Privacy Policy

Basic Privacy Information

Responsible: Tablesit

Email: legal@tablesit.us

Purpose: Management and control of contractual relations, advertising, and recruitment processes.

Legitimation: Consent, contractual measures, legitimate interest, legal obligation.

Data Retention: As long as necessary to achieve contract purposes and legal obligations.

Rights: Access, rectification, deletion, opposition, portability, limitation, withdrawal of consent via dpo@tablesit.us.

Developed Privacy Information

At Tablesit, we care about your privacy. Therefore, and in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on data protection of natural persons and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantees of Digital Rights, we would like to provide you with more information about the processing of the data that we carry out.

1. Who is the Controller of the processing of your personal data?

Domain name: https://www.tablesit.us

Company name: Tablesit

Email: dpo@tablesit.us

2. For what purposes do we process your personal data?

As the entity responsible for processing your data, we will use it solely for managing and controlling contractual relationships with our customers, responding to customer inquiries via our contact email, engaging in commercial prospecting activities related to our products and services, and conducting recruitment processes for job candidates. We adhere to the principle of data minimization, ensuring that data processing is always appropriate, proportional, and limited to what is strictly necessary. We do not perform profiling to make automated decisions.

During the booking process on our customer's websites, Tablesit receives personal data under a data processor contract to avoid duplicate bookings, authorized by our customers.

3. How long will we keep your data?

The personal data provided by our customers will be retained for the duration of the contractual relationship or, when applicable, for the minimum number of years required to fulfill the company's legal obligations. This retention period will always be limited to the time strictly necessary for the purposes for which the data was collected, unless the right to deletion, restriction, or cancellation is exercised.

4. What is the legitimacy for the processing of your personal data?

The legal basis for data processing is consent, fulfillment of contractual and legal obligations.

5. Who are the recipients of your personal data?

Unless legally obliged to do so and in the cases provided for by the data protection regulations in force at any given time, under no circumstances will we pass on your data to third parties for processing without informing you in advance and requesting your consent.

Data may be shared with service providers, some outside the EEA, with adequate guarantees and maintaining data security. Providers include Resend, Twilio, Stripe, Sentry and Baselime. Occasionally, if you authorise us to do so, we will contact you via WhatsApp, whose privacy policy can be reviewed in this site.

Tablesit receives personal data from its clients under a data processor contract to manage bookings. In certain instances, our clients, acting as data controllers, may authorize us to share this data with other companies within their group and with companies they collaborate with. Additionally, if a payment is required during the booking process, we will transfer your details directly to Stripe Inc (see their privacy policy here). Tablesit does not store card numbers or payment details at any time.

6. What are your data protection rights and how can they be exercised?

At any time, you may request the exercise of your rights by writing to the registered office of Tablesit or via email to dpo@tablesit.us, including in both cases a photocopy of your ID card or other equivalent document proving your identity to ensure that the rights are exercised by the interested parties.

In accordance with current data protection legislation, the rights that you can exercise against Tablesit are:

• The right to request access to personal data to obtain more information about the data we process.
• The right to request rectification of inaccurate or incomplete data.
• The right to request deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
• The right to object to the processing, in which case Tablesit will stop processing the data, except for compelling legitimate reasons or for the exercise or defense of possible claims.
• The right to data portability: in case you want your data to be processed by another entity, Tablesit will facilitate the portability of your data to the new controller if applicable.
• The right to limit their processing, in certain circumstances provided for in Article 18 GDPR, in which case they will only be kept by Tablesit for the defense of possible claims.
• The right to withdraw consent: where consent has been given for a specific purpose, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.

At any time, if the data subject considers that their data is not being treated appropriately or as required, they may lodge a complaint with Tablesit's Data Protection Officer or with the Spanish Data Protection Agency (www.agpd.es).

All data requested through the website are mandatory, as they are necessary for providing optimal service to the user. If all data is not provided, the provider does not guarantee that the information and services provided will be completely tailored to your needs.

Similarly, the user may unsubscribe from any of the subscription services provided by clicking on the unsubscribe section of all emails sent by the provider.

The provider has adopted all the technical and organizational measures necessary to guarantee the security and integrity of the personal data it processes, as well as to prevent their loss, alteration, and/or access by unauthorized third parties.

7. What security measures do we apply?

Tablesit maintains the highest levels of security to protect your personal data against loss, destruction, accidental damage, and unauthorized or unlawful access, processing, or disclosure, such as firewalls, access control procedures, and cryptographic mechanisms. To achieve these purposes, the user/customer agrees that the provider obtains data for the purposes of the corresponding authentication of access controls.

Tablesit will carry out a risk assessment of the processing, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of individuals.

In order to ensure an adequate level of security, based on the assessment carried out, the following security measures, among others, shall be applied where appropriate:

• Pseudonymisation and encryption of personal data, where appropriate.
• Ability to ensure the continued confidentiality, integrity, availability, and resilience of processing systems and services.
• Ability to restore availability and access to personal data quickly in the event of a physical or technical incident.
• Existence of a process of regular verification, evaluation, and assessment of the effectiveness of technical and organizational measures to ensure the security of processing.
• Periodic assessment of the risk of accidental or unlawful destruction, loss or alteration of, or unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.
• Measures to ensure that any person acting under Tablesit's authority has access to personal data only in accordance with Tablesit's instructions.

8. Confidentiality

Tablesit commits to treating any collected personal data with the utmost confidentiality, pledging to maintain its secrecy and ensuring the duty to protect it by implementing all necessary measures to prevent alteration, loss, unauthorized access, or processing, in accordance with applicable law.

9. Use of Cookies

Tablesit uses both its own and third-party cookies to collect information about website usage and optimize its operation. Detailed information about the use of cookies by Tablesit can be found in our Cookies Policy.

10. Recipients or categories of recipients of the personal data

When processing your data, we collaborate with various service providers who may have access to your personal information.

Potential recipients of your data include:

• Software companies that enable us to deliver, enhance, and market our services (e.g., for sending newsletters, managing customer contacts, or processing applications).
• Public authorities and administrations, as required by law.
• Payment service providers.
• Hosting providers.
• Social media platforms.
• Professional service firms, such as tax advisors or legal counsel.

In order to fulfill contractual obligations, we may also transfer your personal data to parties to whom we assign rights related to our contractual relationship with you.

Some of the specific tools and service providers we use include:

• Stripe: We use Stripe for secure payment processing. Stripe handles your payment information with high security standards, ensuring safe transactions.https://sentry.io/privacy/
• PostHog: PostHog helps us collect and analyze user behavior on our website. This tool allows us to improve our services by understanding how users interact with our site. https://posthog.com/privacy
• Sentry: Sentry is used for error tracking and monitoring. It helps us identify and fix bugs quickly, ensuring a smoother user experience.https://sentry.io/privacy/

For more detailed information, please refer to our full Privacy Policy.

11. Responsibility

The user is solely responsible for providing false, inaccurate, incomplete, or outdated information in the forms.

12. Updates

Tablesit reserves the right to update the Privacy Policy. Changes will be published on this page.