Restera Privacy Policy

September 11, 2024

Who we are

Restera Ltd (“We”, “Our”, or “Us”) collects and processes your data in accordance with this Privacy Policy and in compliance with the applicable data protection laws.

This Policy provides you with the necessary information regarding your rights and our obligations, and explains how, why, and when we process personal data.

Restera Ltd is a company registered in Bulgaria with its registered office at 13, Yakubitsa street, Sofia, Bulgaria.

If you have any questions about this Privacy Policy or if you want to exercise any of your rights, please contact us at privacy@restera.com.

Please read this Privacy Policy thoroughly. If you do not agree with our policies and practices described in this Privacy Policy, please do not use the software or services that we license, sublicense, manage or operate, do not engage us as a processor, do not visit our websites, and do not provide information to us.

How we obtain data

We may get data:
• When you visit our website and its subdomains (“Website”).
• When you enter into a contract with us.
• When you use a cloud version of R Keeper, a complete automation solution for restaurant business. You can find the full list of data obtained in a section of this Privacy Policy or in a privacy notice dedicated to the R Keeper product or module you use.

Please note that if you use R Keeper that is installed and operated on-premises, we do not receive or process any personal data. In this case, the processing of personal data is fully managed by a client who uses R Keeper on-site.

What data we process

We process different data depending on the situation. You can learn details about what data we process in this section.

Some data that we obtain and process may be treated as personal data in accordance with the laws of certain territories and countries. When we use terms “personal data” or “personal information”, we mean any information relating to an identified or identifiable natural person, excluding any anonymized and depersonalized data where your identity is absent or has been removed and cannot be recovered.

Data we process includes no more than is crucial to provide full functionality of our products, websites, and services. We take all necessary technical, organizational, and physical measures to protect the data we obtain.

When visiting our Website

Processing visitor requests. We process name, phone number and email address which visitors provide to us when sending requests. We may share this information with our partners who will respond to a submitted request.

Cookies. By using Cookies, We are able to provide you with a better experience and to improve our site by better understanding how you use it. You can always disable cookies in your web browser or clear existing cookies, but please note that some functionality of our Website may not work properly without the use of cookies. Please refer to the Cookie Notice for details: https://rkeeper.com/cookie-policy.

When contracting with us

We process the name, title and email address of representatives of companies that contract with us.

When using cloud-based R Keeper

We process personal data when you use a cloud version of R Keeper in accordance with your instructions.

When you choose to use R Keeper, you provide us with data, including personal data. This information depends on modules or products you choose to use as part of the R Keeper solution and is listed below or in a relevant Privacy Notice:

Cash Desk. When you use this module of R Keeper:
• To inform guests by electronic receipt or confirm guest of bonus points deduction, the following information will be processed: guest's email address or phone number.

Delivery. When you use this module of R Keeper:
• To register a client's employee, the following data will be processed: the employee's first name, last name, email and phone number.
• To register a guest, the following data will be processed: the guest's first name, last name, phone number, email address, date of birth and address.
• To record orders, the following information will be processed: guest and customer employee IDs, date, time, contents and amount of the order, restaurant name or location, order payment attribute, applied discounts, and comments on the order.
• To inform guests, the following information will be processed: guest's email address, order status, electronic receipt, confirmation of bonus points deduction.

Store House. When you use this module of R Keeper:
• To register a client's employee, the following data will be processed: the employee's first name, last name, email and phone number.

Food Factory. When you use this module of R Keeper:
• To register a client's employee, the following data will be processed: the employee's first name, last name, email and phone number.

Manager. When you use this module of R Keeper:
• To register a client's employee, the following data will be processed: the employee's first name, last name, email and phone number.

KDS Pro. When you use this module of R Keeper:
• To register a client's employee, the following data will be processed: the employee's first name, last name, email and phone number.

