0%
Loading ...

Interested in our booking software?

Schedule a demo

Booking software

Discover our online table reservation platform, designed to simplify the management of your restaurant while optimising the customer experience.

The modules

Discover our add-on modules to improve your online booking system and optimise the management of your restaurant.

Website

Tailor-made website creation for your restaurant, showcase your cuisine with a unique online presence.

About us

Discover the history of Barestho and what makes us who we are!

Our customers

Read what our customers have to say!

Blog

Explore our blog, the essential reference for discovering the latest news and trends in the hospitality sector.

Tutorials

Discover all the features and tips of our software through our explanatory videos.

Identify yourself

Connect to your Barestho platform to easily manage your bookings!

Privacy policy

Object

This policy is drawn up by Barestho SRL located at Avenue de la Bourgogne, 96, 7700 Mouscron, registered under number 0740.454.745 (hereinafter referred to as "the data controller").

The purpose of this policy is to inform visitors to the website hosted at www.barestho.com (hereinafter referred to as the "website") of how data is collected and processed by the data controller.

This policy is part of the controller's desire to act transparently, in compliance with its national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").

The data controller pays particular attention to protecting the privacy of its users and therefore undertakes to take the reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorised use.

Personal data" is defined as all personal data concerning the user. In other words, any information that enables the user to be identified directly or indirectly as a natural person. If the user wishes to react to any of the practices described below, he/she may contact the data controller at the postal address or e-mail address specified in the "contact details" section of this policy.

 

 

What data do we collect?

The data controllers collect and process the following personal data in accordance with the procedures and principles described below:

 Its domain (detected automatically by the controller's server), including the dynamic IP address.

  • All the information concerning the pages that the user has consulted on the website.
  • Any information that the user has given voluntarily, for example by completing the contact form.
  • The data controller may also collect non-personal data. These data are qualified as non-personal data because they do not allow a specific person to be identified directly or indirectly. It may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the advertising of the data controller.

 

In the event that non-personal data is combined with personal data in such a way that it is possible to identify the persons concerned, this data will be treated as personal data until such time as it is impossible to link it with a specific person.

 

Collection methods

The data controller collects personal data when the user fills in the contact form.

 

Purpose of processing

Personal data is collected and processed solely for the purposes set out below: 

  • To manage and monitor the delivery of the services offered.
  • Sending and tracking orders and invoices.
  • Sending promotional information on the products and services of the data controller.
  • Sending out promotional material.
  • Answering users' questions.
  • Produce statistics.
  • To improve the quality of the website and of the data controller's products and services.
  • To send information about new products and services from the data controller.
  • For commercial prospecting purposes.

 

The data controller may carry out processing operations that are not yet provided for in this policy. In this case, it will contact the user before re-using his/her personal data in order to inform him/her of the changes and give him/her the opportunity, where appropriate, to refuse such re-use.

 

Legitimate interests

Certain processing operations carried out by the data controller are founded on the legal basis of its legitimate interests. These legitimate interests are proportionate to respect for the user's rights and freedoms. If the user wishes to be informed of the details of the purposes founded on the legal basis of legitimate interests, he/she is recommended to contact the data controller (see point relating to "contact details").

 

Shelf life

As a general rule, the data controller will only keep personal data for as long as is reasonably necessary for the purposes for which it is to be used and in accordance with legal and regulatory requirements.

A customer's personal data is kept for a maximum of 10 years after the end of the contractual relationship between the customer and the data controller.

Once the retention period has elapsed, the data controller shall take all necessary steps to ensure that the personal data has been made unavailable and inaccessible.

 

Application of rights

For all the rights listed below, the data controller reserves the right to verify the identity of the user for the application of the rights listed below.

This request for additional information must be made within one month of the user submitting the request.

 

Data access and copying

Users may obtain, free of charge, written communication or a copy of their personal data that has been collected.

The data controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user. Where the user makes such a request electronically, the information will be provided in a commonly used electronic form unless the user requests otherwise.

Unless otherwise stipulated by the General Data Protection Regulation, the user will be sent a copy of his or her data no later than one month after receipt of the request.

 

Right of rectification

The user may obtain, free of charge, as soon as possible and at the latest within a period of one month, the rectification of any personal data that may be inaccurate, incomplete or irrelevant, as well as the completion of such data if it proves to be incomplete.

Unless otherwise stipulated by the General Data Protection Regulation, a request for application of the right to rectification will be processed within one month of the request being made.

 

Right to object to processing

Users may at any time, for reasons relating to their particular situation, object free of charge to the processing of their personal data if :

  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail.

The data controller may refuse to implement the user's right to object if it establishes the existence of compelling and legitimate grounds for the processing, which override the interests or the rights and freedoms of the user, or for the establishment, exercise or defence of legal claims. In the event of a dispute, the user may lodge a complaint in accordance with the "Complaints" section of this policy.

