_edited.png)
For Bookings/Take Away Call 0131 669 7711
A True Taste of Spain at Our Family-Owned Tapas Restaurant in Edinburgh's Seaside Town of Portobello
Established in 2011
Our Privacy & Cookie Policy
Last updated: 10 Feb 2026
This Privacy Policy explains how Malvarosa (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit our website or contact us.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Business name: Malvarosa
Address: 262 Portobello High Street, Edinburgh, EH15 2AT
Email: booking@malvarosa.co.uk
Telephone: 0131 669 7711
For the purposes of data protection law, Malvarosa is the data controller.
2. What Personal Data We Collect
We only collect personal data that you choose to provide to us.
a) When you contact us by email or phone
If you contact us to make a booking or enquiry, we may collect:
-
Your name
-
Your email address
-
Your phone number
-
Details of your enquiry or booking (such as date, time, and number of guests)
b) Website usage data
Our website does not have a contact form.
We do not knowingly collect special category data unless you choose to provide it (for example, dietary information related to a booking).
If cookies or analytics are used (see section 6), limited technical data may be collected.
3. How We Use Your Personal Data
We use your personal data only for legitimate business purposes, including:
-
Responding to enquiries
-
Managing table bookings
-
Communicating with you about your booking
-
Keeping basic records for business and accounting purposes
-
Complying with legal obligations
We do not use your data for marketing without your consent.
4. Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
-
Contract – to take steps at your request before entering into a booking
-
Legitimate interests – to run and manage our restaurant business
-
Legal obligation – where we are required to keep records by law
5. How We Store and Protect Your Data
-
Personal data is stored securely (for example, in our email system or booking records).
-
We take reasonable technical and organisational measures to prevent unauthorised access, loss, or misuse.
-
We only keep personal data for as long as necessary for the purpose it was collected.
6. Cookies and Website Analytics
Our website may use essential cookies to ensure it functions correctly.
Analytics - we may use analytics tools to understand how visitors use our website. This data is anonymised and used only to improve our website. You can control cookies through your browser settings.
7. Sharing Your Data
We do not sell, rent, or trade your personal data.
We may share data only where necessary:
-
With service providers (such as email or IT services), strictly for business purposes
-
Where required by law or regulatory authorities
All third parties are required to respect the security of your data.
8. Your Data Protection Rights
Under UK GDPR, you have the right to:
-
Access your personal data
-
Request correction of inaccurate data
-
Request deletion of your data
-
Object to or restrict processing
-
Request data portability (where applicable)
To exercise your rights, please contact us using the details in section 1.
9. How to Complain
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113
We would appreciate the opportunity to address your concerns first.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.