Privacy Policy

Last updated: 1st January 2026

Data Controller Information

zenprotocol S.L. (Registration Number: B76053891) acts as the data controller for the personal information we collect. We are located at Calle Cervantes 93, 07698 Palma de Mallorca, Balearic Islands, Spain. For any privacy-related enquiries, please contact us at privacy@zenprotocol.world or call +34 974 141 975.

Data We Collect

The data we collect includes personal information you provide directly to us and information automatically collected when you use our website. We collect the following types of personal data:

• Contact Information: Name, email address, phone number, and postal address when you make a reservation or contact us
• Communication Data: Messages, feedback, and correspondence you send to us
• Website Usage Data: IP address, browser type, device information, pages visited, and time spent on our website
• Cookie Data: Information collected through cookies and similar tracking technologies
• Reservation Information: Date, time, party size, and special requirements for table bookings

How We Use Your Information

We use your personal data for the following purposes, based on legitimate business interests and legal obligations. How we use your data depends on the specific information collected and the context in which we collect it:

• To process and manage your table reservations and dining requests
• To respond to your enquiries and provide customer support
• To improve our website functionality and user experience
• To send you important updates about our services, opening hours, or menu changes
• To comply with legal obligations and protect our legitimate business interests
• To analyse website traffic and usage patterns for business improvement purposes

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: To fulfil our obligations when you make a reservation or use our services
• Legitimate Interests: To operate our business, improve our services, and ensure website security
• Consent: For marketing communications and non-essential cookies (where applicable)
• Legal Obligation: To comply with applicable laws and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner or by visiting our cookie policy page for detailed information about the cookies we use.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

• With service providers who assist us in operating our website and business (e.g., web hosting, analytics)
• When required by law, legal process, or to protect our rights and safety
• With your explicit consent for specific purposes
• In connection with a business transfer or merger (with appropriate safeguards)

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy. Contact information and reservation data are typically retained for three years after your last interaction with us, unless a longer retention period is required by law. Website analytics data is retained for 26 months, and cookie data expires according to the specific cookie types as detailed in our cookie policy.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure server hosting, regular security assessments, and staff training on data protection. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, to protect your information in accordance with GDPR requirements.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this privacy policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

If you believe we have not handled your personal data in accordance with this policy or applicable data protection laws, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos) or your local supervisory authority.