Effective Date: May 25, 2026
Last Updated: May 25, 2026
The Wine & Bottle (“we,” “us,” or “our”) operates the website https://wineandbottle.com/ and our physical restaurant locations in Westlands and Parklands, Nairobi, Kenya. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, make a reservation, dine at our restaurants, or interact with us online and offline.
We are committed to protecting your privacy in accordance with the Data Protection Act, 2019 of Kenya and the regulations issued by the Office of the Data Protection Commissioner (ODPC).
1. Data Controller Information
Data Controller:
The Wine & Bottle
Physical Addresses:
- Ring Road, Ambience Mall, Westlands, Nairobi 00610
- Ring Road, Parklands, Nairobi (Near Sarit Centre)
- Kileleshwa,along Olenguruone Road
- Nyari,along Redhill Road
Contact Email: info@wineandbottle.com
Contact Phone: +254 799 944 481
If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Contact using the details above.
2. Personal Data We Collect
We collect personal data that you provide directly to us, data collected automatically when you use our services, and data from third-party sources.
2.1 Information You Provide Directly
| Activity | Data Collected |
|---|---|
| Online Reservations | Name, phone number, email address, reservation date/time, party size, special requests, occasion type |
| Walk-in Dining | Name, phone number (for waitlist or booking purposes), seating preferences |
| Contact Forms | Name, email, phone number, message content |
| Newsletter Signup | Email address, name (optional), location preference (Westlands/Parklands) |
| Event/Private Dining Inquiries | Name, email, phone number, event details, group size, dietary requirements |
| Payment Transactions | Payment card details (processed securely via PCI-DSS compliant payment processors; we do not store full card numbers), billing name |
| Feedback & Reviews | Name, contact details, review content, photos (if submitted) |
| Job Applications | CV, name, contact details, employment history, references |
2.2 Information Collected Automatically
When you visit https://wineandbottle.com/, we automatically collect certain information using cookies and similar technologies:
- Device Information: IP address, browser type, operating system, device type
- Usage Data: Pages visited, time spent on pages, referral sources, click patterns
- Location Data: General geographic location derived from IP address (not precise GPS)
- Cookies & Tracking: See Section 8 (Cookies Policy) below
2.3 Information from Third Parties
- Review Platforms: TripAdvisor, Google Reviews, EatOut Kenya (publicly available review content)
- Delivery Partners: Jumia Food, Glovo, Uber Eats (order details, delivery addresses for delivery orders)
- Social Media: When you interact with our social media pages or use social login features
3. Legal Basis for Processing (Data Protection Act, 2019)
Under Kenyan law, we process your personal data based on the following lawful grounds:
| Purpose | Legal Basis |
|---|---|
| Fulfilling reservations and providing dining services | Performance of a contract / Legitimate interest |
| Processing payments | Performance of a contract / Legal obligation |
| Marketing communications (with consent) | Consent |
| Website analytics and improvement | Legitimate interest |
| Legal compliance and security | Legal obligation / Legitimate interest |
| Employment and recruitment | Consent / Legitimate interest |
4. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
4.1 Service Delivery
- Process and confirm restaurant reservations
- Manage walk-in waitlists and seating
- Fulfil food and beverage orders (dine-in, takeaway, delivery)
- Process payments and issue receipts
- Respond to inquiries and customer service requests
- Accommodate dietary restrictions and accessibility needs
4.2 Marketing & Communications (Consent-Based)
- Send newsletters, promotional offers, and happy hour alerts (only with your explicit consent)
- Notify you of special events, live music nights, and new menu launches
- Share personalized dining recommendations based on your preferences
- Opt-out: You may unsubscribe from marketing emails at any time by clicking the “Unsubscribe” link or emailing privacy@wineandbottle.com
4.3 Website & Service Improvement
- Analyze website traffic and user behavior to improve
wineandbottle.com - Troubleshoot technical issues and optimize mobile experience
- Conduct customer satisfaction surveys
4.4 Security & Legal Compliance
- Maintain CCTV recordings at our premises for safety, security, and crime prevention
- Comply with tax, accounting, and regulatory requirements
- Prevent fraud and protect against legal liability
- Enforce our Terms of Service
5. Sensitive Personal Data
We recognize that certain data you provide may be classified as sensitive personal data under the Data Protection Act, 2019, including:
- Dietary requirements related to religious beliefs (e.g., halal, kosher)
- Health-related dietary restrictions (e.g., allergies, intolerances, diabetes)
- Disability or accessibility needs
We only process this sensitive data:
- With your explicit consent, or
- Where necessary to protect your vital interests (e.g., severe food allergies)
This information is shared only with kitchen and service staff on a strict need-to-know basis to ensure your safety.
