Privacy & Cookie Policy

Last updated: April 2026

This Privacy & Cookie Policy explains how Amsterdam Restaurant Guide ("we", "us", "our") collects, uses and protects your personal data when you use our website. We comply with the EU General Data Protection Regulation (GDPR / Regulation (EU) 2016/679) and the Dutch Telecommunications Act (Telecommunicatiewet) implementing the ePrivacy Directive. We are committed to processing your data lawfully, fairly and transparently.

1. Data controller

The controller responsible for the processing of your personal data within the meaning of Article 4(7) GDPR is the operator of Amsterdam Restaurant Guide. For privacy-related questions, requests to exercise your rights, or complaints, please contact us through the Site.

2. What data we collect

We collect only the data strictly necessary to operate the Site: (a) technical data automatically sent by your browser (IP address, browser type, language, referring URL, timestamp) used for security, abuse prevention and aggregated analytics; (b) preferences you set on the Site (selected language, saved restaurants), stored locally in your browser via localStorage; (c) account data if you create an account (email address, hashed password, authentication tokens); (d) content you submit (e.g. saved favourites linked to your account). We do not collect special categories of personal data (Article 9 GDPR).

3. Legal basis for processing

We process your personal data on the following legal bases under Article 6(1) GDPR: (a) performance of a contract — to provide the Site and account features you request; (b) legitimate interests — to ensure security, prevent fraud and improve the Site, balanced against your rights and freedoms; (c) legal obligation — where we must retain or disclose data to comply with Dutch or EU law; (d) consent — for non-essential cookies and similar technologies, which you may withdraw at any time.

4. Cookies and similar technologies

A cookie is a small text file stored on your device. We also use comparable technologies such as localStorage. We distinguish: (a) FUNCTIONAL / STRICTLY NECESSARY — required for the Site to work (session, authentication, language preference, saved restaurants). These do not require consent under Article 11.7a of the Dutch Telecommunications Act; (b) ANALYTICS — privacy-friendly, aggregated statistics with IP anonymisation and no cross-site tracking, configured to fall under the Dutch DPA's exception for analytical cookies with no or minimal privacy impact; (c) THIRD-PARTY — when you click an outbound reservation link (e.g. TheFork) you leave our Site and that third party may set its own cookies under its own privacy policy. We do not currently use advertising or tracking cookies. If we add any in the future we will request your prior, freely given, specific, informed and unambiguous consent via a cookie banner before they are placed.

5. Sharing with third parties

We do not sell your personal data. We share data only with processors acting on our instructions under a Data Processing Agreement (Article 28 GDPR), including: our hosting and database provider, our authentication provider, and our AI gateway used to generate translations and recommendations. Where any provider is located outside the European Economic Area, transfers are protected by appropriate safeguards under Chapter V GDPR, such as the European Commission's Standard Contractual Clauses.

6. Data retention

We retain personal data only as long as necessary for the purposes for which it was collected: account data until you delete your account; technical logs typically up to 30 days; saved restaurants in your browser until you clear them. Data we are legally required to retain (e.g. for tax or security purposes) is kept for the statutory period and then deleted.

7. Your rights under the GDPR

You have the right to: (a) access your personal data (Article 15); (b) rectify inaccurate data (Article 16); (c) erase your data (Article 17, "right to be forgotten"); (d) restrict processing (Article 18); (e) data portability (Article 20); (f) object to processing based on legitimate interests (Article 21); (g) withdraw consent at any time without affecting the lawfulness of prior processing; (h) lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or the supervisory authority in your EU member state. To exercise your rights, contact us through the Site. We will respond within one month as required by Article 12(3) GDPR.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction (Article 32 GDPR), including encryption in transit (HTTPS/TLS), secure password hashing, access controls and regular security reviews. In the unlikely event of a personal data breach affecting your rights, we will notify the Autoriteit Persoonsgegevens within 72 hours and, where required, inform you without undue delay.

9. Children

The Site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be communicated through the Site.

11. Contact

For questions about this policy or to exercise any of your rights under the GDPR, please contact us through the Site. You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), the Dutch supervisory authority for data protection.