Privacy Policy

We are committed to protecting and respecting your privacy rights. This Privacy Policy explains how we use your personal data when you use our website mobile applications, or when you contact us by telephone or email.

For the purposes of this Privacy Policy, both the website and applications shall be referred to as the “Platform”.

Sessions Tech Ltd. (referred to in this Privacy Policy as "Sessions", "Serve", "Sessions Serve", “we”, “us” and “our”) operate as a data controller and data processor of your personal data depending on how you use our Platform. 

In simple terms, this means that we: (i) control your personal data, including making sure that it is kept secure; and (ii) make certain decisions on how to use and protect your personal data, but only to the extent that we have informed you about the use or are otherwise permitted by law or iii) process your data based on your instructions in order to perform a service for you.

If you have any concerns or questions regarding our use of your personal data you can contact us at [email protected].

It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during your relationship with us.

1. Personal data that we collect about you

The types of personal data we collect, use and store about you will depend on the product or service you have requested from us and/or the nature of your interaction with us on our Platform.  

Data Collected as Data Controller


Lawful Basis

Business Users

Business contact details, phone, email address, physical address, names of key contacts

To register to use Serve

Performance of contract

Business ownership details, directors, shareholders 

Anti-money laundering regulations and and Know Your Customer regulations

Legal requirement

Your communication and marketing preferences

Business contact preferences


Other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

General business information

Legitimate business interest

Other personal data that you submit to us, such as information you provide to register for email alerts or correspond with us in relation to inquiries

Communication with us

Consent, legitimate business interest

General User data (when browsing website)

Cookie data – such as technical information (including the type of mobile device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the device’s wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use and time zone setting

To monitor/ improve the Platform and products and services that we offer, including recognising when there is a higher demand for our services; tailoring our Platform to the needs of all users; recommending options that match any stated preferences; and notifying you about changes to our services

Consent, legitimate business interest

Other personal data that you submit to us, such as information you provide to register for email alerts or correspond with us in relation to inquiries

Communication with us

Consent, legitimate business interest

Your communication and marketing preferences

Contact preferences


Business Users

Bank sort code, account, identifier, business name, address and contact details

To process payments to you for Serve

Performance of Contract

Sessions Serve Users

Name, phone number, table number, order information and notes

To process your order or refund

Performance of Contract

Card number, expiry date, CVV

To process your order or refund

Performance of Contract

Mobile phone number verification eg. Twilio

To verify your identity and to identify and prevent fraudulent transactions 

Performance of Contract

Card fraud verification

To verify your identity and to identify and prevent fraudulent transactions.To process your order securely.

Performance of Contract

Bank to Bank fraud verification

To verify your identity and to identify and prevent fraudulent transactions. To process your order securely. 

Performance of Contract

Payment processing providers eg. Hyperwallet,, Banked

To process your order (users) and process your payments (business users).

Performance of Contract

Hosting company – Amazon Web Services

To host our Platform securely 

Performance of Contract

No automated decision making, including profiling, is used when processing your personal data.

The Platform is not intended for children and we do not knowingly collect or solicit personal data from anyone under the age of 16.

We do not collect any special category personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

2. How we obtain your personal data

We collect information about you directly that you provide to us via the Platform in online forms and conversations and in other correspondence (including via email and telephone).

We will automatically collect data from you accessing the services via the Platform (including if you register as a user of the Platform, subscribe to any service or upload or submit any material via the Platform). 

We also work closely with and may receive information about you from third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies). We also collect personal data from publicly available sources.

We may combine personal data that you provide to us with information that we collect from, or about you, in some circumstances. This will include information collected in an online or offline context.

You will receive marketing communications from us if you have requested information from us or purchased products or services from us, or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have expressly consented to receiving that marketing.

We will get your express opt-in consent before we share your personal data with any company outside Sessions Serve for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by contacting us at [email protected]

3. Who we share your personal data with

We will disclose your personal data with third parties if required to do so by law or regulation.

We will also share your personal information with the parties set out below:

Data Processors

We use specific third party providers to deliver our range of services, such as business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Third parties must implement appropriate technical and organisational measures to ensure the security and confidentiality of your data.

4. Protecting your data

We take the security of your data seriously and take measures to ensure your data is protected against accidental loss or disclosure, destruction and abuse. 

We only use payment processing providers who have Payment Card Industry Data Security Standard levels of security in place often in addition to SOC1, SOC 2 and ISO27001 certifications.

As part of our ongoing compliance with data protection regulations, we have implemented technical and operational measures to protect your data and will continue to monitor the effectiveness of these on an ongoing basis. 

5. International Transfers

Some of our payment processing providers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or alternatively have in place specific contracts approved by the European Commission which give personal data a similar level of protection. 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

6. Retention Periods

We only keep your data for as long as we need it for and in line with legal requirements, which will be at least for the duration of the contract for products and services as outlined in the table above.  

7. Your Rights

You have the following rights, with some restrictions, in relation to the personal data we hold on you:

  1. a) the right to be informed about the data we hold on you and what we do with it
  2. b) the right of access to the data we hold on you
  3. c) the right for any inaccuracies in the data we hold on you to be corrected (rectified)
  4. d) the right to have data deleted in certain circumstances (erasure)
  5. e) the right to restrict the processing of the data
  6. f) the right to transfer the data we hold on you to another party (portability)
  7. g) the right to object to the inclusion of any information;
  8. h) the right to regulate any automated decision-making and profiling of personal data.

You have the right to ask for a copy of the personal data that Sessions Serve holds about you free of charge, however we may charge a ‘reasonable fee’ if we think that your request is excessive, to help us cover the costs of locating the information you have requested. We will respond to your request as soon as possible and (save for in certain circumstances) within one month.

How to contact us or make complaints

If you have any concerns or questions regarding our use of your personal data (including any requests to exercise your legal rights) or this Privacy Policy please contact [email protected]

We make every attempt to ensure you are satisfied with the handling of your data queries or requests and appreciate the chance to deal with your concerns.  You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( 


8. Cookies

Our Platform uses cookies. A cookie is a small file of letters and numbers stored by computer after being sent to your computer when you visit a website. Whenever you visit the same website again, the information stored in the cookie can be retrieved to notify the website of your previous activity. We use cookies to facilitate website navigation, maintain quality of online service, provide additional security, allow the customisation of your access to the website and remember you when you return to the website.

A cookie cannot give us access to your computer or to information beyond what you provide us and we don’t store personally identifiable information such as your name or address in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the website. If you don’t wish to enable cookies, you’ll still be able to browse the website and use it for research purposes.

You can use our Cookie Consent Management tool to manage your Cookie preferences. 

9. Changes to this privacy policy

This Privacy Policy is regularly reviewed and was last updated on 6th July 2023. We may amend or update our Privacy Policy from time to time. 

Do you know a venue that may benefit from Sessions Serve? Check out our referral scheme here

Floor 8, 52 Grosvenor Gardens, London SW1W 0AU

© 2023 Sessions Tech Ltd. All rights reserved. Terms & Conditions. Privacy Policy.