Read Our Privacy Policy Here

Instant restaurant
bookings Get the app

WalkUp is now Dojo. Read more

1. Introduction

Dojo is a trading name of Paymentsense Limited, Paymentsense Ireland Limited and WalkUp Limited. At Dojo, we are committed to respecting your privacy.

We provide our consumer services (including virtual queues and bookings) through WalkUp Limited, which is the relevant data controller for the activities covered in this Privacy Policy. WalkUp Limited is registered with the Information Commissioner's Office (ICO), the data protection regulator in the UK, and its registration number is ZA485977.

Personal data is any information which relates to an individual. This Privacy Policy outlines how and why we process personal data in connection with our payment services and on this website. This Privacy Policy does not apply to any non-personal data, such as purely business information in relation to companies.

If you use any of ‘business-to-business’ product, please see our Privacy Policy for Business, which describes how and why we process any personal data in respect of any activities in connection with our ‘business-to-business’ products and services.

2. How do I get in touch with you?

If you have any questions about this Privacy Policy or how we handle your data and privacy, please contact us at dataprotection@dojo.app or by phone on 0800 103 2959 in the UK or 0818 021 090 in the EEA. You can contact us to exercise your rights by emailing dataprotection@dojo.app. Our DPO is accessible from that inbox.

You have the right to make a complaint to the ICO (www.ico.org.uk) or another supervisory authority (if you are based in the EEA). We would, however, appreciate the chance to deal with your concerns in the first instance, so please contact us at dataprotection@dojo.app or by phone on 0800 103 2959 in the UK.

3. Who does this Privacy Policy apply to?

This Privacy Policy applies to the following:

Any consumer whose information is processed in connection with our consumer services (Consumer).
Any visitor to, or user of, this website, any of our or our group companies’ websites or any web or mobile application (Visitor).

In this Privacy Policy, ‘you’ refers to the relevant category of individual above, as the context requires.

4. What information do we collect from you?

Direct information

If you are a Consumer, we collect the following directly from you:

General information (including name, gender, date of birth and other information you provide when setting up an account or making a booking with us).

Contact information (including your physical and e-mail address and phone number).

Account details (including your username and other credentials used to log in to our website and application).

Information about your visits and preferences (including your future, current and past bookings, your rating, any restaurants you “favourite”, cancellations and seating choices, the items you consume and pay for and your preferences).

Market research and competition information (including information you provide about your opinions of our products and services).

Indirect information

We may also receive the following categories of information indirectly:

Geolocation information (including where you use our products and services where we can detect this through a device in some contexts).

Information provided by restaurants and other outlets to us as part of the onboarding to our services (including information relating to the relevant restaurant or outlet’s guest book and bookings information, used for the purposes of properly serving you).

Information collected by restaurant via its “guest book” (including matters such as your seating preferences).

Purchases and spend information (which is provided within our group of companies or otherwise by an electronic point of sale provider).

Sensitive information (including health data)

We do not deliberately collect any sensitive information, such as health-related information relating to allergies. We do, however, recognise that we offer functionality which means that you can provide certain information to restaurants in a free-text format. We ask that you directly provide any sensitive information (including in relation to allergens) directly to the restaurant.

Technical and behavioural tracking information for Visitors

If you are a Visitor, we may generate certain information about your interactions.

This includes your IP address, location data, pages viewed on this and other websites, information which determines whether email communications (including embedded links within them) are opened, cookie identifiers, the types of devices you use to access or connect to our applications, unique device IDs, device attributes, network connection type and provider, network and device performance, browser type, operating system and application versions.

We use cookies and similar technologies on this website, which are outlined in greater detail here: https://dojo.app/legal/cookies/. You can opt into ‘optional’ categories of cookies through our cookie banner or by following the ‘cookie preferences’ link at the footer of this website.

We use cookies and similar technologies to understand interactions with our marketing emails, so that we can tailor and improve those emails. You can opt out of these communications at any time to object to this processing.

5. Why and on what basis do we use your information?

We use the information above and other information we may collect from time-to-time for various purposes and with various legal justifications (which are called ‘lawful bases’). Our lawful bases include:

Where we need to pursue our or someone else’s legitimate interests, which does not outweigh any of your rights (Legitimate Interests).

Where we have to comply with a legal or regulatory requirement (Compliance with Law).

Where we need to process the information to perform our agreement with you (Contract Performance).

With your consent (Consent).

We rarely rely on Consent to process your information, but there are certain circumstances where we ask for your Consent for related matters. For example, under ePrivacy law, we ask for your Consent to set cookies for non-essential purposes.

We may also need to use or share the information in the section above where we consider that there is a substantial public justification for doing so, such as to detect fraudulent or other criminal activities. We may not have to inform you of this.

We only need one lawful basis to process your information, but below we outline all relevant bases.

Consumers and Visitors

Why we use your information?	Lawful bases
To provide you with our products and services end-to-end	Legitimate Interests, Compliance with Law, Contract Performance
To administer any account or registration you may have with us	Legitimate Interests, Compliance with Law, Contract Performance
To carry out our obligations arising from any agreements we enter into with you	Contract Performance
To administer your participation in any competitions or prize draws we may run from time-to-time	Legitimate Interests, Contract Performance
To provide you with service communications relating to our products and services	Legitimate Interests, Compliance with Law, Contract Performance
To conduct market research and to communicate with you (via the use of surveys or by other means) about any comments, queries or feedback you might have about us, our products and services, our website or our applications	Legitimate Interests, Contract Performance
To ensure that content on our website or in our applications is presented in the most effective manner for you and for your device	Legitimate Interests, Contract Performance
To provide you with information about products and services we offer that we feel may interest you by post, telephone, SMS, email or via in-application notifications	Legitimate Interests, Consent (if relevant or an opt-out from consent under ePrivacy law)
To administer our site and applications and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes	Legitimate Interests
To keep our website or our applications safe and secure	Legitimate Interests, Contract Performance
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you	Legitimate Interests
To make suggestions and recommendations to you and other users of our website and our applications about goods or services that may interest you or them	Legitimate Interests
To verify your identity as well as your personal and contact information	Legitimate Interests, Compliance with Law, Contract Performance
To initiate, exercise and defend any legal claim or collection procedure	Legitimate Interests, Compliance with Law, Contract Performance
To conduct compliance procedures	Legitimate Interests, Contract Performance
To prevent misuse of our products and services	Legitimate Interests, Compliance with Law
To carry out risk management and fraud prevention processes	Legitimate Interests, Compliance with Law
To communicate with you in relation to our products and services	Legitimate Interests
To conduct internal investigations in relation to fraud and security matters	Legitimate Interests

6. Which third parties may we share your information with?

We may also share your information with the following third parties.

Restaurants and other outlets which use our consumer services	When you make a booking, join a virtual queue or otherwise interact with a restaurant or other outlet using our consumer services, we necessarily share your information with the relevant restaurant or other outlet so that it can properly serve you, as one of its customers too. The actual information shared with a restaurant or outlet will always vary depending on the services requested and the information provided. For example, if you make a booking, you will specify your name, e-mail address, party size and any additional information, so this will be directly provided to the restaurant for the purposes of serving you. Each restaurant acts as an independent controller (see below) and, at law, can only use the information provided to it for the purpose for which it is obtained (which is usually limited to giving effect to your booking or other reservation, provide its services to you and manage its business, but may include electronic marketing where you consent to this by the restaurant). If a restaurant uses it for any other purpose and we become aware of this, we may terminate our relationship with the relevant restaurant. We also provide functionality for restaurants to understand you better as a customer, including through guest books. When a restaurant or other outlet leaves Dojo and has a guest book, we allow the restaurant to migrate the guest book to an alternate provider.
Companies in our corporate group	Dojo is a corporate group of several companies, so we may share your information within our group in the ordinary course of business. This includes where we need to give effect to payment transactions (including our ‘card on file’ and ‘deposits’ products, which are offered by other companies in our corporate group and are not offered by WalkUp Limited).
Suppliers and subcontractors	We engage various suppliers and subcontractors (including contingent workers) to help us to provide our products and services and may share your information with them. This includes the following categories: Technology service providers, which support us in providing elements of our service. In particular, we engage certain providers to enable us to conduct analysis of common customer issues and topics to enhance customer experience, improving our customer service response and engagement capabilities. Customer support providers, who support us in supporting our merchants in relation to our products and services. Strategic advisers, ratings agencies, auditors and accountants, lawyers and other professional advisers, who support us in relation to better understanding our business, achieving and developing our corporate and commercial goals and meeting our obligations. We also engage a range of additional suppliers in the ordinary course of our business, including communication, marketing and collections providers.
Restaurant customer relationship management platform providers	If you opt in to electronic marketing by a restaurant or other outlet, we may directly share your information with the restaurant or other outlet’s customer relationship management provider. This is so that the relevant restaurant or outlet can properly manage this aspect of its relationship with you.
Product partners	We partner with certain third parties to provide complementary products and services to you or products offered under our brand.
Analytics partners	We partner with analytics service providers, who support us in improving and optimising our websites, applications and other technology we offer.
Advertising partners	We partner with advertising providers to serve you relevant advertisements in relation to our products and services. In order to collect information about your activities to tailor those advertisements, we set cookies (with your consent, which you can remove at any time through the functionality on this website). Further information about how we use this information can be found above at ‘Technical and behavioural tracking information’.
User experience, service design and market research agencies	We partner with user experience, service design and market research agencies which assist us with the improvement and optimisation of our products and services, along with other market research projects.