6. Data Sharing & Third-Party Disclosures
We do not sell, trade, or rent your personal data to third parties. We may share your data with:
6.1 Service Providers (Data Processors)
We engage trusted third parties to perform functions on our behalf:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Payment Processors (e.g., M-Pesa, Stripe, PayPal) | Secure payment processing | Transaction details, billing info |
| Reservation Platforms (e.g., EatOut, ResDiary) | Online table booking management | Name, contact, reservation details |
| Email Marketing Services (e.g., Mailchimp, SendGrid) | Newsletter distribution | Email address, name |
| Website Analytics (e.g., Google Analytics) | Traffic analysis | IP address, device info, usage data |
| Cloud Hosting (e.g., AWS, DigitalOcean) | Website hosting | All website-collected data |
| CCTV Security Providers | Premises security | Video footage |
All processors are contractually bound to handle your data in accordance with the Data Protection Act, 2019 and are permitted to process data only for specified purposes.
6.2 Legal & Regulatory Disclosures
We may disclose your personal data:
- To comply with a court order, legal process, or regulatory requirement
- To protect our rights, property, or safety, or that of our customers and staff
- In connection with a business transfer, merger, or acquisition (with appropriate safeguards)
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Reservation records | 2 years from date of reservation |
| Payment records | 7 years (as required by Kenyan tax law) |
| Marketing consent & email lists | Until you withdraw consent or unsubscribe |
| CCTV footage | 30 days, unless required for investigation |
| Website analytics | 26 months (Google Analytics default) |
| Employment applications | 1 year (unless hired, then transferred to employment file) |
After the retention period expires, your data is securely deleted or anonymized in accordance with our data disposal policy.
8. Cookies & Tracking Technologies
8.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us recognize your device and remember your preferences.
8.2 Types of Cookies We Use
| Cookie Type | Purpose | Examples |
|---|---|---|
| Essential Cookies | Required for website functionality | Reservation form submission, session management |
| Analytics Cookies | Understand how visitors interact with our site | Google Analytics (_ga, _gid) |
| Preference Cookies | Remember your settings and preferences | Language selection, location (Westlands/Parklands) |
| Marketing Cookies | Deliver relevant advertisements | Facebook Pixel, Google Ads (if implemented) |
8.3 Cookie Consent
When you first visit wineandbottle.com, you will see a cookie banner allowing you to:
- Accept All Cookies
- Reject Non-Essential Cookies
- Customize Preferences
You can change your cookie preferences at any time by clicking “Cookie Settings” in the website footer.
8.4 Third-Party Analytics
We use Google Analytics to analyze website traffic. Google may process your data in accordance with its own Privacy Policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- Encryption: SSL/TLS encryption for all data transmitted via
wineandbottle.com - Access Controls: Role-based access to customer data; staff training on data protection
- Secure Payments: All card payments processed through PCI-DSS Level 1 compliant gateways
- Physical Security: Secure storage of reservation books and CCTV systems
- Incident Response: Breach notification procedures compliant with ODPC requirements
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Office of the Data Protection Commissioner within 72 hours and inform affected individuals without undue delay.
10. Your Rights Under the Data Protection Act, 2019
As a data subject in Kenya, you have the following rights regarding your personal data:
10.1 Right to Access
You have the right to request a copy of the personal data we hold about you and to verify how we process it.
