Privacy Policy

Last updated: 15 January 2026

Data Controller Information

prismhaven SARL is the data controller for the personal data we collect. Our company is registered in Luxembourg with registration number RCSB753196. You can contact us regarding any privacy matters at our registered address: Boulevard de la Pétrusse 92, 4778 Differdange, Luxembourg, or by email at privacy@prismhaven.world.

Data Collection

The data we collect includes information you provide directly to us and information automatically collected when you visit our website. We collect personal data through various means including contact forms, email communications, phone calls, and website analytics.

Information You Provide

• Contact information: name, email address, phone number, company name
• Business information: restaurant details, menu information, cost data
• Communication records: messages, consultation notes, service requests
• Payment information: billing details for our services

Automatically Collected Information

• Website usage data: pages visited, time spent, click patterns
• Technical information: IP address, browser type, device information
• Cookies and tracking technologies as detailed in our cookie policy

How We Use Your Information

We use your data to provide our restaurant menu pricing consultancy services and improve your experience with prismhaven. The use of your data is always based on a lawful basis under GDPR, including legitimate interests, contract performance, or your consent.

Service Provision

• Delivering menu pricing analysis and consultancy services
• Communicating about your projects and providing support
• Processing payments and managing billing
• Maintaining client records and project documentation

Business Operations

• Website functionality and security
• Analytics to improve our services and website performance
• Marketing communications (with your consent)
• Legal compliance and regulatory requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about the cookies we use, please refer to our cookie policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information only in the following circumstances:

• With service providers who assist us in delivering our services (under strict confidentiality agreements)
• When required by law or to protect our legal rights
• In connection with a business transfer or merger (with appropriate safeguards)
• With your explicit consent for specific purposes

International Data Transfers

As a Luxembourg-based company, your data is primarily processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy. Client project data is typically retained for 7 years for business and legal purposes. Website analytics data is retained for 26 months. Marketing data is retained until you withdraw consent. You can request deletion of your data at any time, subject to legal obligations.

Your Rights

Under GDPR and Luxembourg data protection law, you have several rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (right to be forgotten)
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: For processing based on consent

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection principles.

Contact Information

If you have any questions about this privacy policy or wish to exercise your rights, please contact us:

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD) or your local data protection authority.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this policy periodically.