Han's Buffet

Privacy Policy

Effective Date: 12/07/2025

Business Name: Han’s Restaurant Basingstoke

Address: Han's Restaurant, Unit 50/50A, Upper Level, Queen Anne's Walk, Basingstoke RG21 7BF, United Kingdom

Website: https://hansrestaurantbasingstoke.co.uk

1. Who We Are (Data Controller)
Han’s Restaurant Basingstoke (“we”, “our”, “us”) is the Data Controller responsible for your personal data under the UK GDPR. You can contact us at the above postal address or by email at info@hansrestaurantbasingstoke.co.uk.

2. What We Collect
When you make a reservation, we may collect:

  • Full Name
  • Email Address
  • Phone Number
  • Party Size
  • Reservation Date and Time
  • Comments

This information is encrypted using AES and stored securely. Only authorized staff can access it.

Passwords (for admin access) are stored using Argon2 hashing, which is secure and non-reversible.

2.1 IP Addresses, Audit Logging & Rate Limiting
We process IP addresses and related security events to protect our systems, detect abuse, and ensure fair use of our reservation platform.

  • For reservation self-service actions (such as cancellations or modifications), we log a truncated IP address (e.g. 10.0.0.X), together with the timestamp, action type, and outcome (success or failure).
  • For automated abuse prevention, we use a pseudonymised HMAC hash of the client IP combined with request timestamps in our internal rate-limiting database. These hashed values cannot identify an individual user and are deleted automatically after 30 days.
  • The secret key and salt used for pseudonymisation are stored securely as environment variables and are rotated periodically to maintain cryptographic integrity. Plaintext IP addresses are never retained.

This processing is carried out under our legitimate interest in protecting the security and availability of the service, as permitted under UK GDPR Article 6(1)(f).

3. Why We Collect It

  • To confirm and manage your reservation
  • To contact you with booking updates
  • To assist with customer service
  • To generate anonymised operational reports
  • To comply with applicable laws and regulations

4. Legal Grounds for Processing
We process reservation data on a contractual basis, and security/audit logs (including truncated IP addresses) under our legitimate interests in protecting the service.

5. How We Protect Your Data
Reservation data is encrypted using AES, access is restricted to admin staff, and all access is logged for auditing. Passwords (admin accounts) are hashed using Argon2id with unique salts and secure parameters.

For rate-limiting purposes, IP addresses are never stored in plain form. Instead, we apply HMAC pseudonymisation with a secret key and salt, ensuring that individual users cannot be directly identified from these records.

6. Your Rights Under UK GDPR
You can request: access, correction, erasure, restriction, objection, and portability of your data. To exercise these rights, email us at info@hansrestaurantbasingstoke.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — https://ico.org.uk.

7. Data Retention

  • Reservation data: retained for up to 24 months, then anonymised or deleted.
  • Audit and login data (including truncated IPs): retained for 12 months unless needed longer for an investigation.
  • Rate-limiting records (hashed IPs + timestamps): retained for up to 30 days before deletion.
  • Admin accounts: kept for the life of the account plus 12 months.

8. Our Service Providers
We use trusted providers under contract:

  • Cloudflare, Inc. (hosting/security)
  • hCaptcha by Intuition Machines, Inc. (bot protection)

Where data is transferred outside the UK/EEA, we rely on the UK Addendum to EU Standard Contractual Clauses.

9. Cookies
We only use cookies essential for security and reservations:

  • Security: hCaptcha bot protection
  • Session: Reservation system and captcha verification

We do not use cookies for ads, analytics, or behavioral tracking.

Disabling all cookies will impact how the site works — in particular, you will not be able to complete or submit a reservation form, as session cookies are required to verify requests and prevent spam.

10. Children’s Data
Our services are not directed at children under 13. We do not knowingly collect their data.

11. Automated Decision-Making
We do not use automated decision-making or profiling that has legal or significant effects.

12. Changes to This Policy
Updates will appear here with a new effective date.

13. Contact Us
Han’s Restaurant Basingstoke
Unit 50/50A, Upper Level, Queen Anne's Walk, Basingstoke RG21 7BF, United Kingdom
📧 info@hansrestaurantbasingstoke.co.uk