropriate new security technology and methods as we maintain and develop The ONE Group Services. However, please keep in mind that no method of transmission over the internet or electronic storage technology is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
Retention of personal data
The ONE Group retains personal data for a reasonable time period to fulfill the processing purposes mentioned above. Personal data is then archived for time periods required or necessitated by law or legal considerations. When archival is no longer required, personal data is deleted from our records.
If you have registered an account with us, we retain your account information for your future use as long as your account is active. If you have not used your account for an extensive time period, we reserve the right to deactivate and delete that account. You will have an option to register a new account with us at your convenience.
We continue to retain personal data that we are required to retain in order to meet our regulatory obligations including tax records and transaction history. We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that personal data is only stored and archived in alignment with our retention policy.
Data storage and international transfer
Your personal data may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal data to us, we may transfer your personal data to the United States and process it there. Where we transfer your personal data, we will take all reasonable steps to ensure that your privacy rights continue to be protected.
In the case of transfers of data out of Europe, we endeavor to utilize third-party service providers from the United States that have certified with Privacy Shield or alternatively provide adequate protections that are compliant with the EU General Data Protection Regulation (“GDPR”) such as implementing Standard Data Protection Clauses or Binding Corporate Rules.
Personal data rights
If you have an account with us, we rely upon you to keep your personal data up to date. You may edit your profile information and may also choose to disable your account at any time through your account settings.
Where we rely upon consent as a legal basis for processing, you may withdraw your consent at any time. Please note the withdrawal of your consent does not affect the lawfulness of processing based on consent before withdrawal.
For communications provided under our information services, such as newsletters, or for other email communication of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. In addition, we may be contacted directly to unsubscribe. Our contact details are provided at the end of this Privacy Policy.
Individuals in the European Economic Area, United Kingdom, and Switzerland have certain rights which may be subject to limitations and/or restrictions. These rights include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) ask for a copy of their personal data to be provided to them, or a third party, in a digital format. If you wish to exercise one of the above-mentioned rights, please send us your request to the contact details set out below. Individuals also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.
Rights under the CCPA may also apply to certain individuals and households. These rights include the right to: (i) know what personal information is being collected about them, (ii) know whether their personal information is sold or disclosed and to whom, (iii) say no to the sale of personal information (iv) access their personal information, and (v) equal service and price, even if they exercise their privacy rights.
You may also contact us with your personal data inquiries or for assistance in modifying or updating your personal data and to exercise additional applicable statutory rights. We respect the privacy of all individuals and invite you to submit your requests, irrespective of where you reside. Our contact details are provided at the end of this Privacy Policy.
Effective date and amendments
This document is effective as of the date indicated at the top of this Privacy Policy under “Last update”. This document may be amended from time to time.
CONTACT INFORMATION
If you would like to contact us with questions or concerns about this Privacy Policy, our privacy practices, or would like to exercise your privacy rights, you may contact us via any of the following methods:
Email: [email protected]
Toll-free Number (USA): To be provided
Mailing Address:
Attn: Privacy Officer
The ONE Group
1624 Market Street, Suite 311
Denver, CO 80202
Phone: +1 (646) 624-2400