legal · the quiet pages
Your privacy,

Privacy Policy.

How we collect, use, and protect the personal information you share with us. Written plainly. In one page.

EFFECTIVE · 12 May 2026 JURISDICTION · England & Wales UK GDPR aligned
I.
Section I · who we are

The quiet page.

This policy describes how Mumtaz Restaurant Ltd ("Mumtaz", "we", "us", "our") collects, uses and protects the personal information you give us when you visit our website, dine with us, or use any of our online services (reservations, takeaway, gift cards, the newsletter).

We are a family-run restaurant at 386–410 Great Horton Road, Bradford BD7 3HS, registered in England & Wales. We're the data controller for the information described below.

If something here is unclear or you'd rather just speak to someone, our team is on 01274 571 861 or info@mumtaz.org.uk.

written in plain English
nothing hidden, no small print
II.
Section II · the information we collect

What we collect.

We only collect what we need to take care of you well.

When you make a reservation

Your name, contact phone number, email address, party size, date and time, and any dietary or accessibility notes you share with us. Reservations are managed through our booking partner, SevenRooms.

When you order takeaway

Your name, contact details, delivery address (if applicable), order items, and payment confirmation. Online orders are processed by our partner Slerp.

When you buy a gift card

Your name, email, the recipient's name and email, and the gift card value. Gift cards are issued through Giftpro.

When you sign up for the newsletter

Your name and email address — collected via SevenRooms — so we can send occasional updates about events, new dishes and seasonal openings.

When you simply visit the website

Standard technical information such as your IP address, browser type and the pages you view, collected through our hosting platform (Wix) and any analytics services described below.

III.
Section III · how we use it

How we use it.

We use the information you share with us only for the purposes you've asked for:

  • To take, confirm and manage your reservation, order or gift card
  • To contact you about a booking — confirmation, changes, or in the rare case we need to apologise
  • To remember your dietary requirements and seat you accordingly
  • To send the newsletter, only if you've opted in
  • To run, secure and improve the website
  • To comply with our legal and accounting obligations

Our lawful bases under UK GDPR are: contract (managing your booking or order), consent (newsletter, optional cookies), legal obligation (tax, food safety), and legitimate interests (running and securing the site, preventing fraud).

We never sell your information. We never share it with third-party advertisers. It is used only to look after you and run the restaurant.

no selling, no advertising trades
not now, not ever
IV.
Section IV · cookies & tracking

Cookies on the site.

This site uses cookies — small text files saved by your browser — to make things work and to understand how the site is used.

Strictly necessary

Required for the site to function — for example to remember that you've accepted the cookie banner, or to keep you logged into a booking flow.

Performance & analytics

Set by Wix, our hosting platform, and optionally by analytics partners. These tell us which pages are most useful, where people drop off, and which devices guests are using. We only use this in the aggregate to improve the site.

Third-party functional

Set by integrated partners — SevenRooms (reservations), Slerp (takeaway), Giftpro (gift cards). These cookies are only set when you interact with those flows.

You can refuse non-essential cookies at any time via the banner on your first visit, or by clearing them in your browser. Refusing analytics won't stop you using the site.

V.
Section V · third parties

Who we share with.

We share your information only with the partners who help us run the restaurant, and only the information they need to do their job:

  • Wix — our website hosting and content platform
  • SevenRooms — reservations and guest CRM
  • Slerp — online ordering and takeaway delivery
  • Giftpro — gift card issuance and redemption
  • Payment processors — to take and reconcile card payments
  • Our accountants and HMRC — to meet our legal obligations

Each of these partners has their own privacy policy. They are bound by data-protection contracts with us and may only use your information to provide the service we've asked them for.

We may also disclose information if required to do so by law, court order, or to protect the safety of our guests, staff or property.

VI.
Section VI · your rights

Your rights.

Under UK GDPR, you have a number of rights over your personal information:

  • Access — ask for a copy of the information we hold about you
  • Rectification — correct anything that's wrong
  • Erasure — ask us to delete your information, where we're not required to keep it
  • Restriction — ask us to limit how we use it
  • Portability — ask us to provide your information in a portable format
  • Objection — object to certain uses, including direct marketing
  • Withdrawal of consent — at any time, for anything you've consented to

To exercise any of these rights, email info@mumtaz.org.uk. We aim to respond within thirty days. There's no fee.

If you're unhappy with how we've handled your information, you can complain to the Information Commissioner's Office — ico.org.uk — though we'd rather you spoke to us first so we can put it right.

"as plainly as possible"
in keeping with the kitchen
VII.
Section VII · data retention

How long we keep it.

We only keep your information for as long as we need it.

  • Reservation history — for up to three years, so we can remember your preferences if you book again
  • Order & payment records — for six years, in line with UK tax law
  • Newsletter subscribers — for as long as you stay subscribed; unsubscribe at any time
  • Website analytics — anonymised after 26 months
  • Job applications — for one year, then deleted, unless you ask us to keep them on file longer

After these periods, your information is either deleted or fully anonymised.

VIII.
Section VIII · keeping things safe

How we keep it safe.

We use industry-standard technical and organisational measures to protect your information:

  • HTTPS encryption across the website
  • Encrypted databases and backups via our hosting partners
  • Access on a need-to-know basis — only the people who need to see your information for their job can see it
  • Regular training for the team on data protection and confidentiality

No system is perfect, but we take care of your information the way we'd want ours taken care of. In the unlikely event of a breach affecting your information, we'll let you know without delay and report it to the ICO where required.

IX.
Section IX · get in touch

Talk to us.

For any privacy question, request, or concern, contact us by any of the routes below.

By email

info@mumtaz.org.uk

By post

Data Protection · Mumtaz Restaurant Ltd
386–410 Great Horton Road
Bradford BD7 3HS
United Kingdom

By phone

01274 571 861

Changes to this policy

We may update this policy from time to time. When we do, the new version will replace the previous one on this page, and the "effective" date at the top of the page will be updated. Significant changes will be highlighted.

Come and sit with us.

The quiet pages are done — back to the things that matter. A table, a karahi, a cup of chai.

Reserve a table Back to home