Privacy Policy

Who we are

Our website address is:

This is the privacy policy (“Privacy Policy”) for YUMPINGO LTD, company registration number 10129221, with its registered office address at 5 Technology Park, Colindeep Lane, Colindale, London, United Kingdom, NW9 6BX (“our”, “we”, or “Yumpingo”) and any application or web service owned or operated by Yumpingo (collectively the “App”). Yumpingo is the controller of your personal data collected through the App and we are committed to protecting and respecting your privacy.


This Privacy Policy explains who we are, why and how we process personal data collected through your use of the App and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.

When you supply any personal data to us we have legal obligations towards you in the way we use that data.  

We must collect the information fairly and explain to you how we will use it.  

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data.  

This Privacy Policy supplements other notices including our App Terms of Use, Check-In Service Terms and Conditions and our Cookies Policy and is not intended to override or replace them.

By downloading and/or using our App, you agree to its terms (including as amended from time to time) and this Privacy Policy. If, for any reason, you do not agree to the terms of this Privacy Policy, please stop using the App.

We reserve the right to revise or amend this Privacy Policy at any time to reflect changes to our business or changes in the law.  Where these changes are significant we will endeavour to e-mail all of our registered users to make sure that they are informed of such changes. However, it is your responsibility to check this Privacy Policy before each use of the App.

Please note that our App is not directed at children under the age of 18 (“Child” or “Children”) and we do not knowingly collect personal information about Children. If you believe we have collected personal information about your Child, you may contact us at and request that we remove information about your Child.

What personal data we collect and why we collect it

What is personal data?

Where this Privacy Policy refers to ‘personal data’ it is referring to data about you from which you could be identified – such as your name, your date of birth, your contact details and even your IP address. By law all organisations who process your personal data in Europe are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organisations about how they are using your data, and to prevent them from processing it unlawfully. For more information about these rights, please see the ‘Your Rights’ section of this Privacy Policy.

How and what types of data we collect from you when you use the App

When you use the App to register an account, request a receipt by email, subscribe to our or our partner restaurants’ newsletters and services, request marketing be sent to you, participate in social media functions, contact us by post, telephone, connect to Wi-Fi, email or SMS, participate in a competition or promotion or report a problem with the App, we may collect, store and use certain personal information that you disclose to us.

The information we collect from you may include (but is not limited to): your title, name, address, IP address, location, e-mail address, log-in information and feedback and survey responses.

We shall also collect information about you when you visit and interact with the App through the use of technologies such as cookies. 

The following are examples of information we may collect:

  • information about your device, browser or operating system
  • time zone setting
  • your IP address
  • information about links that you click and pages you view on our App
  • length of visits to certain pages
  • products you viewed or searched for; page response times
  • download errors
  • page interaction information (such as scrolling, clicks, and mouse-overs).

We also partner with third parties who may collect anonymous usage or statistical data through your use of our App (including, for example, business partners, sub-contractors in technical, and payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We may receive information about you from them through the use of cookie technologies to personalise advertisements for goods and services. To opt out of receiving advertisements tailored to your interests by our partners, visit the European Interactive Digital Advertising Alliance at

We also collect information about how you use the App through Google Play’s Android Advertising ID technology. This is used by us only for advertising and user analytics.  The advertising identifier will only be connected to personally identifiable information where you have provided us with you explicit consent.  

We will respect your user selections for this technology and will not use the data in any way which you have asked us not to.  We are committed to abiding by Google’s terms of use and you may contact us at or Google directly if you have any questions regarding our use of this technology. For more information on this kind of technology, please see our Cookies Policy.

Updating your information

If you want to update the information you have previously given to us, you can contact us at

How and why do we use/share your information?

Lawful basis for processing your information

We will only use your personal data when the law allows us to.  Most commonly we will use your personal data in the following circumstances:

  • Where you have asked us to do so, or consented to us doing so;
  • Where we need to do so in order to perform a contract we have entered into with you
  • Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests

Where we need to comply with a legal or regulatory obligation.

Here are some examples about how we may use the information we collect about you and the lawful basis we rely on to do so;

Activity Examples of the types of personal data we may collect Lawful basis for processing
To install the App and register you as a new App user. Your name, email address and information about the device you are using. Your consent.
To deliver services to you as part of your use of the App. Your registration details, name, email address, information about the device you are using and your location.

Your consent.

Performance of a contract with you.

To manage our relationship with you including notifying you of any changes to the App or services provided on the App. Your registration details, name, email address, information about the device you are using, your use of the app, your location and whether you would like to receive marketing communications from us.

Your consent.

Performance of a contract with you.

Necessary for our legitimate interested (to keep records updated and to analyse how customers use our services).

Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions).

To administer and protect our business and the App (including troubleshooting, data analysis and system testing.) Your registration details, name, email address, information of the device you are using and your use of the app Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security).

To deliver content and advertisements to you.

To make recommendations to you about goods or services which may interest you.

To measure and analyse the effectiveness of the advertising we serve you.

To monitor trends so we can improve the App.

Your registration details, name, email address, information about the device you are using, your use of the app, your location and whether you would like to receive marketing communications from us.

Your consent.

Necessary for our legitimate interests (to develop our services and grow our business).


We want to make it easy for you to take advantage of restaurant related opportunities that can be offered by your use of the App.  One way we do this is by sending you email messages that contain information about your restaurant related interests.  

