Privacy Policy

Introduction

VelvetBeacon B.V. ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, use our services, or interact with us.

We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our registered office is located at Dorpsstraat 233, 1048 FY Amsterdam, North Holland, Netherlands.

Data We Collect

The data we collect depends on how you interact with our services. We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, postal address
• Business Information: Restaurant name, business details, financial information for consultation purposes
• Communication Data: Records of correspondence, consultation notes, service requests
• Website Usage Data: IP address, browser type, device information, pages visited, time spent on site
• Marketing Data: Preferences for receiving marketing communications, interaction with our marketing materials

We collect this data collection through various means including our website forms, email communications, phone calls, and during the provision of our consulting services.

How We Use Your Information

We use of your data is based on legitimate business interests and, where required, your consent. We use your personal information for the following purposes:

• Providing restaurant profit improvement consulting services
• Responding to your enquiries and communication requests
• Managing client relationships and service delivery
• Processing payments and managing billing
• Improving our website and services through analytics
• Sending marketing communications (with your consent)
• Complying with legal obligations and regulatory requirements

How we use your information is always proportionate to the purpose for which it was collected and in accordance with applicable data protection laws.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• With service providers who assist us in delivering our services (e.g., payment processors, cloud storage providers)
• With professional advisors such as lawyers, accountants, and auditors
• When required by law, legal process, or regulatory requirements
• To protect our rights, property, or safety, or that of our clients or the public

All third parties we work with are required to maintain appropriate security measures and use your data only for the specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our data retention periods are as follows:

• Client consultation records: 7 years after the end of the business relationship
• Marketing communications data: Until you unsubscribe or withdraw consent
• Website analytics data: 26 months (Google Analytics default)
• Financial records: 7 years as required by Dutch tax law

After the retention period expires, we securely delete or anonymise your personal data in accordance with our data retention policy.

Your Rights

Under the GDPR and other applicable privacy laws, your rights regarding your personal data include:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise your rights, please contact us using the contact information provided below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection and security
• Secure backup and disaster recovery procedures

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Transfers to countries with an adequacy decision from the European Commission
• Use of Standard Contractual Clauses approved by the European Commission
• Other appropriate safeguards as recognised under applicable data protection law

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local data protection authority.