Privacy Policy
Committed to protecting your data and your privacy.
Last updated: 26 April 2026 · Version 2.2
1. Who we are
This Privacy Policy explains how Hani Café handles your personal data when you use our website, the loyalty programme, the gift card service, and the reservation booking.
Data controller: Hani Café (operated in Portugal)
Supervisory authority: Comissão Nacional de Proteção de Dados (CNPD), Lisbon, Portugal — https://www.cnpd.pt. You can lodge a complaint with the CNPD at any time.
2. What this Policy covers
This Policy applies to the following services:
- Public website browsing
- The Hani Rewards loyalty programme
- Gift card purchase and redemption
- Reservation booking (online form and rewards dashboard)
- Customer service correspondence (email, WhatsApp, in-store)
It does not cover third-party services even when linked from our website (delivery platforms, social media, payment processor pages). Read those providers' own privacy policies.
3. What we collect, why, and on what legal basis
We collect only the data we need for the specific service you use. The table below summarises each flow under Article 13 GDPR.
3.1 Loyalty programme
| Field | Why we need it | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Full name | Personalises the rewards experience and is used at the till | Contract (Art. 6(1)(b)) |
| Mobile phone number | Functions as your loyalty card at the till; receives verification codes | Contract |
| Email address | Receives verification codes if WhatsApp is unavailable; record of enrolment | Contract |
| Verification code (one-time, hashed) | Confirms ownership of the phone or email | Contract |
| Stamp balance and reward history | Tracks programme participation | Contract |
| Marketing consent timestamp + IP | Proof of consent under Art. 7 GDPR | Legal obligation |
| Marketing email address | Sending promotional communications | Consent (Art. 6(1)(a)) — separately given, opt-in |
We share the loyalty fields above with Syrve (see § 6) so the cashier can recognise you at the till.
3.2 Gift cards
When you purchase a gift card we collect: - Your name, email, optional phone number — for the receipt and to contact you about the order - The recipient's name, phone number, and (optional) email — to deliver the card - A personal message you may write — included in the recipient's email - Payment is processed by Stripe (see § 6); we do not receive or store your full card number
When you receive a gift card we hold the data above plus the issued card number, denomination and balance. The card is bound to the recipient's loyalty account if one exists.
| Legal basis | Applies to |
|---|---|
| Contract (Art. 6(1)(b)) | Issuing, delivering and servicing the card |
| Legal obligation (Art. 6(1)(c)) | Tax records, anti-fraud — see retention §7 |
| Legitimate interest (Art. 6(1)(f)) | Preventing fraud, securing the platform |
3.3 Reservations
| Field | Why | Basis |
|---|---|---|
| Name | Recognising the booking at the door | Contract |
| Phone | Reminders, confirmation, and contact in case of changes | Contract |
| Same as above | Contract | |
| Date, time, party size | Operating the reservation | Contract |
| Visit history (no-shows, total visits, total spend) | Service quality and capacity planning | Legitimate interest |
3.4 Operational and security data
When you use our website we automatically collect: - IP address, user-agent, request paths (server access logs) - Session cookies (login state, language preference) - Anti-abuse signals (rate-limit counters, OTP delivery attempts)
Legal basis: legitimate interest in keeping the service secure and reliable (Art. 6(1)(f)). Logs are retained for 90 days.
4. How we protect your data
- Encryption at rest. Personal data fields (name, email, phone, gift card recipient details, personal messages) are encrypted in our database using a per-tenant encryption key with envelope encryption against a master key held only on our server.
- Search hashes. To allow us to look up a guest by phone or email without decrypting every record, we also store a SHA-256 hash of those fields as a blind index. The hash cannot be reversed to reveal the original value.
- Transport security. Connections to our website use HTTPS.
- Access control. Only authorised staff can view decrypted personal data, and only for the legitimate operational purpose for which it was collected.
- Sub-processor controls. Sensitive credentials passed to sub-processors are stored encrypted and rotated when staff leave or systems change.
No system is perfectly secure. If we ever experience a personal data breach we will notify the supervisory authority within 72 hours where required, and notify affected users where the breach poses a high risk to their rights.
5. Cookies and similar technologies
We use a small number of first-party cookies: - Session cookie — keeps you signed in to the rewards dashboard. Expires when you log out. - Language cookie — remembers your interface language. Lasts up to 12 months. - CSRF token — protects forms from cross-site request forgery. Session-only.
We also load third-party services from Google that set their own cookies on your device: - Google reCAPTCHA on public forms, to detect automated abuse. - Google Maps when our Visit page renders our location. - Google Tag Manager / Google Analytics 4 to measure how the website is used. We have configured Analytics to anonymise IP addresses and we do not enable advertising or remarketing features.
You can review or revoke cookies at any time through your browser settings. Disabling these cookies may prevent the related feature from working (for example, the booking form will not submit without reCAPTCHA).
We do not use Meta Pixel, advertising retargeting cookies, or any third-party tracker beyond the Google services listed above.
6. Sub-processors and third parties
We share personal data with the following sub-processors. Each receives only the data needed for their service.
| Provider | Service | Data shared | Privacy policy |
|---|---|---|---|
| Syrve (POS / loyalty platform) | Point-of-sale, loyalty wallet, customer profile, gift card certificate registry | Loyalty: name, phone, email, Syrve customer ID, stamp balance. Gift cards: card number, balance, recipient binding (if recipient is enrolled). | https://syrve.com/legal/ |
| Stripe (payment processor) | Card payments for gift card purchases | Purchaser email, transaction amount, payment metadata. We do not transmit recipient details or message text to Stripe. | https://stripe.com/privacy |
| Cloudflare R2 / S3-compatible storage | Storage of brand assets, gift card images, scanned documents | No customer PII unless attached to an invoice or scanned document. | |
| Email delivery (a self-hosted SMTP server) | Sending verification codes, gift cards, reservation confirmations, marketing emails | Recipient email, subject, message body. | |
| Evolution API (WhatsApp messaging) | Sending verification codes, reservation reminders, gift card delivery if WhatsApp is preferred | Recipient phone number, message content. | |
| Google reCAPTCHA (anti-spam) | Bot-protection on public forms (booking, contact, gift card purchase, loyalty signup) | IP address, browser metadata, mouse movements and a Google cookie collected automatically when the form page loads. We receive only a pass/fail score, not the raw signals. | https://policies.google.com/privacy |
| Google Maps (location embed) | Showing our location on the Visit page | IP address and a Google cookie set when the embed loads. We do not pass any account or contact data to Google through the embed. | https://policies.google.com/privacy |
| Google Tag Manager / Google Analytics 4 (website analytics) | Counting visits, understanding which pages are popular, measuring how customers reach us | IP address (anonymised), pages viewed, device type, language, referrer. No name, email or phone. We do not use Analytics for advertising or remarketing. | https://policies.google.com/privacy |
We do not sell your personal data, and we do not share it with advertising networks.
Government and law enforcement
We will only disclose personal data to public authorities when required by valid legal process or where necessary to protect rights, property, or safety. Where we lawfully can, we will notify affected users.
7. How long we keep your data
| Data | Retention |
|---|---|
| Active loyalty membership | Kept while you are an active member. |
| Closed loyalty account | 24 months |
| Gift card transaction record | 10 years |
| Reservation history | 24 months |
| Marketing consent log | While the consent is active plus 3 years |
| Server access logs | 90 days |
| OTP delivery audit log | 90 days |
| Customer service correspondence | 24 months |
After the retention period the data is erased or, where complete deletion is not possible (for example because of a tax obligation), pseudonymised so it can no longer identify you.
8. Your rights under GDPR
You have the right to:
- Access — ask for a copy of the personal data we hold about you.
- Rectification — correct data that is inaccurate or incomplete.
- Erasure ("right to be forgotten") — ask us to delete your data when there is no legitimate reason to keep it.
- Restriction — ask us to pause processing while a question is resolved.
- Portability — receive a structured, machine-readable copy of data you provided to us.
- Object — object to processing based on legitimate interest, including for marketing (we will stop on request).
- Withdraw consent — withdraw any consent you previously gave (e.g. marketing) at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Lodge a complaint with the CNPD (above).
To exercise any of these rights, email us at . We will respond within one (1) month as required by Article 12 GDPR. We may ask for proof of identity to prevent disclosure of personal data to the wrong person.
There is no charge for exercising these rights, except where requests are manifestly unfounded or excessive (Article 12(5) GDPR), in which case we may charge a reasonable fee or refuse the request.
9. International data transfers
Some of our sub-processors operate facilities outside the European Economic Area, including Google (United States, certified under the EU–US Data Privacy Framework) and Stripe (dual-located US/EEA). Where personal data is transferred outside the EEA we rely on the Standard Contractual Clauses adopted by the European Commission in Decision 2021/914 as the safeguard required by Article 46 GDPR, in addition to any adequacy decision that may apply at the time of transfer. You can request a summary of the safeguards in place by contacting us at the address in section 13.
10. Children
These services are not intended for children under 18. We do not knowingly collect personal data from minors below this age. If you believe we have, please contact us and we will erase the data.
11. Automated decision-making and profiling
We do not make decisions that produce legal effects or similarly significantly affect you based solely on automated processing.
We use automated systems for: - rate-limiting sign-up attempts (anti-abuse) - routing OTP codes to the channel you selected - matching gift cards to loyalty accounts via a hashed email index
None of these makes a decision about you in the sense of Article 22 GDPR.
12. Changes to this Policy
We may update this Policy from time to time. When we make a material change we will:
- update the version number and effective date on this page,
- show a re-consent prompt to existing loyalty members the next time they log in to the rewards dashboard, and
- require new loyalty enrolments and gift card purchases to accept the latest version before signing up.
If you do not agree to the updated Policy, please stop using the services and contact us to close your account.
13. Contact and complaints
For privacy questions, to exercise any of the rights in section 8, or to report a concern:
If you are not satisfied with our response you can lodge a complaint with the CNPD: https://www.cnpd.pt
Annex A — Records of consent we keep
For each loyalty member we record: - the version of these Terms / Privacy Policy accepted at signup, with timestamp and IP address; - the marketing-email opt-in status, with timestamp and IP address if granted; - subsequent re-acceptances when a new version is published.
These records exist solely to demonstrate that consent was freely given, specific, informed and unambiguous (Article 7 GDPR). We retain them for the duration of the consent plus 3 years.