Privacy Policy

An artfully plated fish dish on a bed of greens
Who are we?

We are the Black Rock Restaurants group (“the Group”). Companies within our group operate our restaurants, The Salt Room Brighton, The Coal Shed Brighton, The Coal Shed London and Burnt Orange. Your personal data may be obtained and used from time to time by one of the Group companies, and some personal data held by Group companies will be shared with other Group companies for the purposes and on the terms set out in this Privacy Policy (“Policy”)

The companies forming part of the Group are as follows:

Black Rock Restaurant Group Ltd,
88 Boundary Road
East Sussex
COMPANY NO: 10676136

The Coal Shed Brighton
8 Boyces Street
COMPANY NO: 07636495
VAT NO: 116 2826 28

The Salt Room
106 Kings Road
COMPANY NO: 09188061
VAT NO: 199955913

The Coal Shed One Tower Bridge
Crown Square
COMPANY NO: 10537198
VAT NO: 263051824

Burnt Orange Bars Limited
59 Middle Street.

COMPANY NO: 12108851
VAT NO: 263051824

About this Policy

This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:

Under the Data Protection Act 1998, the General Data Protection Regulation (from 25 May 2018) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (and any laws which amend or replace these) (“Data Protection Law”), you have certain legal rights associated with information about you (“personal data”) and organisations which use (or “process”) your personal data have certain obligations.

More specifically, “Personal data” means information about a living individual which allows them to be identified, either from the data by itself or when the data is combined with other information held by the person who has it.

Each of our Group companies is a data controller under the Data Protection Law. We will use personal data we obtain about you in accordance with this Policy.

We are committed to ensuring that your privacy is protected, and your personal data is handled in a safe and responsible way.

This Policy is provided to aid you in understanding what we do with any personal data that is obtained from you. We endeavour to protect your privacy and any information we hold on you will be used only (i) for the purposes we originally collect it for (as explained in this Policy) and (ii) for other purposes which are compatible with those original purposes. We will update this Policy from time to time to explain how we use your personal data, including any new “compatible” purposes we decide to use your data for.

If you have any questions about this Policy, wish to correct any information we may hold on you, or want to exercise any of your rights under Data Protection Law, please contact the Group’s Data Protection Manager:


Or write to us at the address of the Group company (or restaurant) you have been dealing with. Our addresses are set out above.

You have the right to make a complaint about our use of your personal data at any time to the Information Commissioner’s Office (“ICO”). The ICO is the UK’s supervisory authority for data protection issues (

If you do have a problem, question or concern about our use of your personal data, we would appreciate the chance to try to help you before you approach the ICO. Please feel free to contact us in the first instance using the Data Protection Manager’s contact details above.

How do we collect information?

We may collect personal data about you in the following ways:

  • you use a website relating to one of our restaurants.
  • you make a booking for one of our restaurants (in person, on the telephone, or via the internet)
  • you make enquiries on our website, including using our contact forms to ask us a question, or asking us to add you to our mailing list to receive special offers and information.
  • you (or an agency or recruiter acting on your or our behalf) provide us with your details in relation to working with us.
  • you contact us using social media.
  • you use a third-party website or app to book a table –for example, OpenTable

you provide us with information when you visit the restaurant, which may include your name and contact details, or information about your preferences

What information do we collect?

We may collect the following information:

  • Name
  • Job title
  • email address
  • Telephone number
  • Preferences and interests
  • Other information relevant to event enquiries
  • Other information pertaining to special offers
  • Social media profile and online identifiers
  • Location data for web (including social media-based) enquiries
  • Billing information when taking deposits or securing bookings
  • Dietary requests
  • Survey responses
  • Health and allergy information

If you work with us or apply to work with us, we may collect:

  • Any information you provide to us on or in relation to a CV, including personal and contact details, employment, educational and salary history
  • Any information you provide to a recruiter or agency
  • References from previous positions

You may submit your CV if you’re interested in working for us to

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested:

  • We may not be able to agree, enter in to or perform a contract we have or are trying to enter into with you or a person or organisation associated with you (for example, booking a table or arranging an event for you)
  • If you are an employee, contractor, or applicant for a position with us, we may not be able to consider your application, provide you with payor benefits, or administer a contract for services or contract of employment with you.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (or any purpose which is not incompatible with those purposes), including for the purposes of satisfying any legal, accounting, or reporting requirements.

