Privacy Policy

Version 2.0
Effective date: February 2026

1. Data Controller

Mebloexpert Robert Żołdak
ul. Andersa 4
59-900 Zgorzelec
Poland
VAT ID: PL6151029625
Email: support@restrosuite.app

2. Scope

This Policy applies to:

  • business users,
  • representatives,
  • website visitors.

For restaurant end customers, RestroSuite acts as a Processor under a separate DPA.

3. Data Collected

Registration and identification data

  • Name
  • Company name
  • VAT ID
  • Business address
  • Email address
  • Phone number

Billing data

  • Invoice data
  • Transaction ID
  • Payment status
  • Subscription status

Technical data

  • IP address
  • Server logs
  • Device and browser information
  • Session IDs

Communication data

  • Support request content
  • Email communication

4. Legal Bases

Purpose Legal Basis
Providing SaaS services Art. 6(1)(b) GDPR – contract performance
Billing and accounting Art. 6(1)(c) GDPR – legal obligation
IT security and system protection Art. 6(1)(f) GDPR – legitimate interest
Support and communication Art. 6(1)(f) GDPR – legitimate interest
Enforcement or defense of claims Art. 6(1)(f) GDPR – legitimate interest
Marketing (if consent given) Art. 6(1)(a) GDPR – consent

5. Retention

Personal data is stored:

  • During the contract term
  • Up to 31 days after termination (account data)
  • As required by law (e.g., 5 years for accounting data)
  • Until statutory limitation periods expire

After these periods, data is deleted or anonymized.

6. Data Sharing

Data may be shared with:

  • DigitalOcean – hosting
  • Postmark – transactional email delivery
  • Stripe Payments Europe Ltd. – payment processing
  • PayU S.A. – payment processing
  • Google Maps API – address geocoding and autocomplete
  • Anthropic (Claude) – AI-powered content and menu generation
  • OpenStreetMap – map display
  • VIES (European Commission) – VAT ID validation
  • Accounting service providers

Data is shared only to the extent necessary for service provision.

7. International Transfers

Transfers outside the EEA (e.g., via Stripe) rely on Standard Contractual Clauses (SCC) approved by the European Commission or equivalent safeguards under Art. 46 GDPR.

8. Aggregated Data

Fully anonymized, aggregated operational data may be used for statistical or marketing purposes.

This data does not allow identification of any individual or user.

9. Rights

Data subjects have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object (Art. 21 GDPR)
  • Withdraw consent

To exercise these rights, contact: support@restrosuite.app

10. Complaints

Data subjects have the right to lodge a complaint with a supervisory authority.

11. Cookies

  1. The website uses only technically necessary cookies.
  2. No marketing or tracking cookies are used.
  3. Cookies can be managed via browser settings.

12. Security Measures

The Provider implements appropriate technical and organizational measures, including:

  • TLS encryption
  • Role-based access control
  • Tenant separation
  • Administrative access logging
  • Regular backups
  • Data minimization

13. Changes to this Policy

The Provider reserves the right to update this Privacy Policy in response to legal or technical changes.

The current version is always available on the website.

← Back to Home