We’ll only ever collect, use and share your information in ways that are described in this policy
We'll keep your information safe
We're committed to the confidentiality and security of the personal data you give us.
You're always in control
Update your profile and communication preferences at any time
About this policy
Along with our Terms and Conditions, this policy explains how we collect and handle your information across all of our websites, mobile apps and other services. We’ll review this policy from time to time to make sure it’s up-to-date. If we make changes, we’ll post the latest version here. When we make significant changes, we’ll let you know when you next access our services, or by other communications.
Why and how do we use your personal data?
We only use your information where you've given us your consent, where its necessary to deliver the services you've requested, where it’s necessary to exercise or comply with legal rights or obligations, or for normal business purposes of the kind set out in this policy.
When we need to do so to deliver our services or facilitate the performance of a contract you've entered – or are entering – into, such as making a booking with us or a restaurant.
To improve or optimise our services and to otherwise protect or further our legitimate interests. This includes pretty serious reasons like fraud prevention and security but also fun ones like product enhancement so we can keep making First Table even better for our diners.
What personal data do we collect?
Everyone who uses our services will have bits and pieces of information about them collected, stored and processed. However, we don't collect more information than we need.
How long do we store your personal data?
We only keep your data for as long as we need it, or are required to for legal reasons. We’ll then either delete it or anonymise it so it doesn’t identify you. We treat data differently depending on what it’s used for, but you can ask us to delete your personal data at any time.
When is your information shared with or collected by third parties?
We share your information only where you ask us to, where it’s a necessary part of doing business with you and providing you with the services, or where we need to for legal reasons. Restaurants you book with via First Table will collect your data in line with their own policies. Sometimes restaurants that advertise via our services may also collect your information. Finally, companies that help us deliver our services will also collect and use your data on our behalf.
Sharing personal data with third parties who process it only under our instruction
We share information relating to our users with selected third parties who provide us with a variety of different services that support the delivery of our services (let's call them "Third Party Processors"). These Third Party Processors range from providers of technical infrastructure to customer service and authentication tools. We require any Third Party Processor which handles information on our behalf to do so pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so).
Third Party Processors may be located in, or process your information, outside of the country in which you are based. Where our use of a Third Party Processor involves the transfer of personal data from within Europe to a location outside of the European Economic Area, we will put in place appropriate measures to ensure that the personal data is adequately protected in that location, most often by applying European Commission-approved standard contractual clauses alongside robust security checks.
The types of Third Party Processors we may share elements of your personal data with include:
- payment processors engaged by us to securely store or handle payments information, such as credit or debit card details, required for facilitating bookings with restaurants - for example, when you provide us with your credit or debit card details we store these in a PCI-compliant data vault provided by an industry-leading third party payment processor;
- providers of email management and distribution tools - for example, if you sign up to receive First Table newsletters or other marketing messages we will manage the delivery of these to you using a third party email distribution tool;
- providers of security and fraud prevention services - for example, we use these providers to identify automated software agents that might disrupt our services or to prevent misuse of our APIs;
- providers of data aggregation and analytics software services that enable us to effectively monitor and optimise the delivery of our services;
- providers of tracking tools that we use to monitor instances where you click on a link to a restaurant's website and redirect from the First Table platform to that restaurant's;
- providers of software platforms that assist us in communicating or providing customer support services to you - for example, we manage and respond to any messages you send to us via our help centre using a third party communications management tool;
- providers of recruitment management services - for example, when you apply for a job at First Table we use a third party tool to manage and store any information relating to your application;
- providers of online cloud storage services and other essential IT support services; and
- other companies within the First Table group, for the purpose of supporting the delivery of our services to you.
Sharing your information with third parties, or allowing them to collect it, for processing outside of our control
We will share personal data with third parties where you expressly authorise us to, such as where we run a promotion in conjunction with a partner and you instruct us to share your email address with that third party for the purpose of receiving promotional emails.
Certain information may also be collected from you by third parties such as advertisers, marketing networks and affiliates using cookies and similar technologies. For example your IP address and events relating to your activity like searches you have carried out or pages you have viewed on First Table may be collected and transmitted to these third parties to allow them to serve relevant advertising to you across the web. The information that is collected in this way will never include your name, contact details or other information that would enable you to be identified in the offline world.
Disclosing information for legal and other reasons
We may disclose your information where necessary to enforce our Terms of Service or other agreements, or to a prospective or ultimate buyer if First Table itself (or part of our business) is sold. We may also disclose your information if necessary to prevent, detect or prosecute illegal or suspected illegal activities, including fraud, or to prevent other damage or where necessary in response to legally binding requests, legal action against us, or to enforce our rights and claims.
How do we keep your personal data secure?
Safeguarding your privacy is embedded in our culture and we use a combination of industry-standard methods to protect it.
Keeping your personal data secure is our highest priority. We limit access to only those First Table group employees who have to come into contact with your information to do their jobs and deliver our services.
Unfortunately, no website or app can guarantee complete security but we have created an organisation-wide security programme designed to keep your personal data as safe as possible. It uses a range of technical, organisational and administrative security measures and best-practice techniques, depending on the type of data being processed. For example, the computer systems we use to store your data have access limitations and in-cloud based servers that use industry-standard disc encryption. We use TLS and HTTPS encryption to protect your personal data when we transfer it across the internet. And we carry out security assessments on Third Party Processors who handle your data.
To make sure we maintain a culture of ‘Privacy by Design’, we provide thorough data protection and privacy training to all First Table group employees. We develop our services with the goal of using the minimum amount of personal data possible, including through use of data minimisation techniques like anonymisation and pseudonymisation. Also, whenever we develop or update our services in ways that involve the collection or use of new forms of personal data, we conduct a privacy impact assessment to understand, and reduce, the likelihood of any unintended impact on you.
Where do we store your information?
Your data is securely stored in data centres around the world - the exact location depends on where you are when you use First Table. Your data will only be processed by suppliers who provide appropriate contractual safeguards for the information they process. Sometimes your data may be stored in countries with different levels of security to your own but we always make sure their standards meet ours.
We use a combination of cookies and other technologies such as pixels/web beacons and tracking codes to collect information for use in line with the purposes set out in this policy.
What are your choices and rights?
If you’ve got a First Table account, you can access, edit, download or delete the key personal data associated with your profile at any time by going to your Profile. From here you can also manage your subscription and marketing preferences.
You also have rights in relation to the personal data we have about you, which we explain in more detail below. You can exercise these rights by getting in touch with us via our Help Centre.
Who are we and how can you contact us?
First Table is provided by First Table Limited, a company registered in New Zealand.
First Table Limited is the Data Controller of any information collected from you by us.
Our company number is: 1984426
Our registered office address is: 18/193 Glenda Drive, Queenstown 9348, New Zealand.
The best way to contact us is via our Contact Us page.
Accessing your personal information
You have the right to ask us for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you have provided to us in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to First Table processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority.
If you are able to establish that any of your personal information which has been stored and recorded by us is not accurate, complete or up-to-date, then you should notify us and we will take all reasonable steps to correct the information so that it is accurate, complete and up-to-date.
Card data security policy
First Table uses secure third-party gateways to process credit card information and does not store or process credit cards itself.
Payments are processed by Stripe. Any credit card details stored for recurring payments are done so on Stripe's system. No credit card information is stored by First Table. Payments must be received prior to reservations being confirmed.
Join more than 500,000 diners who already ❤ First Table.Learn more
Join more than 1,400 restaurants who already ❤ First Table.Learn more