Privacy Policy

Data Controller Information

Softaro B.V. is the Data Controller responsible for processing your personal data. Our contact details are:

• Company: Softaro B.V.
• Address: Beukenlaan 11, 6594 AH Nijmegen, Netherlands
• Registration Number: 60382947
• VAT Number: NL892460731B01
• Email: privacy@softaro.top
• Phone: +31 40 962 0904

Data Collection

The data we collect includes personal information that you provide directly to us when making reservations, contacting us, or visiting our restaurant. This may include:

• Name and contact information (email address, phone number)
• Reservation details and dining preferences
• Communication history with our restaurant
• Dietary requirements and special requests
• Payment information for advance bookings or deposits
• Website usage data through cookies and analytics
• CCTV footage for security purposes within our premises

How We Use Your Information

We explain how we use your information for the following legitimate business purposes under GDPR Article 6:

• Processing reservations: Managing your table bookings and special requests (Legal basis: Contract performance)
• Customer service: Responding to enquiries and providing support (Legal basis: Legitimate interests)
• Restaurant operations: Ensuring smooth service delivery and managing dietary requirements (Legal basis: Contract performance)
• Marketing communications: Sending promotional offers and updates with your consent (Legal basis: Consent)
• Security: Protecting our premises and ensuring guest safety (Legal basis: Legitimate interests)
• Legal compliance: Meeting regulatory requirements and tax obligations (Legal basis: Legal obligation)

Data Sharing and Third Parties

Softaro does not sell or rent your personal data to third parties. We may share your information with:

• Payment processors for secure transaction handling
• Reservation management systems to facilitate bookings
• Email service providers for communication purposes
• Legal authorities when required by law or to protect our rights
• Professional advisors (lawyers, accountants) bound by confidentiality

All third-party service providers are carefully selected and bound by data processing agreements to ensure your data remains protected.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

• Reservation data: Retained for 2 years after your last visit for customer service and operational purposes
• Marketing communications: Until you withdraw consent or 3 years of inactivity
• Financial records: 7 years as required by Dutch tax law
• CCTV footage: Maximum 30 days unless required for security investigations
• Website analytics: Anonymised data retained for 26 months

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Correct inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data under certain circumstances
• Right to restrict processing: Limit how we use your data in specific situations
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Opt out of processing based on legitimate interests or for marketing purposes
• Right to withdraw consent: Revoke consent for processing activities that rely on your consent

To exercise these rights, please contact us at privacy@softaro.top. We will respond to your request within 30 days.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the EU
• Certification schemes or codes of conduct

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure backup and disaster recovery procedures
• Regular monitoring for security breaches

Cookies and Website Analytics

Our website uses cookies to improve your browsing experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

You can manage your cookie preferences through our cookie consent banner or your browser settings.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email if you have provided your contact information
• Display a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.