OpenTable Privacy Policy

Last Updated: July 16, 2024

 

This Privacy Policy describes how OpenTable, Inc. and its subsidiaries (collectively, “OpenTable,” “we,” “our” or “us”) collect, use, process and share personal information. This Policy applies to visitors and users (individually, “you”) of OpenTable’s websites, applications, social media accounts, and other services (collectively, our “Services”). If you are a restaurant customer, service provider, or other partner, please view additional information in our Restaurant Privacy Policy, available here.The OpenTable company that hosts a particular Service and is responsible for your information under this Policy can be found here. Your use of our Services is also subject to the OpenTable Terms of Use.

As a leading brand for booking online restaurant reservations, OpenTable helps connect diners and restaurants. This involves sharing personal information with third parties, including restaurants, restaurant groups, and restaurant affiliates, amongst others. In some cases, these third parties may collect personal information directly from you and share it with us.

 

OpenTable is part of the Booking Holdings Inc. corporate group, which includes Booking.com, KAYAK, Priceline, Agoda, and Rentalcars.com (collectively, “our group companies”). In some cases, we receive personal information from our group companies, and we share personal information with our group companies.

 

For more information about the information we share with third parties and the recipients of such information, please refer to the How We Share Your Information section of this Policy. Please note that this Policy does not otherwise cover the use of personal information by third parties or their services, and we do not take responsibility for their privacy practices.

You may have certain rights or choices that relate to your personal information, including choices about how we share your personal information with others. For more information, please refer to the Your Choices and Rights section of this Policy.

Overview

When you use or visit our Services, we collect information directly from you (e.g., when you search for or make an online reservation). We may also generate information about you (e.g., information about your device while you use our mobile application). In some cases, we also obtain personal information from third parties (e.g., restaurants, business partners, our group companies, or other third parties).

Learn more

We use your information to provide our Services, tailor your experience, show you bookings and transactions made through OpenTable and our group companies, send you marketing communications, provide you with more relevant advertising and offers that may be of interest to you, and for other purposes described below.

Learn more

We share your information with restaurants and restaurant affiliates; with our group companies); with our service providers (including payment processors); with other business partners (including advertising partners); with social networking services; with third-party services or applications you use to log into your OpenTable account; and others as described below. We share information to provide and improve our Services, for our own marketing purposes, to facilitate offers and advertising from others that may interest you, and for other purposes as described below.

Learn more

We maintain technical, administrative, and physical security measures designed to protect your information. We may retain your information for as long as your account is active and for a period of time thereafter to allow you to re-activate your account without loss of information, and as necessary for purposes described below.

Learn more

We use cookies and similar technologies to help provide our Services, offer you a more personalized user experience and market our and third parties’ products and services to you.

Learn more

You have choices about your information, and in some circumstances, you may be able to opt-out of receiving marketing communications, change your communication preferences, access and update your information, update location sharing options, exercise choices regarding cookies, and/or opt-out of certain sharing of information with third parties (including our group companies, restaurant groups and restaurant affiliates, and other business partners). These choices and other rights you may have are described in more detail below.

Learn more

If you are a California resident, you can find additional information regarding our data handling practices in this section. This section describes how we handle your information, certain rights you have with respect to your personal information, and how you can exercise your rights under applicable law.

Learn more

Some users may be eligible to participate in rewards programs that offer financial incentives. This section describes generally how these programs work.

Learn more

We operate internationally, and information about you may be transferred to, or accessed by, entities located in countries outside of your home country. To protect your information, any such international transfers will be made in accordance with applicable law.

Learn more

Our Services may contain links to other websites or services that are not owned or controlled by OpenTable, including links to websites of restaurants and restaurant affiliates, our group companies, and other business partners (including advertisers).

Learn more

Our Services are not directed at or intended for use by children, nor do we knowingly collect information from children under 16 years of age.

Learn more

We update this Policy from time to time, and changes will be effective when posted (as identified in the Policy).

Learn more

If you have any questions about this Policy or the way your personal information has been used, please contact us at privacy@opentable.com or using the contact details set out below.

Learn more

I. INFORMATION WE COLLECT AND USE

“Personal information” is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you. For purposes of this Policy, there is no meaningful distinction between the terms “personal information” and “personal data.”

Personal Information We Collect Directly From You. As you visit or use our Services, we collect the following categories of personal information directly from you:

  • Personal details (such as your name and birthday)
  • Contact information (such as email address, postal address, phone number)
  • Dining information (such as primary dining city; current and past restaurant reservation details; dining preferences; favorite restaurants; special restaurant requests; dining activity, including frequency, restaurants, restaurant type, meal type, and cancellations)
  • Account information (such as account settings and passwords)
  • Social media data (if you choose to link your OpenTable account with a social media account, we may collect personal information such as name, age, gender, photograph, and other personal information relating to your social media account)
  • Billing information (such as credit, debit, or other payment card information, as may be required to use certain Services)
  • Your contacts (such as contact information of people you add to, or notify of, your restaurant reservations through our Services)
  • Your preferences (including survey and marketing responses)
  • Photos of you (such as if you add a photo of yourself to your profile, upload photos to a review or restaurant’s profile, or link your social media account to your OpenTable account)
  • Communications you send us (such as customer support, messages or communications to us or with restaurants through our app or other platforms, and other requests you make through our Services and through restaurants)
  • Restaurant reviews and content (including reviews, photos, your name and, other information you provide through our Services)
  • Promotion information (if you choose to participate in a contest, sweepstakes, or similar campaign, we will collect any information you provide in relation to such activity, such as photos, images, captions, or other content, in accordance with the terms provided at that time)
  • Other information you may provide (including other information you provide about yourself or others through our Services or to which you provide us with access via third-party platforms

You may choose not to provide some of the personal information described above. Please note, however, that many of our Services require some personal information to operate, so if you choose not to provide the personal information necessary to operate and provide you with a particular Service or feature of that Service, you may not be able to use that Service or feature.

