Privacy Policy

Last updated: August 6, 2025

1. Introduction

resOS AS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform.

We comply with the Norwegian Personal Data Act, the EU General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Information We Collect

Personal Information

We collect information that you provide directly to us, such as:

  • Name and contact information (email, phone number)
  • Restaurant business information
  • Payment and billing information
  • Login credentials
  • Communications with us

Customer Information

When processing bookings, we collect:

  • Customer names and contact details
  • Booking preferences and special requests
  • Dietary restrictions and allergen information
  • Payment information for deposits

Automatically Collected Information

We automatically collect certain information when you use our service:

  • IP address and device information
  • Browser type and operating system
  • Usage data and analytics
  • Cookies and similar technologies

3. How We Use Your Information

We use the collected information for:

  • Providing and maintaining our services
  • Processing bookings and payments
  • Communicating with you about our services
  • Improving and personalizing user experience
  • Compliance with legal obligations
  • Protecting against fraud and abuse

4. Legal Basis for Processing

We process personal data based on:

  • Contract: To fulfill our agreement with you
  • Consent: When you have given explicit consent
  • Legitimate interests: For business operations and improvement
  • Legal obligations: To comply with applicable laws

5. Data Sharing and Disclosure

We may share your information with:

  • Service providers: Payment processors (Stripe), hosting services (Vercel, Supabase)
  • Business transfers: In case of merger, acquisition, or sale of assets
  • Legal requirements: When required by law or court order
  • Consent: With your explicit consent

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, including:

  • Active account data: Duration of service + 30 days
  • Booking history: 3 years for tax compliance
  • Payment records: 5 years as required by Norwegian law
  • Communication logs: 1 year

8. Your Rights

Under GDPR and Norwegian law, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing activities
  • Restrict: Request restriction of processing
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@resos.no

9. International Data Transfers

Your data may be transferred to and processed in countries outside Norway/EEA. We ensure appropriate safeguards are in place, such as:

  • EU-approved standard contractual clauses
  • Adequacy decisions by the European Commission
  • Your explicit consent for specific transfers

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

11. Cookies and Tracking

We use cookies and similar technologies to enhance user experience. You can control cookie settings through your browser. Essential cookies are required for the service to function properly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the service.

13. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

Data Controller: resOS AS
Email: privacy@resos.no
Address: Oslo, Norway
Organization number: [To be assigned]

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no