Privacy Policy

Last updated: January 2025

Overview

This Privacy Policy describes how the BiteMe In Restaurant Table Reservations System (“the App”, “we”, “us”, or “our”) collects, uses, and protects information when you use our Shopify application. We are committed to protecting your privacy and ensuring compliance with applicable data protection laws.

Information We Collect

Customer Data

In accordance with Shopify’s protected customer data requirements, we collect and process the following customer information:

Level 1 Protected Customer Data

  • Reservation details (date, time, party size)
  • Reservation status and preferences
  • Table assignments and seating arrangements
  • Reservation notes and special requests
  • Booking history and patterns

Level 2 Protected Customer Data

  • Name: First and last names for reservation identification
  • Email: For sending booking confirmations, reminders, and communications
  • Phone: For reservation confirmations and urgent communications
  • Address: Not collected by this application

Store Data

We collect and store the following information about your restaurant:

  • Store/restaurant name and basic information
  • Operating hours and availability settings
  • Table layouts and dining area configurations
  • Email notification preferences and templates
  • Widget customization settings
  • Subscription and billing information

Technical Data

  • Session information for app functionality
  • Usage analytics for app improvement
  • Error logs for troubleshooting
  • API access logs for security

How We Use Information

Customer Data Usage

We use customer data exclusively for the following purposes:

  1. Reservation Management

    • Creating and managing table reservations
    • Sending booking confirmations and reminders
    • Handling reservation modifications and cancellations
    • Preventing double bookings and conflicts

  2. Communication

    • Sending automated email notifications
    • Providing customer support
    • Handling reservation-related inquiries

  3. Service Improvement

    • Analyzing booking patterns (anonymized)
    • Improving app functionality
    • Optimizing user experience

Data Minimization

We adhere to data minimization principles by:

  • Collecting only the minimum data necessary for reservation functionality
  • Not storing unnecessary personal information
  • Automatically purging old reservation data according to retention policies
  • Providing options to disable optional data collection (e.g., reservation notes)

Data Sharing and Disclosure

Third-Party Services

We may share data with the following third-party services:

  1. Email Service Providers

    • For sending reservation confirmations and reminders
    • Only email addresses and necessary reservation details are shared
    • All providers are GDPR and privacy-compliant

  2. Shopify Platform

    • Integration with Shopify’s customer and order systems
    • Compliance with Shopify’s data protection requirements
    • Secure data transmission using Shopify’s APIs

  3. Database Hosting

    • MongoDB Atlas for secure data storage
    • Data encrypted in transit and at rest
    • Servers located in secure, compliant data centers

We may disclose information when required by law or to:

  • Comply with legal processes or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our terms of service

Data Security

Technical Safeguards

  • Encryption: All data is encrypted in transit using TLS/SSL
  • Database Security: MongoDB with authentication and access controls
  • Access Controls: Role-based access to customer data
  • Session Management: Secure session handling with Shopify OAuth
  • API Security: Rate limiting and authentication for all endpoints

Organizational Safeguards

  • Regular security audits and assessments
  • Employee training on data protection
  • Incident response procedures
  • Data breach notification protocols

Data Retention

Customer Data

  • Active Reservations: Retained until reservation completion or cancellation
  • Historical Reservations: Retained for 2 years for business purposes
  • Customer Information: Retained as long as the merchant uses our service
  • Email Communications: Logs retained for 1 year

Store Data

  • Configuration Data: Retained while the app is installed
  • Usage Analytics: Anonymized data retained for service improvement
  • Support Data: Retained for 3 years for support purposes

Data Deletion

Upon app uninstallation or merchant request:

  • All customer data is deleted within 30 days
  • Store configuration data is permanently removed
  • Anonymized analytics may be retained for service improvement

Your Rights

Customer Rights

As a customer making reservations, you have the right to:

  • Access your reservation information
  • Correct inaccurate personal data
  • Request deletion of your data
  • Opt-out of non-essential communications
  • Withdraw consent for data processing

Merchant Rights

As a merchant using our app, you have the right to:

  • Access all data collected through your store
  • Export customer reservation data
  • Delete customer data upon request
  • Configure data collection settings
  • Request app data deletion upon uninstallation

Compliance

Shopify Requirements

We comply with Shopify’s protected customer data requirements:

  • Level 1 and Level 2 data protection implementation
  • Regular security reviews and audits
  • Transparent data usage policies
  • Secure data handling practices

International Compliance

  • GDPR: Full compliance for EU customers
  • CCPA: Compliance for California residents
  • PIPEDA: Compliance for Canadian customers
  • Other Jurisdictions: Adherence to local privacy laws

Cookies and Tracking

Essential Cookies

  • Session management for app functionality
  • Authentication and security
  • User preferences and settings

Analytics

  • Anonymized usage statistics
  • Performance monitoring
  • Error tracking for improvements

Third-Party Cookies

  • Shopify platform cookies for integration
  • Email service provider tracking (opt-out available)

Children’s Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • Industry best practices

We will notify merchants of significant changes through:

  • Email notifications
  • In-app announcements
  • Updated documentation

Contact Information

For privacy-related questions or requests:

Data Protection Officer Email: privacy@bitemein.com

General Support Email: support@bitemein.com

Data Processing Lawful Basis

GDPR Lawful Basis

  • Contract Performance: Processing necessary for reservation services
  • Legitimate Interest: Service improvement and fraud prevention
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

Data Controller Information

  • Data Controller: Binomio Beer And Wine srls
  • Registration: RM-12390263
  • Supervisory Authority: Garante per la protezione dei dati personali https://www.gpdp.it/

This Privacy Policy is designed to comply with Shopify’s protected customer data requirements and international privacy laws. For the most current version, please check our documentation regularly.