Privacy Policy

Privacy Policy

Website Privacy Notice
We’d like to assure you that we are committed to protecting the privacy of all our guests, clients, suppliers and website users. We will ensure that the information you provide us with is kept private and confidential.

This Privacy Notice is intended to tell you how we use your Personal Information and is in a layered format to give you enough detail to give you the information you need at a glance, with the option of following a link if you want to find out more. If you still can't find the information you need, you can contact Waldorf Astoria Edinburgh – The Caledonian by reference to the details set out in section 1 below. Please click on the links below for further information on our privacy practices:

1. Who are we?
2. What is Personal Information, and which Personal Information do we collect about you?
3. Information we share with Third Parties
4. How We Protect your Information
5. Data Retention – How long will we store/keep your Personal Information
6. Accessing your Personal Information and other rights you have
7. Third-Party Websites
8. Changes to this Privacy Notice

1. Who are we?
The Pompadour is a fine dining restaurant owned by and location with Waldorf Astoria Edinburgh – The Caledonian. Please see address below:

The Pompadour
Waldorf Astoria Edinburgh – The Caledonian,
Princes Street,
Edinburgh EH1 2AB

2. What is personal information and what personal information do we collect about you? "Personal Information" consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information.

We collect your personal information in a number of ways:
Information You Voluntarily Provide and that we collect from third parties

If you are a guest, hotel or restaurant visitor, when you:
- complete a restaurant booking,
- sign up to our newsletter, - send us an email, or communicate with us in any way,

You are voluntarily giving us information that we collect. That information may include either your name, physical address, email address, IP address, phone number, credit card information, as well as details including gender, location, purchase history, and other demographic information.

We also process your personal data in order to better provide our services both to you and our other customers, to analyse our services and to provide you with marketing information. Where we do this, we process your personal information on the basis that it is in our legitimate interests to do so, in developing our services and growing our business, provided it is not to your detriment.

We may also receive your personal information from our third party booking agents, including Bookatable and Opentable.

We may process your personal data to prevent and detect crime, fraud or corruption, in order to meet our legal, regulatory and ethical responsibilities. Where we do this we do so on the basis that it is necessary to comply with our legal obligations. You may withdraw your consent at any time.

Information We Automatically Collect
When you browse our website or make a booking with us, we may automatically collect information about your visit by using cookies. This information may include your device type, browser, IP address, how you came to the website and how you interacted with the website. This information may be used to monitor or improve website performance or deliver targeted advertising. Where we process your personal information in this way, we do so on the basis that it is in our legitimate interests to do so to ensure the security of our systems, for network security and for the administration of our website, provided your interests are not overridden. vv 3. Information We Share with Third Parties
We may share your personal information with the following entities:

i. Service Providers We use third party service providers to help us administer certain activities and services on our behalf. We may share your Personal Information to these third party service providers solely for the purpose of enabling them to perform services on our behalf, and they will operate only in accordance with our instructions. We use a number of third party service providers, including:

• Payment processors for secure credit card payment transaction.
• Website hosting services.
• Booking facilitators.
• Hotel management, hospitality and concierge software providers.
• Email service providers to send you emails pertaining to your booking. Such providers may send emails of a marketing nature if you have agreed to receive such newsletters.
• Advertising partners who may use email address, cookies and other tracking technologies, such as pixels and web beacons, to gather information about your activities on our website and other sites to provide you with targeted advertising based on your browsing activities and interests.
• Our analytics and search engine providers that assist us in the improvement of our website.
ii. Third parties when required by law We will disclose your Personal Information to legal authorities when we believe in good faith that we are lawfully authorised or required to do so or when necessary to do so to protect the rights and safety of Waldorf Astoria Edinburgh – The Caledonian, our employees and users from fraudulent, abusive, inappropriate or unlawful use of our services.
4. How We Protect your Information
We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorised access, disclosure, alteration and destruction, considering the risks involved in the processing and the nature of the personal information. Our website is scanned on a regular basis for security holes and known vulnerabilities to make your visit to our website as safe as possible, and we use regular Malware Scanning. We implement a variety of security measures when a user makes a booking, enters, submits, or accesses their information to maintain the safety of your personal information.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit card information you supply is encrypted via Secure Socket Layer (SSL) technology. All transactions are processed through a gateway provider and are not stored or processed on our servers.
However, please note that although we take appropriate steps to protect your Personal Information, no website or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Information.
International transfers of data
The Personal Information that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside the European Economic Area ("EEA"), including to countries where our service providers maintain facilities.
By using the website and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store and process your information outside the EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Privacy Notice and the requirements of applicable law wherever the data is located.
Where we transfer your Personal Information outside the EEA to third parties, we will ensure that appropriate transfer agreements and mechanisms, such as the EU Standard Contractual Clauses, are in place to help ensure that such third parties provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the EEA in accordance with applicable laws.
5. Data Retention – how long we will store/keep your Personal Information We will retain your information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.

6. Access to your Personal Information and other rights you have Under certain circumstances, you have the following rights in relation to your Personal Information:
I. Subject Access - you have the right to request details of the Personal Information which we hold about you and copies of such Personal Information.

II. Right to Withdraw Consent – where you have consented to our processing of your Personal Information, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in section 1.

III. Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Information directly to another organisation.

IV. Rectification – we want to ensure that the Personal Information about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Information about you.
V. Erasure ('right to be forgotten') - you have the right to have your Personal Information 'erased' in certain specified situations.

VI. Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Information.

VII. Object to processing – You have the right to object to specific types of processing of your Personal Information, such as, where we are processing your Personal Information for the purposes of direct marketing.
VIII. Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decision being taken solely on the basis of automated processing.

If you wish to enforce any of your rights under data protection law, please email We will respond to your request without undue delay and by no later than 30 days from receipt of any such request, unless a longer period is permitted by applicable data protection law. We may need to confirm your identity before fully responding to your request.

If you are concerned that we have not complied with your legal rights under applicable data protection laws, you may contact the Information Commissioner's Office ( which is the data protection regulator in the UK. Alternatively if you are based outside the UK you may contact your local data protection supervisory authority.

If you wish to stop receiving email newsletters, click on the unsubscribe link on any of the newsletters.
7. Third Party Websites
Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them. Our website includes links to other websites, whose privacy practices may be different from ours. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

8. Changes to this Privacy Notice
We may make changes to this privacy policy, which come into effect upon updating this page. We recommend reviewing this privacy policy so you are aware of any changes that affect what you are consenting to by interacting with the website, making a booking or otherwise interacting with The Pompadour.

This notice was last updated on 26th August, 2019.