Privacy policy

1. Who We Are

Easy Eatery provides a website builder and booking platform designed for hospitality businesses.

For the purposes of UK data protection law:

• When you use our marketing website, Easy Eatery acts as a Data Controller.
• When hospitality businesses use our platform to manage their own customer data, those businesses act as Data Controllers and Easy Eatery acts as a Data Processor under our Data Processing Agreement.

If you have any questions about this policy, you can contact us at info@easyeatery.co.uk

2. The Personal Data We CollectA. Information You Provide Directly

When you contact us, create an account, or subscribe, we may collect:

• Name
• Business name
• Business address
• Email address
• Telephone number
• Billing information

When customers of our clients make bookings or purchase vouchers, the relevant hospitality business collects and controls that data. Easy Eatery processes it on their behalf.

B. Information Collected Automatically

When you visit our website or use the platform, we may collect:

• IP address
• Browser type
• Device information
• Usage data
• Log information

This data helps us maintain security and improve the Service.

3. How We Use Personal Data

We use personal data to:

• Provide and operate the Easy Eatery platform
• Manage subscriptions and accounts
• Send transactional communications (such as booking confirmations and voucher emails)
• Provide customer support
• Improve platform functionality and security
• Comply with legal obligations

We do not sell personal data.

4. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

• Contract – to provide our Service and fulfil bookings and voucher functionality
• Legitimate Interests – to maintain security, prevent fraud, and improve our Service
• Consent – where required, such as for optional marketing communications or non-essential cookies
• Legal Obligation – where processing is required by law

5. Payment Processing

We do not store or process payment card information.

All payment processing is carried out by third-party providers such as Stripe under their own privacy policies.

You should review Stripe’s privacy policy for details on how they process payment data.

6. Transactional and Marketing Communications

Transactional Communications

We send operational emails necessary for the functioning of the Service, including:

• Booking confirmations
• Voucher delivery emails
• Account notifications

These communications are necessary to perform our contract and cannot be opted out of while using the Service.

Marketing Communications

We only send marketing emails where you have explicitly opted in.

You can unsubscribe at any time using the link in any marketing email.

Marketing emails are managed via Mailchimp.

7. Data Retention

We retain personal data only for as long as necessary.

For platform customers:

• Account and booking data is retained during your subscription.
• After termination, data is retained for up to six (6) months.
• After this period, data may be permanently deleted.

Website enquiry data is retained only as long as necessary to respond and manage communications.

8. Hosting and Security

Primary customer data is hosted in the United Kingdom via Krystal (London data centres).

We implement appropriate technical and organisational measures, including:

• Encrypted data transmission (HTTPS)
• Secure authentication procedures
• Role-based access controls
• Logical separation of customer databases

Each customer’s platform data is stored in a logically separate database environment.

9. Third-Party Service Providers

We use trusted third-party providers to support delivery of the Service, including:

• Krystal – Hosting
• Bunny.net – Content delivery network
• Postmark – Transactional email delivery
• Stripe – Payment processing
• Mailchimp – Marketing communications (opt-in only)
• HubSpot – Customer relationship management and enquiry management

These providers may process personal data on our behalf and are subject to appropriate contractual safeguards.

10. International Data Transfers

Primary platform data is hosted in the United Kingdom.

Certain service providers, including CRM systems, transactional email services and content delivery networks, may process limited personal data outside the United Kingdom.

Where personal data is transferred internationally, we ensure appropriate safeguards are implemented in accordance with UK GDPR, including adequacy regulations or approved international data transfer mechanisms.

11. Your Rights

Under UK data protection law, you may have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent (where processing is based on consent)

To exercise your rights, contact us at info@easyeatery.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

12. Cookies

We use cookies to improve user experience and analyse website performance.

Full details are provided in our Cookie Policy.

You may manage cookie preferences through your browser settings.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

The latest version will always be available on our website with the updated date shown at the top.

Continued use of the Service constitutes acceptance of the updated policy.