GDPR

GDPR Compliance Statement

Effective Date: June 30, 2026

GDPR Compliance Statement for Eaterware Restaurant Software

Eaterware Restaurant Software ("Eaterware", "we", "our", or "us"), developed and operated by Velarima Digital Agency Pvt. Ltd., is committed to protecting personal data and respecting the privacy rights of individuals.
This statement explains how we support compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) for customers located in the European Economic Area (EEA), the United Kingdom, and other applicable jurisdictions.

1. Our Commitment

We are committed to:
  • Processing personal data lawfully, fairly, and transparently.
  • Collecting only the information necessary to provide our Services.
  • Protecting personal data using appropriate technical and organizational security measures.
  • Respecting the privacy rights of individuals.
  • Continuously improving our security and privacy practices.

2. Our Role

Depending on how our Services are used:
Data Controller
Restaurants and businesses using Eaterware generally act as the Data Controller, as they determine the purposes and means of processing their customers' personal data.
Data Processor
Eaterware generally acts as a Data Processor, processing personal data solely on behalf of our customers and in accordance with their instructions.
For certain information related to account registration, billing, and support, Eaterware may act as an independent Data Controller.

3. Personal Data We Process

Depending on the Services used, we may process:
  • Restaurant and business information
  • User account details
  • Employee information
  • Customer contact details
  • Delivery addresses
  • Order history
  • Billing information
  • Payment references (excluding full payment card details)
  • Loyalty program information
  • Technical logs
  • Device information
  • Usage analytics

4. Lawful Basis for Processing

Where applicable, we process personal data under one or more of the following lawful bases:
  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate business interests.
  • Consent, where required.
  • Protection of vital interests.
  • Performance of tasks carried out in the public interest, where applicable.

5. Data Subject Rights

Individuals may have the following rights under GDPR:
  • Right of access
  • Right to rectification
  • Right to erasure ("Right to be Forgotten")
  • Right to restrict processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent
  • Right not to be subject solely to automated decision-making where applicable
Where Eaterware acts as a Data Processor, requests relating to customer data should generally be directed to the relevant restaurant or business using our Services.

6. Data Security

We implement appropriate technical and organizational measures, including:
  • Encryption of data in transit using SSL/TLS.
  • Password hashing and secure authentication.
  • Role-based access controls.
  • Secure cloud infrastructure.
  • Network and application security measures.
  • Regular software updates and security patches.
  • Data backups and disaster recovery procedures.
  • Monitoring for unauthorized access and suspicious activity.
While we strive to protect personal data, no system can guarantee absolute security.

7. Data Retention

We retain personal data only for as long as necessary to:
  • Provide our Services.
  • Meet contractual obligations.
  • Comply with legal and regulatory requirements.
  • Resolve disputes.
  • Enforce our agreements.
When retention is no longer necessary, personal data is securely deleted or anonymized where appropriate.

8. International Data Transfers

Personal data may be processed or stored outside the European Economic Area.
Where international transfers occur, we implement appropriate safeguards in accordance with GDPR, which may include:
  • Standard Contractual Clauses (SCCs).
  • Contractual obligations with service providers.
  • Appropriate technical and organizational security measures.

9. Third-Party Service Providers

We may use trusted third-party providers to support our Services, including:
  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • SMS providers
  • Analytics providers
  • Customer support platforms
  • Infrastructure and security providers
These providers are required to implement appropriate safeguards for personal data.

10. Data Processing Agreement (DPA)

Customers requiring GDPR compliance may request a Data Processing Agreement (DPA).
The DPA defines:
  • Processing instructions
  • Security obligations
  • Confidentiality requirements
  • Sub-processor obligations
  • International transfer safeguards
  • Data breach notification procedures
  • Data deletion and return obligations

11. Data Breach Notification

If we become aware of a personal data breach affecting customer data, we will:
  • Investigate the incident promptly.
  • Take appropriate steps to contain and mitigate the breach.
  • Notify affected customers without undue delay where required by law.
  • Cooperate with customers in fulfilling applicable legal obligations.

12. Cookies and Tracking

Our website and applications may use cookies and similar technologies for:
  • Authentication
  • Security
  • Performance monitoring
  • User preferences
  • Analytics
  • Service improvement
Where required by law, users will be provided with appropriate cookie choices.

13. Contact for Privacy Requests

For GDPR-related questions or requests, please contact:
Velarima Digital Agency Pvt. Ltd.
Eaterware Restaurant Software
We will respond to legitimate requests within the timeframes required by applicable law.

14. Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in legal requirements, our Services, or our data processing practices.
The latest version will always be available through our website.

15. Supervisory Authority

Individuals located in the European Economic Area or the United Kingdom may have the right to lodge a complaint with their local data protection supervisory authority if they believe their personal data has been processed in violation of applicable law.