QMS. When you use this module of R Keeper:
• no personal data is collected

CRM. When you use this module of R Keeper:
• To register a client's employee, the following data will be processed: employee's first name, last name and phone number.
• To register a guest, the following data will be processed: guest's first name, last name, phone number, email address and date of birth.
• To record orders, the following information will be processed: guest and customer employee IDs, date, time, contents and amount of the order, restaurant name or location, order payment attribute, applied discounts, and comments on the order.
• To inform guests, the following information will be processed: guest's email address, order status, electronic receipt, confirmation of bonus points deduction.

Courier App. When you use this module of R Keeper:
• To register a client's employee, the following data will be processed: employee's first name, last name and phone number.
• To register a guest, the following data will be processed: guest's first name, last name, phone number, email address and date of birth.
• To record orders, the following information will be processed: guest and customer employee IDs, date, time, contents and amount of the order, restaurant name or location, order payment attribute, applied discounts, and comments on the order.
• To inform guests, the following information will be processed: guest's email address, order status, electronic receipt, confirmation of bonus points deduction.

Waiter. When you use this module of R Keeper:
• To register a guest, the following data will be processed: guest's first name, last name, phone number, email address and date of birth.

SH5 TSD. When you use this module of R Keeper:
• no personal data is collected

Kiosk. When you use this module of R Keeper:
• To register a guest, the following data will be processed: guest's first name, last name, phone number, email address and date of birth.

When providing support

We process different information that may be required to resolve issues when clients request our support.

When using R Keeper on-premises

We do not process any personal data when you use R Keeper modules and products on-site without connecting to our servers and clouds.

What legal bases we use to process personal data

We do not process any personal data when you use R Keeper modules and products on-site without connecting to our servers and clouds.

Instructions. We process personal data in accordance with your instructions when you use a cloud version of R Keeper.

Consent. We process personal data if you have provided us with your consent to use your personal data for certain purposes. You can withdraw your consent at any time.

Performance of a contract. We process personal data when it is necessary to fulfill our contractual obligations to you, including at your request prior to entering into a contract with you.

Legal obligations. We process personal data where it is necessary for compliance with our legal obligations, such as to exercise or defend our legal rights, or for taxation purposes.

Legitimate interest. We process personal data when we pursue our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects.

When and with whom we share personal data

We may share your data with third parties who perform services for us or on our behalf and require access to your data to perform contracts with us. Our contracts with such third parties are designed to help safeguard personal data so that such third parties cannot do anything with your personal data unless we have instructed them to do it. Such third parties will also not share personal data with any organization apart from us unless we have authorized them to do so. They also commit to protect personal data they hold on our behalf and to retain it for the period we instruct.

The list of categories of third parties we may share personal data with are as follows:

IT service providers. This is Hetzner Online GmbH (https://www.hetzner.com/). Hetzner privacy policy: https://www.hetzner.com/legal/privacy-policy/.

Payment service providers This is Adyen N.V. (https://www.adyen.com/). Adyen privacy policy: https://www.adyen.com/privacy-policy.

Providers of integrated services that you choose to use with R Keeper. Please refer to the Integrated Service Providers for details: https://rkeeper.com/integrated-service-providers.

Sales partners These are companies located in different countries that make R Keeper available to clients.

Analytics services These are Google Analytics and Firebase by Google Ireland Limited (https://www.google.com/). Google privacy policy: https://policies.google.com/privacy.

Where we process personal data

We store personal data in a cloud data center located in the EU. Personal data may be processed by our employees, who can only access your data through their job duties on a need-to-know basis. If you have questions or would like to know from which countries personal data may be accessed, you can write to us at privacy@restera.com.

If you are in the EEA, the UK or Switzerland

For data transfers to third countries, we always implement appropriate safeguards to ensure that personal data always remains safe and that your rights are respected:
• The country or the third party is recognized as providing adequate protection.
• A valid transfer mechanism is used, such as the Standard Contractual Clauses, and supplementary measures are implemented where necessary.
• The transfer has your explicit consent.
• The transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract.

If you would like a copy of the Standard Contractual Clauses used, please contact us at privacy@restera.com. To determine if a third country has an adequate level of data protection, please visit the European Commission website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

How we use personal data

Your privacy is our highest priority. We take it very seriously and will never disclose, share, or sell your data unless we have your consent or are required to do so by law. The only purpose of obtaining and storing personal data is to provide you with functionality of R Keeper and our Website at their full potential.

Retaining data

We retain personal data for as long as it is necessary for the declared purposes, or in accordance with instructions received, or until you withdraw your consent to share this information, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legal obligations or legitimate interests to process personal data, we will either delete or anonymize such data.

Privacy rights

In some countries and regions, you may have certain rights in relation to your personal data under applicable data protection laws.

If you wish to exercise your rights with respect to your personal data, please contact us at privacy@restera.com. We will consider and act upon any request in accordance with applicable data protection laws. We may ask you to further confirm your identity and will respond to you within the time period specified by applicable data protection law. Please note that in certain cases stipulated by applicable data protection law, we may charge you a reasonable fee for processing your request or refuse your request. We may also forward your request to a party who is required by law to process it.

If you are in the EEA, the UK or Switzerland

You are entitled to exercise the following rights in relation to your personal data:

Right of access: The right to obtain all your personal data we store. In some cases, the right of access may be limited for technical reasons, including if the data has been anonymized and cannot be linked to any data subject.

Right to erasure or right to be forgotten: The right to completely delete your personal data.

Right to rectification: The right to correct any incomplete or inaccurate personal data about you.

Right to restriction: The right to impose restrictions on processing of your personal data.

Right to object: The right to object to processing of your personal data.

Right to data portability: The right to receive provided personal data in a structured, commonly used, and machine-readable format and to transmit that data to another party.

Right not to be subject to a decision based solely on automated processing, including profiling.

Right to withdraw a consent where the data processing is based on the consent.

Right to lodge a complaint with a data protection authority. You can find contact details of our data protection authority at https://cpdp.bg/en/contacts/. If you are in the UK, please visit at https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/. If you are in Switzerland, the contact details for the data protection authority are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

When we receive your personal data from a third party, we will use reasonable efforts to inform you about it.

Safeguarding measures

We make every possible effort to protect personal data from unauthorized access, alteration, disclosure, or destruction. We implement and maintain the following technical and security measures:

System access controls: We take reasonable measures to prevent personal data from being used without authorization. These controls shall vary based on the nature of the processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes and/or logging of access on several levels.

Data access controls: We take reasonable measures to ensure that personal data is accessible and manageable only by properly authorized staff. Direct database query access is restricted and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to personal data to which they have privilege of access; and that personal data cannot be read, copied, modified or removed without authorization in the course of processing.

Storing data in a data center: Personal data is stored in a cloud data center located in the EU. This is secure: the data center does not demand that we collect any data about your traffic or your use of R Keeper.

Transmission controls: We take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of personal data by means of data transmission facilities is envisaged so personal data cannot be read, copied, modified or removed without authorization during electronic transmission or transport.

Data backup: Back-ups of the databases are made on a regular basis, are secured, and encrypted to ensure that personal data is protected against accidental destruction or loss.

Logical separation: Personal data is logically segregated on our systems to ensure that personal data that is obtained for different purposes can be processed separately.

What data we do not process

We do not process any special categories of personal data, such as biometric data, and personal data of minors. We do not need to process such data, and we urge you to refrain from providing it.

If you learn that we have been provided with special categories of personal data or personal data of a minor, please contact us immediately at privacy@restera.com. We will take steps to delete that information promptly.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time due to changes in laws, regulations, industry standards, or our business. We will post the amended Privacy Policy and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, we will provide additional notice.

If you have questions or comments about this Privacy Policy, or if you wish to exercise any of your rights, you may email at privacy@restera.com or by post to 13, Yakubitsa street, Sofia, Bulgaria.