OpenTable Restaurant & Business Privacy Policy

I. INFORMATION WE COLLECT AND USE

When you use or visit our Services, we collect information directly from you (e.g., when you make selections on our platform). We may also generate information about you (e.g., information about your device when you use our mobile application). In some cases, we also obtain personal information from third parties (e.g., restaurants, business partners, our group companies, or other third parties).
“Personal information” is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you. For purposes of this Policy, there is no meaningful distinction between the terms “personal information” and “personal data.”

Personal Information We Collect Directly From You. Certain parts of our Site may ask you to provide personal information. For example, if you provide your contact details to register an account with us, subscribe to marketing communications (like our newsletters), or enable us to contact you. If you contact us to find out more about the OpenTable Services, we will collect personal information about you so that we can fulfill your request.

We collect the following personal information from you, depending on the products and features you use:

• Personal details. Your name, contact information (e.g., email address and phone numbers) or address.
• Restaurant and Business Contact Information .The name of the organization or entity you represent, email address, postal address, or phone number.
• Restaurant Content. Your restaurant profile, restaurant photos, menus, and other similar materials you provide to us.
• Account Information. Your account settings or passwords.
• Your OpenTable Preferences. Your preferred in-product settings or account-specific configurations.
• Social Media Information. Links to your restaurant social media accounts.
• Communications You Send Us. Customer support inquiries or other requests you make through our Services.
• Other Information You May Provide. Information you provide about yourself or others through our Services, or to which you provide us with access via third-party platforms.

You may choose not to provide some of the personal information described above. Please note, however, that our Services may require some personal information to operate so if you choose not to provide the personal information necessary to operate and provide you with a particular feature, you may be unable to use that feature.

Sensitive Personal Information. We do not proactively collect sensitive personal information, but in the course of your communications with us, you may freely choose to share information that may be considered sensitive. In the event you share such information with us, we do not use this information for the purpose of marketing or advertising products to you. In addition, certain features of our Services may prompt your device or browser to request access to your precise geolocation information, which may be considered sensitive personal information. We do not process precise geolocation absent you granting permission through your device or browser. Sensitive personal information you voluntarily submit is processed on the basis of your consent, which you may revoke at any time by contacting us at the details set out in the How to Contact Us section below.

Personal Information Generated By Us. As you visit our Services, we generate certain personal information about you, including through automatic data collection and by inferences based on the information we collect about you and your activity. We may automatically collect information about your interactions with the Services or communications you receive (such as email) using certain technologies, such as cookies, web beacons and other technologies (see our Cookies and Interest-Based Advertising Policy for more details).

We generate the following categories of personal information about you:

• Device information. Device type (e.g., your mobile device, computer, or tablet), information about your hardware and software, device configuration, device operating systems, browsers, device identifiers (e.g., IP address, IMEI number, MAC address), and country of origin, region and language settings.
• Usage and performance information. We also automatically collect personal information about your usage of the Services, including information about your searches or interactions with features of our Services; sites or pages visited; booking path; access times.
• Location information. If you visit our online Services, we automatically collect generic location information about you (such as city or neighborhood) or, with your consent, precise geographic location data from your mobile device when the app is running and when it is not running, depending on the choices you make when you are asked to consent to our collection of location information.
• Inferences about you. We combine the information we collect, generate, or otherwise obtain to draw inferences about your preferences and interests in order to provide and personalize our Services and tailor the offers we and our partners provide to you.

We may use and store this information to provide and improve features of our Services, for example, to tailor our Services on a needs-based manner to better facilitate your requests and to provide you with more relevant content and features. Please see the Your Rights and Choices section below for more information about how to adjust your preferences, including those related to location information.

Personal Information We Obtain from Third Parties. We may also receive certain categories of personal information from third parties, such as third-party websites, applications, social media networks, and services (which may include publicly-available sources; each of these is a “third-party platform”), our group companies, and other third parties. If you are a current OpenTable restaurant customer, we will combine this information with information we collect through our Services and use and share it for the purposes described below. The categories of personal information we may obtain from third parties include:

• Your name
• Email address or other contact information
• Social media data, if you connect to our Services using a social media third-party platform, or if any of your social media data is available to the public, we may receive information from that social media third-party platform or a third-party service about those interactions and your profile
• Browsing, usage and advertising details, including how you use our Services and/or third-party websites, applications, and services, and information relating to your interactions with our advertising and marketing materials.

Third parties may also collect, use, and share information about you (such as independent platforms you choose to use in connection with our Services, e.g., payment processors). This Policy does not cover such third-party services or their use of personal information and we do not take responsibility for their privacy practices. For more information about the information we share with third parties and the recipients of such information, please refer to the How We Share Your Information section of this Policy.

II. HOW WE USE YOUR INFORMATION

We use your information to provide our Services, tailor your experience, send you marketing communications, improve our Services, improve our customer service and for other purposes described below. If you need to be informed of new actions by your restaurant diners (such as new bookings and transactions), we will use the information provided by you to communicate those events to you. We also provide the capacity for you to communicate with diners, such as notifying them of changes to their reservations.

We use this information (alone or in combination with other information we have collected about you) for the following purposes (“Purposes”):

• Provide the Services, which includes providing you with the services, products, and functionality offered through our Services at your request.
• For our internal operations. To administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
• To improve our Services. To understand how our Services are used and to improve our Site to ensure that content is presented in the most effective manner for you and your computer.
• To keep our Services and your account secure. To authenticate your account credentials and identify you, as necessary to log you into the Services and as part of our efforts to keep our Services and your account secure.
• To communicate with you, about your account or use of the Services, products, and/or features; to respond to, or follow up on your comments and questions, and otherwise, to provide you with customer service.
• To provide you with relevant marketing, offers and services, including for the purposes of advertising and delivering more relevant content, including communicating with you about services or products offered by OpenTable, our group companies, or our business partners and other marketing communications that we believe you would be interested in, as permitted by law.
• To comply with and enforce applicable legal requirements, agreements, and policies, including government requests and to validate your identity when necessary.
• For fraud prevention and protection. To protect against, investigate, and deter fraudulent, unauthorized or illegal activity.
• For other purposes, as otherwise consented by you and as permitted by applicable laws.

You have choices about your personal information, and in some circumstances, you may have the right to opt-out or object to our uses of your personal information for these Purposes. For more information, or to exercise these or other rights (where available), see the Your Choices and Rights section below.

We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with OpenTable). Our affiliates will use your information only for the purposes described in this Policy.

When we process your personal information, we rely on the following legal bases:

• Performance of the contract we have with you (such as if you use our Services for restaurant reservation capabilities or table-management purposes, we will use your information to carry out our contractual obligation to provide you with our Services by sharing your information on our platform).
• Compliance with legal obligations to which we are subject (such as tax obligations, and when we are obliged to comply with lawful requests from competent authorities such as law enforcement).
• To serve our legitimate interests (such as tailoring your experience with our Sites or Services, carrying out online advertising, and for fraud detection), provided that such processing does not outweigh your rights and freedoms. The processing may also be pursuant to other applicable legal bases for data processing especially provisions set out under local law.

Where we use personal information to meet our legitimate interests, we take steps designed to ensure that your rights with respect to your personal information are not infringed. You can contact us using the details set out in the How to Contact Us section below for more information about the steps we take to ensure these rights are not infringed. You also have the right to object to such processing as described in the Your Choices and Rights section below.

Additional Grounds for Processing

• Consent. To the extent that a legal ground described above would not apply to processing of your personal information by us, we will seek your consent for such specific purposes in accordance with applicable law (such as sending direct marketing messages by electronic means, like email, without an exception from the requirement to obtain consent).
• Aggregate Information. We aggregate personal information collected directly from you, information generated about you by us, and information obtained from third parties (with your consent, where required) with personal information collected about other prospective or current restaurants in order to produce general statistics that cannot be linked to you or any other specific restaurant or restaurant user. Information that has been aggregated and de-identified is no longer considered “personal information” and may be subsequently used for any purpose in accordance with applicable laws.
• Anonymized Information. We may process information that cannot be linked to you or any other specific restaurant or restaurant user using any means available to us, either because it was collected anonymously or has been subsequently anonymized. Information that is anonymous or has been anonymized is no longer considered “personal information” and may be subsequently used for any purpose in accordance with applicable laws.

IV. HOW WE STORE AND PROTECT YOUR INFORMATION

We maintain commercially-reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Security safeguards. We use technical and organizational security measures designed to protect personal information we process about visitors to our Services against unauthorized access, disclosure, alteration and destruction. However, please note that no Internet transmission can ever be guaranteed 100 percent secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure email, and similar technologies to protect yourself online. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.

You play an important role in keeping your information secure. You or your restaurant users should not share your user name, password, or other security information for your OpenTable account with anyone. If we receive instructions using your user name and password, we will assume you have authorized the instructions. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed in the How to Contact Us section below.

Retention. We may retain your or your restaurant users’ personal information for as long as your account is active and consistent with any agreement you may have with us for our Services. After your account becomes inactive or after the termination of any agreement we may have with you, we may retain general business contact information for up to seven years. We may also retain your personal information as necessary to:

• Maintain logs and business records for analysis, security, and/or audit purposes
• Comply with record retention requirements under the law
• Deal with any complaints regarding the Services; and
• Comply with our legal obligations, protect or defend our rights, resolve disputes and enforce our contracts

V. COOKIES

When you or your restaurant users use or visit the Services, we collect information about your usage and activity using cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies. We and our third-party service providers, our group companies, and other business partners may also place web beacons for these third parties. The use of these technologies by third parties is subject to their own privacy policies and is not covered by this Policy, except as required by law. See our Cookies and Interest-Based Advertising Policy for more details.

VI. YOUR CHOICES AND RIGHTS

Email. If you no longer want to receive marketing and promotional emails from OpenTable, you may click on the “unsubscribe” link in such emails to opt-out of future marketing email communications. Please note that even if you opt-out of receiving marketing communications from one or all of our Services, we will still send you service-related communications.

Cookies and Interest-Based Advertising. To exercise choices regarding cookies set through our websites or Services, as well as other types of online tracking and online advertising, see our Cookies and Interest-Based Advertising Policy for more details. We currently do not employ technology that recognizes “do-not-track” signals from your browser, but if you enable browser-level opt-out preferences through global privacy control, our Services will treat this signal as a request to opt-out of the selling or sharing of your data collected through cookies for interest-based advertising purposes.

Application Location. As explained in more detail in the Information We Collect and Use section above, we collect information about your location if you enable location services through the settings in your mobile device, or with your consent, as may be required by law. You can change the privacy settings of your device at any time to turn off the sharing of this location information with our Services. If you choose to turn off location services, this could affect certain features of our Services. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.

Control Over Information in Your Account. If you have created an online account with us and would like to update the information you have provided to us, you can access your account to view and update your information. You may also contact us as described in the How to Contact Us section below.

Other Legal Privacy Rights. In addition to any rights specified in your Client Agreement, where applicable under local law, you or your restaurant users may have the following rights regarding your personal information:

• The right to access and request a copy of personal information we hold about you
• The right to have your personal information corrected or updated
• The right to request deletion of your personal information
• The right to restrict how we process your personal information
• The right to opt-out of the “sale” of your personal information (as the term is defined under applicable local laws)
• The right to opt-out of the sharing of your personal information for cross-context behavioral advertising or targeted advertising purposes
• The right to have your personal information delivered to you or a third party in a usable electronic format (the right to data portability)
• The right to object to how we use your personal information if the legal basis for processing that information is our legitimate interest.
• Where we are using your personal information on the basis of your consent, and where applicable under local law, you have the right to withdraw that consent at any time.
• Where you have granted consent to receive direct marketing communications from us, and where applicable under local law, you may withdraw that consent at any time.

