Privacy Policy

Last updated: 25 June 2026

Data Controller

The data controller is the operator of the FOXX RestoBar restaurant and cocktail bar, with its registered address at Lidická 29, 150 00 Prague 5 – Smíchov, Czech Republic.

Contact e-mail: info@foxxrestobar.cz, phone: +420 770 338 287.

This policy explains what personal data we process in connection with operating our website and providing our services, for what purpose, on what legal basis, to whom we disclose it, and what rights you have. Processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Czech Act No. 110/2019 Coll., on personal data processing.

What Data We Process

Table reservations: first name, surname, e-mail address, phone number, date and time of the reservation, number of guests, purpose of the visit, and any message or note you choose to send us.

Newsletter: the e-mail address you provide for the purpose of receiving news and marketing communications.

Event inquiries and bookings: first name, surname, e-mail, phone, details of the planned event (date, number of guests, type of event) and the content of your message.

Technical and operational data: data obtained through Google reCAPTCHA v3 to protect our forms, and data collected by Google Analytics (only if you grant consent in the cookie banner), in particular anonymized information about your device, browser and behavior on the website.

Purposes and Legal Basis of Processing

Handling your reservation and communicating with you: the legal basis is the performance of a contract or taking steps prior to entering into a contract at your request (Art. 6(1)(b) GDPR).

Processing inquiries and organizing events: the legal basis is the performance of a contract or pre-contractual negotiations (Art. 6(1)(b) GDPR), or our legitimate interest in handling your inquiry (Art. 6(1)(f) GDPR).

Sending the newsletter and marketing communications: the legal basis is your consent (Art. 6(1)(a) GDPR), which you may withdraw at any time.

Protecting forms against misuse and spam via Google reCAPTCHA: the legal basis is our legitimate interest in securing the website and protecting against automated abuse (Art. 6(1)(f) GDPR).

Traffic analytics (Google Analytics) and the use of cookies beyond those strictly necessary: the legal basis is your consent granted through the cookie banner (Art. 6(1)(a) GDPR).

Compliance with legal obligations (e.g. accounting and tax) and protection of legal claims: the legal basis is compliance with a legal obligation (Art. 6(1)(c) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

Recipients of Data and Transfers to Third Parties

We do not sell your personal data. We disclose it only to the extent necessary to operate the website and provide our services, to the following categories of recipients (processors):

The provider of hosting and server infrastructure on which the website and database run.

The provider of the e-mail (SMTP) service through which we send reservation confirmations, replies to inquiries and the newsletter.

Google (Google Ireland Ltd. / Google LLC) as the provider of Google reCAPTCHA and Google Analytics. In connection with these services, data may be transferred to third countries (in particular the USA); such transfers are safeguarded by Standard Contractual Clauses approved by the European Commission or other appropriate safeguards under the GDPR.

The use of Google reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

Data may also be disclosed to public authorities where required by law.

Data Retention Period

We retain personal data only for as long as necessary to fulfil the given purpose.

Reservation data: for the time needed to handle the reservation and thereafter for a reasonable period for any follow-up communication and protection of legal claims.

Event inquiry data: for the duration of negotiations and the event, or for the period necessary to protect legal claims.

Newsletter: for the duration of your consent, i.e. until you withdraw consent or unsubscribe.

Accounting and tax documents: for the period stipulated by applicable legislation.

Data processed via Google Analytics: for the period set in the tool, or until you withdraw your cookie consent.

After the retention period expires, the data is securely deleted or anonymized.

Cookies

Our website uses cookies. Strictly necessary cookies ensuring basic site functionality are used without consent on the basis of legitimate interest.

Analytical and marketing cookies (in particular Google Analytics) are used only if you grant consent through our cookie banner.

You can change your preferences or withdraw consent at any time in the cookie banner settings on the website or in your browser settings.

Your Rights

In connection with the processing of personal data, you have in particular the following rights:

The right of access to your personal data and to information about its processing.

The right to rectification of inaccurate or incomplete data.

The right to erasure (the "right to be forgotten") under the conditions set out in the GDPR.

The right to restriction of processing.

The right to data portability.

The right to object to processing based on legitimate interest.

The right to withdraw consent at any time, without affecting the lawfulness of processing carried out before its withdrawal.

You may exercise your rights using the contact details above. If you believe that the processing of your data infringes the law, you have the right to lodge a complaint with the supervisory authority, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

Data Security

We have implemented appropriate technical and organizational measures to secure personal data against unauthorized access, loss, destruction or misuse, in particular encrypted data transmission (HTTPS), access permission management, and protection of forms using Google reCAPTCHA.

Our processors are contractually obliged to maintain an adequate level of personal data protection.

Changes to This Policy

We may update this privacy policy from time to time, in particular if legislation or the manner of processing changes. The current version is always available on this page together with the date of the last update.

Notice – Template Text for Review

This document is a template and serves as a starting point. Before publication it must be reviewed and approved by the operator and, where appropriate, a lawyer.

The following in particular must be completed: the exact identification details of the controller (business name / operator's name, company ID (IČO), where applicable VAT ID (DIČ), and the exact registered address per the commercial/trade register), the specific names and addresses of the processors used (hosting provider, SMTP provider), the configured retention period in Google Analytics, and the effective date / date of last update.

The operator is responsible for ensuring that the content of this policy reflects the actual personal data processing and complies with applicable law.