PRIVACY NOTICE

Last update: 14/12 2020

We, the company «Innopolium Private Company», with registered offices in Athens, Greece at 2, 28th Oktovriou Street, Chalandri (hereinafter “We” or “Innopolium”) are committed to respecting and protecting your privacy and we are obligated to inform you in a transparent way of the  processing  of  your  data  during  your  visit  to  and  use  of  our  website www.i-host.gr (“Website”) and mobile application “i-host”(“Application”) and of the respective services (the Website and Application referred to also jointly as “Services”).

We reserve the right to amend and update this privacy notice whenever necessary. If there are any changes to this privacy notice, we will upload the new document on the Website/Application, so you are informed. Therefore, we recommend that you carefully read this Privacy Notice and check our Services periodically.

  1. Our Services

We have developed and made available a digital platform allowing for reservations, clientele and table/seats management (the “Platform") addressing the needs of restaurants, hotel restaurants, entertainment venues and similar businesses, offering gastronomic and leisure services (each referred to as a “Venue”). More specifically, our Services are designed for and targeted towards fine dining restaurants, hotel restaurants, casual dining restaurants, all-day bar- restaurants, bistros, and all similar recreation businesses that accept and manage reservations. The Platform is used, instead of paper or calendar notes, by the business personnel of the Venues in charge of managing reservations or offering customer services, as per each Venue’s requirements and internal processes.

The Platform contains information about the Venue’s seats and reservation availability and features functions, allowing for securing, amending or cancelling of online reservations. It also contains any information about the Venue’s customers (“Venue Clients”) that may be required and recorded by the Venue so to help the Venue in managing its reservations and client base and offering personalised services to them. Reservations, associated with the Venue’s customers, can be submitted directly to any Venue using the Platform or via other, third party reservation services used by the Venue. In case of reservations that are submitted through third party services, information about the user that placed the reservation may be transferred to and stored in the Platform from that third party service used for the submission of the reservation. While a Venue Client may be able to complete a payment transaction with the assistance of the Platform or use one of the Platform’s functionalities to enter payment information, for instance, to hold a table or secure a reservation, the Platform does not contain information related to credit cards or such payments made with the assistance of the Platform. All payment transactions are processed by third party payment processors, such as Stripe or Paypal and information about any payment completed is subject to that processor’s policies, while the information is held by the respective third party processor or the Venue.

Please do not use our Services if you are younger than 18 years old.

In order to use our Services, a Venue (or an agent acting on behalf of a Venue in relation to its reservations) shall need to open an account to the Platform in the manner described therein (“Account”).

Important note: Our Services are targeted and provided to the Venues (or agents that have been assigned by Venues to handle their reservations) who act as Data Controllers in respect to the personal information they gather through the Platform for their clients. In this respect, we act as Data Processors on behalf of the Venues. Thus, the Platform allows only Venue’s personnel and/or agents to open and maintain an Account in the Platform. The same choice is not offered for Venue Clients. Except where we make an explicit reference herein, this Privacy Notice applies to the processing of personal data with respect to services and features provided through our Platform.

  1. What personal data are collected through the Platform

Personal Data means any information that identifies, directly or indirectly, a person (such as name, address, telephone number, e-mail address).

In the context of the Services, the following categories of personal data are collected and further processed through the Platform and for the reasons described respectively:

  1. Where you, being a Venue or Venue agent, wish to open an Account, we will collect and store the below personal information:

  1. Where you wish to contact us via e-mail for any matter or provide feedback on our Services:

  1. When a reservation on a Venue is made using the Platform either directly from a Venue Client, or from a third-party reservation service or platform (i.e. Google), personal data about the Venue Client, that the Venue requires, is stored in the Platform.

Such personal information may be the name, email, telephone, as well as, reservation details or food preferences, profile photograph in the respective third-party service media. By using the respective feature of the Platform, a Venue may insert with its own initiative also notes about each of its Venue Clients that the Venue may consider important in order to improve its relation and offering of services to the particular customers, such as any seat or dining preferences or times of visits at the Venue. Where a Venue uses the Services to store the purchase history of the Venue Client, then such information may be linked to the Platform by the Venue point of sale systems.

Such data are stored by the Venue through the Platform on the basis of our contractual obligation with that Venue and the provision of the Services.

A Venue Client may also provide special preferences or comments regarding his/her reservation, which will be transferred to the Venue by the Services.

2.4 Where a Venue Client makes a financial transaction with a Venue via the Platform (in order to secure a reservation), all information necessary to enable the completion of the transaction, including credit card information may be provided through the Platform. However, we do not receive or store payment information directly in our servers, but this information may be shared between Venues and third parties, as set forth herein.

  1. 2.5. When using other features and services through the Platform:

  1. 2.6. In case you wish to participate in a survey conducted via the Services upon your explicit consent or otherwise our legitimate interest to optimize our Services, additional profile information may be collected.

