Privacy Policy

Introduction

BeSeat ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our booking management platform and related services (the "Service").

This policy applies to:

• Business owners and administrators who use BeSeat to manage bookings
• Customers who make bookings through businesses using BeSeat
• Visitors to our website and users of our mobile applications

We are a UK-based company and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. By using our Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information from Business Accounts

When you create a BeSeat business account, we collect:

• Account Information: Name, email address, phone number, business name, business address
• Business Details: Business type, industry, description, logo, and branding information
• Payment Information: Billing address, payment method details (processed securely through Stripe - we do not store full credit card numbers)
• Subscription Information: Plan type, subscription status, billing history
• Configuration Data: Business hours, booking items (tables, rooms, services), exception dates, booking rules, SMTP settings
• Staff Information: Names and email addresses of staff members you add to your account

1.2 Information from Customer Bookings

When customers make bookings through your BeSeat account, we collect (on your behalf as data controller):

• Booking Information: Name, email address, phone number, booking date and time, party size, special requests
• Booking History: Past bookings, cancellations, no-shows, feedback
• Communication Records: Email confirmations, reminders, and notifications sent through the Service

1.3 Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: Device type, operating system, browser type, IP address, unique device identifiers
• Location Data: General location information (country, city) based on IP address
• Log Data: Access times, error logs, performance data
• Cookies and Tracking Technologies: See our Cookies section below

1.4 Information from Mobile Applications

When you use our mobile apps, we may collect:

• Device information and identifiers
• App usage statistics and crash reports
• Push notification tokens (with your consent)
• Location data (if you grant permission)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Provision

• Create and manage your account
• Process and manage bookings
• Send booking confirmations, reminders, and notifications
• Provide customer support and respond to inquiries
• Process payments and manage subscriptions
• Enable features like business hours, exception dates, and email templates

2.2 Service Improvement

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Fix bugs and technical issues
• Conduct research and analytics

2.3 Communication

• Send important service updates and announcements
• Respond to your support requests
• Send marketing communications (with your consent, which you can opt-out of at any time)
• Notify you about changes to our Terms or Privacy Policy

2.4 Legal and Security

• Comply with legal obligations and respond to legal requests
• Protect our rights, property, and safety
• Prevent fraud, abuse, and illegal activities
• Enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you have requested and fulfill our contractual obligations
• Legitimate Interests: To improve our Service, prevent fraud, ensure security, and communicate important updates
• Consent: For marketing communications and optional features (you can withdraw consent at any time)
• Legal Obligation: To comply with applicable laws, regulations, and legal processes

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

• Payment Processors: Stripe (for processing subscription payments) - they handle payment data according to their privacy policy
• Email Services: For sending transactional emails and notifications (using your configured SMTP or our default service)
• Hosting and Infrastructure: Cloud service providers for hosting our Service
• Analytics: Google Analytics (anonymized data) to understand usage patterns
• Support Tools: Customer support platforms to assist with inquiries

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government requests or regulatory requirements
• Enforcement of our Terms of Service
• Protection of rights, property, or safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Controller and Processor

For Business Accounts: You are the data controller for customer booking data collected through your BeSeat account. BeSeat acts as a data processor, processing this data on your behalf to provide the Service. You are responsible for:

• Obtaining necessary consents from customers
• Complying with applicable data protection laws
• Handling customer data subject requests
• Ensuring data accuracy and security

For Your Account Data: BeSeat is the data controller for information you provide when creating and using your BeSeat account.

6. Data Security

We implement robust technical and organizational measures to protect your data:

• Encryption: SSL/TLS encryption for data in transit; encryption at rest for sensitive data
• Access Controls: Role-based access controls, authentication, and authorization mechanisms
• Secure Infrastructure: Hosting in secure data centers with physical and digital security measures
• Regular Updates: Security patches and updates applied regularly
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Backups: Regular automated backups with secure storage
• Staff Training: Security awareness training for our team

While we implement strong security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials and should notify us immediately of any unauthorized access.

7. Your Rights (GDPR)

Under UK GDPR and applicable data protection laws, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO) in the UK

To exercise these rights, please contact us at hello@beseat.com. We will respond to your request within one month (or inform you if we need more time).

Note for Business Users: If you receive a data subject request from a customer regarding booking data, you are responsible for handling it as the data controller. However, we can assist you in accessing and exporting relevant data from your account.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Provide personalized features

Types of Cookies We Use:

• Essential Cookies: Required for the Service to function (cannot be disabled)
• Analytics Cookies: Help us understand how users interact with our Service (Google Analytics)
• Functional Cookies: Remember your preferences and enhance your experience

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of our Service. For more information about cookies, visit allaboutcookies.org.

9. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Stripe: Payment processing - Privacy Policy
• Google Analytics: Website analytics - Privacy Policy
• Email Service Providers: For sending transactional emails (varies based on your SMTP configuration)

We encourage you to review the privacy policies of these third-party services. We are not responsible for their privacy practices.

10. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area (EEA). However, some of our service providers may process data outside the UK/EEA.

When we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with UK GDPR requirements.

11. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations (e.g., tax records, accounting requirements)
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

Retention Periods:

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: Data is retained for 30 days after account deletion, then permanently deleted (unless legal obligations require longer retention)
• Legal Requirements: Some data (e.g., payment records) may be retained for up to 7 years for tax and accounting purposes

12. Children's Privacy

BeSeat is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete such information.

13. Marketing Communications

We may send you marketing communications about our Service, features, and promotions if you have consented to receive them. You can opt-out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in your account settings
• Contacting us directly

Please note that even if you opt-out of marketing communications, we will still send you important transactional and service-related messages (e.g., booking confirmations, account updates, security alerts).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated by:

• Email notification to the address associated with your account
• Notice on our website or within the Service
• In-app notifications

The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised. We encourage you to review this policy periodically. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer: For privacy-specific inquiries, you can also contact our Data Protection Officer at the email address above.

Supervisory Authority: If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK: