Privacy Policy
This Privacy Policy explains how Gheun Tak Private Limited ("Gheun Tak", "we", "us", or "our"), which operates the restaurant brand Nati, handles personal data collected through the website nati.food (the "Site") and through Nati's reservation, enquiry and catering channels.
1. Data controller
For the purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), Gheun Tak Private Limited is the Data Fiduciary. For visitors in the European Economic Area (EEA) and the United Kingdom, Gheun Tak Private Limited is the data controller under the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR.
2. What data we collect
a. Reservation and enquiry data you provide. When you request a table or contact us — by telephone, by email to ask@nati.food, or through a reservation link on the Site — we collect your name, your telephone number, your email address (if you provide it), and the details of your booking: the date, time and size of your party, and any preferences or special requests you choose to share. Those requests may include dietary requirements, allergies or accessibility needs that you tell us so that we can look after you.
b. Catering and event enquiries. If you enquire about off-premises catering, we collect your contact details and the information you give us about your event.
c. Correspondence. If you write to us, we receive your email address, your name if provided, and the contents of your message.
d. Data collected automatically. When you visit the Site, our hosting provider records standard server-log data including your Internet Protocol (IP) address, the pages you request, the referring page, the date and time of the request, and general information about your browser and device. This is used to operate and secure the Site.
e. Cookies and similar technologies. The Site uses a small number of cookies. Details are in our separate Cookie Policy.
3. Reservations and orders made through third parties
Where you reserve a table or place a delivery/takeaway order through a third-party platform (for example District, Swiggy Dineout, Swiggy or Zomato), your personal data is collected and processed by that platform under its own privacy policy. We receive from the platform only the booking or order details we need to serve you. We encourage you to review the privacy policy of any platform you use.
4. Purposes and lawful bases
To take and manage your reservation. We use your booking and contact details to confirm, prepare for, remind you of, or amend your reservation, and to contact you if anything changes. Under the GDPR our lawful basis is the taking of steps at your request and the performance of our arrangement with you (Article 6(1)(b)); under the DPDP Act we rely on your consent, given when you provide your details to make a booking for that specified purpose.
To cater to dietary, allergy and accessibility needs. Where you choose to share these, we use them only to serve you safely and comfortably during your visit.
To respond to your enquiries and catering requests. We use your contact details and message to reply. Under the GDPR our basis is our legitimate interest in operating the business (Article 6(1)(f)); under the DPDP Act, your consent.
To operate, secure and improve the Site. We use server logs and, where enabled, aggregated analytics to monitor availability, investigate errors and prevent misuse (GDPR Article 6(1)(f) legitimate interest; DPDP Act legitimate use as permitted by law).
To comply with legal obligations, including accounting, tax and lawful requests from public authorities.
5. Marketing
We do not send marketing messages without your consent. If you opt in to hear about Nati's offers or events, you can withdraw your consent and unsubscribe at any time — every message will tell you how, and you can also write to us.
6. Sharing and disclosure
We do not sell personal data. We share it only with:
- Service providers who process personal data on our behalf under written contracts — including our reservation/booking tools, website host, email provider, and analytics provider (where applicable);
- Reservation and delivery partners where you choose to book or order through them;
- Legal and regulatory authorities where disclosure is required by law or to protect our legal rights;
- Professional advisers such as lawyers, auditors and accountants under duties of confidentiality.
7. International transfers
Some of our hosting, email or reservation providers may be located outside India, the EEA, or the United Kingdom. Where personal data is transferred internationally, we rely on the safeguards those providers offer under applicable data-transfer frameworks, including Standard Contractual Clauses under the GDPR and equivalent mechanisms.
8. Retention
We keep reservation and enquiry data only as long as necessary for the purposes above — to honour and manage your booking, and thereafter for a reasonable period consistent with our operational, accounting and legal obligations, after which it is deleted or anonymised. Server logs are retained for a limited period for security and diagnostics.
9. Your rights
Depending on the law that applies to you, you have the right to:
- request access to the personal data we hold about you;
- request correction or completion of that data;
- request erasure of that data;
- withdraw any consent you have given (including for a reservation you no longer wish us to hold, or for marketing);
- nominate another individual to exercise your rights in the event of your death or incapacity (DPDP Act, Section 14);
- lodge a complaint with a supervisory authority — the Data Protection Board of India, your national data protection authority in the EEA, or the Information Commissioner's Office in the United Kingdom.
To exercise any of these rights, contact our Grievance Officer at privacy@gheun-tak.com. See our separate Grievance Officer notice for details.
10. Security
We take reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure and alteration. No system is perfectly secure; if you believe your interaction with us is no longer secure, please contact us immediately.
11. Children
The Site and our reservation service are directed at adults. We do not knowingly collect personal data from a child (as defined under applicable law) other than the party details an adult provides when booking. If you believe a child has provided us with personal data, please contact our Grievance Officer and we will delete it.
12. Changes to this policy
We may update this policy from time to time. Substantive changes will be reflected in the date shown at the top of this page.
13. Contact
Reservations and general enquiries: ask@nati.food
Privacy and grievance enquiries: privacy@gheun-tak.com
Nati is a brand operated by Gheun Tak Private Limited · CIN U56100GA2026PTC018157 · Bel Air Condo Building, Bolshe Circle, Margao, South Goa 403601, Goa, India
