Privacy Policy

Introduction

mentaljtnf.top B.V. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website at mentaljtnf.top or use our restaurant services.

As the Data Controller, we are responsible for deciding how we hold and use personal information about you. This policy applies to all visitors and customers of mentaljtnf.top.

Data Collection

The data we collect includes personal information that you provide directly to us, information we collect automatically when you use our website, and information we may receive from third parties. We collect this information to provide you with excellent service and to improve your dining experience at mentaljtnf.top.

Specifically, we may collect the following types of information:

• Personal identification information (name, email address, phone number)
• Reservation details and dining preferences
• Payment information (processed securely by our payment providers)
• Communication records when you contact us
• Website usage data and analytics information
• Cookie and tracking data as described in our Cookie Policy

How We Use Your Information

We explain how we use your information to provide and improve our restaurant services, communicate with you, and fulfil our legal obligations. The use of your data is always based on a lawful basis under GDPR, including consent, contract performance, legitimate interests, or legal compliance.

We use your personal information for the following purposes:

• Processing and managing your restaurant reservations
• Providing customer service and responding to your inquiries
• Processing payments for our services
• Sending you important information about your reservations
• Improving our website and restaurant services
• Complying with legal and regulatory requirements
• Marketing communications (with your consent)

Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. Our legal bases include:

• Contract: Processing necessary to perform our contract with you (e.g., providing restaurant services)
• Consent: Where you have given clear consent for us to process your data for specific purposes
• Legitimate Interests: For our legitimate business interests, such as improving our services
• Legal Obligation: Where we need to comply with legal or regulatory requirements

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• With trusted service providers who assist us in operating our website and restaurant
• With payment processors to handle secure transactions
• When required by law or to protect our legal rights
• In connection with a business transfer or merger

All third parties are required to maintain the confidentiality of your information and use it only for the specified purposes.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Specific retention periods include:

• Reservation data: 3 years from last visit for service improvement
• Financial records: 7 years as required by Dutch law
• Marketing consent: Until withdrawn or 3 years of inactivity
• Website analytics: 26 months in accordance with privacy regulations

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal information:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain situations
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure SSL encryption for data transmission
• Regular security assessments and updates
• Limited access to personal data on a need-to-know basis
• Staff training on data protection and privacy

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website traffic. For detailed information about our use of cookies, please refer to our Cookie Policy.

International Data Transfers

As we operate primarily within the European Union, your personal data is processed within the EU/EEA. If we need to transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal information, please reach out to us using the following contact information:

Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your country of residence.