Privacy Policy

Last updated: May 2026

This Privacy Policy describes how Costa d'Amalfi (hereinafter "we", "us", "our") collects, uses, and protects your personal data when you visit our website at www.costadamalfi.be or interact with our restaurant services.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and Belgian privacy law.

1. Data Controller

Costa d'Amalfi Restaurant

Rue Stevin 192, 1000 Brussels, Belgium

Phone: +32 (0)2 330 70 99

Email: infocostadamalfi@gmail.com

2. Data We Collect

We may collect the following categories of personal data:

2.1 Information you provide directly

  • Reservation data: name, contact details (phone, email), date, time, number of guests, special requests
  • Event inquiry data: name, email, phone, company name, event type, date, number of guests, message content
  • Communication data: any information you provide when contacting us via email, phone, or social media

2.2 Information collected automatically

  • Technical data: IP address, browser type, device information, operating system
  • Usage data: pages visited, time spent on site, referral source
  • Cookies: see our Cookie Policy for details

3. Why We Collect Your Data (Legal Basis)

We process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): to manage your reservations and provide our restaurant services
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with Belgian tax and accounting laws
  • Consent (Art. 6(1)(a) GDPR): for marketing communications and non-essential cookies
  • Legitimate interest (Art. 6(1)(f) GDPR): to improve our services, prevent fraud, and ensure website security

4. How We Use Your Data

Your personal data is used for the following purposes:

  • Processing and managing your table reservations
  • Responding to event inquiries and providing quotes
  • Communicating about your booking (confirmations, reminders, changes)
  • Improving our website and dining experience
  • Complying with legal and regulatory obligations
  • Protecting our legal rights and preventing fraud

5. Data Sharing and Third Parties

We do not sell or rent your personal data. We may share your information only with:

  • Reservation systems: Barestho (our booking platform) — for managing online reservations
  • Email service providers: for transactional emails (e.g., booking confirmations)
  • Analytics providers: Google Analytics, only with your cookie consent
  • Hosting provider: Hostinger, where our website data is stored securely
  • Legal authorities: when required by law or to protect our legal rights

All third-party providers are required to comply with GDPR and process your data only on our behalf.

6. Data Retention

We retain your personal data only as long as necessary:

  • Reservation data: up to 24 months after your last visit
  • Event inquiry data: up to 12 months after our last contact, unless a contract is established
  • Accounting records: 7 years (Belgian legal requirement)
  • Marketing data: until you withdraw consent

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access: request a copy of the data we hold about you
  • Right of rectification: correct inaccurate or incomplete data
  • Right of erasure ("right to be forgotten"): request deletion of your data
  • Right to restrict processing: limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: oppose processing based on legitimate interest or marketing
  • Right to withdraw consent: at any time, without affecting prior lawful processing

To exercise any of these rights, please contact us at infocostadamalfi@gmail.com. We will respond within 30 days of receiving your request.

8. Right to Lodge a Complaint

If you believe your data has been processed unlawfully, you have the right to file a complaint with the Belgian Data Protection Authority:

Autorité de Protection des Données (APD)

Rue de la Presse 35, 1000 Brussels

Website: www.autoriteprotectiondonnees.be

Email: contact@apd-gba.be

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encrypted connections (HTTPS), secure hosting, and access controls.

10. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When this happens, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses or adequacy decisions by the European Commission).

11. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from minors without parental consent.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: infocostadamalfi@gmail.com

Phone: +32 (0)2 330 70 99

Address: Rue Stevin 192, 1000 Brussels, Belgium