  1. How and why we process your data

We will process the personal information that you provide us with in the context of the Services and depending on the case, under the following lawful grounds and purposes:

In order to provide our Services to you and specifically in order to enable you to register as an Account holder. In this case, we act because of our contractual relationship by which you will be granted access to and use our offered Services and we will accommodate any related request you may have.

When a reservation is made, using the Services, the Venue Client’s name is provided to the requested Venue. Venue Client’ s email address and phone number are also provided to the Venue in case the Venue needs to contact him/her regarding his/her reservation. The Venue Client may also provide special preferences or comments regarding his/her reservation, which will be transferred to the Venue by the Services. If the Venue Client is interested in receiving promotional or other communications from the Venue, he may “opt-in” to receive such communications from the Venue, either via the Platform or directly, as applicable, and subject to such Venue’s marketing policies, as set forth below.

We share the above mentioned information only with the Venue at which the Venue Client has made reservation using the Service. Venues cannot use the Services to access information of the Venue Client, reservations or related information from other Venues, except of Venues with the same corporate ownership, that may choose to share such information between them. The reservation information provided to the Venue through the Services is used by the Venue in order to secure and manage reservations. If the Venue Client has given the permission to the Venue to communicate any promotional material with him/her, the Venue may do so, subject to the Venue’s policies and procedures, including those relating to the storage and management of personal data of its clients.

As Venues intend to provide Venue Client with the best possible service, they may use the Platform to record purchases via integration with POS or other systems addressing the needs of a restaurant and to take note of Venue Client special requests, allergies, special occasions or other information that will help the Venue provide Guests in a more personalized way better during their next visit. If a Venue chooses to note the Venue Client’s preferences, that information may be typed into the Platform manually, just as a Venue might write a note on an index card. This data belongs to and is solely used by the Venue, since it is a product of that Venue’s relationship with the Venue Client. In this respect, the Venue is solely responsible to ensure that it has lawfully obtained and is in possession of such information, as well as, that it has the legal right to type and have available this information in the Platform (e.g. on allergies of the Venue Client). We may aggregate such preference information and Venue Client notes into data that are not personally identifiable. We also create backup copies of all information stored on the Platform for each Venue, to assist in the restoration process in the event of data loss.

The associated Venues are separate business from Innopolium. While associated Venues are encouraged by us to comply with data protection requirements, we will not be responsible for a Venue’s failure to comply with laws applicable to the use of personal data. Any complaints or inquiries regarding use of Venue Client’s information by a Venue, or marketing communications from a Venue, should be addressed directly  to  the  Venue  in  question. In  no event will we be responsible for information, management, and use of data collected by Venues from their own websites and not stored on the Services.

On the same basis, we will use the respective personal information to verify the Venue Client’s identity using authentication mechanisms and share this with the associated Venues, so to manage the respective bookings at the associated Venues, to communicate Venue Client’s booking interactions (creating, cancelling, modifying) with the associated Venues.

In case you submit us a request and related information, we will use these in order to address such request as part of our existing agreement or on a pre-contractual basis (where you wish to cooperate with us), and in any other case in order to address the particular enquiry.

It is in our legitimate interests to process personal data of our customers for notifying them on our relevant news and events they may be interested in. We may use your email address or mobile phone number (linked to your Account) to send you, as an Account holder, promotional

notices, special offers, and other related information to us. Each Account holder may at any time unsubscribe from receiving such communication by selecting the relevant option.

Following your specific consent as a plain website visitor by clicking at the respective option on the website or as a social media follower by enabling the respective functionality, we can enlist you in our newsletter subscribers list, should you wish so. We will maintain your basic contact details (email address, social media profile) in order to send you information on our coming events and actions to which you are interested. You may withdraw such consent at any time by clicking “unsubscribe” at the bottom of each communication received or by disabling the relevant social media feature.

Following your specific consent and in accordance with your selection of choices while entering our website, we will process your personal data collected through cookies and similar technologies, in order to improve your experience on our website, to analyze website use and to pursue advertisement activities. You may withdraw such consent and find more detailed information on the use of cookies on our website, in our Cookie Policy

Moreover, we process personal data in order to ensure website and transactional security and proper operation, to back-up data and to safeguard business continuity. It is also in our legitimate interests to process your personal data to develop and optimize our services, including to operate certain features and functionality of the Services (for example, by remembering Venue Client’s personal data so that he/she will not have to re-enter it during the visit or subsequent visits), to process Venue Client’s inquiries and otherwise deliver customer service to send Venue Client’s email and SMS text confirmations and other communications, like reminders, for each of his/her reservations (Venues may also use the Platform to send such messages directly to Venue Clients), to process Venue Client’s payments, as mentioned above.

