← Back to home

Privacy Policy

Last updated: 2025-02-20 · Version 1.0.0

1. Introduction

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national law. This policy describes what data we collect, why we use it, and your rights.

2. Data controller

The data controller for the DinerOps service is the entity operating the service (contact details on our website). For data processed on behalf of our customers (e.g. reservation data), we act as processor under a Data Processing Agreement (DPA); the customer is the controller for that data.

3. Data we collect

We collect: account and profile data (name, email, role, restaurant association); reservation and customer data you enter (guest names, contact details, party size, notes); staff and work-hours data; opening hours and floor plan configuration; and technical data such as IP address, browser type, and usage logs where necessary for security and operation.

4. Legal basis and purposes

We process data to perform our contract with you (providing the Service), to comply with legal obligations, and where we have a legitimate interest (e.g. security, fraud prevention, product improvement). Where required by law we will obtain consent. We do not use your data for automated decision-making that significantly affects you.

5. GDPR compliance

We process data in accordance with EU GDPR. This includes: lawful basis for processing; data minimization; security measures; support for your rights (access, rectification, erasure, restriction, portability, objection); and use of subprocessors only under appropriate safeguards. Our Data Processing Agreement (DPA) is available at /dpa.

6. Data retention

We retain account and operational data for as long as your account is active and as needed to provide the Service and comply with law. After account closure we may retain data for a limited period for backups, legal claims, or regulatory requirements, then delete or anonymize it.

7. Subprocessors and transfers

We use subprocessors (e.g. hosting, email, databases) necessary to run the Service. We choose providers that offer adequate safeguards. Where we transfer data outside the EEA we ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses). A list of key subprocessors is in our DPA.

8. Your rights

You have the right to access, rectify, erase, restrict processing, data portability, and to object. You may lodge a complaint with a supervisory authority. To exercise your rights, contact us at support@dinerops.com or use the options in the Service where available.

9. Contact

For privacy-related questions or to contact our data protection contact, email support@dinerops.com or use the address on our website.