Privacy Policy

Introduction

Veyto S.A. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, use our services, or interact with us. This policy applies to all personal data we process about you, whether collected through our website, in-person visits, telephone communications, or other interactions.

As the data controller, we ensure that all personal data processing complies with the General Data Protection Regulation (GDPR) and applicable Belgian data protection laws. We are committed to being transparent about how we handle your personal information.

Data We Collect

The data we collect depends on how you interact with our services. We may collect and process the following categories of personal information:

• Contact Information: Name, email address, telephone number, postal address
• Reservation Data: Booking details, party size, special requirements, dietary preferences
• Communication Records: Records of your communications with us, including emails, phone calls, and feedback
• Website Usage Data: IP address, browser type, device information, pages visited, time spent on our website
• Marketing Preferences: Your preferences regarding marketing communications and promotional materials
• Event Information: Details related to special events, catering requests, and customised services

We collect this information through various methods including our website contact forms, telephone conversations, email correspondence, and direct interactions during your visits to our restaurant.

How We Use Your Information

We use your personal data for specific, legitimate purposes and only where we have a legal basis to do so. Here's how we use your information and our legal basis for processing:

• Service Delivery: To provide our restaurant services, process reservations, fulfil takeaway orders, and manage special events (Legal basis: Contract performance)
• Customer Communication: To respond to your enquiries, confirm bookings, and provide customer support (Legal basis: Contract performance and legitimate interests)
• Service Improvement: To improve our services, menu offerings, and customer experience based on feedback and usage patterns (Legal basis: Legitimate interests)
• Marketing Communications: To send you promotional materials, special offers, and updates about our services, where you have consented (Legal basis: Consent)
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations (Legal basis: Legal obligation)
• Business Operations: To manage our business operations, maintain records, and ensure the security of our services (Legal basis: Legitimate interests)

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

Our website uses various types of cookies including necessary cookies for basic functionality, analytics cookies to understand how visitors use our site, and marketing cookies for advertising purposes. For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our business, such as payment processors, email service providers, and website hosting services
• Legal Requirements: When required by law, court order, or governmental authority
• Business Protection: To protect our rights, property, or safety, or that of our customers or others
• Business Transfers: In connection with any merger, sale of company assets, or acquisition

All third-party service providers are carefully selected and required to maintain appropriate security measures and use your data only for the specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods vary depending on the type of data and the purpose for which it was collected:

• Reservation Data: Retained for up to 2 years after your last visit for customer service and operational purposes
• Marketing Data: Retained until you withdraw consent or for up to 3 years of inactivity
• Financial Records: Retained for 7 years in accordance with Belgian tax and accounting requirements
• Website Analytics: Typically retained for up to 26 months

When personal data is no longer needed, we securely delete or anonymise it in accordance with our data retention and disposal procedures.

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data. These rights include:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete personal data
• Right to Erasure: You can request deletion of your personal data in certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your personal data
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format
• Right to Object: You can object to certain types of processing, including direct marketing
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure hosting and backup procedures
• Regular monitoring for security threats and vulnerabilities

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard security practices.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission. We will inform you of any such transfers and the safeguards in place.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this policy. For significant changes, we will provide additional notice through our website or direct communication.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données/Gegevensbeschermingsautoriteit) if you believe we have not handled your personal data in accordance with applicable law.