Privacy Policy

1. Introduction

hndqlqr B.V. ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website, dine at our restaurant, or interact with our services.

2. Data Controller

3. Information We Collect

3.1 Personal Information

We may collect the following types of personal information:

• Contact information (name, email address, phone number)
• Reservation details (date, time, party size, special requirements)
• Dietary preferences and allergies
• Payment information (processed securely by third-party payment providers)
• Communication records (emails, messages, feedback)

3.2 Technical Information

When you visit our website, we may automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent on our website
• Referring website information
• Cookie data (see our Cookie Policy)

4. How We Use Your Information

We use your personal information for the following purposes:

• Reservation Management: Processing and managing table reservations
• Customer Service: Responding to enquiries and providing customer support
• Service Improvement: Enhancing our restaurant services and website functionality
• Communication: Sending confirmation emails and important updates
• Legal Compliance: Meeting legal obligations and protecting our rights
• Marketing: Sending promotional communications (with your consent)

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary for providing our restaurant services
• Legitimate Interest: Improving our services and customer experience
• Consent: Marketing communications and non-essential cookies
• Legal Obligation: Compliance with applicable laws and regulations

6. Data Sharing and Disclosure

We may share your personal information with:

• Service Providers: Payment processors, reservation systems, and website hosting
• Legal Authorities: When required by law or to protect our legal rights
• Business Partners: With your explicit consent for specific services

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Reservation Data: 2 years after your last visit
• Marketing Communications: Until you unsubscribe
• Website Analytics: 26 months (Google Analytics default)
• Legal Records: As required by applicable laws

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing through certified providers

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

11. Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our use of cookies, please see our Cookie Policy.

12. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

14. Contact Information

If you have any questions about this privacy policy or wish to exercise your rights, please contact us:

15. Supervisory Authority

If you believe we have not handled your personal data in accordance with this policy or applicable data protection laws, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):