 

Sensitive Personal Information. We do not proactively collect sensitive personal information, such as health-related information. However, our Services include text boxes that are designed for you to describe certain details about your dining preferences that you want us or restaurants to know. Please be aware that information you freely submit in these boxes may reveal to us or to the restaurants or restaurant affiliates with which we or they share information (as detailed in the How We Share Your Information section, below) certain information that may be considered sensitive personal information under applicable law (for example, about any allergies or dietary restrictions). We do not use this information for the purpose of marketing or advertising products to you. In addition, certain features of our Services may prompt your device or browser to request access to your precise geolocation information, which may be considered sensitive personal information. We do not process precise geolocation absent you granting permission through your device or browser. Sensitive personal information you voluntarily submit is processed on the basis of your consent, which you may revoke at any time by contacting us at the details set out in the How to Contact Us section below.

 

Personal Information Generated By Us. As you use our Services, we generate certain personal information about you, including through automatic data collection and by inferences based on the information we collect about you and your activity. We may automatically collect information about your interactions with the Services or communications you receive (such as email) using certain technologies, such as cookies, web beacons and other technologies (see our Cookies and Interest-Based Advertising Policy for more details). We generate the following categories of personal information about you:

  • Device information. When you visit or use our Services, we automatically collect certain information about your device (e.g., your mobile device, computer, or tablet), including information about your hardware and software, device configuration, and nearby networks. Such data may include data about your device operating systems, browsers, and other software installed on your device; device identifiers, such as IP address, IMEI number, MAC address, or other device identifier; country of origin, region and language settings; and information about domain servers and wireless or network access points near your device.
  • Usage and performance information. We also automatically collect personal information about your usage of the Services, including information about your searches or interactions with features of our Services; sites or restaurant pages visited; booking path; access times; and performance of our Services.
  • Location information. If you use our Services, we automatically collect generic location information about you (such as city or neighborhood) or, with your consent, precise geographic location data from your mobile device when the app is running and when it is not running, depending on the choices you make when you are asked to consent to our collection of location information. For example, we may receive this information when you select restaurant search locations, enter your local dining city in your account profile, when you are in proximity to certain beacons, choose to publish your location in reviews you leave for restaurants on the Services, or in your comments or other communications with us. When precise geographic location data is not available we may use GeoLite2 Data provided by MaxMind (available from https://www.maxmind.com) or other service providers to determine your approximate location. We may use and store this information to provide and improve features of our Services, for example, to tailor our Services on a needs-based manner to better facilitate your requests and to provide you with more relevant content about restaurants in your dining city or cities you visit. Please see the Your Rights and Choices section below for more information about how to adjust your preferences, including those related to location information.
  • Inferences about you. We combine the information we collect, generate, or otherwise obtain to draw inferences about your preferences and interests in order to provide and personalize our Services and tailor the offers we and our partners provide to you.

 

Personal Information We Obtain from Third Parties. We may also receive certain categories of personal information from third parties, such as third-party websites, applications, social media networks, and services (which may include publicly-available sources; each of these is a “third-party platform”), our group companies, restaurants, and other third parties, including individuals who have added you as a guest to their reservation. If you are an existing OpenTable customer, we will combine this information with information we collect through our Services and use and share it for the purposes described below. The categories of personal information we may obtain from third parties include:

  • Your name
  • Email address or other contact information
  • Social media data, if you connect to our Services using a social media third-party platform or interact with OpenTable by liking or commenting on our social media pages or content, or if any of your social media data is available to the public, we may receive information from that social media third-party platform or a third-party service about those interactions and your profile
  • Browsing, usage and advertising details, including how you use our Services and/or third-party websites, applications, and services; and information relating to your interactions with our advertising and marketing materials
  • Purchase Information, including information from point-of-sale devices at certain participating restaurants (such as items ordered, bill total, and time spent at the restaurant), information about travel accommodations and bookings you make through our group companies (for example, if you book a hotel stay through one of our group companies, we may receive the general location of your accommodations and use that information to provide nearby restaurant recommendations); or purchase information for other business partners and affiliates, such as food delivery partners
  • Information from restaurants, including information that certain participating restaurants provide us about diners (for example, if you eat at a hotel restaurant as a hotel guest, restaurants are able to flag that you are a guest at that hotel, or if you eat at a chain of restaurants, those restaurants can flag whether you have a loyalty card or other information about interactions with those restaurants)

 

Aggregate Information. We aggregate personal information collected directly from you, information generated about you by us, and information obtained from third parties (with your consent, where required) with personal information collected about other users in order to produce general statistics that cannot be linked to you or any other specific user. Information that has been aggregated and de-identified is no longer considered “personal information” and may be subsequently used for any purpose.

Anonymized Information. We may process information that cannot be linked to you or any other specific user using any means available to us, either because it was collected anonymously or has been subsequently anonymized. Information that is anonymous or has been anonymized is no longer considered “personal information” and may be subsequently used for any purpose.

 

II. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes (“Purposes”), to:

  • Provide the Services, which includes providing you with the services, products, and functionality offered through our Services and fulfilling your requests, including but not limited to: making reservations, reviewing restaurants, paying for services or events, joining waitlists, and notifying people you add to or notify of your restaurant reservations through the Services
  • Authenticate your account credentials and identify you, as necessary to log you in to the Services and ensure the security of your account
  • Communicate with you about your account or use of our Services, products, and/or functionality; respond to, or follow up on, your comments and questions; and otherwise provide customer service (see below for more detail on Electronic Communications)
  • Enable communications with restaurants through our app or other platforms through our direct communications feature, which we make available through our Services, including reviewing, scanning and analyzing your communications to restaurants for security purposes, fraud prevention, compliance with legal and regulatory requirements, investigations of potential misconduct, product development and research, and customer or technical support
  • Send you marketing communications, including communicating with you about services or products offered by OpenTable, our group companies, or our business partners and other marketing communications that we believe you would be interested in, as permitted by law (see below for more detail on Electronic Communications and Your Choices and Rights)
  • Operate and improve our Services and develop new products and services, including using analytics to better understand how you use our Services for purposes of product, website, application and service development and to enhance the user experience
  • Show your purchases and bookings made through the websites, applications, and services of our group companies on your account page
  • Process and deliver contest entries and rewards
  • Authenticate your credit or debit card account information
  • Provide services, products, and information to restaurants, including restaurant groups and restaurant affiliates
  • Tailor your experience with our Services, such as by making inferences or combining different pieces of information we have collected about you to suggest restaurants that you may be interested in or otherwise tailor our Services to you according to your preferences or restrictions. For example, if you frequently search for or book Italian restaurants or restaurants with outdoor seating in your home city, we may prioritize Italian restaurants with outdoor seating in your search results when you look for reservations in another city
  • Provide you more relevant advertising on and off our Services, including to show you personalized offers on and off our Services. For example, if you frequently search for or book reservations at Italian restaurants in a particular city, we may display advertising for a local Italian restaurant to you on our Services or work with our business partners to display advertisements for local Italian restaurants to you on other websites you visit
  • Protect against, investigate, and deter fraudulent, unauthorized, or illegal activity
  • Comply with our policies, procedures and legal obligations, including complying with law enforcement or government authority requests, addressing litigation-related issues, and exercising rights or obligations conferred by law
  • As otherwise consented to by you and as required or permitted by applicable law. If you give your consent to any further use of personal information, you can withdraw that consent at any time by contacting us using the details set out below.

 

We may use artificial intelligence (“AI”) tools, including machine learning and generative AI tools to process your personal information. You have choices about your personal information, and in some circumstances, you may have the right to opt-out or object to our uses of your personal information for these Purposes. For more information, or to exercise these or other rights (where available), see the Your Choices and Rights section below.

 

Electronic Communications. Consistent with the above Purposes and as permitted by applicable law, we may communicate with you via electronic messages, including email, text message, or mobile push notification to:

  • Send you information relating to our products and Services. This may include reservation and waitlist confirmations, reminders and updates, receipts, technical notices, updates, security alerts, and support and administrative messages.
  • Send you marketing communications. In other situations, subject to the Your Choices and Rights section below and applicable law, we may communicate with you about contests, offers, promotions, rewards, upcoming events, and other news about products and Services offered by OpenTable, our group companies, restaurants, and other business partners.

 

With your consent, where required, we may contact you at the mobile phone number that you provide to us by way of direct dial calls, autodialed and prerecorded message calls, text messages and push notifications in connection with the above Purposes.

 

Our Role as Data Controller and Data Processor. For purposes of European Union law and similar data protection regimes, we generally act as a data controller, meaning we determine the purposes and means of processing your personal information through our Services. Under certain OpenTable programs, however, restaurants may engage us to provide them with certain processing services related to information owned or controlled by the restaurant. We seek assurances from restaurants that they will process information in accordance with applicable laws, but we are not responsible for any restaurant’s use of information (including information used by its affiliates and service providers) for which it is an owner or controller. To learn more about how a restaurant may use such information, you should review its privacy notice.

 

Processing Bases and Consequences. When we process your personal information, we rely on the following legal bases:

  • Performance of the contract we have with you such as if you use our Services to make a restaurant reservation, we will use your information to carry out our obligation to complete and administer your reservation by sharing your information with the appropriate restaurant.
  • Compliance with legal obligations to which we are subject such as tax obligations, and when we are obliged to comply with lawful requests from competent authorities such as law enforcement.
  • To serve our legitimate interests such as tailoring your experience with our Services, carrying out online advertising, and for fraud detection, provided that such processing does not outweigh your rights and freedoms. The processing may also be pursuant to other applicable legal bases for data processing especially provisions set out under local law. Where we use personal information to meet our legitimate interests, we take steps to ensure that your rights with respect to your personal information are not infringed. You can contact us using the details set out in the How to Contact Us section below for more information about the steps we take to ensure these rights are not infringed. You also have the right to object to such processing as described in the Your Choices and Rights section below.
  • Consent. To the extent that a legal ground described above would not apply to processing of your personal information by us, we will seek your consent for such specific purpose in accordance with applicable law (such as sending direct marketing messages by electronic means, like email, without an exception from the requirement to obtain consent).

