Privacy Policy
Protection of your personal data — Compliant with the GDPR (EU 2016/679) and the Belgian Act of 30 July 2018.
Last updated: May 2026 — Version 1.0
1. Preamble
The company BraBelGest SRL (hereinafter "BraBelGest", "we", "our" or "us") operates the establishment Au Repos des Chasseurs, located at the edge of the Sonian Forest in Watermael-Boitsfort. This historic establishment, founded in 1683, comprises a bistronomic brasserie, a boutique hotel and several event venues.
This Privacy Policy (hereinafter the "Policy") aims to inform you, in a clear and transparent manner, about how we collect, use, store and protect your personal data when you visit our website www.aureposdeschasseurs.be (hereinafter the "Site"), book a table, a room or a venue, subscribe to our newsletter, or interact with us in any other way.
This Policy is drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter the "GDPR") as well as the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
By using our Site or our services, you acknowledge having read this Policy. We invite you to read it carefully.
2. Data Controller
The controller of your personal data is:
BraBelGest SRL
Legal form: Private Limited Liability Company under Belgian law
Registered office: 13, avenue Charle-Albert, 1170 Brussels (Watermael-Boitsfort), Belgium
Company number (CBE): 1009.652.610
Represented by: Mr Olivier Braibant, Managing Director
Email: privacy@aureposdeschasseurs.be
Website: www.aureposdeschasseurs.be
3. Data Protection Contact
Given the nature, scope and purposes of our processing activities, BraBelGest SRL is not legally required to designate a Data Protection Officer (DPO) within the meaning of Article 37 of the GDPR.
Nevertheless, in a spirit of transparency and accessibility, BraBelGest SRL has designated a single point of contact for all matters relating to the protection of your personal data and the exercise of your rights:
Mr Olivier Braibant, Managing Director of BraBelGest SRL
Email: privacy@aureposdeschasseurs.be
Postal address: BraBelGest SRL, 13 avenue Charle-Albert, 1170 Brussels, Belgium
You may contact us in the language of your choice (French, Dutch or English).
4. Categories of Data Collected
Depending on your interaction with us, we may collect the following categories of data:
4.1. Identification and Contact Data
- First and last name
- Postal address (hotel and event bookings)
- Email address
- Phone number
- Date of birth (hotel bookings)
- Identity card or passport number (only for hotel bookings, in accordance with the Royal Decree of 27 April 2007)
- Nationality (hotel bookings)
4.2. Booking and Service Data
- Date, time and number of guests (restaurant — via ZenChef)
- Arrival and departure dates (hotel — via Lighthouse)
- Room type, stay preferences
- Type of event, number of guests, requested date, type of services (events and banquets — via the quote request form on the Site, managed in Odoo)
- Indicative budget and specific expressed requirements
- Food allergies and dietary restrictions
- Special requests and comments
- Booking history and preferences
4.3. Payment Data
Banking data (card number, expiry date, security code) is never stored by us. It is collected and processed directly by our PCI-DSS certified payment service providers. We retain only the transaction information (amount, date, reference) for accounting and evidence purposes.
4.4. Technical and Browsing Data
- IP address
- Browser type and version
- Operating system
- Pages visited and duration of visit
- Traffic source (referring site, advertising campaign)
- Cookie identifiers and similar technologies
4.5. Marketing Communication Data
- Email address for the newsletter
- Communication preferences (language, frequency)
- History of interaction with our communications (opens, clicks)
5. Purposes and Legal Bases of Processing
We process your data for the following purposes, each based on a legal ground compliant with Article 6 of the GDPR:
| Purpose | Legal Basis (GDPR Art. 6) | Retention Period |
|---|---|---|
| Restaurant booking management (via ZenChef) | Performance of contract (Art. 6.1.b) | 3 years after last visit |
| Hotel booking and stay management (PMS Lighthouse) | Performance of contract (Art. 6.1.b) and legal obligation (Art. 6.1.c) | Traveller data: 7 years (legal obligation) Other: 3 years |
| Processing of quote requests for events and banquets (Odoo form) | Pre-contractual measures (Art. 6.1.b) then performance of contract | 3 years after last contact or after the event |
| Organisation of private and corporate events | Performance of contract (Art. 6.1.b) | 3 years after the event |
| Invoicing and accounting obligations | Legal obligation (Art. 6.1.c) | 7 years (Belgian VAT and accounting law) |
| Sending newsletters and marketing communications | Consent (Art. 6.1.a) | Until withdrawal of consent, or 3 years of inactivity |
| Responses to enquiries via contact forms | Legitimate interest (Art. 6.1.f) or pre-contractual measures (Art. 6.1.b) | 3 years after last contact |
| Audience measurement and Site improvement | Consent (Art. 6.1.a) for non-essential cookies | Maximum 13 months |
| Site security and fraud prevention | Legitimate interest (Art. 6.1.f) | Maximum 12 months |
| Customer reviews and e-reputation management | Legitimate interest (Art. 6.1.f) | 3 years after publication |
| Responses to legal obligations or judicial requests | Legal obligation (Art. 6.1.c) | Applicable legal period |
6. Recipients of Your Data
Your data is processed internally by authorised personnel of BraBelGest SRL (management, reception team, events team, accounting service). It may also be communicated to the following categories of recipients, strictly to the extent necessary for the performance of their duties:
6.1. Technical Sub-processors
- Odoo S.A. (Belgium) — hosting of the Site, integrated management platform (ERP, CRM, eCommerce) and processing of quote requests for events and banquets submitted via the forms on our Site
- ZenChef (France) — online booking platform for the restaurant, integrated on our Site as a widget and connected to Google Reserve to enable direct booking from Google search results and Google Maps
- Lighthouse (international platform, data hosted within the EEA) — main hotel management system (PMS) for the entire booking cycle, from check-in to check-out, as well as for multi-channel distribution and revenue management
- Mailgun (Sinch) — service for sending transactional emails and newsletters
- Google Ireland Ltd. — Google Analytics 4, Google Ads, Google My Business, Google Reserve
- Meta Platforms Ireland Ltd. — Facebook and Instagram (professional pages only, without advertising tracking pixel)
- Make.com (Celonis) — automation platform
- PCI-DSS certified payment service providers
- Hotel distribution partners (OTAs such as Booking.com, Expedia, etc., from the opening of the hotel)
6.2. Institutional Partners and Authorities
- Our chartered accountant and auditor, bound by professional secrecy
- The Belgian tax and social security administrations
- Police or judicial authorities, upon legal request
- Our legal counsel, in case of litigation
All our sub-processors are bound by a contract compliant with Article 28 of the GDPR.
7. Transfers of Data Outside the European Economic Area (EEA)
Some of our sub-processors (notably Google and Lighthouse, as well as Meta for the management of our Facebook and Instagram pages) may process data from countries outside the EEA, in particular the United States. These transfers are governed by one of the mechanisms provided for in Chapter V of the GDPR:
- An adequacy decision of the European Commission (e.g. the Data Privacy Framework EU-US for certified companies)
- Standard Contractual Clauses (SCC) adopted by the European Commission
- Additional appropriate safeguards (technical and organisational measures)
You may obtain a copy of the safeguards implemented by contacting us at privacy@aureposdeschasseurs.be.
8. Cookie Policy
Our Site uses cookies and similar technologies (pixels, tags, local storage). A cookie is a small text file placed on your device when visiting a website.
8.1. Categories of Cookies Used
- Strictly necessary cookies: essential for the operation of the Site (session management, basket, security). These cookies do not require your consent.
- Audience measurement cookies: enable us to understand how visitors interact with our Site (Google Analytics 4). Placed only with your consent.
- Marketing and personalisation cookies: used to display relevant advertisements (Google Ads). Placed only with your consent.
- Social media cookies: enable content sharing to Facebook, Instagram and other platforms when you click on the share buttons. Placed only with your consent.
8.2. Managing Your Consent
On your first visit, a consent banner allows you to accept, refuse or customise the placement of non-essential cookies. You may modify your preferences at any time by clicking on the "Cookie management" link at the bottom of each page of the Site.
You may also configure your browser to block or delete cookies. However, blocking essential cookies may affect the operation of the Site.
9. Your Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- Right of access (Art. 15): obtain confirmation as to whether or not your data is being processed and, where applicable, obtain a copy of it.
- Right to rectification (Art. 16): have inaccurate data corrected or incomplete data completed.
- Right to erasure ("right to be forgotten") (Art. 17): have your data erased in cases provided for by law.
- Right to restriction of processing (Art. 18).
- Right to portability (Art. 20): receive your data in a structured, machine-readable format.
- Right to object (Art. 21), in particular to direct marketing.
- Right to withdraw your consent (Art. 7.3) at any time.
- Right to define post-mortem directives.
- Right not to be subject to automated individual decision-making (Art. 22).
9.1. How to Exercise Your Rights
To exercise any of these rights, please send us a written request, accompanied by a copy of an identity document (to verify your identity):
- By email: privacy@aureposdeschasseurs.be
- By post: BraBelGest SRL — For the attention of the Data Protection Manager — 13, avenue Charle-Albert, 1170 Brussels, Belgium
We undertake to respond within one month of receipt of your request. This period may be extended by two months given the complexity or number of requests.
9.2. Right to Lodge a Complaint
If, after contacting us, you consider that your rights are not being respected, you have the right to lodge a complaint with the competent supervisory authority:
Belgian Data Protection Authority (DPA)
Rue de la Presse 35 — 1000 Brussels
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be
10. Security of Your Data
BraBelGest SRL implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR:
- Encryption of communications via HTTPS/TLS protocol on the entire Site
- Hosting on infrastructures compliant with European security standards (Odoo)
- Access management through strong authentication and least privilege principle
- Regular data backups and recovery procedures
- Training and awareness of staff on data protection
- Signing of confidentiality agreements with our sub-processors
- Maintenance of a register of processing activities (Article 30 GDPR)
In the event of a data breach likely to result in a high risk to your rights and freedoms, we undertake to inform you as soon as possible and to notify the incident to the Data Protection Authority within 72 hours, in accordance with Articles 33 and 34 of the GDPR.
11. Protection of Minors
Our Site is not specifically intended for minors under 13 years of age. We do not knowingly collect data from children without verifiable parental consent.
If you are a parent or guardian and notice that your child has provided us with data without your consent, we invite you to contact us at privacy@aureposdeschasseurs.be.
12. Changes to This Policy
This Policy may be amended to take account of legal, regulatory, jurisprudential or technical changes, or the evolution of our services. The date of the last update is indicated at the top of the document. In case of substantial modification, we will inform you by any appropriate means.
13. Applicable Law and Jurisdiction
This Policy is governed by Belgian law. Any dispute relating to its interpretation or execution shall fall under the exclusive jurisdiction of the courts of the judicial district of Brussels, without prejudice to your right to refer the matter to the Data Protection Authority or to bring legal proceedings in accordance with the GDPR.
14. Contact
For any question concerning this Policy or the processing of your personal data:
BraBelGest SRL — Au Repos des Chasseurs
13, avenue Charle-Albert
1170 Brussels (Watermael-Boitsfort)
Belgium
Email: privacy@aureposdeschasseurs.be
Website: www.aureposdeschasseurs.be
Privacy Policy — BraBelGest SRL — CBE 1009.652.610
Privacy Policy
Protection of your personal data — Compliant with the GDPR (EU 2016/679) and the Belgian Act of 30 July 2018.
Last updated: May 2026 — Version 1.0
1. Preamble
The company BraBelGest SRL (hereinafter "BraBelGest", "we", "our" or "us") operates the establishment Au Repos des Chasseurs, located at the edge of the Sonian Forest in Watermael-Boitsfort. This historic establishment, founded in 1683, comprises a bistronomic brasserie, a boutique hotel and several event venues.
This Privacy Policy (hereinafter the "Policy") aims to inform you, in a clear and transparent manner, about how we collect, use, store and protect your personal data when you visit our website www.aureposdeschasseurs.be (hereinafter the "Site"), book a table, a room or a venue, subscribe to our newsletter, or interact with us in any other way.
This Policy is drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter the "GDPR") as well as the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
By using our Site or our services, you acknowledge having read this Policy. We invite you to read it carefully.
2. Data Controller
The controller of your personal data is:
BraBelGest SRL
Legal form: Private Limited Liability Company under Belgian law
Registered office: 13, avenue Charle-Albert, 1170 Brussels (Watermael-Boitsfort), Belgium
Company number (CBE): 1009.652.610
Represented by: Mr Olivier Braibant, Managing Director
Email: privacy@aureposdeschasseurs.be
Website: www.aureposdeschasseurs.be
3. Data Protection Contact
Given the nature, scope and purposes of our processing activities, BraBelGest SRL is not legally required to designate a Data Protection Officer (DPO) within the meaning of Article 37 of the GDPR.
Nevertheless, in a spirit of transparency and accessibility, BraBelGest SRL has designated a single point of contact for all matters relating to the protection of your personal data and the exercise of your rights:
Mr Olivier Braibant, Managing Director of BraBelGest SRL
Email: privacy@aureposdeschasseurs.be
Postal address: BraBelGest SRL, 13 avenue Charle-Albert, 1170 Brussels, Belgium
You may contact us in the language of your choice (French, Dutch or English).
4. Categories of Data Collected
Depending on your interaction with us, we may collect the following categories of data:
4.1. Identification and Contact Data
- First and last name
- Postal address (hotel and event bookings)
- Email address
- Phone number
- Date of birth (hotel bookings)
- Identity card or passport number (only for hotel bookings, in accordance with the Royal Decree of 27 April 2007)
- Nationality (hotel bookings)
4.2. Booking and Service Data
- Date, time and number of guests (restaurant — via ZenChef)
- Arrival and departure dates (hotel — via Lighthouse)
- Room type, stay preferences
- Type of event, number of guests, requested date, type of services (events and banquets — via the quote request form on the Site, managed in Odoo)
- Indicative budget and specific expressed requirements
- Food allergies and dietary restrictions
- Special requests and comments
- Booking history and preferences
4.3. Payment Data
Banking data (card number, expiry date, security code) is never stored by us. It is collected and processed directly by our PCI-DSS certified payment service providers. We retain only the transaction information (amount, date, reference) for accounting and evidence purposes.
4.4. Technical and Browsing Data
- IP address
- Browser type and version
- Operating system
- Pages visited and duration of visit
- Traffic source (referring site, advertising campaign)
- Cookie identifiers and similar technologies
4.5. Marketing Communication Data
- Email address for the newsletter
- Communication preferences (language, frequency)
- History of interaction with our communications (opens, clicks)
5. Purposes and Legal Bases of Processing
We process your data for the following purposes, each based on a legal ground compliant with Article 6 of the GDPR:
| Purpose | Legal Basis (GDPR Art. 6) | Retention Period |
|---|---|---|
| Restaurant booking management (via ZenChef) | Performance of contract (Art. 6.1.b) | 3 years after last visit |
| Hotel booking and stay management (PMS Lighthouse) | Performance of contract (Art. 6.1.b) and legal obligation (Art. 6.1.c) | Traveller data: 7 years (legal obligation) Other: 3 years |
| Processing of quote requests for events and banquets (Odoo form) | Pre-contractual measures (Art. 6.1.b) then performance of contract | 3 years after last contact or after the event |
| Organisation of private and corporate events | Performance of contract (Art. 6.1.b) | 3 years after the event |
| Invoicing and accounting obligations | Legal obligation (Art. 6.1.c) | 7 years (Belgian VAT and accounting law) |
| Sending newsletters and marketing communications | Consent (Art. 6.1.a) | Until withdrawal of consent, or 3 years of inactivity |
| Responses to enquiries via contact forms | Legitimate interest (Art. 6.1.f) or pre-contractual measures (Art. 6.1.b) | 3 years after last contact |
| Audience measurement and Site improvement | Consent (Art. 6.1.a) for non-essential cookies | Maximum 13 months |
| Site security and fraud prevention | Legitimate interest (Art. 6.1.f) | Maximum 12 months |
| Customer reviews and e-reputation management | Legitimate interest (Art. 6.1.f) | 3 years after publication |
| Responses to legal obligations or judicial requests | Legal obligation (Art. 6.1.c) | Applicable legal period |
6. Recipients of Your Data
Your data is processed internally by authorised personnel of BraBelGest SRL (management, reception team, events team, accounting service). It may also be communicated to the following categories of recipients, strictly to the extent necessary for the performance of their duties:
6.1. Technical Sub-processors
- Odoo S.A. (Belgium) — hosting of the Site, integrated management platform (ERP, CRM, eCommerce) and processing of quote requests for events and banquets submitted via the forms on our Site
- ZenChef (France) — online booking platform for the restaurant, integrated on our Site as a widget and connected to Google Reserve to enable direct booking from Google search results and Google Maps
- Lighthouse (international platform, data hosted within the EEA) — main hotel management system (PMS) for the entire booking cycle, from check-in to check-out, as well as for multi-channel distribution and revenue management
- Mailgun (Sinch) — service for sending transactional emails and newsletters
- Google Ireland Ltd. — Google Analytics 4, Google Ads, Google My Business, Google Reserve
- Meta Platforms Ireland Ltd. — Facebook and Instagram (professional pages only, without advertising tracking pixel)
- Make.com (Celonis) — automation platform
- PCI-DSS certified payment service providers
- Hotel distribution partners (OTAs such as Booking.com, Expedia, etc., from the opening of the hotel)
6.2. Institutional Partners and Authorities
- Our chartered accountant and auditor, bound by professional secrecy
- The Belgian tax and social security administrations
- Police or judicial authorities, upon legal request
- Our legal counsel, in case of litigation
All our sub-processors are bound by a contract compliant with Article 28 of the GDPR.
7. Transfers of Data Outside the European Economic Area (EEA)
Some of our sub-processors (notably Google and Lighthouse, as well as Meta for the management of our Facebook and Instagram pages) may process data from countries outside the EEA, in particular the United States. These transfers are governed by one of the mechanisms provided for in Chapter V of the GDPR:
- An adequacy decision of the European Commission (e.g. the Data Privacy Framework EU-US for certified companies)
- Standard Contractual Clauses (SCC) adopted by the European Commission
- Additional appropriate safeguards (technical and organisational measures)
You may obtain a copy of the safeguards implemented by contacting us at privacy@aureposdeschasseurs.be.
8. Cookie Policy
Our Site uses cookies and similar technologies (pixels, tags, local storage). A cookie is a small text file placed on your device when visiting a website.
8.1. Categories of Cookies Used
- Strictly necessary cookies: essential for the operation of the Site (session management, basket, security). These cookies do not require your consent.
- Audience measurement cookies: enable us to understand how visitors interact with our Site (Google Analytics 4). Placed only with your consent.
- Marketing and personalisation cookies: used to display relevant advertisements (Google Ads). Placed only with your consent.
- Social media cookies: enable content sharing to Facebook, Instagram and other platforms when you click on the share buttons. Placed only with your consent.
8.2. Managing Your Consent
On your first visit, a consent banner allows you to accept, refuse or customise the placement of non-essential cookies. You may modify your preferences at any time by clicking on the "Cookie management" link at the bottom of each page of the Site.
You may also configure your browser to block or delete cookies. However, blocking essential cookies may affect the operation of the Site.
9. Your Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- Right of access (Art. 15): obtain confirmation as to whether or not your data is being processed and, where applicable, obtain a copy of it.
- Right to rectification (Art. 16): have inaccurate data corrected or incomplete data completed.
- Right to erasure ("right to be forgotten") (Art. 17): have your data erased in cases provided for by law.
- Right to restriction of processing (Art. 18).
- Right to portability (Art. 20): receive your data in a structured, machine-readable format.
- Right to object (Art. 21), in particular to direct marketing.
- Right to withdraw your consent (Art. 7.3) at any time.
- Right to define post-mortem directives.
- Right not to be subject to automated individual decision-making (Art. 22).
9.1. How to Exercise Your Rights
To exercise any of these rights, please send us a written request, accompanied by a copy of an identity document (to verify your identity):
- By email: privacy@aureposdeschasseurs.be
- By post: BraBelGest SRL — For the attention of the Data Protection Manager — 13, avenue Charle-Albert, 1170 Brussels, Belgium
We undertake to respond within one month of receipt of your request. This period may be extended by two months given the complexity or number of requests.
9.2. Right to Lodge a Complaint
If, after contacting us, you consider that your rights are not being respected, you have the right to lodge a complaint with the competent supervisory authority:
Belgian Data Protection Authority (DPA)
Rue de la Presse 35 — 1000 Brussels
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be
10. Security of Your Data
BraBelGest SRL implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR:
- Encryption of communications via HTTPS/TLS protocol on the entire Site
- Hosting on infrastructures compliant with European security standards (Odoo)
- Access management through strong authentication and least privilege principle
- Regular data backups and recovery procedures
- Training and awareness of staff on data protection
- Signing of confidentiality agreements with our sub-processors
- Maintenance of a register of processing activities (Article 30 GDPR)
In the event of a data breach likely to result in a high risk to your rights and freedoms, we undertake to inform you as soon as possible and to notify the incident to the Data Protection Authority within 72 hours, in accordance with Articles 33 and 34 of the GDPR.
11. Protection of Minors
Our Site is not specifically intended for minors under 13 years of age. We do not knowingly collect data from children without verifiable parental consent.
If you are a parent or guardian and notice that your child has provided us with data without your consent, we invite you to contact us at privacy@aureposdeschasseurs.be.
12. Changes to This Policy
This Policy may be amended to take account of legal, regulatory, jurisprudential or technical changes, or the evolution of our services. The date of the last update is indicated at the top of the document. In case of substantial modification, we will inform you by any appropriate means.
13. Applicable Law and Jurisdiction
This Policy is governed by Belgian law. Any dispute relating to its interpretation or execution shall fall under the exclusive jurisdiction of the courts of the judicial district of Brussels, without prejudice to your right to refer the matter to the Data Protection Authority or to bring legal proceedings in accordance with the GDPR.
14. Contact
For any question concerning this Policy or the processing of your personal data:
BraBelGest SRL — Au Repos des Chasseurs
13, avenue Charle-Albert
1170 Brussels (Watermael-Boitsfort)
Belgium
Email: privacy@aureposdeschasseurs.be
Website: www.aureposdeschasseurs.be
Privacy Policy — BraBelGest SRL — CBE 1009.652.610