Privacy Policy

Introduction

Midex B.V. ("Midex", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website midex.top, dine at our restaurant, or interact with our services.

As a business operating in the Netherlands and serving customers in the European Union, we comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws. We act as the Data Controller for the personal data we process.

Data Collection

The data we collect includes personal information that you provide directly to us and information that is automatically collected when you use our services. This may include:

• Contact Information: Name, email address, phone number, and mailing address when you make reservations or contact us
• Dining Preferences: Dietary restrictions, allergies, special requests, and seating preferences
• Payment Information: Credit card details and billing information for transactions (processed securely through our payment providers)
• Website Usage Data: IP address, browser type, device information, pages visited, and time spent on our website
• Communication Records: Records of your communications with us, including emails, phone calls, and feedback
• Marketing Preferences: Your consent to receive marketing communications and preferences for how you'd like to hear from us

How We Use Your Information

We explain how we use your information for various legitimate business purposes to provide and improve our services. The use of your data is based on the following legal bases under GDPR:

• Contract Performance: To process reservations, provide dining services, and fulfill our obligations to you
• Legitimate Interests: To improve our services, manage our business operations, and ensure the security of our premises
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Consent: For marketing communications and non-essential cookies, where you have given explicit consent

Specifically, we use your information to:

• Process and confirm your table reservations
• Accommodate your dietary requirements and preferences
• Process payments and maintain transaction records
• Communicate with you about your reservations and our services
• Send you marketing communications (with your consent)
• Improve our website functionality and user experience
• Comply with health and safety regulations
• Prevent fraud and ensure the security of our services

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our business, such as payment processors, reservation systems, and website hosting
• Legal Requirements: When required by law, regulation, or legal process, or to protect our rights, property, or safety
• Business Transfers: In connection with a merger, acquisition, or sale of business assets
• Emergency Situations: To protect the vital interests of you or another person

All third-party service providers are contractually bound to protect your information and use it only for the specific purposes we authorize.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Our retention periods vary depending on the type of information:

• Reservation Data: Retained for up to 3 years for operational purposes and customer service
• Payment Information: Retained according to financial regulations, typically 7 years
• Marketing Communications: Until you unsubscribe or withdraw consent
• Website Analytics: Typically retained for 26 months
• CCTV Footage: Retained for 30 days for security purposes

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention policy.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal information:

• Right of Access: Request a copy of the personal information we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your information
• Right to Data Portability: Request transfer of your information to another service provider
• Right to Object: Object to certain types of processing, including direct marketing
• Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within one month of receipt.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. For detailed information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data during transmission and storage
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure payment processing through PCI DSS compliant providers
• Regular backups and disaster recovery procedures

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

International Data Transfers

As Midex operates primarily within the European Union, most of your personal information is processed within the EU/EEA. However, some of our service providers may be located outside the EU/EEA. When we transfer personal information internationally, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable
• Other appropriate safeguards recognized under GDPR

Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and indicating the date of the last update. For significant changes, we may provide additional notice such as email notification.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding your personal information, please reach out to us using the contact information below:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal information appropriately.

Legal Basis for Processing

Under GDPR, we process your personal information based on the following legal bases:

• Article 6(1)(a) - Consent: For marketing communications and optional services
• Article 6(1)(b) - Contract: For processing reservations and providing our services
• Article 6(1)(c) - Legal Obligation: For compliance with applicable laws and regulations
• Article 6(1)(f) - Legitimate Interests: For business operations, security, and service improvement