10.2 Right to Rectification
You may request correction of inaccurate or incomplete personal data.
10.3 Right to Erasure (“Right to be Forgotten”)
You may request deletion of your personal data where:
- The data is no longer necessary for the purposes collected
- You withdraw consent and there is no other legal basis for processing
- The data was unlawfully processed
10.4 Right to Restrict Processing
You may request that we limit how we use your data in certain circumstances.
10.5 Right to Object
You have the right to object to:
- Processing based on legitimate interests
- Direct marketing communications at any time
10.6 Right to Data Portability
You may request your data in a structured, machine-readable format to transfer to another service provider.
10.7 Right to Withdraw Consent
Where processing is based on consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
10.8 Right to Lodge a Complaint
If you believe we have violated your data protection rights, you have the right to complain to the Office of the Data Protection Commissioner (ODPC):
ODPC Contact:
Email: info@odpc.go.ke
Website: www.odpc.go.ke
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: info@wineandbottle.com
Subject Line: “Data Subject Request — [Your Full Name]”
We will respond to all legitimate requests within 30 days of receipt. We may need to verify your identity before processing your request.
11. Children’s Privacy
Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@wineandbottle.com, and we will delete such information promptly.
For family dining reservations, we may collect minimal information about minors (e.g., high chair requirements, age for kids’ menu items) only with parental consent and solely for service provision.
12. International Data Transfers
Some of our service providers (e.g., Google Analytics, Mailchimp, cloud hosting providers) may process your data outside Kenya, including in the United States, European Union, or other jurisdictions.
When we transfer your personal data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the ODPC
- Adequacy decisions for jurisdictions with equivalent data protection standards
- Processor agreements requiring compliance with the Data Protection Act, 2019
By using our website and services, you acknowledge and consent to the transfer of your data to these jurisdictions, subject to the safeguards described above.
13. CCTV & Premises Surveillance
For the safety and security of our guests and staff, The Wine & Bottle operates Closed-Circuit Television (CCTV) systems at our Westlands and Parklands locations.
- Coverage: Dining areas, bar, entrance/exit points, and kitchen service areas (not restrooms or changing areas)
- Purpose: Crime prevention, staff safety, dispute resolution, and insurance requirements
- Retention: Footage is retained for 30 days unless required for a specific investigation or legal proceeding
- Access: Limited to authorized management and security personnel; law enforcement may access footage under lawful authority
By entering our premises, you acknowledge that CCTV recording is in operation. If you object to being recorded, please speak to the manager on duty.
14. Social Media & User-Generated Content
When you interact with us on social media platforms (Instagram, Facebook, TikTok, X/Twitter) or tag us in posts:
- Those platforms have their own privacy policies governing your data
- We may re-share or feature user-generated content on our website and social channels with appropriate credit
- If you wish to have your content removed from our channels, contact us at privacy@wineandbottle.com
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our business practices
- New legal or regulatory requirements
- Improvements to our data protection measures
How We Notify You:
- We will post the updated policy on this page with a revised “Last Updated” date
- For material changes, we will notify you via email (if you have provided one) or a prominent notice on our website
We encourage you to review this Privacy Policy periodically. Continued use of our website and services after changes constitutes acceptance of the updated policy.
16. Contact Us
For all privacy-related inquiries, data subject requests, or concerns about how we handle your personal data:
The Wine & Bottle — Data Protection Contact
Email: info@wineandbottle.com
Phone: +254 799 944 48
Addresses:
- Ring Road, Ambience Mall, Westlands, Nairobi 00610
- Ring Road, Parklands, Nairobi (Near Sarit Centre)
- Kileleshwa,along Olenguruone Road
- Nyari,along Redhill Road
Office of the Data Protection Commissioner (Regulator):
Email: info@odpc.go.ke
Website: www.odpc.go.ke
By visiting https://wineandbottle.com/, making a reservation, dining at our restaurants, or submitting your personal data to us, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