III. HOW WE SHARE YOUR INFORMATION

We disclose the personal information we collect (or otherwise generate or obtain) as follows:

  • With restaurants and restaurant affiliates. We share your information with restaurants and their affiliates to provide the Services (such as connecting diners with restaurants to make an online reservation and sharing your dining activity and history, preferences, requests, restrictions, and other information with the restaurant) and for the restaurant or restaurant group’s own purposes, which may include marketing or advertising purposes (see below for more detail on Sharing with Restaurants and Restaurant Affiliates).
  • With our group companies. We share your information with our group companies, including but not limited to for the Purposes described above, to provide you with integrated products and services, and for our and their marketing purposes (see below for more detail on Sharing with Our Group Companies).
  • With other business partners. We share information with other third-party business partners for our and their own marketing purposes, including sharing with online advertisers or advertising technology (“ad tech”) companies to provide you with targeted advertising and marketing communications, where permitted under law (see below for more detail on Sharing with Our Business Partners).
  • With social networking services. We share (or facilitate your sharing of) your information with social networking services when you use our Services to connect and share your information publicly or with friends, or when you use our Services to connect with us on, share on, or use third-party social networking platforms and services (see below for more detail on Sharing with Social Networking Services).
  • Third-party services or applications you use to log into your account. If you use a third-party service or application (e.g., Facebook) to log into your OpenTable account, we share certain personal information with that third party, such as your name and email address.
  • Reviews you submit. If you provide us with a review of your restaurant reservation, you authorize us to publish it on all our Services under your name, to aggregate your review with other reviews, and to share it with restaurants.
  • Messages and other communications you submit to restaurants. If you submit a message or other communication to a restaurant through our Services, you authorize us to share your message or communications with the relevant restaurant, and you authorize the restaurant to respond to you through our Services.
  • To process payments. We require credit or debit card information to make payments at certain restaurants, to secure your reservation, purchase tickets to events, or purchase other products or services, in which case we share your payment information with restaurants, third-party payment processors, and other third-party service providers (such as fraud detection services) (see below for more detail and additional terms regarding Sharing to Process Payment Information).
  • With other service providers. We share information with third-party vendors, consultants, and other service providers who perform services or functions on our behalf (see below for more detail on Sharing with Other Service Providers).
  • In the event of a corporate transaction. We may disclose or transfer your information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding.
  • To protect rights and property. We may disclose your information to third parties when we believe in good faith that disclosure is necessary to protect our rights, our property, the integrity of the Services, personal safety, or the interests of you or any other person, and to detect, prevent and/or otherwise address fraud, risk management, security or technical issues.
  • To comply with and as required by law. We may disclose your personal information to government authorities or other relevant third parties in order to comply with applicable legal requirements, judicial proceedings, court orders, legal process, or lawful requests from governmental authorities. Additionally, we or our restaurant partners may be required to disclose certain information to local government health authorities as part of contact tracing programs related to COVID-19 or similar events. Please note that OpenTable does not store or retain health information collected in this context for OpenTable’s own purposes.
  • Aggregate information. We share aggregate statistical data for the improvement of our Services. We may also share aggregate or de-identified information with third parties at our discretion.
  • At your request. We also share your information as directed or requested by you, or subject to your consent.
  • Enable Community Sharing. When you enable our community sharing feature, you may invite friends and family to your OpenTable reservations and share your dining activity, saved restaurants and reviews with other diners with whom you have connected on our platform.

 

In some circumstances, you may have the right to opt-out or object to our sharing of your information with certain third parties. For more information, or to exercise these or other rights, see the Your Choices and Rights section below.

 

Sharing with Restaurants and Restaurant Affiliates as a controller of your personal information. When you make a request through our Services or through a restaurant, such as a restaurant reservation, joining a restaurant waitlist, making a payment to a restaurant through our Services, purchasing an event ticket, or if you are a guest of the person making the request, we provide or otherwise make available certain categories of your information to the restaurant to facilitate that request. For requests to dine, this information may include your name, profile, time and date of visit, party size, your phone number, your dining preferences, guest information, any special requests, information or comments that you choose to submit (if any), and your email address. Your information is provided to the restaurant, just as it would be if you contacted the restaurant directly. When making reservations directly with restaurants that are part of the OpenTable Network, your information will similarly be provided to the restaurant if you have an OpenTable account.If you provide a mobile phone number in connection with your request, restaurants may send you text messages regarding your request. Some restaurants also require you to provide credit or debit card account information to secure your reservation. When you make a reservation at a restaurant that is part of a restaurant group, we may also share additional information about your dining activity at that restaurant or restaurant group in the past, your dining preferences and/or information that we collect from you and third parties that may be relevant to that reservation. When you leave a review for a restaurant on our platform, your review and your public profile will be made available to the relevant restaurant.

In addition to providing you with more customized Services, we may receive certain information from participating restaurants from their Point of Sale terminals that we analyze to provide aggregate information to the restaurant about their customers.

We also share with restaurants summary reports of feedback from diners. If you provide comments about a restaurant through our Services, these comments may be shared with or may be accessible by that restaurant, and the restaurant may respond to you. We will not tie your comments with other information that can identify you directly, but a restaurant may be able to tell who you are from your comments, particularly if you give your name in the comments or provide contact information, such as an email address.

