Privacy
We process personal data only as needed to provide reservations and orders, in line with the GDPR (DSGVO).
What we collect
- Reservation: name, email, phone, party size, date/time.
- Order: the above plus delivery address (for delivery).
Processors
Hosting & database: Vercel, Supabase (EU). Email: Resend. Staff notifications: Telegram. Payments (if enabled): Stripe.
Legal basis & retention
Reservations and orders are processed to perform the contract (Art. 6(1)(b) GDPR); the newsletter with your consent (Art. 6(1)(a)). We keep order data as long as required for processing and statutory retention (tax law, generally 7 years); newsletter data until you unsubscribe.
Your rights
You may request access, rectification, erasure, restriction, portability or object at any time, and withdraw consent: testrestaurant@gmail.com. You also have the right to lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at).
Note: have this reviewed by a lawyer/WKO and completed before launch (see docs/legal-templates.md).