1. Introduction and Data Controller
This Privacy Policy describes how SC Gemicosis SRL, a company registered in Romania (the “Data Controller,” “we,” “us,” or “our”), collects, uses, and protects the personal data of users of our Website and the Waiter Call System Service (the “Service”).
We are committed to complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable Romanian data protection laws.
| Details | Information |
| Data Controller: | SC Gemicosis SRL |
| Registered Address: | Romania, GALATI, STR. FURNALISTILOR 4 |
| Contact Email: | office@waiter-call-systems.com |
2. Data Categories, Purposes, and Legal Basis
We process different categories of personal data based on your interaction with us:
A. Website Visitor Data (Browsing the Website)
| Data Category | Purpose of Processing | Legal Basis (GDPR) | Retention Period |
| Usage Data (IP address, browser type, visited pages, time of visit) | To measure website performance, diagnose technical issues, and improve user experience. | Legitimate Interest (Improving our services) and Consent (for non-essential cookies, see Cookie Policy). | [Insert period, e.g., 26 months] (For Analytics) |
| Communication Data (Name, email address from contact forms) | To respond to your inquiries and provide necessary information about the Service. | Legitimate Interest (Responding to direct requests). | As long as necessary to fulfill the request. |
B. Customer Account Data (Business/Staff)
This applies to individuals (e.g., owners, managers, staff) who register for and use the Service.
| Data Category | Purpose of Processing | Legal Basis (GDPR) | Retention Period |
| Account Data (Name, business name, address, contact numbers, email, payment details) | To manage the Service contract, process payments, and provide essential account support. | Contractual Necessity (To perform the Service agreement). | During the contractual term and for 10 years after termination (as required by Romanian fiscal/legal obligations). |
| Staff/Employee Data (Waiter names, device IDs, login credentials) | To enable staff access to the Service applications (iResWaiter, iResKitchen) and track system performance. | Contractual Necessity and Legitimate Interest (To provide the core function of the system). | During the contractual term. Deleted upon request/termination. |
C. Service Usage Data (Patrons/Guests)
When a patron/guest scans a QR code or uses NFC to call a waiter:
| Data Category | Purpose of Processing | Role (GDPR) | Legal Basis (GDPR) |
| Ephemeral Data (Device ID, approximate time of call, table number) | To facilitate the waiter call and process the request within the venue. | We are the Processor; the Customer is the Controller. | Contractual Necessity (For the Customer to provide service). |
Note on Patron Data: For data related to a patron’s interaction with the system (section 2.C), SC Gemicosis SRL acts as a Data Processor on behalf of the Customer (the restaurant/venue), who is the Data Controller. The Customer is solely responsible for ensuring they have the legal basis (e.g., legitimate interest, consent) to process this data and for providing appropriate notices to their patrons.
3. Data Disclosure and Recipients
We may share your data only when necessary and in compliance with GDPR:
Service Providers (Processors): We use third-party companies to provide services such as hosting, cloud storage, payment processing, and analytics. These providers are carefully selected and bound by Data Processing Agreements (DPAs) to process data only on our instruction and ensure adequate security.
Legal Requirements: We may disclose your data where legally required to do so by Romanian or EU law, or in response to valid requests by public authorities (e.g., courts or government agencies).
Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company.
International Data Transfers (Outside the EU/EEA)
If we transfer personal data outside the European Union (EU) or European Economic Area (EEA), we will ensure that an adequate level of protection is afforded to the data, typically by implementing Standard Contractual Clauses (SCCs) approved by the European Commission.
4. Security Measures
We implement appropriate technical and organizational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:
Encryption (e.g., SSL/TLS for data in transit).
Access Control (Limiting staff access to necessary systems).
Regular Security Audits and Penetration Testing.
5. Your Data Protection Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
The Right to Be Informed: To know how your data is being processed. (Addressed by this Policy).
The Right of Access: To request a copy of the data we hold about you.
The Right to Rectification: To request correction of inaccurate or incomplete data.
The Right to Erasure (“Right to Be Forgotten”): To request the deletion of your data when there is no compelling reason for us to continue processing it.
The Right to Restriction of Processing: To block or suppress the processing of your personal data.
The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
The Right to Object: To object to processing based on legitimate interest or for direct marketing purposes.
Rights in Relation to Automated Decision Making and Profiling: We do not use fully automated decision-making processes that significantly affect you.
To exercise any of these rights, please contact us using the details provided in Section 1. We will respond to your request within one month.
6. Right to Lodge a Complaint
If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority.
The supervisory authority in Romania is:
Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Address: B-dul G-ral. Gheorghe Magheru 28-30 Sector 1, cod poștal 010336, București, România
Website: https://www.dataprotection.ro/
7. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The revised policy will be indicated by an updated “Last Updated” date. We encourage you to review this policy periodically to stay informed about how we are protecting your information.