 

Sharing with Restaurants and Restaurant Affiliates as a processor or service provider on their behalf. We act as a processor or service provider for Restaurants and Restaurant Affiliates in certain circumstances as described above (see above for more detail on Our Role as Data Controller and Data Processor). In providing these services, we may, at the direction of the restaurant, share certain of your information with the restaurant’s affiliated restaurants (such as affiliated brands), restaurant group and/or restaurants with the same brand or parent-brand (collectively, such restaurant’s “restaurant group”), or other entities associated with the restaurant (such as the parent entity of the restaurant group or affiliated hotels) and/or their service providers (collectively, the associated entities and service providers, the restaurant’s “restaurant affiliates“) under OpenTable’s programs for the following purposes:

  • Customized services: restaurants may share your information (such as meal or seating preferences or special occasions) with their restaurant affiliates and restaurant group to enhance the hospitality the restaurant group provides you when you dine with them (such as trying to seat you by a window, if you previously expressed a preference for window seating).
  • Operations & Service Improvements: to support operations, improve the restaurant’s table and shift planning, improve their hospitality services, including supporting a loyalty program you have chosen to participate in.
  • Marketing: as permitted by applicable law, to perform analytics and tailor marketing to you.
  • In-Product Communications: we offer you and restaurant partners means to communicate about restaurants, reservations and diner-related matters directly through our Services. We may access communications and may use automated means to review, scan, and analyze communications for security purposes, fraud prevention, compliance with legal and regulatory requirements, investigations of potential misconduct, product development and improvement, research, or customer or technical support. We reserve the right to: (a) block the delivery of or transmission of or access to the communications; (b) block your access to the Services’ in-product communication feature; or (c) review communications that we, in our sole discretion, believe may contain malicious content, spam, or may pose a risk to you, us, or our restaurant partners.

For more information, please feel free to contact the restaurants with which you dine or book reservations, or contact us using the contact information listed in the How to Contact Us section below. To learn more about your choices related to how we share your information with restaurant groups and restaurant affiliates under our programs, please see the Your Choices and Rights section below.

 

Sharing with Our Group Companies. We share your information with our affiliates and subsidiaries in the U.S. and worldwide, as well as with our parent corporation, Booking Holdings Inc., and its other subsidiaries (collectively, as also defined earlier in this Privacy Policy, “our group companies”). We may share your information with our group companies for the following reasons:

  • Provide you with integrated services (including to administer and manage reservations, purchases, services, and payments across our affiliated platforms).
  • Provide personalized offers or send you marketing communications with your consent or as otherwise permitted by applicable law.
  • Provide customer support services.
  • Detect, prevent, and investigate fraud and misuse of our services, other illegal activities, and data breaches.
  • Analyze how users use our independent and affiliated platforms, including so that we may improve existing products and services and develop new features, products, and services that may be of interest to our users.
  • Ensure compliance with applicable law.

To learn more about your choices related to how we share your information with our group companies, please see the Your Choices and Rights section below.

 

Sharing with Our Business Partners. We share your information with other third-party business partners for our and their own marketing purposes. These third parties include online advertisers or ad tech companies, who may provide you with targeted advertising and marketing communications, where permitted under law. The information we share includes information collected through your use of our Services (e.g., bookings, reservations, or other purchases) and information we collect about you through the use of cookies and similar technologies (e.g., information about the websites you visit; information about your searches, including the cities or neighborhoods you search in, the type of restaurant or cuisine you searched for, price range, intended dining date, and the number of diners).

For example, if you frequently book reservations at Italian restaurants, we use that information to help a particular Italian-themed restaurant group offer you a promotion.

To learn more about your choices related to how we share your information with our business partners, please see the Your Choices and Rights section below.

 

Sharing with Social Networking Services. Our Services allow you to connect and share your actions, comments, content, and information publicly or with friends. Our Services may also allow you to connect with us on, share on, and use third-party platforms, including those on which OpenTable has a presence. Please be mindful of your personal privacy needs and the privacy needs of others as you choose whom to connect with and what to share and make public. We cannot control the privacy or security of information you choose to make public or share with others. OpenTable also does not control the privacy practices of third-party platforms. Please contact those sites and services directly to learn about their privacy practices.

 

Sharing to Process Payment Information. To use certain Services (such as to make reservations at certain restaurants; to make payments to certain restaurants or to secure reservations; and to purchase tickets to events, or other products or services), we require credit or debit card account information. When you submit your credit or debit card account information through our Services, we share that information with restaurants, third-party payment processors, and other third-party service providers (including, but not limited to, vendors who provide fraud detection services to us and other third parties) to the extent necessary to meet our contractual obligations to you (e.g., to secure your reservation or make a payment to a restaurant where required), to meet our legitimate interests in preventing fraud and other misuse of our platforms, or with your consent where this is required by law. In particular:

  • When you use a credit or debit card to secure a reservation through our Services, we provide your credit or debit card account information (including card number and expiration date, but excluding the CVV number) to our third-party payment service providers and the applicable restaurant.
  • When you initially provide your credit or debit card account information through our Services in order to use our restaurant payment services, we provide your credit or debit card account information to our third-party payment service providers. As explained in the OpenTable Terms of Use, these third parties may store your credit or debit card account information so you can use our restaurant payment services through our Services in the future, to the extent permitted by local law.
  • For information about the security of your credit or debit card account information, see the How We Store and Protect Your Information section below.

 

Sharing with Other Service Providers. We share information with third-party vendors, consultants, and other service providers who perform services or functions on our behalf (e.g., hosting or operating our Services, data collection, reporting, ad response measurement, site analytics, data analysis, delivering marketing messages and advertisements, processing credit card payments, and providing fraud detection services). We do not authorize these third parties to use or disclose your information for purposes other than for which it has been provided. We require these third parties to maintain and implement security measures to protect your information from unauthorized access or processing.

Consent to Data Collection by Google Analytics. If you provide us with your consent to use Functional Cookies and, thus, Google Analytics, we use Google Analytics to continuously optimize our website. We use Google Analytics to collect aggregated, anonymous data. This data helps us understand how customers use our platform and identify opportunities for improvement. Google Analytics anonymizes your IP address to protect your data. No other personal data is collected that would allow an identification. The legal basis for this data processing is Article 6 (1) lit. a GDPR. You may provide your consent or withdraw your consent to the described data processing by Google Analytics here.

