Privacy Policy

1. Data Controller

The controller responsible for processing your personal data is:

For questions about this policy or your rights, contact us using the details above, marking your message “Privacy”.

2. Categories of Personal Data

Depending on how you interact with us, we may process:

• Website & technical data: IP address, browser type, device identifiers, pages viewed, referring URL, and approximate location derived from IP; cookies and similar technologies as described in section 7.
• Contact & reservation data: name, phone number, email address, reservation date and time, party size, dietary notes or special requests you choose to provide, and correspondence with us.
• Restaurant visit data: information you give when ordering or paying at the venue (e.g. name on the bill, payment-related references our payment provider processes), feedback you leave with us, and incident or safety-related notes where necessary.
• Marketing: if you sign up for news or offers, your contact details and preferences; proof of consent where required.

We do not ask you to provide special categories of personal data (such as health data). If you voluntarily share allergy or dietary information, we treat it only to accommodate your visit and with care.

3. Purposes and Legal Bases (GDPR Article 6)

We process personal data only where we have a valid legal basis:

• Performance of a contract— to take and honour reservations and table requests, provide meals and services you order, and handle payments according to our agreement with you.
• Legitimate interests— to operate and secure our website and premises, improve our services, analyse aggregated usage of the site, handle non-marketing enquiries, and pursue legal claims. Where required, we balance these interests against your rights.
• Legal obligation— to comply with tax, accounting, health-and-safety, or law-enforcement requirements applicable in the Netherlands or the EU.
• Consent— for optional cookies (where not strictly necessary), and for direct marketing by electronic means where Dutch law requires consent. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4. Recipients and Processors

We may share personal data with:

• Service providers who assist us (e.g. website hosting, email, reservation or booking tools, analytics with privacy-friendly settings where possible, IT support), acting only on our instructions.
• Payment service providers and banks, to authorise and settle card or other payments.
• Delivery or ordering platforms when you place an order through them — their privacy policies apply to that processing in addition to ours where relevant.
• Professional advisers (e.g. accountants) and authorities when required by law.

We enter into data processing agreements with processors where GDPR requires it and ensure appropriate safeguards.

5. Transfers Outside the European Economic Area (EEA)

Where we use providers established outside the EEA, we ensure an adequate level of protection, for example through the European Commission's adequacy decisions, Standard Contractual Clauses (SCCs), or other GDPR-approved mechanisms. You may request more information about such safeguards by contacting us.

6. Retention

We keep personal data only as long as necessary for the purposes above, including statutory retention periods (e.g. financial records). Contact and reservation data are typically retained for a limited period after your visit or enquiry unless a longer period is required for disputes or law. Technical logs may be kept for security in line with our internal policies.

7. Cookies and Similar Technologies

Our website may use cookies or similar technologies. Essential cookies are used where necessary to operate the site (often on the basis of legitimate interest or for the service you request). Non-essential cookies (e.g. analytics or marketing) are used only with your consent where required. You can control cookies through your browser settings and, where we provide a cookie banner or tool, through that interface.

8. Your Rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate data or complete incomplete data;
• Erase data in certain circumstances (“right to be forgotten”);
• Restrict processing in certain circumstances;
• Data portability for data you provided, where processing is automated and based on consent or contract;
• Object to processing based on legitimate interests, including profiling in applicable cases;
• Withdraw consent at any time where processing is consent-based;
• Lodge a complaint with a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens (AP).

To exercise your rights, email us at karmadonyoe@gmail.com. We may need to verify your identity before responding. You also have the right to lodge a complaint with the AP if you believe our processing infringes the GDPR.

9. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorised access. No method of transmission over the internet is completely secure; we encourage you to use secure channels when sending sensitive information.

10. Children

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us so we can delete it.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you within the meaning of GDPR Article 22.

12. Changes

We may update this privacy policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be highlighted on our website. We encourage you to review this page periodically.