From March 18, a new menu at our Bistro!
Last updated: May 2026
Winston Bistro Bar & B&B attaches great importance to the protection of your personal data. In this privacy policy, we explain which personal data we collect, why we process this data, with whom we may share this data, how long we retain data and what rights you have.
This privacy policy applies to the use of our website, contact with Winston Bistro Bar & B&B, reservations for the Bed & Breakfast, reservations for the Bistro Bar and other services we offer.
1. Which personal data do we process?
We only process personal data that is necessary for our services. Depending on the way you contact us or use our services, we may process the following personal data:
Name and contact details, such as email address and telephone number.
Reservation details, such as arrival and departure date, number of guests, room type, table reservation, reservation time and any comments.
Payment and invoicing details, insofar as necessary for payments, administration and legal obligations.
Communication details, for example when you email us, call us or fill in a contact form.
Technical data, such as IP address, browser data, device data, cookie data and data about the use of our website.
Preferences or specific details that you provide to us yourself, such as dietary requirements, accessibility needs or comments with a reservation.
We ask you not to provide us with special categories of personal data unless this is necessary for your stay, reservation, safety or when you consciously provide this data to us yourself.
2. What do we use your personal data for?
We use your personal data for the following purposes:
Processing and managing room reservations for the Bed & Breakfast.
Processing and managing table reservations for the Bistro Bar.
Answering questions via email, telephone or contact form.
Performing agreements, such as an overnight stay, reservation, payment or other arrangement.
Sending practical information about your reservation, stay or visit.
Processing payments and maintaining our administration.
Improving our website, services and guest experience.
Securing our website, systems, guests and employees.
Handling complaints, incidents or disputes.
Complying with legal obligations.
We only process your personal data when there is a valid legal basis for doing so. Depending on the situation, we process data on the basis of the performance of an agreement, a legal obligation, consent or a legitimate interest.
3. Legal bases for processing
We process personal data on the following legal bases:
For processing room reservations, table reservations, payments and other arrangements, we process data because this is necessary for the performance of an agreement.
For our administration, invoices and tax obligations, we process data because we are legally obliged to do so.
For answering questions via email, telephone or contact form, we process data on the basis of our legitimate interest in properly handling your request, or because this is necessary for entering into or performing an agreement.
For improving and securing our website and services, we process data on the basis of our legitimate interest.
For cookies, tracking, marketing or other processing activities for which consent is required, we request your prior consent where this is legally required.
You can withdraw any consent given at any time. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
4. Room reservations via Direct Book
For room reservations, we use the reservation system of Direct Book. When you reserve a room through our website, your reservation may be processed via Direct Book.
This may include the processing of your name, contact details, reservation date, arrival and departure date, number of guests, room type, payment details and any comments.
Direct Book may also process personal data independently. The privacy policy of Direct Book applies to that processing. We recommend that you also consult Direct Book’s privacy policy when making a reservation through this system.
We only receive from Direct Book the data that is necessary to carry out your reservation, properly prepare your stay, contact you and maintain our administration correctly.
5. Restaurant reservations via TheFork
For table reservations, we use TheFork. When you reserve a table through our website, your reservation may be processed via TheFork.
This may include the processing of your name, contact details, reservation date, reservation time, number of persons and any comments.
TheFork may also process personal data independently. The privacy policy of TheFork applies to that processing. We recommend that you also consult TheFork’s privacy policy when making a reservation through this system.
We only receive from TheFork the data that is necessary to carry out your reservation, properly prepare your visit and contact you if necessary.
6. Contact forms and email
When you fill in a contact form on our website or send us an email, we process the data you provide to us yourself. We use this data solely to handle your question, request, reservation or comment.
We do not retain this data longer than necessary to handle your question or request, unless further retention is necessary due to an agreement, administration, complaint, dispute or legal obligation.
7. Cookies and website use
Our website is built and hosted via Webflow. Webflow may process technical data necessary to ensure that the website functions properly, securely and reliably. This may include IP address, browser data, device data and information about the use of the website.
Our website may use cookies and similar technologies. Cookies are small files placed on your device when you visit our website. We may use cookies for:
Ensuring that the website functions properly.
Securing the website.
Improving the user experience.
Analysing website visits.
Displaying or linking external services, such as reservation widgets, maps, reviews or social media.
For cookies that are not strictly necessary, we request your consent where required. You can adjust your cookie preferences via the cookie settings on our website or through your browser settings.
Because cookie use depends on the scripts, links and settings active on the website, we recommend using a separate cookie policy or cookie banner in addition to this privacy policy. This can specify exactly which cookies and external services are active.
8. Sharing personal data with third parties
We do not share your personal data with third parties unless this is necessary for our services, legally required or you have given your consent. We may share personal data with or have it processed by, among others:
Webflow, for hosting and the technical functioning of our website.
Direct Book, for processing room reservations.
TheFork, for processing table reservations.
Payment service providers, for processing payments.
IT and hosting providers, for the management, security and support of our systems.
Administrative service providers, for our bookkeeping and tax obligations.
Government authorities, when we are legally obliged to provide data.
