Privacy Policy

Introduction

responluna B.V. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, use our services, or interact with our restaurant chain.

As the Data Controller, responluna is responsible for ensuring that your personal data is processed in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws in the Netherlands and the European Union.

Data Controller Information

The Data Controller for your personal information is:

Data Collection

The data we collect includes personal information that you provide directly to us and information that is automatically collected when you use our website or services. We collect the following types of personal data:

Information You Provide Directly

• Contact information (name, email address, phone number, postal address)
• Reservation details (date, time, number of guests, special requirements)
• Event planning information (event type, catering preferences, dietary requirements)
• Payment information (processed securely through third-party payment processors)
• Communication preferences and marketing consent
• Feedback, reviews, and correspondence with our customer service team

Automatically Collected Information

• Website usage data (pages visited, time spent, click patterns)
• Technical information (IP address, browser type, device information)
• Cookies and similar tracking technologies (see our Cookie Policy for details)
• Location data (if you enable location services)

How We Use Your Information

We explain how we use your information for various legitimate business purposes. The use of your data is always based on a legal basis as required by GDPR:

Service Provision (Legal Basis: Contract Performance)

• Processing reservations and managing table bookings
• Providing catering and event planning services
• Processing payments and managing billing
• Communicating about your reservations or events
• Providing customer support and responding to enquiries

Business Operations (Legal Basis: Legitimate Interest)

• Improving our services and restaurant operations
• Analysing customer preferences and dining patterns
• Maintaining security and preventing fraud
• Training staff and improving service quality
• Managing our business relationships and operations

Marketing Communications (Legal Basis: Consent)

• Sending promotional offers and special event notifications
• Sharing news about menu updates and seasonal offerings
• Providing personalised dining recommendations
• Inviting feedback and reviews

Legal Compliance (Legal Basis: Legal Obligation)

• Complying with food safety and health regulations
• Meeting tax and accounting requirements
• Responding to legal requests and regulatory requirements
• Maintaining records as required by law

Data Sharing and Third Parties

responluna does not sell your personal data to third parties. We may share your information with trusted service providers and partners who help us operate our business:

• Payment Processors: Secure processing of payments and financial transactions
• Technology Providers: Website hosting, email services, and customer management systems
• Suppliers: Catering partners and event service providers (with your consent)
• Legal and Professional Services: Accountants, lawyers, and business advisors
• Regulatory Authorities: When required by law or regulation

All third-party service providers are required to maintain the confidentiality and security of your personal data and are prohibited from using it for any purpose other than providing services to responluna.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal requirements:

• Reservation Data: Retained for 3 years after your last visit for customer service and business analysis
• Event and Catering Records: Retained for 5 years for business and tax compliance purposes
• Marketing Communications: Until you withdraw consent or 2 years of inactivity
• Financial Records: Retained for 7 years as required by Dutch tax law
• Website Analytics: Anonymised data retained for 26 months
• Customer Support Records: Retained for 2 years for service improvement

When the retention period expires, we securely delete or anonymise your personal data unless we are required to retain it longer by law.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us at privacy@responluna.top or call +31 402391436. We will respond to your request within 30 days.

Data Security

responluna implements appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure data centres and backup systems
• Regular monitoring for security breaches

While we implement strong security measures, no system is completely secure. If you become aware of any security breach, please contact us immediately.

International Data Transfers

Your personal data is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for multinational companies
• Certification schemes and codes of conduct

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and provide personalised services. For detailed information about our use of cookies, please see our Cookie Policy.

You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a prominent notice on our website

Your continued use of our services after the effective date of the updated Privacy Policy constitutes acceptance of the changes.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable law.

Supervisory Authority

If you have concerns about our data processing that we cannot resolve, you have the right to contact our supervisory authority: