Privacy Policy — Reservety Rental Management Software

1. Introduction

SC RESERVETY SYSTEMS SRL ("Reservety", "We", "Us"), a company incorporated in Romania, is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you use our software platform and concierge services.

This policy is compliant with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and relevant Romanian legislation (Law 190/2018).

2. Critical Definitions (Controller vs. Processor)

To understand your rights, it is important to distinguish how we handle different types of data:

Scenario A: Data about YOU (The Client)

When you sign up for Reservety, pay us, or contact support, we are the Data Controller. We decide why and how this data is processed (e.g., for billing and account management).

Scenario B: Data about YOUR CUSTOMERS (End Users)

When your customers make a booking on your website, YOU are the Data Controller. Reservety acts strictly as the Data Processor. We store and process this data solely on your behalf and according to your instructions.

3. Data We Collect

3.1 Information You Provide to Us

Account Data: Company name, CUI/VAT number, address, email address, phone number, and password.
Billing Data: Invoicing details and payment history. (Note: We do not store full credit card numbers; these are handled by our payment processors like Stripe).
Concierge Data: Inventory lists, pricing rules, and branding assets you upload via the "Launch Kit."

3.2 Information We Process on Your Behalf

As a Processor, we host data that you collect from your customers, which may include:

End User names, emails, phones, and addresses.
Booking details and rental history.
Signed digital waivers/contracts (including IP timestamps).
Uploaded documents (e.g., Driver's Licenses), if you choose to enable this feature.

3.3 Automatically Collected Data

When you access the Service, we collect technical logs including IP addresses, browser types, and access times for security auditing and fraud prevention.

4. How We Use Your Data

We use your data for the following legal bases:

Performance of Contract: To create your website, process bookings, and provide customer support.
Legal Obligation: To maintain financial records (invoicing) as required by Romanian fiscal law.
Legitimate Interest: To improve our platform, prevent fraud, and ensure the security of our infrastructure.

5. Data Retention & Deletion

5.1 Standard Retention

We retain your Account Data for as long as you have an active subscription. Upon cancellation, we may retain certain data for up to 10 years to comply with Romanian fiscal data retention laws (e.g., invoices).

5.2 Sensitive File Auto-Deletion

To minimize risk for both parties, Reservety implements an automatic data minimization policy for sensitive file uploads. If you use our system to collect raw images of ID documents, these files are automatically deleted from our servers 90 days after the booking end date. Metadata (logs of who verified the ID) is retained.

6. Data Sharing & Sub-Processors

We do not sell your data. We share data only with third-party sub-processors required to run the service. These include:

Cloud Hosting: (e.g., AWS, DigitalOcean) for server infrastructure.
Payment Gateways: (e.g., Stripe, PayPal) for processing payments.
Communication: (e.g., SMTP providers) for sending transactional emails.

We have Data Processing Agreements (DPA) in place with all sub-processors to ensure they protect data to GDPR standards.

7. International Transfers

If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs).

8. Your GDPR Rights

If you are located in the EEA, you have the following rights regarding your personal data:

Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can ask us to correct inaccurate data.
Right to Erasure ("Right to be Forgotten"): You can ask us to delete your data, subject to our legal obligations (e.g., tax laws).
Right to Restriction: You can ask us to restrict how we process your data.
Right to Data Portability: You can ask for your data in a structured, machine-readable format.

Note for End Customers (Renters)

If you are a customer who rented equipment from a business using Reservety, please contact that business directly to exercise your GDPR rights. Reservety acts as a Processor and cannot delete or modify end-user data without the instruction of the Rental Business (the Controller).

9. Security

We employ industry-standard security measures, including SSL encryption for data in transit, encryption for sensitive data at rest, and strict access controls for our employees. However, no method of transmission over the Internet is 100% secure.

10. Contact Us

To exercise your rights or if you have questions about our privacy practices, please contact our Data Protection Officer:

SC RESERVETY SYSTEMS SRL
Attn: Privacy Officer
Bdul Alexandru cel Bun, nr. 5, sc. D, ap. 8
Bacau, Romania
Email: support@reservety.com