Privacy Policy

Last updated: 15th January 2026

Introduction

xenflows S.L. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website xenflows.pro, dine at our restaurant, or interact with our services.

This policy applies to all personal data we process as a data controller in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller Information

The data controller responsible for your personal data is:

xenflows S.L.

Registration Number: B59037284

VAT Number: ESB84261905

Address: Calle San Juan 189, 08070 Barcelona, Catalonia, Spain

Email: privacy@xenflows.pro

Phone: +34 933 873 537

Data We Collect

We collect various types of personal data depending on how you interact with our services. The data we collect includes:

Personal Information

  • Name and contact details (email address, phone number, postal address)
  • Reservation details and dining preferences
  • Special dietary requirements or allergies
  • Payment information (processed securely by our payment providers)

Website Usage Data

  • IP address and browser information
  • Pages visited and time spent on our website
  • Referring website information
  • Device and browser settings

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy.

How We Use Your Information

We use your personal data for various purposes based on legitimate business interests, contractual necessity, or your consent. We use of your data includes:

Service Provision

  • Processing restaurant reservations and managing bookings
  • Providing dining services and accommodating special requests
  • Processing payments and managing billing
  • Communicating about your reservations or enquiries

Business Operations

  • Improving our services and customer experience
  • Website analytics and performance monitoring
  • Fraud prevention and security purposes
  • Compliance with legal obligations

Marketing Communications

With your consent, we may send you information about our restaurant, special offers, and events. You can opt out at any time.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract: Processing necessary to fulfil our services (reservations, dining)
  • Legitimate Interest: Business operations, security, and service improvement
  • Consent: Marketing communications and non-essential cookies
  • Legal Obligation: Compliance with applicable laws and regulations

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Payment processors for secure transaction processing
  • Technology service providers who help us operate our website
  • Legal authorities when required by law or to protect our rights
  • Business partners only with your explicit consent

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

  • Reservation data: 3 years after your last visit for customer service purposes
  • Marketing data: Until you withdraw consent or 5 years of inactivity
  • Website analytics: 26 months maximum
  • Financial records: 7 years as required by Spanish law

Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data in certain circumstances
  • Restriction: Request limitation of processing in specific situations
  • Data Portability: Request transfer of your data to another service provider
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing or cookies at any time

International Data Transfers

We primarily process data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Privacy Contact:

Email: privacy@xenflows.pro

Phone: +34 933 873 537

Address: Calle San Juan 189, 08070 Barcelona, Catalonia, Spain

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos) if you believe your privacy rights have been violated.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Governing Law

This Privacy Policy is governed by Spanish law and the GDPR. Any disputes relating to this policy will be subject to the jurisdiction of Spanish courts.