Privacy Policy

Data Controller

Lumios B.V. is the data controller responsible for your personal information. We are registered in the Netherlands with registration number 94175208 and VAT number NL892037416B01.

Data Collection

The data we collect includes personal information that you provide to us directly and information we collect automatically when you visit our website or restaurant. This includes your name, contact details, dining preferences, and reservation information.

We collect the following types of personal information:

• Contact Information: Name, email address, phone number, and postal address
• Reservation Data: Booking details, party size, special requirements, and dining preferences
• Communication Records: Records of correspondence and interactions with our team
• Website Usage: IP address, browser type, pages visited, and usage patterns
• Marketing Preferences: Consent for marketing communications and newsletter subscriptions

How We Use Your Information

We explain how we use your information to provide our restaurant services, process reservations, and improve your dining experience. The use of your data is essential for delivering the services you request and enhancing our operations.

We use your personal information for the following purposes:

• Processing and managing restaurant reservations
• Providing customer service and responding to inquiries
• Personalising your dining experience based on preferences
• Sending service-related communications about your bookings
• Improving our menu, services, and restaurant operations
• Sending marketing communications (with your consent)
• Complying with legal obligations and protecting our legitimate interests

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide restaurant services and fulfil reservations
• Legitimate Interests: Improving our services, business operations, and customer experience
• Consent: Marketing communications and optional services (where explicit consent is given)
• Legal Compliance: Meeting regulatory requirements and legal obligations

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

• With trusted service providers who assist in restaurant operations (payment processing, booking systems)
• When required by law or to protect our legal rights
• In case of business transfer or merger (with appropriate notifications)
• With your explicit consent for specific purposes

All third-party service providers are bound by confidentiality agreements and must comply with GDPR requirements.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this privacy policy and to comply with legal requirements.

• Reservation Data: Retained for up to 3 years for service improvement and customer relationship management
• Marketing Communications: Until you withdraw consent or we determine the information is no longer needed
• Financial Records: Retained for 7 years to comply with tax and accounting regulations
• Website Analytics: Typically retained for 26 months for statistical analysis

After the retention period expires, we securely delete or anonymise your personal information.

Your Rights

Under GDPR, you have several rights regarding your personal information:

• Right of Access: Request a copy of the personal information we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information (subject to legal requirements)
• Right to Restrict Processing: Request limitation of how we use your information
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us at privacy@lumios.top. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure data storage and backup procedures
• Incident response procedures for data breaches

Cookies and Website Analytics

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please see our Cookie Policy.

You can manage your cookie preferences through your browser settings or our cookie consent banner when you first visit our website.

International Data Transfers

We primarily process your personal information within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Certification schemes or codes of conduct

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following information:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal information in accordance with data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you by email if you have provided your email address
• Post a notice on our website highlighting the changes
• Obtain your consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.