If you or your restaurant users wish to exercise legal rights you may have under applicable law, please submit your request to privacy@opentable.com. So that we can better process your request, please provide the email you use to log into your OpenTable account. If you do not have an OpenTable account, please provide the email and any other relevant contact information you used to make requests or to use our Services.

Some jurisdictions also permit you to appeal a decision made with respect to your exercising of your privacy rights. If you wish to appeal a decision to a request you have made, please send your appeal request to privacy@opentable.com.

Where applicable, you may also have the right to register a complaint to your local data protection authority. For residents of the EU and UK, contact information for the EU data protection authorities can be found at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. For residents of Australia, if you are not satisfied with the outcome of your complaint after first contacting us, you may wish to contact the Office of the Australian Information Commissioner; for more information, please refer to http://www.oaic.gov.au.

VII. ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

These disclosures describe how OpenTable collects, uses, processes, and discloses personal information of California residents and the rights you may have under California law. These disclosures are intended to supplement OpenTable’s Privacy Policy with information required by the California Consumer Privacy Act.

Disclosures Regarding Personal Information Processing. California law requires that we describe the personal information we collect about California residents, including by identifying specific categories of information. As we describe in more detail in the “Information We Collect and Use” section of the Privacy Policy, we have collected the following categories of personal information in the past 12 months:

• Personal Details, Contact Information or Identifiers such as your name, email, account identifiers, or IP address
• Location information such as geolocation data
• Photos or Visual Information such as your profile photo
• Commercial Information such as transaction history
• Device, Usage and Internet or other electronic network activity information such as information about your device type, browser settings or interactions with our Services
• Inferences such as about your preferences and interests from data we collect in order to provide and personalize our services and tailor the offers we and our partners provide to you
• If you choose to provide it to us, sensitive personal information, as described in “Sensitive Personal Information”

For information about the categories of sources from which we obtain personal information, or for additional details about the specific types of personal information we collect, please refer to the “Information We Collect and Use” section of the Privacy Policy. For information about our purposes for collecting, or possibly sharing your personal information, please refer to the “How We Use Your Information” section of the Privacy Policy. We retain the above categories of personal information consistent with our retention processes as described in “How We Store and Protect Your Information.”

We may disclose or share your personal information with third parties for the purposes described in the “How We Share Your Information” section of the Privacy Policy. Under California law, some of these disclosure activities may be considered “sales” under California law, even if no money changes hands, and some of these disclosure activities are considered “sharing” for purposes of cross-context behavioral advertising. The categories of personal information we have “sold” or “shared” as described in “How We Share Your Information” in the past 12 months include the following: (1) personal details, contact information or identifiers (2) commercial information; (3) device, usage and internet or other electronic network activity information; (4) location data; and (5) inferences. In addition, as described in the section entitled Children below, we have not knowingly “sold” personal information of individuals under the age of 16.

We also disclose certain personal information for “business purposes,” such as disclosures to service providers who assist us with securing our Services or delivering marketing messages and advertisements. We may disclose the following categories of personal information for our business purposes: (1) personal details, contact information, or identifiers; (2) location data; (3) photos or visual information; (4) commercial information; (5) device, usage and internet or other electronic network activity information; and (6) inferences.

We do not use or disclose sensitive personal information for purposes other than as necessary to provide you with our Services.

California Privacy Rights. California law grants certain rights to California residents. These include:

• The right to know what personal information we have collected about you, including (i) the categories of personal information, (ii) the categories of sources from which the personal information is collected, (iii) the business or commercial purpose for collecting, selling, or sharing personal information, (iv) the categories of third parties to whom the business discloses personal information, and (v) the specific pieces of personal information the business has collected you (by requesting to download your personal information).
• The right to request deletion of personal information we have collected about you, subject to certain exemptions permitted under applicable law, such as when your personal information is required for us to provide our Services to you.
• The right to correct inaccurate personal information that we maintain about you.
• The right to opt out of “sale” or the “sharing” of your personal information (as these terms are defined under applicable California law).

Exercising Your CA Privacy Rights. To exercise your Privacy Rights under California law, please contact us using our request form or by contacting OpenTable at privacy@opentable.com or 1-800-OPENTABLE. Please note that you can make a request to know twice within a 12-month period.

To exercise your right to opt out of “sale” or “sharing” of your personal information, click this Do Not Sell or Share My Personal Information link and follow the instructions. If you have enabled “do not track” signals on your browser, our Services will treat this signal as a request to opt-out of “sale” or “sharing.”

Please note that we may need to verify your identity before completing your requests. This may include sending an email to the email account associated with your OpenTable account, asking you to sign into your user account, or answering some security questions.

If you are an authorized agent wishing to exercise rights on behalf of a California resident, please contact us using our request form along with a copy of the consumer’s written authorization designating you as their agent.

We will not discriminate against you for exercising any of your rights under California law. Please note, however, that there may be certain circumstances where we are unable to complete your request, such as when we are unable to verify your identity or as otherwise permitted under applicable law.

Request Report. The following metrics below include the aggregate number of requests to know, requests to delete, and requests to opt-out received, complied with in whole or in part, and denied by OpenTable. Please note that these numbers reflect the total number of global requests received by OpenTable, including requests received by California resident.

January – December 2021

VIII. INTERNATIONAL TRANSFERS OF INFORMATION

Information about you or your restaurant users will be transferred to, or accessed by, entities located around the world as described in this Policy. Some of these entities may be located in countries (such as the United States) that do not provide an equivalent level of protection for personal information as your home country.

We have put in place safeguards designed to provide adequate protection for transfers of certain information, in accordance with applicable legal requirements. For more information on the appropriate safeguards in place, or to request a copy of these safeguards, please contact us using the contact details listed in the How to Contact Us section below.

IX. LINKS TO OTHER WEBSITES

Our Services contain links to other websites or services that are not owned or controlled by OpenTable, including links to websites of restaurants and restaurant affiliates and our advertisers, our group companies, and other business partners. This Policy only applies to information collected by our Services. We have no control over these third party websites, and your use of third party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third party websites linked to our Services. Your use of third parties’ websites linked to our Services is at your own risk, so we encourage you to read the privacy policies of any linked third party websites when you leave one of our Services.

X. CHILDREN

Our Services are not directed at or intended for use by children under the age of majority in applicable jurisdictions. We do not knowingly collect information from children under 16 years of age. If you become aware that an individual under 16 years of age has provided us with information without your consent, please contact us at using the contact details listed in the How to Contact Us section below.

XI. CHANGES TO THIS POLICY

Except to the extent limited by applicable law, we will update this Policy from time to time to reflect changes in our privacy practices, legal requirements, and other factors by prominently posting notice of the update on our Services. Changes to our Policy will be effective when posted and the new effective date will be identified.

If we make any changes to the Policy that materially impact previously collected personal information about you, we will make reasonable efforts to provide notice and obtain consent to any such changes as may be required by law.

To request a copy of this Policy, or to request a copy of the Policy in place at the time you signed up for an account, please contact us at the details below.

XII. HOW TO CONTACT US

If you have any questions about this Policy or the way in which your personal information has been used, please contact us by email at privacy@opentable.com or by postal mail at:

OpenTable, Inc.
1 Montgomery St., Suite 500
San Francisco, CA 94104, U.S.A.
Attention: Legal Department

If you are located in Germany, our Data Protection Officer can be contacted at: Dr. Felix Wittern, Am Sandtorkai 68, 20457 Hamburg, Germany.