Users may also, at any time, object, without justification and free of charge, to the processing of their personal data when this data is collected for commercial prospecting purposes.

Where personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.

Unless otherwise stipulated by the General Data Protection Regulation, the data controller is obliged to respond to the user's request as soon as possible and within one month at the latest, and to give reasons for its response if it intends not to comply with such a request.

 

Right to restrict processing

 Users may obtain a restriction on the processing of their personal data in the cases listed below:

  • When the user disputes the accuracy of a piece of data and only for as long as it takes the data controller to check it.
  • When the processing is unlawful and the user prefers the restriction of processing to erasure.
  • When, although it is no longer necessary for the purposes of the processing, the user needs it for the establishment, exercise or defence of legal claims.
  • For the time required to examine the validity of a request for opposition made by the user, in other words for the time required for the controller to check the balance of interests between the legitimate interests of the controller and those of the user.

 The data controller will inform the user when the processing restriction is lifted.

Right to erasure (right to be forgotten)

Users may obtain the deletion of their personal data if one of the following reasons applies:

 The data is no longer required for the purposes for which it was processed.

  • The user has withdrawn his/her consent to his/her data being processed and there is no other legal basis for the processing.
  • The user objects to the processing and there is no compelling legitimate reason for the processing and/or the user exercises his/her specific right of objection in relation to direct marketing.
  • Personal data has been processed unlawfully.
  • Personal data must be erased in order to comply with a legal obligation (under EU or Member State law) to which the controller is subject.
  • The personal data was collected as part of the provision of information society services aimed at children.

 

However, data will not be deleted in the following cases:

 

  • Where processing is necessary for the exercise of the right to freedom of expression and information.
  • Where processing is necessary for compliance with a legal obligation which requires processing under Union law or the law of the Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Where processing is necessary for reasons of public interest in the field of public health.
  • Where processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes and provided that the right to erasure is likely to make impossible or seriously compromise the achievement of the purposes of the processing in question.
  • Where processing is necessary for the establishment, exercise or defence of legal claims.

 

Unless otherwise stipulated by the General Data Protection Regulation, the data controller is obliged to respond to the user's request as soon as possible and within one month at the latest, and to give reasons for its response if it intends to take no further action on such a request.

 

 

Right to data portability

The user may, at any time, request to receive, free of charge, his/her personal data in a structured, commonly used and machine-readable format, in particular with a view to passing it on to another data controller where the data processing is carried out using automated processes and where the processing is based on the user's consent or on a contract concluded between the user and the data controller.

Under the same conditions and according to the same procedures, the user has the right to obtain from the data controller that personal data concerning him/her be transmitted directly to another data controller, insofar as this is technically possible.

The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

 

Recipients of data and disclosure to third parties

The recipients of the data collected and processed are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected commercial partners located in the European Union who collaborate with the data controller in the marketing of products or the provision of services.

In the event that data is disclosed to third parties for direct marketing or commercial prospecting purposes, the user will be informed in advance so that he/she can choose to accept the transfer of his/her data to third parties.

Where this transfer is based on the user's consent, the user may withdraw consent for this specific purpose at any time.

The data controller complies with the legal and regulatory provisions in force and will ensure in all cases that its partners, employees, subcontractors or other third parties with access to this personal data comply with this policy.

The data controller discloses the user's personal data in the event that a law, legal proceedings or an order from a public authority makes such disclosure necessary.

The data controller does not transfer any personal data outside the European Union.

 

 

Security

The data controller shall implement appropriate technical and organisational measures to guarantee a level of security of the processing and of the data collected that is appropriate to the risks presented by the processing and the nature of the data to be protected. He shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.

The data controller always uses encryption technologies that are recognised as industry standards within the IT sector when transferring or receiving data on the website.

The data controller has put in place appropriate security measures to protect and prevent the loss, misuse or alteration of information received via the website.

In the event that the personal data under the control of the controller should be compromised, the controller will act promptly to identify the cause of the breach and take appropriate remedial action.

The data controller shall inform the user of this incident if required to do so by law.

 

 

Claims and complaints

 

If the user wishes to react to any of the practices described in this policy, it is advisable to contact the data controller directly.

Users may also lodge a complaint with their national supervisory authority, whose contact details can be found on the European Commission's official website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, the user may bring a complaint before the competent national courts.

 

 

Contact details

For any questions and/or complaints relating to this policy, the user may contact the data controller : 

  • E mail : contact@barestho.com
  • Mail: Rue Albert Libiez, 59, 7340 Pâturages

 

Modification

The data controller reserves the right to amend the provisions of this policy at any time. Amendments will be published directly on the controller's website.

 

Applicable law and jurisdiction

This policy is governed by the national law of the data controller's principal place of business.

Any dispute relating to the interpretation or execution of this policy will be subject to the jurisdiction of this national law.

The current version of the policy dates from 1 December 2019.