Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information at Lou Cantou Bistro.

1. Introduction

At Lou Cantou Bistro, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our restaurant, use our website, or interact with our services.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you consent to the practices described in this policy.

Important: We never sell your personal data to third parties. Your information is used solely to enhance your dining experience and provide our services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, and postal address
  • Reservation Details: Date, time, party size, special occasions, and seating preferences
  • Payment Information: Credit card details (processed securely through our payment providers)
  • Dietary Preferences: Food allergies, restrictions, or special dietary requirements
  • Communication Records: Correspondence with our staff, feedback, and reviews

2.2 Automated Information Collection

When you visit our website, we may automatically collect:

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent on our site
  • Referring website addresses
  • Cookies and similar tracking technologies (see our Cookie Policy for details)

3. How We Use Your Information

We use your personal information for the following purposes:

Purpose Legal Basis
Processing reservations and managing your dining experience Contractual necessity
Processing payments for services Contractual necessity
Sending marketing communications (with consent) Consent
Improving our services and customer experience Legitimate interest
Complying with legal obligations Legal compliance
Addressing dietary requirements and allergies Vital interests

3.1 Marketing Communications

We will only send you marketing communications if you have explicitly consented to receive them. You can opt out at any time by clicking the unsubscribe link in our emails or contacting us directly.

4. Information Sharing and Disclosure

We respect your privacy and do not share your personal information with third parties except in the following circumstances:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our website, processing payments, or providing reservation services. These providers are contractually obligated to protect your information.
  • Legal Requirements: We may disclose your information if required by law, court order, or governmental authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.
  • Safety and Security: We may share information to protect the rights, property, or safety of Lou Cantou, our customers, or others.

International Transfers: We primarily store and process data within the European Economic Area (EEA). Any transfers outside the EEA will be protected by appropriate safeguards as required by GDPR.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Our general retention periods are:

  • Reservation data: 3 years from your last visit
  • Marketing lists: Until you unsubscribe or request deletion
  • Financial records: 7 years for tax and accounting purposes
  • Website analytics: 26 months from last interaction

After these periods, we will securely delete or anonymize your personal data.

6. Your Rights

Under GDPR, you have several rights regarding your personal data:

  • Right to Access: You can request copies of your personal information that we hold.
  • Right to Rectification: You can request correction of inaccurate or incomplete information.
  • Right to Erasure: You can request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You can request limitation of how we use your data.
  • Right to Data Portability: You can request transfer of your data to another organization.
  • Right to Object: You can object to certain types of processing.
  • Right to Withdraw Consent: You can withdraw previously given consent at any time.

To exercise any of these rights, please contact us using the details provided in Section 10. We will respond to your request within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data during transmission and storage
  • Regular security assessments and vulnerability testing
  • Access controls limiting employee access to personal data
  • Staff training on data protection and privacy
  • Secure payment processing through PCI-DSS compliant providers

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but we continuously work to maintain the highest standards of data protection.

8. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children without parental consent. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers.

Parents or guardians who believe their child has provided us with personal information without their consent should contact us immediately so we can delete such information.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a new effective date.

We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our services after any changes indicates your acceptance of the updated policy.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Email:[email protected]
Phone: 09 88 40 20 95
Address: 35 Cité d'Antin (access via 61 rue de Provence), 75009 Paris, France

You also have the right to lodge a complaint with the French data protection authority, CNIL (Commission Nationale de l'Informatique et des Libertés).

Last updated: September 3, 2025