1. Data Controller
The controller of your personal data is: SUZZY, SAS with share capital of €3,000, 47 rue Vivienne, 75002 Paris, France — SIREN 102 900 487 — RCS Paris — [email protected].
2. Data Collected
We collect the following categories of personal data:
2.1 Identification Data
Name, email address, phone number, collected during account creation or via the contact form.
2.2 Professional Data
Establishment name, address, city, postal code, collected for your account configuration.
2.3 Navigation Data
IP address, cookie data, connection logs, automatically collected during Platform use.
2.4 End Customer Data
Through reservation, Click & Collect, and loyalty wheel features, the Platform may process personal data of your establishment's end customers (names, emails, phone numbers). You are responsible for processing this data and informing your customers. Explicit and documented consent from end customers must be obtained for email collection via the loyalty wheel.
3. Legal Basis for Processing
In accordance with Article 6 of the GDPR, our processing is based on the following legal grounds:
3.1 Contract Performance
The provision of Services (reservation management, digital menu, Click & Collect, website, etc.) is based on the performance of the subscription contract.
3.2 Legal Obligation
The retention of accounting and tax data is based on our legal obligations.
3.3 Legitimate Interest
Platform improvement, security, and fraud prevention are based on our legitimate interest.
3.4 Consent
Commercial communications and customer email collection via the loyalty wheel are based on the explicit consent of the individuals concerned.
4. Processing Purposes
Your data is used to:
- Provide and improve the Services
- Manage your account and subscription
- Contact you regarding your account or the Services
- Send you commercial communications (with your prior consent)
- Comply with our legal and accounting obligations
5. Data Sharing and Transfers
5.1 No Data Sales
We do not sell or rent your personal data to third parties.
5.2 Sub-processors
Your data may be shared with the following sub-processors, strictly for providing the Services:
- Railway Corporation — data hosting, 548 Market St, San Francisco, CA 94104, USA
- Octopush — transactional SMS, France (octopush.com)
- Resend — transactional emails (resend.com)
- Analytics tool providers
5.3 Transfers Outside the European Union
Platform hosting is provided by Railway Corporation, a company based in the United States. This data transfer is governed by Standard Contractual Clauses (SCCs) in accordance with Article 46 of the GDPR.
6. Data Retention Period
Your data is retained for the following periods:
- Active account data — for the duration of your subscription
- Data after termination — 3 years from the end of the business relationship
- Accounting and tax data — 10 years (legal obligation)
7. Your Rights
Under the GDPR (Articles 15 to 22), you have the following rights:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or accidental disclosure. These measures include data encryption in transit, access control, and logging of sensitive operations.
9. Contact
For any questions regarding your personal data, contact us at: [email protected] — SUZZY (SAS), 47 rue Vivienne, 75002 Paris, France.