Confidentiality and Data Privacy Policy

1. Purpose

This Confidentiality Policy outlines the responsibilities of employees, contractors, and affiliates of JKS Restaurants in maintaining confidentiality and protecting sensitive company information during and after their employment.

This policy ensures:

  • Protection of guest, employee, and company data.
  • Compliance with UK GDPR, Data Protection Act 2018, and ICO guidelines.
  • Prevention of unauthorised access, data breaches, and reputational harm.
  • Enforcement through disciplinary action, up to summary dismissal for gross misconduct.

2. Duty of Confidentiality

Employees must not disclose any company information to unauthorised third parties unless:

  • It is required for legitimate business purposes.
  • Explicit written authorisation is provided by the employee’s Head of Department.

Confidentiality obligations apply during and after employment with JKS Restaurants.

2.1 Scope of Confidentiality

The duty of confidentiality includes:

  1. Duty of Fidelity – Employees must not disclose confidential information during or post-employment.
  2. Equitable Duty of Confidence – Trade secrets are protected indefinitely and must never be disclosed, even after employment ends.
  3. Contractual Obligations – Employees must comply with confidentiality clauses in their employment contracts.

3. Confidential Information Covered

Confidential information includes but is not limited to:

3.1 Guest Data

  • Personal details (name, contact information, allergies, preferences).
  • Reservation history, receipts, bills, and transactions.
  • Public figure/VIP guest visits and spending habits.
  • Guest complaints or feedback shared in confidence.

3.2 Employee Data

  • Payroll, HR files, performance reviews, personal records.
  • Medical information, disciplinary records, employment history.

3.3 Business & Operational Information

  • Financial reports, marketing strategies, supplier contracts.
  • Internal policies (recipes, training materials, SOPs, IT security access codes).
  • Guests databases, trade secrets, operational manuals.

3.4 Trade Secrets

  • Exclusive recipes and preparation techniques.
  • Proprietary supplier agreements.
  • Operational strategies and procedures.

Trade secrets must never be disclosed, even after employment ends.

4. Guest & Employee Data Protection Guidelines

  • Employees must only access guest or employee information when required for work-related purposes.
  • Guest details must never be shared externally or with unauthorised employees.
  • Personal guest or employee data (bills, receipts, transaction records) must not be photographed, shared, or posted online.
  • Employees must not disclose guest interactions, preferences, or feedback to the media or external parties.

5. Booking System & IT Access Restrictions

  • Employees must not access the booking system for personal reasons.
  • Accessing guest or company data out of curiosity is strictly prohibited.
  • All system access is monitored and audited.
  • Unauthorised access is considered gross misconduct and will result in summary dismissal.

6. Handling of Public Figures & VIP Guests

  • Employees must not take or share photos/videos of any guest, including VIPs or public figures.
  • Employees must not disclose visit details, food preferences, or transactions.
  • Employees must prevent other guests from approaching VIPs unless permitted.
  • All media inquiries must be referred to the Marketing Director.

Violations will result in disciplinary action, up to and including summary dismissal.

7. Social Media & External Communication

  • Employees must not share confidential information on social media, blogs, or public forums.
  • Only authorised employees can handle media and press inquiries.
  • Employees must not engage with journalists or arrange media appearances without prior approval.

8. Legal Framework & GDPR Compliance

JKS Restaurants processes and protects personal data under:

  • UK GDPR & Data Protection Act 2018
  • ICO Guidelines on Data Protection
  • Employment Rights Act 1996

Legal Responsibilities:

  • Lawful Processing – Data is only collected and used for legitimate business purposes.
  • Data Minimisation – Employees must only access the necessary data for their role.
  • Security Measures – Confidential data must be encrypted and stored securely.
  • Right to Access & Erasure – Guests and employees may request access or deletion of their personal data.

9. Exceptions to Confidentiality

Confidentiality obligations may not apply if:

  • Disclosure is required by law or regulatory authorities.
  • Explicit consent is given by the company.
  • The information has entered the public domain legally.
  • The employee unknowingly disclosed the information without intent (accidental exposure).

10. Breach of Confidentiality

Breaches of confidentiality are taken seriously. Consequences may include:

  1. Disciplinary Action:
    • Formal warning for minor breaches.
    • Suspension or further investigation for moderate breaches.
    • Summary dismissal for gross misconduct for severe breaches.
  2. Legal Actions:
    • Injunctions or legal claims for damages due to financial loss.
    • Report to the ICO in cases of serious data breaches.
  3. Contractual Consequences:
    • Employees may be held liable for damages caused by unauthorized disclosure.
    • Post-employment restrictions may apply in accordance with employment contracts.

Any unauthorised access, misuse, or disclosure of confidential data will result in summary dismissal.

11. Employee Responsibility & Reporting

  • Employees must report any suspected breaches to Shikha Handoo (Senior People Partner) or Senior Management.
  • Employees must complete mandatory confidentiality & GDPR training.
  • Failure to comply will result in strict disciplinary measures.