Privacy Policy

Aso Rock Restaurant is a Nigerian restaurant based at 9-10 Bradbury Street, Dalston, London N16 8JN.

Aso Rock Restaurant is a registered trademark of, and operated by, OMO MASE LIMITED, a company registered in England and Wales (company number 09331511). For the purposes of data protection law, OMO MASE LIMITED is the controller of the personal data described in this policy.

You can contact us about anything in this policy using the details in Section 15.

We collect the following information, depending on how you use our services:

• When you place an order (with or without an account): your name, delivery and billing address, telephone number, email address, your order contents, and payment information. Payment card details are collected and processed by our payment provider and are never stored on our systems (see Section 6).
• When you create an account or sign in: your mobile phone number, which is your sign-in identity. We verify it by sending a one-time code by SMS. Your account profile may also hold your name, email address, and saved delivery and billing addresses, and is linked to your order history with us.
• When you use our app or websites: how you interact with our menus and content (such as pages viewed, items added to your basket, and purchases) — see Section 8; technical information such as device type and app version; an app-level identifier used by our analytics (see Section 8); and, in the app, a push-notification token for your device, which we use only to send the delivery notifications you have turned on (turning notifications off in the app deactivates it).
• When you contact us: your name, contact details, and the contents of your message (for example through our contact form, by phone, or on WhatsApp).
• When you use the postcode finder: the postcode you type, which is sent to our UK address-lookup provider to suggest your full address.

We do not collect more than we need, and you can browse our menus and content without creating an account. You are never obliged to give us information — but we cannot take, deliver, or refund an order without your name, contact details, address, and payment, and tax law requires us to keep records of orders you place.

We use your information to:

• process and fulfil your orders — including taking payment, arranging delivery or collection, and providing live delivery updates (lawful basis: performance of a contract);
• operate your account — signing you in by phone, showing your order history, and prefilling your details at checkout (lawful basis: performance of a contract);
• send you order-related messages — see Section 4 (lawful basis: performance of a contract);
• send you optional delivery push notifications in the app, if you turn them on (lawful basis: your consent, which you can withdraw at any time — see Section 4);
• respond to your enquiries (lawful basis: our legitimate interest in customer service);
• understand and improve our service — through the analytics described in Section 8 (lawful basis: our legitimate interests in improving our menus, websites, and app);
• keep our services secure and prevent fraud and abuse — including protecting our contact form from automated spam (lawful basis: our legitimate interests);
• meet our legal obligations — such as keeping accounting and tax records (lawful basis: legal obligation).

The emails, text messages, and app notifications we send are about your orders — for example order confirmations, delivery and tracking updates, collection-ready alerts, refund confirmations, and replies to your enquiries. We do not send marketing emails or marketing text messages. If we ever introduce marketing communications, we will ask for your consent first and you will be able to opt out at any time.

If you use our app, you can choose to receive delivery push notifications (for example when a courier has picked up your order, is approaching, or has delivered it). You can turn these off at any time in the app's Account tab or in your device settings.

Signing in to Aso Rock uses your mobile phone number and a one-time SMS code — we never set or store a password. Account sign-in, your profile, and your order history are operated for us by Google Firebase (see Section 7). You can delete your account at any time from inside the app — see Section 11.

Payments are taken by Stripe, our payment processor, including Apple Pay and card payments. Your card details are entered into and processed by Stripe's secure systems — we never see or store your full card details on our servers. Stripe's use of your data is described in Stripe's own privacy policy.

We do not sell your personal data, and we do not share it with third parties for their own marketing. We share personal data only with service providers who process it on our behalf and on our instructions, to run our ordering service:

• Google Firebase — account sign-in, customer profiles, order history, app notifications, and app analytics;
• Snipcart — our checkout and order platform, which receives your name, contact details, addresses, and order contents;
• Stripe — payment processing (see Section 6);
• Mailgun — sends our order emails; Esendex and Microsoft Azure Communication Services — send our order text messages;
• Ideal Postcodes — UK address lookup from the postcode you type;
• Google — reCAPTCHA spam protection on our contact form, and Google Analytics (see Section 8);
• Bugsnag — error and crash reporting, with personal details removed before sending (see Section 8);
• Microsoft Azure — hosting and service-performance monitoring (via Application Insights) for our websites, ordering systems, and databases.

All of these providers are bound by contracts that require them to protect your personal data to at least the standard described in this policy and to use it only on our instructions.

We also share personal data with delivery partners to fulfil your order: when you choose delivery, we pass your name, delivery address, phone number, and relevant order details to the courier handling your delivery — currently Stuart or Gophr — so they can deliver to you and contact you if needed.

Finally, we may share personal data where required by law — for example to comply with a legal obligation, court order, or lawful request from authorities, or to protect our legal rights.

We use analytics to understand how our websites and app are used — for example which dishes are viewed, what is added to baskets, and completed purchases — so we can improve our menus and service:

• Our websites use Google Analytics (via Google Tag Manager), which sets cookies only if you accept them (see Section 9).
• Our app uses Google Firebase Analytics, which assigns your installation an app-level identifier. If your account profile includes an email address, the app converts it into a one-way code (a hash) before using it as an analytics identifier — your readable email address is not given to the analytics service. We do not use analytics data to track you across other companies' apps or websites, and we do not use advertising identifiers.

We also use Bugsnag to tell us when our websites or app crash or hit an error. Our systems are configured to strip personal details (such as email addresses, phone numbers, addresses, and payment fields) from these reports before they are sent.

Our websites use:

• essential storage that makes the service work — for example keeping the items in your basket between visits and keeping you signed in; and
• optional analytics cookies set by Google Analytics / Google Tag Manager, which help us understand how the websites are used (see Section 8). These are only set if you accept them in our cookie banner, and you can change your choice at any time using the 'Cookie preferences' link in the footer of our websites.

You can also block or delete cookies through your browser settings; essential storage is required for ordering to work. Our app does not use cookies; it stores your session, basket, and notification preferences on your device.

Your information is stored and processed on systems operated by Microsoft Azure and Google Cloud, and by the service providers listed in Section 7. Some of these providers store or process data outside the UK, including in the European Economic Area and the United States. Where personal data leaves the UK, we rely on safeguards recognised by UK law — such as UK adequacy regulations, the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses, or the UK-US Data Bridge — to make sure it remains protected.

You can delete your account at any time from inside the app: open the Account tab and choose Delete account. Deleting your account permanently removes:

• your sign-in identity (your phone number registered for sign-in);
• your customer profile, including saved names, email, and addresses;
• your in-app order history; and
• your device's push-notification registrations.

Deletion begins as soon as you confirm and is normally completed on our systems within minutes (at most within a few days).

What we keep: records of orders you placed (such as invoices and payment records) are retained where we are legally required to keep them for accounting and tax purposes — normally six years from the end of the financial year they relate to — and are then deleted. These retained records are no longer linked to an app account.

If you don't have the app or can't access it, you can ask us to delete your account using the contact details in Section 15 and we will action it within one month.

More generally, we keep personal data only as long as we need it for the purposes in this policy: order communications are tied to your order, contact-form enquiries are kept only as long as needed to handle them, and analytics data is retained for limited periods set in our analytics tools.

Under UK data protection law, you have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete your data (see Section 11 for the in-app route);
• restrict or object to our processing, including processing based on legitimate interests;
• data portability — receive certain data in a machine-readable format;
• withdraw consent at any time, where we rely on consent (for example by turning off push notifications or declining analytics cookies).

We do not make solely automated decisions about you that have legal or similarly significant effects.

To exercise any of these rights, contact us using the details in Section 15. We will respond within one month. You also have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk if you are unhappy with how we have handled your data — though we'd appreciate the chance to resolve any concern with you first.

Our services are designed for adults buying food and are not directed at children. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

We protect your data with appropriate technical and organisational measures, including encrypted connections (HTTPS) across our websites, app, and systems, restricted access to customer data, and the payment-security arrangement described in Section 6.

Our websites and app may contain links to, or embed content from, third-party services — for example embedded Vimeo videos, the Google map on our contact page, WhatsApp, and our social media pages (Facebook, Instagram, X, TikTok, YouTube). Once you interact with those services, their own privacy policies apply.

We may update this policy from time to time — for example if we add new features or change providers. We will post the updated version on this page with a revised effective date, and where a change is significant we will take reasonable steps to bring it to your attention.

For any questions about this policy or your personal data, or to exercise your rights:

• Email: privacy@asorockfood.com
• Phone: 0207 923 7068
• Post: Aso Rock Restaurant, 9-10 Bradbury Street, Dalston, London N16 8JN

You can also reach us through the contact form on our website.