How we use your data:
  1. With companies within our Group
    We may share with our parent company and our sister restaurants (The Salt Room, The Coal Shed London, The Coal Shed Brighton and any other restaurants within the Group from time to time) We may share your information (such as meal or seating preferences and special occasions) with other restaurants in the same restaurant group. This is to enhance the hospitality experience that we Black Rock Restaurants provide you when you dine with us such as any allergies, seating preferences and to improve our table and shift planning.
  2. To Provide Services
    We use personal data collected from or about you for our own internal records, to provide you with specific services that you may have requested. We may use your personal details to inform you about additional services that may be of interest to you or to respond to a specific enquiry.
  3. To Improve Services
    We may use the information to improve our products and services.
  4. Marketing
    If you get in touch with us via our website or leave a comment / fill in a paper form, we will ask for your permission to provide you with special offers and promotions which may save you money and information about our food and restaurants by e-mail [or text message]. When we do so, we will give you the opportunity to decide which restaurants you want to hear about [and what sort of information we should provide –for example, special offers and promotions, new menu items, or new restaurants we open]. We will provide you with the option to stop receiving special offers and information from us by electronic means [either] by using an “unsubscribe” link [or responding to a text message].In some cases, we won’t ask you for explicit consent ourselves to send you information about our restaurants. Where you’ve dined with us or organised an event at one of restaurants, we may send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.We may also obtain information for these purposes from third-party applications and websites (for example, ResDiary or Opentable) which are legally entitled to share your information with us for these purposes.You always have the right to ask us to stop sending any kind of marketing information which is directed to you individually. Please contact our [Data Protection Manager], whose details are above and let us know if you do not want to hear from us.Please be aware that we may retain personal data about you even after you’ve told us you don’t want to receive marketing information from us. We may do this simply to ensure that we don’t inadvertently add you to our mailing lists again. We may also retain your data because we have another lawful basis for using it under the Data Protection Law(for example, if you dine with us again or organise an event at one of venues, you work with us, or we need to use your information for legal reasons).We may always use your personal data for marketing analysis without contacting you, in order to assess trends, measure traffic to our website and social media channels.
  5. Working with us
    If you apply or your details are submitted to us in connection with a role we have available, we will use your information to consider your suitability and fitness for a position and to take and consider references. We will use this information to assess your application. We may also keep it in our records for future reference.. During any period of work with us, we will provide you information separately about how we use your data to administer the relationship between us and the purposes for which we may use your data if you stop working with us.
  6. Social Media
    If you interact with us on social media, we may “like”, share, re-tweet or otherwise respond to your posts or interactions with us and we may use information about our social media interactions to understand our customers better and promote our restaurants.
  • Suppliers and contractors
    If we obtain goods and/or services from you and/or an organisation you’re associated with, we may use your personal data to contact you or your organisation to administer the relationship between us.We have set out below categories of data we process and, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

    • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender
    • Contact Data includes physical addresses, email address and telephone numbers, user data associated with third party apps and websites (e.g. usernames or other identifiers for an app you use to book a table)
    • Financial Data includes bank account and payment card details
    • Transaction Data includes details about payments to and from you and other details of products and services you have supplied to or purchased from us
    • Technical Data includes internet protocol (IP) address, any login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access any of our websites
    • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses on any website we operate (and similar information shared with us by third-party apps or websites you use, for example to book a table with us)
    • Usage Data includes information about how you use our website, restaurants or other products and services
    • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences
    • Special Category Data is data subject to special protection under Data Protection Law, including information disclosing your race or ethnicity, religious or political beliefs and health information
Purpose/Activity Type of Data Lawful basis for processing including basis of legitimate interest
To make a reservation or arrange a booking for an event. (a) Identity data
(b) Contact data
(c) Financial data (for credit and/or deposit purposes when arranging events)
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (c) Your consent
To fulfil our contractual obligations to and enforce our contractual rights with our customers and suppliers, including to
(a) Manage payments, fees and charges;
(b) Collect and recover money owed to us;
(c) Obtain goods and services from our suppliers;
(d) Provide goods and services to our customers
(a) Identity data
(b) Contact data
(c) Financial data
(d) Transaction data
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or Privacy Policy
(b) Contacting you about products or services we obtain from or provide to you or your employer
(a) Identity data
(b) Contact data
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how our products/services are used and received)
To administer and protect our business (a) Identity data
(b) Contact data
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how our products/services are used and received)
To administer a contract for services or contract of employment between us –we will provide you with further information about this when we collect information from you and during the course of our relationship) (a) Identity data
(b) Contact data
(c) Financial data
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to administer the economic relationship between us)
(c) Necessary to comply with a legal obligation (related to your work or workplace or our obligations under the law in relation to these)
To ensure that our diners’ health, religious and dietary preferences are respected (a) Identity data
(b) Contact data
(c) Special category data
a) Performance of a contract with you
(b) Necessary for our legitimate interests (to ensure a great dining experience)
(c) Necessary to comply with a legal obligation (protecting your health and welfare on our premises)
(d) Protecting your vital interests
(e) your consent (where we ask you for this in relation to special category data)
To make suggestions and recommendations to you about products or services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)

We do not use any form of fully automated decision-making.

We do not transfer your personal data outside of the European Economic Area(“EEA”)in the ordinary course of our business. Should we need to do so in exceptional circumstances, or should our practices change (for example, should we host data outside the EEA or should we obtain data from an application or website you use for bookings which keeps data outside the EEA) we’ll only transfer personal data outside the EEA in accordance with Data Protection Law.

Your Rights

You have rights under Data Protection Law in relation to your personal data. These are the rights to:

  1. Request access to your personal data
  2. Request correction of your personal data
  3. Request erasure of your personal data
  4. Object to processing of your personal data
  5. Request restriction of processing your personal data
  6. Request transfer of your personal data
  7. Right to withdraw consent

More details are set out below. If you wish to exercise any of the rights set out above, please contact our Data Privacy Manager.

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you in order to verify it is correct and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where we have no lawful basis under Data Protection Law for continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data. You have a limited right under the Data Protection Law to object to use of your personal data where we are relying on our legitimate interests (or those of a third party) as the lawful basis for using your personal data, and there is something about our use of personal data in your particular situation which you feel is contrary to your fundamental rights and freedoms. If you wish to exercise this right, you will need to explain why this is and we are not obliged by the Data Protection Law to stop using your data simply because you object. We may, for example, have another valid lawful basis for using your personal data. Even if we do not, we may determine that our legitimate interests or those of a third party give us compelling legitimate grounds to process your information which allow us to continue using it.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish your personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it because you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. If you work with us, it may also make it difficult for us to administer the relationship between us. We will advise you if this is the case at the time you withdraw your consent.


We take security seriously and we take precautions to keep your personal data secure. We have put in place appropriate physical, electronic and managerial procedures to safeguard the information we collect.

We have no control over the privacy of any communications while in transit to us. We recommend that you not include confidential, proprietary or sensitive information in paper or electronic communications.

In the unlikely event that we believe that the security of your personal data in our possession or control may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we would endeavour to do so as promptly as possible under the circumstances, and, to the extent we have your e-mail address, we may notify you by e-mail.

You are reminded that, in accordance with the Terms and Conditions for our websites, which refers to and incorporates our Policy (as updated from time to time), you are responsible for maintaining the strict confidentiality of any password, and you are responsible for any activity under any account and password associated with our websites or any third party service you use to book a table or event with us. It is your sole responsibility to control the dissemination and use of your password, control access to and use of your account, and notify us (in the case of accounts on our own websites) when you desire to cancel your account. We will not be responsible or liable for any loss or damage arising from your failure to comply with this obligation.

Use of cookies on our website:

In common with many websites, we use “cookies” to help us gather and store information about visitors to our websites. A cookie is a small data file that our server sends to your browser when you visit the site. The use of cookies helps us to assist your use of certain aspects of the site. You can delete cookies at any time, or you can set your browser to reject or disable cookies.

We primarily use information from cookies for the following purposes:

  1. Traffic monitoring, e.g., the IP address from which you access the site, the type of browser and operating system used to access the site, the date and time of your access to the site, the pages you visit, and the Internet address of the website from which you accessed the site.
  2. To register you in programs and to recognize your website preferences.
  3. To recognize repeat visitors for statistical / analytical purposes.
  4. Anonymous tracking of interaction with online advertising, e.g., to monitor the number of times that a banner ad is displayed and the number of times it is clicked.
  5. To compile and report to third parties (such as advertisers) aggregate statistics about our users in terms of numbers, traffic patterns and related site information.

We may also use clear gifs (also known as web bugs or web beacons), which are tiny graphics embedded in web pages and email messages that we use, in connection with cookies, to collect non-personal information from users to analyse site usage, manage content on the site, track visits to other related sites, and track the performance of online advertising.

We may also connect the information that we collect through cookies and clear gifs with other personal data that you provide to us in order to: customise or personalise your experience of the site; for example, so that we can greet you on the site by name; conduct transactions, such as credit card sales; monitor your use of our website(s) in order to make our communications to you as relevant as possible and for other marketing and advertising research purposes.

Disclosure of personal data

We value the security of your personal data and only share such information with third parties that provide adequate protection for such data. From time to time, we may disclose personal data to:

  1. Other companies within the Group.
  2. Third parties to whom you have provided your consent or who are your agents or legal representatives.
  3. Our service providers and subcontractors, which may include Group companies, , retained to perform functions on our behalf or to provide services to us, such as warehousing and delivery; marketing and advertising; credit card and data processing; age verification; software development; website hosting and management; information technology and office services; legal, accounting, audit and other professional service providers; and other services related to our business; and further, provided such service providers and subcontractors do not collect, use or disclose the personal data for any purpose other than to perform such functions on our behalf or to provide services to us or as otherwise required by law;
  4. Any person or entity, including our Group companies, in the event of a sale, merger, consolidation, change in control, transfer of substantial assets, financing, reorganization or liquidation of any or all of our Group companies, whereby we a third party (such as a purchaser of our business) information concerning your relationship with us, including without limitation, personal data that you provide and other information concerning your relationship with us; and
  5. Law enforcement, governmental or regulatory agencies, or other third party in order to comply with law or where we believe such action is necessary in order to comply with law or detect, protect or defend us and/or other third parties against error, negligence, breach of contract, theft, fraud and other illegal or harmful activity, to comply with our audit and security requirements, and to audit compliance with our corporate policies, procedures, legal and contractual obligations.


Our websites may contain links or references to other websites outside of our control. Please be aware that we have no control over these websites and our Policy does not apply to these sites. We encourage you to read the privacy information and terms and conditions relating to any linked or referenced websites you enter.

Changes to our Policy

We keep our Policy under regular review and will occasionally update this policy to reflect company and customer feedback. We will place any updates on this web page. This privacy policy was last updated on 12th April 2021.