1. Introduction
At Eateio, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website at eateio.com and our reservation services (collectively, the "Service").
This policy is compliant with the General Data Protection Regulation (GDPR) and applicable Greek and EU data protection laws.
2. Who We Are
Eateio is operated by our company based in Thessaloniki, Greece. We are the data controller responsible for your personal data. For any data protection enquiries, contact us at [email protected].
3. Information We Collect
We collect the following categories of personal data:
- Account information: Name, email address, phone number, and password when you create an account.
- Reservation data: Booking details including date, time, party size, special requests, and the restaurant you booked.
- Usage data: IP address, browser type, device information, pages visited, and time spent on the platform.
- Communications: Messages you send to us or to restaurants through the platform.
- Review content: Text and ratings you submit as reviews.
- Payment-related data: Cover charge processing information (we do not store full payment card details).
- Restaurant partner data: Business name, address, contact details, opening hours, seating configuration, and banking details for payout purposes.
4. How We Use Your Information
We use your personal data for the following purposes and legal bases:
- Providing the Service (contract performance): Processing reservations, sending booking confirmations and reminders, managing your account.
- Improving the platform (legitimate interest): Analysing usage patterns, troubleshooting, and enhancing features.
- Marketing communications (consent): Sending newsletters or promotional offers where you have opted in. You may withdraw consent at any time.
- Legal compliance (legal obligation): Retaining financial records, responding to legal requests.
- Fraud prevention (legitimate interest): Detecting and preventing fraudulent activity.
5. Sharing Your Information
We share your personal data only in the following circumstances:
- With restaurants: When you make a reservation, we share your name, contact details, and booking information with the relevant restaurant to fulfil your booking.
- Service providers: We work with trusted third-party providers for email delivery, payment processing, analytics, and hosting. These providers process data on our behalf under strict data processing agreements.
- Legal requirements: Where required by law, regulation, court order, or to protect the rights and safety of Eateio, our users, or others.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.
We do not sell your personal data to third parties.
6. Cookies and Tracking
We use cookies and similar tracking technologies to enhance your experience. These include:
- Essential cookies: Required for the platform to function correctly (e.g. session management, CSRF protection).
- Analytics cookies: Used to understand how users interact with our platform (e.g. Cloudflare Analytics).
- Preference cookies: Remembering your language preference and other settings.
You can manage your cookie preferences through our cookie consent banner or your browser settings.
7. Data Retention
We retain your personal data for as long as necessary to provide the Service and comply with legal obligations:
- Account data is retained while your account is active and for 30 days after deletion.
- Booking records are retained for 7 years for accounting and legal compliance purposes.
- Invoice and payment data is retained as required by Greek and EU tax law.
- Review content may be retained even after account deletion in anonymised form.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your data (subject to legal retention requirements).
- Right to restriction: Request that we restrict processing of your data in certain circumstances.
- Right to data portability: Request your data in a structured, commonly used, machine-readable format.
- Right to object: Object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with your national data protection authority. In Greece, this is the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS), access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
10. International Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). Where we use service providers outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
11. Children's Privacy
Our Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page with an updated date. We encourage you to review this page periodically.
13. Contact Us
For any privacy-related questions, requests, or complaints, please contact us at:
- Email: [email protected]
- Address: Thessaloniki, Greece
Last updated: May 2026