When a Venue Client makes a reservation to a Venue on the Platform via social media (e.g. Facebook or Twitter), such Venue Client shall have granted consent to Innopolium receiving information required to make the reservation from the respective social media page. The Platform may also enable the Venue Client to post content to a social media. If the Venue Client chooses to do this, Innopolium will provide information to the designated social media in accordance with Venue Client’s elections. The Venue Client agrees that is solely responsible for his/her use of a social media and that he/she is responsible to review the respective terms of use and privacy policy of such social media. We make no representation or warranty in respect to such policies. Any information that we collect from a social media account will depend on the privacy settings that the respective Venue Client has elected with that social media. We are not responsible or liable in any way for: (i) the availability or accuracy of such social media account; (ii) the content, products or services on or availability of such social media; or (iii) Venue Client’s use of any such social media.

  1. Who has access to your personal information and how is this secured

We will not disclose, transfer or otherwise distribute any of personal information that we process to any third party except as set forth in this Privacy Notice.

Any information processed by us in the context of the Services will be kept by our authorized personnel.

In the context of our Services, we will send automated service messages to Venue Clients via email and / or text related to upcoming or recent Venue reservations or other core functions of the Services, such as confirmations, reminders, and/or invitations to provide customer feedback. Venues will independently use the Platform to send Venue Client’s communications and, if opted in by a Venue Client, newsletters and related marketing material. We note that this Privacy Notice applies to the processing of information for any marketing communications sent from a Venue via the Platform. Venues are responsible to ensure the lawfulness of using the respective contact details of their Venue Clients with respect to any marketing communications with them. Communications sent by a Venue in any way without using the Platform are subject to the respective Venue’s policies and practices.

Moreover, in order to ensure optimum provision of services and operations and in accordance with the applicable legislation on the protection of personal data, we may disclose your personal data to third parties with whom we cooperate and transact, these being:

Notwithstanding anything to the contrary herein, we may be required to disclose personal information in response to inquiries under law enforcement, or in cases required under the applicable laws (mainly European General Data Protection Regulation 679/2016, Greek Law 4624/2019 and any other laws governing the use and disclosure of personal data) to the competent administrative, judicial or public authority or generally any legal or natural person to whom, by law or court decision, we may be obliged or have a right to disclose such data.

We may share some or all of your personal data in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess

the personal data collected by us and will assume the respective rights and obligations described in this Privacy Notice.

The safety of your information is of utmost importance to us. We make our best efforts to ensure that all of your personal data and Account information is secure. We store this information on secure servers and continually monitor and implement changes and improvements that become available in the electronic data security industry to maintain the security of personal data in our possession. We are continually reviewing and refining our procedures, processes, and data processing architecture to maintain security and exceed allrelated compliance requirements. We are reviewing all vendors who act as sub-processors for us, we work with independent consultants, legal counsel, and other technology firms to understand best practices, interpretation, and standards as they relate to the applicable personal data legislation. With respect to our customer i.e. Venues, we will support, to the extent possible, the data processing for the export, deletion, and retention of data, so that they can to respond to their own data subjects requests and other respective compliance obligations.

Nonetheless, we encourage you to review the Website Terms and Conditions referring to the matters over which we do not have control and cannot guarantee, such as, the way you enter and use the Website.

  1. How long will we keep your information?

We will keep the information that you provide us with only for the time necessary for us to achieve the above purposes or for as long as we are required by law. Such time may differ depending on the particular use e.g. your email that you gave in order to receive newsletters for us will be kept until you submit an opt out or consent withdrawal request, or certain Venue Client data inserted in the Platform on behalf of an Account holder will be held for as long as the contractual relationship with that Venue is in force and thereafter up to one year, provided that we are not required to keep it longer for any other purpose (e.g. in order to administer your Αccount, or pursue/defend a legal claim),.

  1. What rights do you have?

You are entitled to the following rights in relation to your personal data:

If you exercise any such right, we will undertake all necessary measures to address the request

within 1 month or up to 2 additional months if the perplexity of request or total number of requests received so requires. We will notify you in writing of the satisfaction of the request, or alternatively of the reasons that prevent us from satisfying such request. Please keep in mind that exercise of the above rights is subject to certain requirements and limitations set by law

e.g. we may not be able to address a request if we don’t receive identification details necessary to protect your data and confirm that it’s you who makes a request, or delete information that we may be obligated to keep in order to comply with an obligation or to pursue our legitimate interest.

  1. Contact


To exercise your above-mentioned rights regarding the processing of your data in the context of the Services, please send an e-mail to [email protected]

Lastly, in case you feel your personal data protection has been violated in any way, you are entitled to file a complaint with the Greek Data Protection Authority, by using the following contact details:

www.dpa.gr | 1-3 Kifissias Ave., Athens 115 23 | +30 210 6475600 | Fax: +30 210 6475628 | [email protected]