When you use or visit our Site, we collect information directly from you (e.g., when you make selections on our platform). We may also generate information about you (e.g., information about your device when you use our mobile application). In some cases, we also obtain personal information from third parties (e.g., restaurants, business partners, our group companies, or other third parties).
“Personal information” is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you. For purposes of this Policy, there is no meaningful distinction between the terms “personal information” and “personal data.”
Personal Information We Collect Directly From You. Certain parts of our Site may ask you to provide personal information. For example, if you provide your contact details to register an account with us, subscribe to marketing communications (like our newsletters), or enable us to contact you. If you contact us to find out more about the OpenTable Services, we will collect personal information about you so that we can fulfill your request.
We collect the following personal information from you, depending on the products and features you use:
You may choose not to provide some of the personal information described above. Please note, however, that our Sites may require some personal information to operate so if you choose not to provide the personal information necessary to operate and provide you with a particular Site feature, you may be unable to use that feature.
We do not proactively collect sensitive personal information, such as health-related information. However, our Sites include text boxes that are designed for you to communicate with us and provide feedback you would like us to know. Please be aware that information you freely submit in these boxes may reveal to us or our affiliates with which we or they share information (as detailed below) certain information that may be considered sensitive personal information under applicable law. We do not use this information for the purpose of marketing or advertising products to you. Sensitive personal information you voluntarily submit is processed on the basis of your consent, which you may revoke at any time by contacting us at the details set out in the How to Contact Us section below.
Personal Information Generated By Us. As you visit our Sites, we generate certain personal information about you, including through automatic data collection and by inferences based on the information we collect about you and your activity. We may automatically collect information about your interactions with the Site or communications you receive (such as email) using certain technologies, such as cookies, web beacons and other technologies (see our Cookies and Interest-Based Advertising Policy for more details).
We generate the following categories of personal information about you:
We may use and store this information to provide and improve features of our Sites, for example, to tailor our Site on a needs-based manner to better facilitate your requests and to provide you with more relevant content and features. Please see the Your Rights and Choices section below for more information about how to adjust your preferences, including those related to location information.
Personal Information We Obtain from Third Parties. We may also receive certain categories of personal information from third parties, such as third-party websites, applications, social media networks, and services (which may include publicly-available sources; each of these is a “third-party platform”), our group companies, and other third parties. If you are a current OpenTable restaurant customer, we will combine this information with information we collect through our Services and use and share it for the purposes described below. The categories of personal information we may obtain from third parties include:
Third parties may also collect, use, and share information about you (such as independent platforms you choose to use in connection with our Sites, e.g., payment processors). This Policy does not cover such third-party services or their use of personal information and we do not take responsibility for their privacy practices. For more information about the information we share with third parties and the recipients of such information, please refer to the How We Share Your Information section of this Policy.
We use your information to provide our Services, tailor your experience, send you marketing communications, improve our Site, improve our customer service and for other purposes described below. If you need to be informed of new actions by your restaurant diners (such as new bookings and transactions), we will use the information provided by you to communicate those events to you. We also provide the capacity for you to communicate with diners, such as notifying them of changes to their reservations.
We use this information (alone or in combination with other information we have collected about you) for the following purposes (“Purposes”):
You have choices about your personal information, and in some circumstances, you may have the right to opt-out or object to our uses of your personal information for these Purposes. For more information, or to exercise these or other rights (where available), see the Your Choices and Rights section below.
We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with OpenTable). Our affiliates will use your information only for the purposes described in this Policy.
When we process your personal information, we rely on the following legal bases:
Where we use personal information to meet our legitimate interests, we take steps to ensure that your rights with respect to your personal information are not infringed. You can contact us using the details set out in the How to Contact Us section below for more information about the steps we take to ensure these rights are not infringed. You also have the right to object to such processing as described in the Your Choices and Rights section below.
Additional Grounds for Processing
Anonymized Information. We may process information that cannot be linked to you or any other specific restaurant or restaurant user using any means available to us, either because it was collected anonymously or has been subsequently anonymized. Information that is anonymous or has been anonymized is no longer considered “personal information” and may be subsequently used for any purpose in accordance with applicable laws.
We disclose the personal information we collect (or otherwise generate or obtain) as follows:
In some circumstances, you may have the right to opt-out or object to our sharing of your information with certain third parties. For more information, or to exercise these or other rights, see the Your Choices and Rights section below.
Our Role as Data Controller and Data Processor. For purposes of European Union law, under certain OpenTable programs we provide to restaurants, restaurants may engage us to provide them with certain processing services related to information owned or controlled by the restaurant.
In providing these services, we may share certain of your information with our affiliated brands, the restaurant’s affiliated restaurants (such as affiliated brands), restaurant group and/or restaurants with the same brand or parent-brand (collectively, such restaurant’s “restaurant group”), or other entities associated with the restaurant (such as the parent entity of the restaurant group or affiliated hotels) and/or their service providers (collectively, the associated entities and service providers, the restaurant’s “restaurant affiliates“) under OpenTable’s programs for the following purposes as permitted by applicable law, to perform analytics and tailor marketing to you.
To learn more about your choices related to how we share your information with restaurant groups and restaurant affiliates under our programs, please see the Your Choices and Rights section below.
Sharing with Our Group Companies. We share your information with our affiliates and subsidiaries in the U.S. and worldwide, as well as with our parent corporation, Booking Holdings Inc., and its other subsidiaries (collectively, as also defined earlier in this Policy, “our group companies”). We may share your information with our group companies for the following reasons:
To learn more about your choices related to how we share your information with our group companies, please see the Your Choices and Rights section below.
To learn more about your choices related to how we share your information with our business partners, please see the Your Choices and Rights section below.
Sharing with Social Networking Services. Our Sites and Services allow you to connect and share your restaurant content and information publicly. Our Services may also allow you to connect your restaurant with us on, share on, and use third-party platforms, including those on which OpenTable has a presence. Please be mindful of your restaurant privacy needs and the privacy needs of others as you choose whom to connect with and what to share and make public. We cannot control the privacy or security of information you choose to make public or share with others. OpenTable also does not control the privacy practices of third-party platforms. Please contact those sites and services directly to learn about their privacy practices.
Sharing with Other Service Providers. We share information with third-party vendors, consultants, and other service providers who perform services or functions on our behalf (e.g., hosting or operating our Services, data collection, reporting, ad response measurement, site analytics, data analysis, delivering marketing messages and advertisements, and providing fraud detection services). We do not authorize these third parties to use or disclose your information for purposes other than for which it has been provided. We require these third parties to maintain and implement security measures to protect your information from unauthorized access or processing.
We maintain commercially-reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Security safeguards. We use technical and organizational security measures designed to protect personal information we process about visitors to our Site against unauthorized access, disclosure, alteration and destruction. However, please note that no Internet transmission can ever be guaranteed 100 percent secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure email, and similar technologies to protect yourself online. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.
You play an important role in keeping your information secure. You or your restaurant users should not share your user name, password, or other security information for your OpenTable account with anyone. If we receive instructions using your user name and password, we will assume you have authorized the instructions. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed in the How to Contact Us section below.
Retention. We may retain your or your restaurant users’ personal information for as long as your account is active and for a period of time thereafter to allow you to re-activate your account without loss of information. We may also retain your personal information as necessary to:
When you or your restaurant users use or visit the Services, we collect information about your usage and activity using cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies. We and our third-party service providers, our group companies, and other business partners may also place web beacons for these third parties. The use of these technologies by third parties is subject to their own privacy policies and is not covered by this Policy, except as required by law. See our Cookies and Interest-Based Advertising Policy for more details.
Email. If you no longer want to receive marketing and promotional emails from OpenTable, you may click on the “unsubscribe” link in such emails to opt-out of future marketing email communications. Please note that even if you opt-out of receiving marketing communications from one or all of our Services, we will still send you service-related communications.
Cookies and Interest-Based Advertising. To exercise choices regarding cookies set through our websites or Services, as well as other types of online tracking and online advertising, see our Cookies and Interest-Based Advertising Policy for more details. We currently do not employ technology that recognizes “do-not-track” signals from your browser.
Application Location. As explained in more detail in the Information We Collect and Use section above, we collect information about your location if you enable location services through the settings in your mobile device, or with your consent, as may be required by law. You can change the privacy settings of your device at any time to turn off the sharing of this location information with our Services. If you choose to turn off location services, this could affect certain features of our Services. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.
Legal Rights. In addition to any rights specified in your Client Agreement, where applicable under local law, you or your restaurant users may have the following rights regarding your personal information: the right to access personal information we hold, and in some situations, the right to have that personal information corrected or updated, erased, restricted, or delivered to you or a third party in a usable electronic format (the right to data portability). Where applicable, you may also object to how we use your personal information if the legal basis for processing that information is our legitimate interest. Where we are using your personal information on the basis of your consent, and where applicable under local law, you have the right to withdraw that consent at any time. Where you have granted consent to receive direct marketing communications from us, and where applicable under local law, you may withdraw that consent at any time.
If you or your restaurant users wish to exercise legal rights you may have under applicable law, please submit your request to firstname.lastname@example.org. So that we can better process your request, please provide the email you use to log into your OpenTable account. If you do not have an OpenTable account, please provide the email and any other relevant contact information you used to make requests or to use our Services.
Where applicable, you may also have the right to register a complaint to your local data protection authority. For residents of the EU and UK, contact information for the EU data protection authorities can be found at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. For residents of Australia, if you are not satisfied with the outcome of your complaint after first contacting us, you may wish to contact the Office of the Australian Information Commissioner; for more information, please refer to http://www.oaic.gov.au.
Information about you or your restaurant users will be transferred to, or accessed by, entities located around the world as described in this Policy. Some of these entities may be located in countries (such as the United States) that do not provide an equivalent level of protection for personal information as your home country.
We have put in place safeguards to provide adequate protection for transfers of certain information, in accordance with applicable legal requirements. For more information on the appropriate safeguards in place, or to request a copy of these safeguards, please contact us using the contact details listed in the How to Contact Us section below.
Our Services contain links to other websites or services that are not owned or controlled by OpenTable, including links to websites of restaurants and restaurant affiliates and our advertisers, our group companies, and other business partners. This Policy only applies to information collected by our Services. We have no control over these third party websites, and your use of third party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third party websites linked to our Services. Your use of third parties’ websites linked to our Services is at your own risk, so we encourage you to read the privacy policies of any linked third party websites when you leave one of our Services.
Our Sites and Services are not directed at or intended for use by children. We do not knowingly collect information from, children under 16 years of age. If you become aware that an individual under 16 years of age has provided us with information without your consent, please contact us at using the contact details listed in the How to Contact Us section below.
Except to the extent limited by applicable law, we will update this Policy from time to time to reflect changes in our privacy practices, legal requirements, and other factors by prominently posting notice of the update on our Services. Changes to our Policy will be effective when posted and the new effective date will be identified.
If we make any changes to the Policy that materially impact previously collected personal information about you, we will make reasonable efforts to provide notice and obtain consent to any such changes as may be required by law.
To request a copy of this Policy, or to request a copy of the Policy in place at the time you signed up for an account, please contact us at the details below.
If you have any questions about this Policy or the way in which your personal information has been used, please contact us by email at email@example.com or by postal mail at:
1 Montgomery St., Suite 700
San Francisco, CA 94104, U.S.A.
Attention: Legal Department
For California consumers, please find additional disclosures regarding this policy here.