Privacy Policy

Last updated: January 15, 2025

1. Introduction

Rezable ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant reservation platform.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

  • Account Information: Name, email address, username, password
  • Reservation Details: Date, time, party size, special requests
  • Contact Information: Phone number, address (if provided)
  • Payment Information: Billing address, payment method details (processed securely by third parties)
  • Communication Records: Messages, feedback, support requests

2.2 Automatically Collected Information

We automatically collect certain information when you use our Service:

  • Usage Data: Pages visited, time spent, features used
  • Device Information: IP address, browser type, operating system
  • Location Data: General geographic location (if permitted)
  • Cookies and Tracking: As described in our Cookie Policy

2.3 Information from Third Parties

We may receive information from:

  • Restaurant partners about your reservations
  • Payment processors about transaction status
  • Social media platforms (if you connect your accounts)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

  • Process and manage your reservations
  • Provide customer support
  • Send reservation confirmations and updates
  • Process payments and refunds

3.2 Communication

  • Send important service updates
  • Respond to your inquiries
  • Send marketing communications (with your consent)
  • Notify you about new features or restaurants

3.3 Service Improvement

  • Analyze usage patterns to improve our Service
  • Develop new features and functionality
  • Conduct research and analytics
  • Ensure security and prevent fraud

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our reservation services and fulfill our contractual obligations to you.

Legitimate Interest

Processing for our legitimate business interests, such as service improvement, security, and fraud prevention.

Consent

Processing based on your explicit consent for marketing communications and optional features.

Legal Obligation

Processing required to comply with legal obligations, such as tax reporting or law enforcement requests.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

  • Payment processors (Stripe)
  • Email service providers (SendGrid)
  • Cloud hosting providers
  • Analytics services

5.2 Restaurant Partners

We share reservation details with restaurants to fulfill your bookings:

  • Reservation date and time
  • Party size and special requests
  • Contact information for confirmation

5.3 Legal Requirements

We may disclose information when required by law or to protect our rights and safety.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

Request copies of your personal data and information about how we use it.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Limit how we use your personal data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for marketing purposes.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Subject Line: "GDPR Data Subject Request"

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Account Data: Until account deletion or 3 years of inactivity
  • Reservation Data: 7 years for business records
  • Marketing Data: Until consent is withdrawn
  • Analytics Data: 2 years in anonymized form

9. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules
  • Certification schemes

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer: [email protected]
General Privacy Inquiries: [email protected]
Address: [Your Company Address]
Phone: [Your Phone Number]

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable data protection laws.