The organisation collects information on you and your staff to deliver our services. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information is collected?
During registration we capture first name, surname, email address and telephone number.
During the payment process card details can be put in but these are never stored in ResDiary, they are transferred to to our third party payment processors, see below.
Why do we need this information?
This is required to setup the your ResDiary account and user profiles and the data. Also we may contact you on the details provided to advise you of service updates or new products we believe you may be interested in.
Our use of your data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.
With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by: email, telephone, text message, or post. We may contact you with information, news and offers on our products or services. We will not, however, send you any spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Where is the information stored?
The account details are stored in your ResDiary account and on our CRM system, SalesSeek.
Financial information is saved on payment platforms separate to ResDiary. Direct debits are with GoCardless. Credit card information is held on Chargify, Stripe, and Braintree with the company name and contact details. Previously, we used Moorepay, which some accounts are still with, but they will be closed down and moved to GoCardless. Any card payments taken over the phone are inputted into Stripe directly.
Who has access to it?
Your information may be shared internally with any staff that serve your business.
How does the organisation protect data?
The organisation takes the security of this data seriously. The organisation has internal controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
For how long does the organisation keep data?
Cancellation procedure for data
In line with the GDPR, cancelled restaurant data is to be kept no longer than is necessary. After a restaurant has cancelled their contract, and after the cancellation period (depending on your package, the length of this period may vary), restaurant user data and diner data will be permanently deleted 30 days after the cancellation period ends.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact firstname.lastname@example.org