We may also disclose your information to third parties:

In the event that we sell or buy any business or assets, to the prospective seller or buyer of such business or assets and their advisors.

If we or substantially all of our assets are acquired by a third-party, in which case personal data held by Dojo about you will be transferred to the extent necessary to give effect to the relevant asset transfer.

If we are under a duty to disclose or share your information in order to comply with any legal obligation (or otherwise where there is a substantial public interest in providing your personal data to any relevant public authority), or in order to enforce or apply our various terms, policies and other agreements, to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for AML, fraud prevention and credit risk purposes.

7. How long will we keep your information for?

We ensure that we keep information for as long as is needed for the purpose for which we obtained it. We consider on a case-by-case basis as to the appropriate retention period for your information.

Sometimes we are subject to a legal or regulatory requirement which means that we need to retain your information for a set period of time, which would always override any other considerations.

8. What are my rights?

You have several rights under data protection laws. Some of these rights are subject to exceptions. You can exercise your rights through the details above.

Right to be informed	You have a right to be told about how and why we process your information. We do that through this Privacy Policy and other information we may make available.
Right to access	You have a right to access that information we hold on you. This right does not extend to accessing information on other people or businesses.
Right to deletion	You have a right to have information about you deleted or erased, unless an exception applies. In some cases, we need to retain information due to legal or regulatory requirements. This is also known as the ‘right to be forgotten’.
Right to restrict	You have a right to restrict how we use your information in certain circumstances, such as where you think it is inaccurate.
Right to portability	You have a right to receive your information in a structured, commonly-used and machine-readable format or have it shared with another data controller if we process your information based on Consent or Contract Performance.
Right to object	You have a right to object to the processing of your information based on Legitimate Interests, except where we have ‘compelling interests’ which override that. An example would be where we consider the processing necessary to ensure the safety of the financial services sector.
Right to withdraw your consent	You have a right to withdraw your Consent at any time if we rely on this as our legal basis. If you do this, we will stop further processing the relevant information on that basis, but may rely on another basis. We do not routinely rely on Consent for any processing activity, except where we need to under ePrivacy law (in relation to cookies and certain electronic marketing activities).
Right to not be subject to an automated decisions without human intervention which have certain effects	You have a right not to be subject to automated decisions which have ‘legal effects’ or ‘similarly significantly affect’ you (such as the denial of a financial service), if a human does not intervene in that decision.

9. Controllers and processors

If a third party processes your information on our instruction they are likely to be a data processor. An example of this will be in relation to our suppliers of IT and marketing services. In such cases, we only share your information for purposes that are compatible with the reasons contained in this Privacy Policy. All data processors are subject to written agreements that ensure we retain control over how that information is used.

If a third party is considered to be a data controller, we are not able to dictate how that third party will process the data that has been provided. When we partner with our restaurants and other outlets and share information, they act as an independent data controller.

10. Third party websites

This and our other website feature third party advertising which provides links to and from third party websites. If you follow a link to any of these third party websites, you should be aware that these websites have their own privacy policies and the operators of those websites will handle your information in accordance with their privacy policies. We have no control over such third-parties or their websites or privacy policies.

11. International data transfers

Our core data and information processing takes place in either the UK or an EEA signatory state. However, like most businesses, we engage some suppliers and partners based outside of the UK or the EEA. In these cases, we may need to export your data to another country outside of the UK or the EEA. Where that is the case, we ensure that the relevant transfer is made in accordance with applicable law. The main ways we do this are where:

The UK Government or European Commission (as applicable) has determined that the country to which the information is being shared has an ‘adequate’ level of data protection standards.

The supplier or partner agrees to specific contractual terms (known as ‘standard contractual clauses’) which protects your information.

12. Children

We do not knowingly collect information from individuals who are under the age of 16 in the UK and 18 in the EEA. If you are, then please do not use our consumer services. If you have already done so, please contact us.

13. Glossary

Data controller means a person who determines how and why personal data is processed.

Data processor means a person who processes personal data on behalf of a data controller.

EEA means the European Economic Area.

ePrivacy law means the law relating to electronic communications, including the use of cookies and similar technologies and the sending of email marketing messages.

PC means a Dojo payment consultant who supports us in selling our services.

Personal data means any information relating to an identified or identifiable individual.

UK means United Kingdom.

Introduction
How do I get in touch with you?
Who does this Privacy Policy apply to?
What information do we collect from you?
Why and on what basis do we use your information?
Which third parties may we share your information with?
How long will we keep your information for?
What are my rights?
Controllers and processors
Third party websites
International data transfers
Children
Glossary