Privacy Policy
Last updated: 2 May 2026
IQRAM Café & Restaurant (“IQRAM”, “we”, “us”) respects your privacy and handles your personal data with care, in accordance with the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG).
1. Who is responsible?
The data controller for personal data collected through this website is:
- Name: IQRAM Café & Restaurant
- Address: Tussen Meer 213, 1069DN Amsterdam
- Chamber of Commerce (KvK) number: 92238653
- Email: info@iqram.nl
- Phone: +31 20 246 6662
2. What data do we process?
We only process data you provide to us yourself or that is automatically collected when you visit our website. Specifically:
- Reservation details (via GuestPlan): name, email address, phone number, party size, date and time. GuestPlan processes this data on our behalf to manage your booking.
- Contact details: if you email or call us, we record your message and the contact details you provide.
- Technical data (only after cookie consent): anonymised IP address, browser and device type, screen resolution, language preference, pages visited, button clicks, scroll behaviour, and source of your visit (referring website or search term).
- QR menu interaction (in-restaurant): fully anonymous aggregates of which menu sections are viewed from which table number (browser session ID only, no cookies, no personal data, not linkable to an individual).
3. Purposes and legal bases
We process your data exclusively for the following purposes:
| Purpose | Data category | Legal basis (GDPR Art. 6) |
|---|---|---|
| Manage reservations | Reservation details | Performance of contract (Art. 6(1)(b)) |
| Respond to inquiries | Contact details | Consent / legitimate interest (Art. 6(1)(a) / (f)) |
| Marketing analytics and site statistics | Technical data | Consent (Art. 6(1)(a)) |
| Advertising measurement (Google Ads) | Technical data, conversion events | Consent (Art. 6(1)(a)) |
| QR menu operational improvement | Anonymous aggregates | Legitimate interest (Art. 6(1)(f)) |
| Security and fraud prevention | Server logs | Legitimate interest (Art. 6(1)(f)) |
4. Who do we share your data with?
We never sell your data. We only share with parties needed to deliver our service, on the basis of a data processing agreement:
- GuestPlan — processes reservations on our behalf. GuestPlan privacy policy.
- Google Ireland Ltd. (Google Analytics 4, Google Tag Manager, Google Ads) — processes anonymised site statistics and advertising measurement, only after your consent. Google is certified under the EU-US Data Privacy Framework. Google privacy policy.
- Our hosting provider — for server and email hosting; your data stays within the European Economic Area.
- Competent authorities — only when legally required.
5. How long do we keep your data?
- Reservations: 24 months after your visit (customer management, dispute handling, fiscal obligations).
- Email correspondence: 24 months, unless you request earlier deletion.
- Marketing analytics (Google Analytics 4): 14 months.
- QR menu raw events: 90 days, then only aggregated, non-identifiable figures remain.
- QR menu aggregates: 24 months for seasonal and year-on-year comparison.
- Server logs: maximum 30 days.
6. International transfers
For analytics and advertising measurement we use Google services. Google may transfer limited data to servers in the United States. This transfer takes place under the EU-US Data Privacy Framework, for which the European Commission issued an adequacy decision (July 2023). All other processing keeps your data within the European Economic Area.
7. Your rights
Under the GDPR you have the following rights:
- Right of access (Art. 15) — you may request which data we process about you.
- Right to rectification (Art. 16) — have inaccurate data corrected.
- Right to erasure (Art. 17) — have your data deleted (“right to be forgotten”).
- Right to restriction (Art. 18) — temporarily pause processing.
- Right to data portability (Art. 20) — receive your data in a machine-readable format.
- Right to object (Art. 21) — object to processing on the basis of legitimate interest or direct marketing.
- Right to withdraw consent — for cookies and analytics you can change your choice at any time via the cookie settings at the bottom of every page.
Send requests to info@iqram.nl. We respond within one month. If you are not satisfied with our handling, you can lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).
8. Cookies
Our website uses cookies and similar techniques. Read more in our Cookie Policy. On your first visit we ask for your consent via a cookie banner. Until you give consent, we only place strictly necessary cookies.
9. Security
We take appropriate technical and organisational measures to protect your data, including TLS encryption, restricted access management, and periodic software updates. Should a data breach occur, we will report it to the Dutch Data Protection Authority within 72 hours and, where required, to you, as required by GDPR Art. 33.
10. Changes
We may update this privacy policy. The most current version is always on this page. For substantial changes we will notify you via the website or email.