Where necessary, we make agreements with parties that process personal data on our behalf in order to properly protect your privacy.
We never sell your personal data to third parties.
9. Transfer outside the European Economic Area
Some external service providers may process personal data outside the European Economic Area. When this happens, we ensure that this only takes place if appropriate safeguards are in place, such as an adequacy decision, standard contractual clauses or other legal protection measures.
With external parties such as Webflow, Direct Book, TheFork or other linked services, data may be processed outside the Netherlands or outside the European Economic Area. For more information, please also consult the privacy policies of these external parties.
10. Beveiliging van persoonsgegevens
We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, unwanted disclosure and unlawful alteration.
Our website uses a secure SSL connection. In addition, we restrict access to personal data to persons who need this data for their work.
If you believe that your data is not properly secured or if you have indications of misuse, please contact us via info@winstoneindhoven.nl.
11. Retention periods
We do not retain personal data longer than necessary for the purpose for which we collected it, unless we are legally obliged to retain data for a longer period. In principle, we apply the following retention periods:
Administrative data, invoices and payment details are retained for 7 years, as this is necessary for our tax administration.
Data relating to immovable property is retained for 10 years if this is necessary for tax purposes.
Room reservations and stay details are retained for a maximum of 2 years after the stay, unless this data forms part of our administration or longer retention is necessary due to a complaint, dispute or legal obligation.
Table reservations are retained for a maximum of 1 year after the reservation date, unless longer retention is necessary due to a complaint, dispute or legal obligation.
Data you provide to us via a contact form or email is retained for a maximum of 12 months after your question or request has been handled, unless further retention is necessary due to an agreement, complaint, dispute or legal obligation.
Data relating to complaints, incidents or disputes is retained for as long as necessary to handle them. In principle, we retain this data for a maximum of 2 years after completion, unless longer retention is necessary.
Cookie and analytics data are retained in accordance with the periods stated in our cookie policy or cookie settings.
When data is no longer needed, we delete or anonymise it where possible.
12. Photos, videos and reviews
Atmospheric images, photos, videos or reviews may be used on our website and social media. We do our best to only use visual material for which consent has been given or for which another valid legal basis exists.
Do you object to the use of an image, video or review in which you are recognisable? Please contact us via info@winstoneindhoven.nl. We will carefully assess your request.
Reviews posted via external platforms, such as Google, TheFork, Booking.com or other review websites, are subject to the privacy policy of the relevant platform.
13. Camera footage
Camera surveillance may be present in or around our location for the safety of guests, employees and property. If camera surveillance is used, this is done on the basis of our legitimate interest in ensuring safety and preventing or investigating incidents.
Camera footage is, in principle, not retained longer than necessary. In most cases, we retain camera footage for a maximum of 4 weeks. When footage is needed for handling an incident, complaint, damage, insurance matter or investigation by competent authorities, footage may be retained for longer for as long as necessary.
Camera footage is not shared with third parties unless this is necessary due to an incident, legal obligation, insurance matter or request from competent authorities such as the police or judiciary.
14. Minors
Our website and services are not intended to knowingly collect data from persons under the age of 16, unless they have permission from a parent or guardian.
However, we cannot verify whether a visitor is older than 16. If you suspect that we have collected personal data from a minor without permission, please contact us via info@winstoneindhoven.nl. We will delete this data where necessary.
15. Links to other websites
Our website may contain links to third-party websites, such as booking platforms, reservation systems, review websites, social media or other external services.
We are not responsible for the way these parties handle your personal data. We recommend that you read the privacy policies of these websites before leaving any personal data there.
16. Your privacy rights
Under the AVG, you have various rights regarding your personal data. You have, among other things, the right to:
Access your personal data.
Have your personal data corrected.
Have your personal data deleted.
Have the processing of your data restricted.
Object to the processing of your data.
Withdraw your consent.
Have your data transferred to yourself or another party, where applicable.
Would you like to exercise your rights? Please send a request to info@winstoneindhoven.nl.
To prevent misuse, we may ask you to confirm your identity. In doing so, we ask you to provide only the data necessary to verify your identity.
We will respond as soon as possible, but no later than within the statutory period.
17. Complaints
Do you have a complaint about the way we handle your personal data? Please contact us via info@winstoneindhoven.nl. We will be happy to look for an appropriate solution together.
In addition, you have the right to file a complaint with the Dutch Data Protection Authority.
18. Changes to this privacy policy
We may amend this privacy policy from time to time, for example when our website, services, external systems or legal obligations change.
The most recent version of the privacy policy can always be found on our website. We recommend that you consult this privacy policy regularly.
19. Contact- and company details
Winston Bistro Bar & B&B
Stratumseind 93
5611 ER Eindhoven
The Netherlands
Telephone: +31 6 27 45 48 13
E-mail: info@winstoneindhoven.nl
Website: www.winstoneindhoven.nl
Chamber of Commerce Number: 57488851
Winston Bistro Bar & B&B is responsible for the processing of personal data as described in this privacy policy.
For questions about this privacy policy or requests relating to your personal data, you can contact us via info@winstoneindhoven.nl.