Google Analytics is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA and and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics cookies and similar technologies that are stored on your terminal device enable an analysis of your use of this website. This information is used to evaluate your use of the website and to compile reports on website or app activities. The processing of the data after its transmission by OpenTable to Google is carried out by Google as the sole data controller. In this context, Google, as the sole data controller, may store data about you in the USA. The European Court of Justice has previously determined that the USA provide for an insufficient level of data protection. In this context, there is a risk that your data may be processed by US institutions or authorities for control and monitoring purposes without you having an adequate legal remedy against this. However, OpenTable complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. You can learn more in the section entitled “International Transfers of Information.”

IV. HOW WE STORE AND PROTECT YOUR INFORMATION

OpenTable maintains commercially-reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.That said, please note that no Internet transmission can ever be guaranteed 100 percent secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure email, and similar technologies to protect yourself online.

You play an important role in keeping your information secure. You should not share your user name, password, or other security information for your OpenTable account with anyone. If we receive instructions using your user name and password, we will assume you have authorized the instructions. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed in the How to Contact Us section below.

 

Card Information. When your credit or debit card account information is being transmitted to our Services or through our Services, it will be protected by cryptographic protocols. To be clear, OpenTable does not itself store your credit or debit card account information, and we do not have direct control over or responsibility for your credit or debit card account information. We use third party payment processors that are the controllers of your credit card information. Our contracts with third parties that receive your credit or debit card account information require them to keep it secure and confidential.

However, we cannot guarantee that transmissions of your credit or debit card account information or your other information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by OpenTable or our third-party service providers. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.

 

Retention. We may retain your personal information for as long as your account is active and for a period of time thereafter to allow you to re-activate your account without loss of information. We may also retain your personal information as necessary to:

  • Maintain logs and business records for analysis, security, and/or audit purposes
  • Comply with record retention requirements under the law
  • Deal with any complaints regarding the Services; and
  • Comply with our legal obligations, protect or defend our rights, resolve disputes and enforce our contracts

V. COOKIES

When you use or visit the Services, we collect information about your usage and activity using cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies. We and our third-party service providers, our group companies, and other business partners may also place web beacons for these third parties. The use of these technologies by third parties is subject to their own privacy policies and is not covered by this Policy, except as required by law. See our Cookies and Interest-Based Advertising Policy for more details.

VI. YOUR CHOICES AND RIGHTS

Choices Regarding Electronic Communications.

  • Email. If you no longer want to receive marketing and promotional emails from OpenTable, you may click on the “unsubscribe” link in such emails to opt-out of future marketing email communications. If you have an OpenTable account, you may also opt-out of marketing emails in your account settings. Please note that even if you opt-out of receiving marketing communications from one or all of our Services, we will still send you service-related communications, such as confirmations of any future reservations you make.
  • Push Notifications (on Mobile Devices). You can use the settings on your mobile device to enable or turn off mobile push notifications from OpenTable.
  • Text Messages. If you no longer want to receive text messages from OpenTable, reply STOP (or as otherwise instructed) to the text message. If you have an OpenTable account, you may also adjust your account settings to opt-out of text messages.

 

Cookies and Interest-Based Advertising. To exercise choices regarding cookies set through our websites or Services, as well as other types of online tracking and online advertising, see our Cookies and Interest-Based Advertising Policy for more details. We currently do not employ technology that recognizes “do-not-track” signals from your browser, but if you enable browser-level opt-out preferences through global privacy control, our Services will treat this signal as a request to opt-out of the selling or sharing of your data collected through cookies for interest-based advertising purposes.

 

Application Location. As explained in more detail in the Information We Collect and Use section above, we collect information about your location if you enable location services through the settings in your mobile device, or with your consent, as may be required by law. You can change the privacy settings of your device at any time to turn off the sharing of this location information with our Services. If you choose to turn off location services, this could affect certain features of our Services. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.

 

Choices about the collection of information from restaurant point of sale terminals. As described above, if you make a booking with certain participating restaurants through our Services we will receive information about your dining experience from the restaurant’s point of sale terminal. You can opt-out of us receiving this information via the booking confirmation page or your OpenTable account preferences.

 

Choices Regarding Sharing with Third Parties

  • Customized Dining Experiences. As described in the Sharing with Restaurants and Restaurant Affiliates section of the privacy policy – in Part III above, when you book with restaurants we share your information with them to ensure your booking is recorded. These restaurants may share your dining information with their restaurant affiliates or broader restaurant group or through the OpenTable platform for the purpose of improving and personalizing your dining experience on future visits if you book at a restaurant affiliate or within the same restaurant group. You can opt-out of such sharing with restaurant affiliates and restaurant groups for customized dining experiences by changing your OpenTable account preferences. Please note that if you opt-out of this sharing, we may continue to assist restaurants in sharing information with restaurant affiliates and restaurant groups for them to use for other internal purposes, such as their internal analytics.
  • Sharing with third parties. As described above in the How We Share Your Information section, we share your information with third parties for their own purposes.
    You can opt-out of us sharing your information with:

    • Our group companies, for their own marketing purposes;
    • Other business partners, who use information for their own marketing purposes.

 

You can opt-out of such sharing by changing your OpenTable account preferences. You may also send such opt-out requests to us as described in the How to Contact Us section below.

 

Control Over Information in Your Account. If you have created an online account with us and would like to update the information you have provided to us, you can access your account to view and update your information. You may also contact us as described in the How to Contact Us section below.

 

Other Legal Privacy Rights. In addition to the rights described above in this section, you may have the following additional rights regarding your personal information, depending on where you reside and under applicable local law:

  • The right to access and request a copy of personal information we hold about you
  • The right to have your personal information corrected or updated
  • The right to request deletion of your personal information
  • The right to restrict how we process your personal information
  • The right to opt-out of the “sale” of your personal information (as the term is defined under applicable local laws)
  • The right to opt-out of the sharing of your personal information for cross-context behavioral advertising or targeted advertising purposes
  • The right to have your personal information delivered to you or a third party in a usable electronic format (the right to data portability)
  • The right to object to how we use your personal information if the legal basis for processing that information is our legitimate interest.
  • Where we are using your personal information on the basis of your consent, and where applicable under local law, you have the right to withdraw that consent at any time. Where you have granted consent to receive direct marketing communications from us, and where applicable under local law, you may withdraw that consent at any time.

 

If you wish to exercise legal rights you may have under applicable law, please submit your request to privacy@opentable.com or by using this request form. So that we can better process your request, please provide the email you use to log into your OpenTable account. If you do not have an OpenTable account, please provide the email you used to make requests or to use our Services.

 

Some jurisdictions also permit you to appeal a decision made with respect to your exercising of your privacy rights. If you wish to appeal a decision to a request you have made, please send your appeal request to privacy@opentable.com.

 

Where applicable, you may also have the right to register a complaint to your local data protection authority. For residents of the EU and UK, contact information for the EU data protection authorities can be found at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. For residents of Australia, if you are not satisfied with the outcome of your complaint after first contacting us, you may wish to contact the Office of the Australian Information Commissioner; for more information, please refer to http://www.oaic.gov.au.

VII. ADDITIONAL DISCLOSURES FOR US CONSUMERS

These disclosures describe how OpenTable collects, uses, processes, and discloses personal information of U.S. consumers and the rights you may have under U.S. state laws. These disclosures are intended to supplement OpenTable’s Privacy Policy with information required by certain U.S. state privacy laws.

Disclosures Regarding Personal Information Processing. Certain laws require that we describe the personal information we collect with additional specificity, including by identifying specific categories of information. As we describe in more detail in the “Information We Collect and Use” section of the Privacy Policy, we have collected the following categories of personal information in the past 12 months:

  • Personal Details, Contact Information or Identifiers such as your name, email, account identifiers, or IP address
  • Location information such as geolocation data
  • Photos or Visual Information such as your profile photo
  • Commercial Information such as transaction history
  • Device, Usage and Internet or other electronic network activity information such as information about your device type, browser settings or interactions with our sites
  • Inferences such as about your preferences and interests from data we collect in order to provide and personalize our services and tailor the offers we and our partners provide to you
  • If you choose to provide it to us, sensitive personal information, as described in “Sensitive Personal Information

 

For information about the categories of sources from which we obtain personal information, or for additional details about the specific types of personal information we collect, please refer to the “Information We Collect and Use” section of the Privacy Policy. For information about our purposes for collecting, or possibly sharing your personal information, please refer to the “How We Use Your Information” section of the Privacy Policy. We retain the above categories of personal information consistent with our retention processes as described in “How We Store and Protect Your Information.”

We may disclose or share your personal information with third parties for the purposes described in the “How We Share Your Information” section of the Privacy Policy. Under certain U.S. state privacy laws, some of these disclosure activities may be considered “sales”, even if no money changes hands, and some of these disclosure activities are considered “sharing” for purposes of cross-context behavioral advertising. The categories of personal information we have “sold” or “shared” as described in “How We Share Your Information” in the past 12 months include the following: (1) personal details, contact information or identifiers (2) commercial information; (3) device, usage and internet or other electronic network activity information; (4) location data; and (5) inferences. In addition, as described in the section entitled Children below, we have not knowingly “sold” personal information of individuals under the age of 16.

We also disclose certain personal information for “business purposes,” such as disclosures to service providers who assist us with securing our Services or delivering marketing messages and advertisements. We may disclose the following categories of personal information for our business purposes: (1) personal details, contact information, or identifiers; (2) location data; (3) photos or visual information; (4) commercial information; (5) device, usage and internet or other electronic network activity information; and (6) inferences.

We do not use or disclose sensitive personal information for purposes other than as necessary to provide you with our Services.

 

Privacy Rights. Certain U.S. state privacy laws grant certain rights to consumers. These include:

  • The right to know what personal information we have collected about you, including (i) the categories of personal information, (ii) the categories of sources from which the personal information is collected, (iii) the business or commercial purpose for collecting, selling, or sharing personal information, (iv) the categories of third parties to whom the business discloses personal information, and (v) the specific pieces of personal information the business has collected you (by requesting to download your personal information).
  • The right to request deletion of personal information we have collected about you, subject to certain exemptions permitted under applicable law, such as when your personal information is required for us to provide our Services to you.
  • The right to correct inaccurate personal information that we maintain about you.
  • The right to opt out of “sale” or the “sharing” of your personal information (as these terms are defined under applicable California law).

 

Exercising Your Privacy Rights. To exercise your Privacy Rights under applicable law, please contact us using our request form or by contacting OpenTable at privacy@opentable.com. Please note that you can make a request to know twice within a 12-month period.

To exercise your right to opt out of “sale” or “sharing” of your personal information, click this Do Not Sell or Share My Personal Information link. If you have enabled “do not track” signals on your browser, our Services will treat this signal as a request to opt-out of “sale” or “sharing.”

Please note that we may need to verify your identity before completing your requests. This may include sending an email to the email account associated with your OpenTable account, asking you to sign into your user account, or answering some security questions.

If you are an authorized agent wishing to exercise rights on behalf of a consumer, please contact us using our request form along with a copy of the consumer’s written authorization designating you as their agent.

We will not discriminate against you for exercising any of your rights under applicable U.S. state privacy law. Please note, however, that there may be certain circumstances where we are unable to complete your request, such as when we are unable to verify your identity or as otherwise permitted under applicable law.

 

Request Report. The following metrics below include the aggregate number of requests to know, requests to delete, and requests to opt-out received, complied with in whole or in part, and denied by OpenTable in the last calendar year. Please note that these numbers reflect the total number of global requests received by OpenTable, including requests received by U.S. consumers.

Requests Received Requests Complied in Whole or in Part Average Business Days to Respond
Access Requests 375 375 3
Deletion Requests 14069 14069 2
Do Not Sell Requests 8846 8846 3
Other (including correct, limit processing) 1541 1541 1

“Shine the Light”. California residents also have the right under certain circumstances to request information regarding how we share personal information with third parties for their own direct marketing purposes. To opt-out of this type of sharing, please see the section entitled “Choices Regarding Sharing with Third Parties”.

VIII. NOTICE OF FINANCIAL INCENTIVES

If you are located in certain countries, you may be eligible to participate in financial incentive programs such as loyalty programs whereby you can earn points and redeem rewards with those points. Available rewards may vary from jurisdiction to jurisdiction and may change from time to time. To participate in these financial incentive programs, you must have an OpenTable account, which means we will collect and process your personal information in accordance with this Privacy Policy. Participation in such programs is voluntary and you may withdraw at any time by contacting us at privacy@opentable.com. Please note that although exercising other data privacy rights typically will not impact your ability to participate in the program, certain requests, like data deletion or account deletion, may result in your withdrawal from the program as well. We may provide additional terms that apply to a particular financial incentive, and those terms will be presented to you at sign up. The value of a financial incentive we offer is reasonably related to the value of the personal information you provide to us. We estimate the value of your personal information by considering, for example, the expenses we incur from collecting your personal information, the expenses incurred in providing the financial incentive to you, the revenue generated by your use of the financial incentive, and any improvements we can make to our products and services based on aggregating information obtained through the financial incentive program.

IX. INTERNATIONAL TRANSFERS OF INFORMATION

Information about you will be transferred to, or accessed by, entities located around the world as described in this Policy. Some of these entities may be located in countries (such as the United States) that do not provide an equivalent level of protection for personal information as your home country.

We have put in place safeguards to provide adequate protection for transfers of certain information, in accordance with applicable legal requirements. For more information on the appropriate safeguards in place, or to request a copy of these safeguards, please contact us using the contact details listed in the How to Contact Us section below.

 

Data Privacy Framework

OpenTable complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OpenTable has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OpenTable has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. With respect to onward transfers of personal data to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, OpenTable remains liable for processing such transfers in accordance with the Principles. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the Data Privacy Framework Principles, OpenTable commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact privacy@opentable.com. We will respond to your inquiry promptly.

Opentable further commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, OpenTable is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. In addition there may be the possibility, under certain conditions, for an individual to invoke binding arbitration.

X. LINKS TO OTHER WEBSITES

Our Services contain links to other websites or services that are not owned or controlled by OpenTable, including links to websites of restaurants and restaurant affiliates and our advertisers, our group companies, and other business partners. This Policy only applies to information collected by our Services. We have no control over these third party websites, and your use of third party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third party websites linked to our Services. Your use of third parties’ websites linked to our Services is at your own risk, so we encourage you to read the privacy policies of any linked third party websites when you leave one of our Services.

XI. CHILDREN

Our Services are not directed at or intended for use by children. We do not knowingly collect information from, children under 16 years of age. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at using the contact details listed in the How to Contact Us section below.

XII. CHANGES TO THIS POLICY

Except to the extent limited by applicable law, we will update this Privacy Policy from time to time to reflect changes in our privacy practices, legal requirements, and other factors by prominently posting notice of the update on our Services. Changes to our Privacy Policy will be effective when posted and the new effective date will be identified.

If we make any changes to the Privacy Policy that materially impact previously collected personal information about you, we will make reasonable efforts to provide notice and obtain consent to any such changes as may be required by law.

To request a copy of this Policy, or to request a copy of the Privacy Policy in place at the time you signed up for an account, please contact us at the details below.

XIII. HOW TO CONTACT US

If you have any questions about this Policy or the way in which your personal information has been used, please contact us by email at privacy@opentable.com or by postal mail at:

OpenTable, Inc.

1 Montgomery St., Suite 500

San Francisco, CA 94104, U.S.A.

Attention: Legal Department

 

If you are located in Germany, our Data Protection Officer can be contacted at: Dr. Felix Wittern, Am Sandtorkai 68, 20457 Hamburg, Germany.

 

OpenTable has designated Fieldfisher Tech Rechtsanwaltsgesellschaft mbH, Am Sandtorkai 68, 20457 Hamburg, to be the representative (the “Representative”) for OpenTable Inc. in the EU

 

You can also contact your local OpenTable directly. You can identify the OpenTable company that hosts a particular Service and that is responsible for your information here.