For example, you provide your feedback on a restaurant in London that serves Asian food, we may send you an email about other restaurants that serves Asian food which have received positive feedback for other users of the App.  We believe this information will provide you with useful information about your restaurant related interests.  

You will receive marketing messages from us only if you have given us your consent to do so.   To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email and update your account preferences.  

You may also contact us on to inform us if you do not wish to receive any marketing materials from us. The restaurant would also like to contact you with information it believes will be of use to you, such as any promotions or deals. Please note, we will get your express opt-in consent before we share your personal data with any of these restaurants for marketing purposes. We will expressly set out the name of that third party restaurant when seeking your consent. Where you provide your consent, notification of the consent shall be sent directly to the restaurant third party. You may withdraw consent at any time by contacting that third party restaurant on contact details it provides you on their marketing emails or their website or privacy policy.

Sharing your information

Depending on how and why you provide us with your personal data, we may share it in the following ways:

  • we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
  • with selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you (see “Service Providers” below) or for the purpose of sourcing you employment or engagements with a third party.
  • with analytics that assist us in the improvement and optimisation of the App.

We may also disclose your personal information to third parties in the following events:

  • if we were to sell or buy any business or assets, in which case we might disclose your personal information to the prospective seller or buyer of such business or assets;
  • if Yumpingo or substantially all of its assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets; and
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our App terms of use entered into with you; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Service Providers

Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject.  Amazon AWS and Auth0 are our trusted third party service providers.

Restaurant Partners

We partner with restaurants, other food service providers and industry bodies who use the App.  The third parties who we have partnered with are provided with information you input on the App about your experience at the restaurant.  The information is aggregated and anonymised before it is transferred to these third parties for their own purposes. We will not seek your consent to do this as it will not contain any personally identifiable information.  

However, where you provide us with your email address other personal data and consent to us sharing that personal data with the relevant partner restaurant you are providing feedback on, the feedback provided by you will be linked to your email address and the partner restaurant may contact you about your experience at the restaurant and send you direct marketing (please refer to the marketing section of this Privacy Policy for more information).  

Other Disclosures

During your use of the App, the App store provider, Google Play, and your mobile network operator may also collect personal information about you regarding your use of the App such as your identity, your usage and location. These third parties shall act as separate and independent controllers of that personal data and shall process it in accordance with their own privacy policy.

Links to third party sites

Our App may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. We may also provide links to third party websites that are not affiliated with our App. All third party websites are out of our control and are not covered by this Privacy Policy. If you access third party sites using the links provided, the operators of these sites may collect information from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to those websites.

For how long do we keep your information?

We will hold your personal information on our systems only for as long as required to provide you with the products and services you have requested, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here:  After approval of your comment, your profile picture is visible to the public in the context of your comment.


How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.


Yumpingo takes the protection of your information very seriously. We have put in place appropriate security measure to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, including use of secure servers and passwords. All Yumpingo applications are hosted inside our own virtual private cloud with Amazon Web Services (AWS). The security of all underlying compute, storage, database and networking resources is managed by AWS and complies with many external certifications.  All internet communications between Yumpingo services (including between apps, hardware devices and our servers) and to external services are conducted over a secure, encrypted internet connection, which prevents so called ‘man-in-the-middle’ attacks. Our systems are also protected by AWS’s DDoS attack prevention mechanisms.

Where we have given you a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

International Data Transfers

Please note that some of our service providers may be based outside of the European Economic Area (the “EEA”).  These service providers may work for us or for one of our suppliers and may be engaged in, among other things, the fulfilment of your request for information, products and services, the processing of your payment details and the provision of support services. Where we transfer your data to a service provider that is outside of the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld.  Transfers of personal data are made: to a country recognised by the European Commission as providing an adequate level of protection; or to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the European Commission or by implementing other appropriate cross-border transfer solutions to provide adequate protection. By submitting your personal information, you agree to this transfer, storing or processing. If you would like more information about how the mechanism via which your personal data is transferred, please contact


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Your Rights

As a data subject you have a number of rights in relation to your personal data. Below, we have described the various rights that you have, as well as how you can exercise them.

Right of Access

You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a “subject access request”). Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully.  It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data. You can exercise this right at any time by writing to us at and telling us that you are making a subject access request. You do not have to fill in a specific form to make this kind of request.

Your Right to Rectification and Erasure

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).

Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Further, we are not always obliged to erase personal data when asked to do so; if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to your request.

You can exercise this right at any time by writing to us at and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.

Your Right to Restrict Processing

Where we process your personal data on the basis of a legitimate interest you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

You may also ask us to stop processing your personal data (a) if you dispute the accuracy of that personal data and want us verify that data’s accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.

Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

You can exercise this right at any time by writing to us at and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not have to fill in a specific form to make this kind of request.

Your Right to Portability

Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party you may write to us and ask us to provide it to you in a commonly used machine-readable format. Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests.

Your Right to object to processing

You may object to processing of your personal data where we rely on legitimate interest for processing that personal data.  We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.

Your Right to stop receiving communications

For details on your rights to ask us to stop sending you various kinds of communications, please contact us at

Your Right to object to automated decision making and profiling

You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.

Withdrawal of consent

Where we are relying on consent to process your personal data you may withdraw consent at any time.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain products or services to you.  We will advise you if this is the case at the time you withdraw your consent.

Exercising your rights

When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity. It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).

Contact Details

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, please contact us by emailing at

You may also lodge a complaint to the supervisory authority about the way we process your personal data. We would however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us in the first instance.