Privacy Policy

Introduction

brightfields B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our café & bistro, use our website brightfields.world, or interact with our services.

As the Data Controller, brightfields operates in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union and Netherlands.

Data Collection

The data we collect includes personal information that you provide directly to us and information we collect automatically when you visit our premises or website. This may include your name, email address, phone number, payment information, and preferences related to our café & bistro services.

We collect information when you:

• Visit our café & bistro and make purchases
• Contact us via phone, email, or contact forms
• Subscribe to our communications
• Participate in surveys or feedback requests
• Use our website and interact with our online services

How We Use Your Information

We explain how we use your information to provide and improve our café & bistro services, process transactions, communicate with you, and ensure compliance with legal obligations. Our use of your data is based on legitimate business interests and your consent where required.

Specifically, we use your information to:

• Process orders and payments for food and beverages
• Provide customer service and respond to inquiries
• Send updates about our menu, services, and special offers
• Improve our café operations and customer experience
• Comply with legal and regulatory requirements
• Prevent fraud and ensure security of our services

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contractual necessity: To fulfil orders and provide services you've requested
• Legitimate interests: To operate our business, improve services, and communicate with customers
• Consent: For marketing communications and non-essential cookies
• Legal obligation: To comply with tax, accounting, and other legal requirements

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted service providers who assist us in operating our café & bistro, such as payment processors, technology providers, and professional advisors, but only to the extent necessary for them to provide their services.

We may also disclose your information if required by law or to protect our rights and safety.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy. Generally, we keep customer information for the duration of our business relationship and for up to 7 years after your last interaction with us to comply with legal and regulatory requirements.

Marketing data is retained until you unsubscribe or withdraw consent. Website analytics data is typically retained for 26 months.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data
• Right to restrict processing: Request limitation of data processing
• Right to data portability: Request transfer of your data
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for consent-based processing

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

You can manage your cookie preferences through your browser settings or our cookie consent banner.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption, access controls, and regular security assessments.

However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Information

If you have questions about this Privacy Policy, want to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable law.