Last updated: 14 November 2025

1. Who we are

Vishoek ("we", "us", "our") is a restaurant located at:

Vishoek
Visserskaai 37, 8400 Oostende, Belgium

Phone: +32 497 70 80 90
Website: https://vishoek.be
Email: info@vishoek.be

For the purposes of the General Data Protection Regulation ("GDPR") and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, Vishoek is the controller of your personal data.

2. Scope of this policy

This privacy policy applies to:

• Visitors of our website vishoek.be
• People who contact us through the website
• People who make a reservation through our online reservation form

3. Personal data we process

3.1 Information you provide directly

Reservation form

When you make a reservation through our own reservation form, we process:

• Full name
• Email address
• Phone number
• Message (for example preferred date and time, number of guests, special requests, allergies, etc.)

This information is stored in our database and a copy is sent by email to our mailbox.

Contact form

When you contact us through the contact form, we process:

• Full name
• Email address
• Phone number
• Subject
• Message

This information is stored in our system and a copy is sent by email to our mailbox. We may also store any further correspondence if you reply to our emails.

3.2 Information we collect automatically (website)

When you visit our website, technical data may be collected automatically by our CMS (Borz CMS) and our analytics tools, such as:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited, date and time of visit, time spent on each page
• Referring website or source

These data are primarily used in an aggregated form for statistics and do not allow us to identify you directly, unless combined with other information.

3.3 Guest Wi-Fi in the restaurant

We provide guest Wi-Fi in the restaurant.

• We do not require you to register or provide personal data (such as name, email or phone number) to use the Wi-Fi.
• Like any Wi-Fi network, basic technical information (such as IP address and device identifiers) may appear in network logs for security and troubleshooting.
• These logs are not used to create customer profiles or for marketing purposes.

4. Purposes and legal bases

We only process your personal data when we have a legal basis under the GDPR.

Purpose	Data	Legal basis
Managing and confirming your reservation	Data from the reservation form	Performance of a contract or steps taken at your request before entering into a contract (art. 6(1)(b) GDPR)
Answering your questions and handling requests	Data from the contact form and follow-up correspondence	Our legitimate interest in responding to requests and managing our customer relations (art. 6(1)(f) GDPR)
Ensuring the proper functioning and security of the website	Technical logs (IP address, browser, etc.)	Our legitimate interest in keeping our website secure and available (art. 6(1)(f) GDPR)
Measuring and improving the use of our website (analytics)	Pseudonymised/aggregated usage data	Your consent where required for non-essential cookies and our legitimate interest in improving our services (art. 6(1)(a) and/or 6(1)(f) GDPR)
Securing and managing our guest Wi-Fi	Basic technical network logs	Our legitimate interest in maintaining network security and preventing abuse (art. 6(1)(f) GDPR)

We do not use your data for automated decision-making or profiling that produces legal effects concerning you.

5. Who has access to your data?

We only share your personal data with third parties when this is necessary for the purposes described above, when we have a legal obligation to do so, or when you have given your consent.

The categories of recipients are:

• Hosting provider: OVH, which hosts our website and database
• Analytics provider(s): tools that help us measure and analyse website usage
• Technical service providers / developers: who maintain Borz CMS and our website, where they require access to perform their tasks

These parties act as processors and are contractually or legally obliged to:

• Only process personal data on our documented instructions
• Implement appropriate technical and organisational security measures

Public authorities (such as police, courts or regulators) may receive personal data when we are legally obliged to provide them.

We do not sell your personal data to third parties.

6. Transfers outside the European Economic Area (EEA)

If our service providers are located outside the EEA or use servers located outside the EEA, we ensure that appropriate safeguards are in place, such as:

• An adequacy decision of the European Commission, or
• Standard contractual clauses approved by the European Commission

These safeguards aim to ensure a level of data protection essentially equivalent to that in the EEA.

7. Retention periods

We do not keep your personal data longer than necessary for the purposes for which they were collected.

In practice, this means approximately:

• Reservation form data: up to 1 year after the date of your reservation
• Contact form data and related correspondence: up to 1 year after our last contact on the same topic
• Technical website logs: up to 12 months after collection
• Analytics data: for a period that is proportionate to our need for statistics and in line with the retention settings of our analytics tool
• Guest Wi-Fi logs: for a limited time necessary for security and troubleshooting, after which they are deleted or anonymised

After these periods, data are deleted or anonymised, unless we are legally obliged to keep them longer (for example in the context of a dispute).

8. Cookies and analytics

Our website uses cookies and similar technologies.

• Essential cookies are necessary for the functioning of the site (for example to remember technical settings) and may be placed without your consent.
• Analytics cookies help us understand how the site is used (for example which pages are visited and how often) so we can improve our services.

Where required by law, we will ask for your consent for non-essential cookies via a cookie banner or similar mechanism. You can withdraw your consent at any time through your browser settings or via the cookie settings on our website (if available).

More detailed information about the cookies used can be provided on request and may also be included in a separate cookie policy.

9. How we protect your data

We take appropriate technical and organisational measures to protect your personal data, including:

• Use of HTTPS/SSL encryption on the website
• Hosting with a professional provider (OVH) in data centres with appropriate security measures
• Restricted access to personal data to those who need it to perform their job
• Protection of systems containing personal data with passwords and other security controls
• Regular updates of our CMS and server software
• Backups of our website and database

These measures are intended to prevent unauthorised access, loss, misuse or alteration of your personal data. Despite our efforts, no system can guarantee absolute security.

10. Your rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: to know whether we process your data and to obtain a copy of it
• Right to rectification: to have incorrect or incomplete data corrected
• Right to erasure: to have your data deleted in certain cases ("right to be forgotten")
• Right to restriction: to limit the processing of your data in certain circumstances
• Right to object: to processing based on our legitimate interests, on grounds relating to your particular situation
• Right to withdraw consent: where processing is based on your consent, you can withdraw it at any time
• Right to data portability: to receive the data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller, where applicable

You can exercise these rights by contacting us using the details in section 11. We may ask you for additional information to verify your identity. We will handle your request as soon as reasonably possible and within the time limits laid down by the GDPR.

11. Contact

For questions about this privacy policy or about the processing of your personal data, or to exercise your rights, you can contact us at:

Vishoek
Visserskaai 37, 8400 Oostende, Belgium

Email: info@vishoek.be
Phone: +32 497 70 80 90

12. Changes to this privacy policy

We may update this privacy policy from time to time, for example to reflect changes in the law or in the way we process personal data. The most recent version is always available on our website. The "last updated" date at the top of this page indicates when it was last revised.