Privacy Policy

1. Introduction

Welcome to Lauer House ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website lauerhouse.gr, make a reservation, or interact with us in any way.

Lauer House is a family-owned Greek restaurant located in Sarti, Halkidiki, Greece. We have been serving authentic Greek cuisine since 2005 and take your privacy as seriously as we take the quality of our food.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Make a table reservation (name, email, phone number, date, time, party size, special requests)
• Contact us through our contact form (name, email, phone number, message content)
• Subscribe to our newsletter (email address, name)
• Leave a review or testimonial (name, review content)
• Interact with us on social media

3.2 Information Automatically Collected

When you visit our website, we automatically collect certain information, including:

• Device information (browser type, operating system, device type)
• IP address and approximate location
• Pages visited and time spent on pages
• Referring website or source
• Cookies and similar tracking technologies (see our Cookie Policy for details)

3.3 Information from Third Parties

We may receive information about you from:

• Reservation platforms (such as Eateio) when you book through their services
• Review platforms (TripAdvisor, Google Reviews) when you mention our restaurant
• Social media platforms when you interact with our pages

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 To Provide Our Services

• Process and manage table reservations
• Respond to your inquiries and requests
• Send reservation confirmations and reminders
• Accommodate dietary requirements or special requests

4.2 To Communicate With You

• Send newsletters and promotional materials (with your consent)
• Notify you about changes to our services, menu, or opening hours
• Inform you about special events, live music nights, and seasonal offerings

4.3 To Improve Our Services

• Analyze website usage to improve user experience
• Understand customer preferences and dining trends
• Develop new features and offerings
• Conduct internal research and analytics

4.4 For Legal and Safety Purposes

• Comply with legal obligations
• Protect against fraudulent or illegal activity
• Enforce our terms and conditions
• Protect the safety of our guests and staff

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill a reservation or respond to your inquiry
• Legitimate Interests: Processing for our legitimate business interests, such as improving our services and marketing (where your interests do not override)
• Consent: Processing based on your explicit consent, such as for marketing communications
• Legal Obligation: Processing required to comply with applicable laws and regulations

6. How We Share Your Information

We do not sell your personal information. We may share your information with:

6.1 Service Providers

• Reservation management systems (Eateio)
• Email marketing platforms
• Website hosting and analytics providers
• Payment processors (if applicable)

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

• Reservation data: Up to 2 years after your last visit for service improvement and re-booking convenience
• Contact form submissions: Up to 1 year after the inquiry is resolved
• Newsletter subscriptions: Until you unsubscribe
• Website analytics: Up to 26 months (Google Analytics default)
• Legal/tax records: As required by Greek law (typically 5-10 years)

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• SSL/TLS encryption for data transmission
• Secure hosting infrastructure
• Access controls and authentication measures
• Regular security assessments
• Staff training on data protection

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have the information removed.

12. Third-Party Links

Our website may contain links to third-party websites, including:

• Social media platforms (Facebook, Instagram, TripAdvisor)
• Reservation platforms
• Map services (Google Maps)
• Travel planning services (Rome2Rio)

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to newsletter subscribers (for significant changes)

We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: