Privacy Policy

Last update: October 22, 2025

This Privacy Policy explains how Tableo Ltd (“Tableo”, “we”, “us”, “our”) processes personal data of patrons/guests (“you”) when you book a table or otherwise interact with Restaurants or other venues that use Tableo, including when:

  • you book via a Tableo‑powered widget embedded on a Restaurant’s website;
  • you book via third‑party channels integrated with Tableo (e.g., Reserve with Google, Instagram/Facebook/WhatsApp);
  • a Restaurant takes your booking by phone or email and enters it into Tableo on your behalf; or
  • you receive confirmations, reminders, messages or post‑visit review requests sent through Tableo.

This Policy is addressed to end users (patrons/guests). Restaurants have their own terms and privacy notices that apply in addition to this Policy. Please also review the “Data Processing” subsection of the Terms and Conditions.

1. Who is responsible for your data?

  • Restaurant as Controller. For reservation and on‑premise services, your Restaurant is the data controller of your reservation record and any dining‑related data. The Restaurant decides the purposes (e.g., managing capacity, house rules, deposits) and is responsible for charges/refunds where applicable.

  • Tableo as Processor/Controller. Tableo generally acts as a data processor for the Restaurant to provide reservation software and messaging. For some activities, Tableo is an independent controller (e.g., platform security logs, service analytics, fraud prevention, and where permissible, our own service communications and product improvement).

If you have questions about a specific reservation (times, deposits, no‑show charges, house rules), please contact the Restaurant first.

2. What data we process

Depending on how you book and interact, we may process:

  • Reservation details: date/time, party size, venue, seating notes, occasion; status/updates (confirmed, modified, cancelled, no‑show).

  • Contact & identity: name, email, mobile/phone; optionally, language preference.

  • Preferences & notes (optional): dietary notes, accessibility needs, celebration notes; any free‑text you provide. Please avoid sharing special‑category data unless strictly necessary.

  • Payment‑related data (when required by the Restaurant): tokenised card reference (via a PCI‑compliant processor), last 4 digits & expiry, deposit/pre‑authorisation amounts and outcomes.

  • Communications: confirmations, reminders, messaging history with the Restaurant, review requests.

  • Technical data: device/browser info, IP address, time stamps, channel identifiers (e.g., Google booking ID), referral/UTM tags, and cookie data subject to your choices.

3. Why we process your data (purposes & legal bases)

  • Provide and manage reservations – create/update/cancel bookings; send confirmations/reminders; coordinate seating.
  • Deposits, pre‑authorisations & charges where applicable – enable card capture, token storage, settlement/void/refund per the Restaurant’s policy.
  • Service communications – operational messages about your booking or post‑visit feedback requests.
  • Customer support & dispute handling – assisting you or the Restaurant with booking queries and complaints.
  • Security, fraud & abuse prevention; service analytics – protect systems, monitor uptime, measure usage to improve reliability.
  • Marketing (optional) – only with your explicit consent given to the relevant party (Restaurant and/or Tableo). You can withdraw consent at any time.

4. Who we share data with

  • Restaurants (controllers): to manage your reservation, contact you about changes, apply deposits or fees per policy, and handle service delivery on site.

  • Service providers (processors):

    • Payments: e.g., Stripe (card tokenisation, charges, refunds).

    • Messaging/SMS & email: gateways used to send confirmations and reminders.

    • CRM/helpdesk: tools used to handle support requests and ticketing.

    • Analytics & diagnostics: tools that help monitor performance, crash/error reporting, and usage patterns.

  • Booking channels: if you booked via Google/Meta or similar, those platforms may receive/update booking status pursuant to their own terms.

  • Authorities: where required by law or to protect rights, security or prevent fraud.

We do not sell your personal data.

5. GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service, which will be communicated in advance. We will also ask you to confirm your identity before we will accede to any request for access.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

You may exercise any of these rights in relation to your personal data by contacting us at [email protected] or by writing to: Tableo Ltd, Merlin House, Mountbatten Street, Hamrun, HMR1574 – MALTA. To protect your data, we may ask for information to verify your identity and your relationship to Tableo (e.g., account email, booking reference, restaurant name).

If you make a request, we have one month to respond to you. You also acknowledge and accept that in some cases, your refusal to provide your consent, or your revocation of any consent previously given, may mean that we are unable to provide you with the services you request.

Please note: Restaurants using Tableo are the data controllers for guest bookings. The Restaurant you booked with may hold a copy of your details in its own records/exports; therefore, you may wish to contact them directly with the same requests. Where appropriate, we will forward your request to the relevant Restaurant and coordinate a response.

6. Children’s Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Tableo’s services are only offered to persons who are of legal age, or who are acting with the consent or permission of a parent or guardian.

7. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, role‑based access, logging, and regular security reviews. No system is completely secure; please use caution when sharing information in free‑text fields.

8. Cookies & similar technologies

We use necessary cookies to run the booking widget. With your consent, we may use analytics and performance cookies to improve reliability and user experience, and channel‑specific cookies where required by integrated platforms. You can manage cookie preferences via the cookie banner or your browser settings.

9. Log Files

(a) Tableo follows a standard procedure of using log files. These files log visitors when they visit platforms. All hosting companies do this as a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is to analyse trends, manage the Sites, track users’ movement on the Platform, and gather demographic information.

(b) For users who sign in to an account on the Sites or submit forms via the Sites, we may associate certain log data (e.g., IP address, device/browser information, actions taken, and time stamps) with your account or submission. We do this only as necessary for security, fraud/abuse prevention, troubleshooting, support, and service quality assurance. This linkage is based on our legitimate interests in keeping the service reliable and secure and is not used for marketing.

10. Third Party Privacy Policies

Tableo’s Privacy Policy does not apply to other advertisers or platforms. Thus, we advise you to consult the respective Privacy Policies of these third-party advertising servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers’ respective platforms.

Contact us

Tableo Ltd
Merlin House, Mountbatten Street Hamrun HMR1574
Malta
For any queries contact: [email protected]