Last updated: 7 March 2026
FOODTOURS LIMITED
19 Highfield Road, Edgbaston, Birmingham, B15 3BH
Email: info@restauranttour.co.uk
Company number: 14990739
VAT number: GB 449 4905 56
We run The Restaurant Tour in the UK through restauranttour.co.uk. This privacy policy explains what personal data we collect, why we use it, who we share it with, and what rights you have.
For customers and visitors of restauranttour.co.uk, FOODTOURS LIMITED is the main controller of the personal data described in this policy. In plain English, that means FOODTOURS LIMITED is mainly responsible for deciding how your data is used for the UK website, bookings, customer communications, and related services.
The Restaurant Tour is part of WijnSpijs Holding. Within that structure, we work together with a small number of related companies:
These companies support local websites including restauranttour.co.uk, wijnspijs.nl, and table6.de.
We are a small team working across these countries, so some back-office and technical support is handled centrally within WijnSpijs Holding. For example, colleagues in another WijnSpijs company may help with management, hosting, IT support, finance, administration, reporting, or customer support.
This does not mean your personal data is shared freely within WijnSpijs Holding. Personal data is only accessed or processed by another company within this group where that is necessary to provide our services, support our operations, or meet legal obligations. In practice, this can mean that colleagues working for WijnSpijs Holding B.V., WijnSpijs B.V., or Table6 GmbH help FOODTOURS LIMITED with hosting, IT support, finance, administration, reporting, or customer support.
Where another company within WijnSpijs Holding handles personal data only on behalf of FOODTOURS LIMITED and under its instructions, that company acts as an internal service provider or processor. If, for a specific activity, two or more of these companies jointly decide how and why personal data is used, they will act as joint controllers for that activity. If you would like more information about how responsibilities are divided within WijnSpijs Holding, you can contact us using the details above.
In most cases we receive your data directly from you. In some cases, we also receive information from Stripe, our payment provider, when you complete or attempt a payment.
From Stripe, we may receive payment status information, payment and transaction reference identifiers, the payment method used, the amount and currency, refund or payment failure status, and technical information needed to reconcile the payment. If you choose bank transfer through Stripe, we may also receive the payment reference and bank transfer instructions that need to be shown to you, such as the account holder name, account number and sort code, or IBAN and BIC, depending on the payment method.
Some data is necessary to place an order, create an account, or get in touch with us. If you don't provide it, we may not be able to process your order or answer your question. Data for newsletters and marketing is always optional.
We use your name, email, address, and payment details to process and deliver your order, and to send you booking confirmations and reminders.
Legal basis: performance of a contract.
We share limited guest information with the restaurants taking part in your event so they can prepare for your visit, manage service during the event, and check guests in on the day.
This can include your first name and last name, the size of your party, your dietary requirements or dietary notes, whether your ticket has already been checked in at a participating restaurant, and limited operational identifiers used in our systems to validate tickets and manage check-ins. Depending on the event format, restaurants may receive a named guest list or a round overview for operational planning.
We do not share your email address, phone number, billing address, or payment details with restaurants for these purposes.
When we decide to share this limited guest information with participating restaurants as part of running the event, FOODTOURS LIMITED acts as controller for that sharing. Once a participating restaurant receives the information and uses it for its own on-site service, hospitality operations, dietary handling, record-keeping, or legal obligations, that restaurant will generally act as an independent controller for that processing.
Legal basis: performance of a contract; and, where relevant, legitimate interest in running the event smoothly and preventing misuse by checking that only valid participants join. Dietary requirements and allergy information may reveal health-related or religious information, which is special category data under UK GDPR. Providing this information is optional — if you choose to provide it, we treat that as your explicit consent (Article 9(2)(a)) to share it with participating restaurants so they can accommodate you.
We keep your order and invoice data to meet our legal obligations under UK tax law.
Legal basis: legal obligation.
If you sign up, we use your email address and first name to send you newsletters and promotional emails. You can unsubscribe at any time.
Legal basis: consent.
If you join a waitlist or reservation list, we use your name and email address to let you know when an event goes on sale or becomes available again.
Legal basis: consent.
If you respond to a survey or leave feedback, we use your responses to understand how customers find us and how we can improve. We may also collect technical data such as the page you came from and how you reached our website, to help us understand which channels are most effective.
Legal basis: legitimate interest — improving our service based on customer feedback.
With your consent, we use cookies and online identifiers to show you relevant ads on platforms like Facebook and Instagram. Where applicable, hashed contact details may be used to match you with an advertising audience.
Legal basis: consent.
We use PostHog to understand how people use our website and how we can improve it. This helps us see which pages, features, and tools are most useful, where visitors drop off during the booking journey, and whether one version of a page or checkout step is more user-friendly than another.
If you accept analytics cookies, PostHog helps us measure repeat visits and understand the customer journey in more detail.
If you do not accept analytics cookies, we limit PostHog to cookieless measurement only. In that mode, we do not place analytics cookies and we do not use the data to recognise you across visits.
We have configured PostHog to reduce the amount of data collected wherever possible, and we use EU-based hosting for this service.
Legal basis: consent for analytics cookies; legitimate interest for limited cookieless, non-persistent measurement used to improve the performance and usability of our website.
We automatically collect error reports, IP addresses, and device information to detect and fix technical problems.
Legal basis: legitimate interest — keeping our website secure, stable, and functional.
We load interactive maps on event and restaurant pages so you can see where our walks take place.
Legal basis: legitimate interest — showing location information that is essential to our service.
We show videos about our events and services using Vimeo and YouTube embeds. Videos are not loaded automatically — we show a preview image hosted by us, and the video only loads from Vimeo or YouTube when you press play.
Legal basis: legitimate interest — presenting our events and service through video content.
We use automated spam protection on forms to prevent abuse.
Legal basis: legitimate interest — protecting our website and forms against automated misuse.
We never sell your data. We only share it with parties that help us run our service:
For a full list of cookies and their categories, see the cookie banner on our website.
Some of our processors are based outside the UK or process data outside the UK. Where this is the case, we rely on the applicable legal transfer mechanism, such as the UK Extension to the EU-U.S. Data Privacy Framework, the International Data Transfer Agreement (IDTA), or Standard Contractual Clauses approved by the relevant authority, along with supplementary measures where appropriate.
This applies to Stripe (US), Xero (New Zealand and US), HubSpot (US), ActiveCampaign (US), Meta (US), Google reCAPTCHA (US), and Amazon Web Services (email delivery).
Our website uses cookies. We distinguish three categories:
Always active. Required for the website to function, such as remembering your basket and your cookie preferences.
Only with your consent. Used to understand how visitors use our website so we can improve it.
Only with your consent. Used to show you relevant ads on other platforms.
You can change your cookie preferences at any time using the cookie banner on our website.
Note: even without consent for analytics cookies, we collect limited, anonymous usage data in a cookieless mode to improve how our website works. No cookies are placed and no data is linked to you as a person.
We keep your personal data only for as long as necessary to fulfil the purpose for which it was collected. What this means in practice:
Under UK data protection law (UK GDPR), you have the following rights:
Send your request to info@restauranttour.co.uk. We will respond within 1 month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.
Our services are not directed at children under 18. We do not knowingly collect personal data from children.
We do not make any decisions about you based solely on automated processing that have legal effects or similarly significantly affect you.
We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse.
We may update this privacy policy from time to time. The date at the top shows when it was last changed. If we make significant changes, we will let you know through our website.
