plattr

Data Processing Agreement (DPA)

Last updated: December 1, 2025

(Data Processing Agreement — GDPR Art. 28)

1. Parties

  • Platform — Data Controller;
  • Establishment/establishment owner — Data Controller or Data Processor (depending on function).

If a restaurant processes employee/guest data through the Platform, it is a separate Controller.

If the restaurant uses the Platform's tools on its terms, the restaurant may be a Processor.

2. Purpose of processing

The Platform processes the personal data of users and establishment employees for:

  • account registration;
  • profile management;
  • content moderation;
  • reservations;
  • communicating with users;
  • holding events;
  • analytics and service improvement.

3. Data categories

  • First name, Last name;
  • E-mail;
  • Phone number;
  • Year of birth;
  • Establishment employee data (if added by the owner);
  • photos, reviews, publications;
  • technical device data;
  • cookie data.

4. Responsibilities of the Platform as a Processor

The Platform undertakes to:

  • process data only on the documented instructions of the restaurant (if the restaurant acts as the Controller);
  • ensure protective measures in accordance with Art. 32 GDPR (encryption, access control, logging);
  • engage sub-processors only with written consent;
  • provide assistance in fulfilling data subjects' requests (Art. 15–22 GDPR);
  • notify the restaurant of data security breaches within 48 hours.

5. Restaurant's responsibilities

The restaurant undertakes to:

  • ensure the legality of the provision of employee data;
  • obtain consent where required;
  • update and correct data;
  • not transfer data to the Platform without legal grounds.

6. Sub-processors

The Platform may use contractors (hosting, analytics, CDN).

The list of sub-processors is publicly available and updated.

7. Cross-border data transfer

Transfer is only possible on the basis of:

  • Standard Contractual Clauses (SCCs);
  • adequacy decisions;
  • appropriate additional measures.

8. Data retention period

Data is stored:

  • until the account is deleted;
  • longer — if required by legal obligations.

9. Data deletion and return

After termination of the relationship, the Platform:

  • deletes all personal data; or
  • returns it to the restaurant upon written request.

For questions about data processing, please contact help@plattr.me.

See also: Privacy Policy | Joint Controller Agreement (JCA)

Data Processing Agreement (DPA) – Plattr