Privacy Policy

Introduction

ChuckOnTfu B.V. ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website chuckontfu.top, dine at our restaurant, or interact with our services. This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws in the European Union.

Data Controller

ChuckOnTfu B.V. is the Data Controller responsible for your personal data. Our contact details are:

Data Collection

The data we collect includes personal information that you provide to us directly and information that we collect automatically when you use our services. We may collect the following types of information:

• Contact information (name, email address, phone number, postal address)
• Reservation details and dining preferences
• Payment information (processed securely through third-party payment processors)
• Website usage data (IP address, browser type, pages visited, time spent on pages)
• Cookie data and similar tracking technologies
• Communication records (emails, phone calls, feedback)
• Special dietary requirements or accessibility needs

How We Use Your Information

We explain how we use your information for various legitimate business purposes. The use of your data is based on the following legal bases under GDPR:

• Contract Performance: To process reservations, provide dining services, and handle payments
• Legitimate Interest: To improve our services, conduct marketing activities, and ensure security
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with accounting, tax, and other legal requirements

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal bases:

• Performance of a contract (restaurant services, reservations)
• Legitimate interests (business operations, service improvement)
• Your consent (marketing communications, analytics cookies)
• Legal obligations (financial records, health and safety compliance)

Data Sharing and Disclosure

We may share your information with trusted third parties in the following circumstances:

• Payment processors for secure transaction processing
• Reservation system providers
• Marketing service providers (with your consent)
• Legal authorities when required by law
• Business partners for joint promotional activities (with your consent)

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy. Our retention periods are:

• Customer contact information: 3 years after last interaction
• Reservation data: 2 years for service improvement purposes
• Financial records: 7 years as required by Dutch law
• Marketing communications: Until you unsubscribe or withdraw consent
• Website analytics data: 26 months maximum

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our cookie practices, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing through certified providers

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not complied with applicable data protection laws: