1. Introduction
popsyseat ("we", "us", "our") is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our restaurant reservation platform and related services.
We are the data controller responsible for your personal data. We are registered in England & Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: Pedro Alejandro Alcaide Medina trading as popsyseat
Registered Address: [Your registered address]
Email: [email protected]
ICO Registration Number: [Your ICO registration number]
2. Information We Collect
We collect different types of personal data depending on how you interact with our services:
2.1 Information You Provide Directly
When you sign up for our service, make enquiries, or use our platform, you may provide:
- Account information: Name, email address, phone number, restaurant name, business address
- Billing information: Payment card details (processed securely via our payment provider)
- Communications: Any correspondence you send us via email, contact forms, or WhatsApp
2.2 Information Collected Automatically
When you use our platform, we automatically collect:
- Technical data: IP address, browser type and version, device type, operating system
- Usage data: Pages visited, time spent on pages, navigation paths, features used
- Log data: Access times, error logs, referring URLs
2.3 Reservation Data (Processed on Your Behalf)
If you are a restaurant using our platform, we process reservation data on your behalf as a data processor. This includes:
- Diner names, email addresses, and phone numbers
- Reservation dates, times, and party sizes
- Special requests, dietary requirements, or notes
- QR code verification data
For this data, your restaurant is the data controller and you must ensure you have appropriate privacy notices for your diners.
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| To provide and maintain our reservation platform services | Contract: Necessary for the performance of our contract with you |
| To process payments and manage your subscription | Contract: Necessary for the performance of our contract with you |
| To send you service-related communications (updates, maintenance notices, security alerts) | Contract: Necessary for the performance of our contract with you |
| To respond to your enquiries and provide customer support | Legitimate Interest: To respond to communications and provide assistance |
| To send you marketing communications about our products and services | Consent: Only with your explicit consent, which you can withdraw at any time |
| To improve our platform, analyse usage patterns, and develop new features | Legitimate Interest: To improve our services and user experience |
| To detect, prevent, and address fraud, security issues, or technical problems | Legitimate Interest: To protect our platform and users |
| To comply with legal obligations (tax records, regulatory requirements) | Legal Obligation: Required by UK law |
4. Who We Share Your Data With
We may share your personal data with the following categories of recipients:
4.1 Service Providers
We use carefully selected third-party service providers who process data on our behalf:
- Cloud hosting: For secure storage and delivery of our platform
- Payment processing: To securely handle payments (they do not store your full card details)
- Email services: To send transactional and marketing emails
- Analytics: To understand how our platform is used
- Customer support tools: To manage and respond to support requests
All our service providers are contractually obligated to protect your data and only process it according to our instructions.
4.2 Legal and Regulatory
We may disclose your data if required by law, court order, or regulatory authority, or to protect our legal rights.
4.3 Business Transfers
If popsyseat is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
We do not sell your personal data to third parties.
5. International Data Transfers
Your personal data is primarily stored and processed within the United Kingdom. However, some of our service providers may process data outside the UK.
When we transfer data internationally, we ensure appropriate safeguards are in place:
- Transfers to countries with UK adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the ICO
- Other legally recognised transfer mechanisms
You can request more information about the safeguards we use by contacting us at [email protected].
6. How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of your subscription plus 2 years after account closure |
| Billing and payment records | 7 years (UK tax requirements) |
| Support correspondence | 3 years from last contact |
| Marketing preferences | Until you withdraw consent or 3 years of inactivity |
| Website analytics | 26 months |
| Reservation data (processed on behalf of restaurants) | As configured by the restaurant, typically 24 months |
After the retention period, we securely delete or anonymise your data.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your data in certain circumstances
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: Where we rely on consent, you can withdraw it at any time
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.
Right to complain: If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We encourage you to contact us first so we can try to resolve any concerns.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure cloud infrastructure with regular security audits
- Access controls and authentication measures
- Regular security testing and monitoring
- Staff training on data protection
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Cookies
Our website uses cookies and similar technologies. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.
10. Children's Privacy
Our services are designed for businesses and are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Posting the updated policy on our website with a new "Last updated" date
- Sending you an email notification for significant changes
We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all enquiries within 5 working days.