plattr

Privacy Policy

Last updated: December 1, 2025

This Privacy Policy ("Policy") describes what personal data the Platform collects and processes, how it is used, transferred, and protected, as well as what rights users have in accordance with EU Regulation 2016/679 (GDPR) and EU Regulation 2022/2065 (DSA).

By using the Platform, you confirm that you have read and agree to this Policy.

1. Data controller

The data controller is:

EATAGRAM GROUP LIMITED
Flat 15, Pot. Germasogeias, 14 Georgiou A, 4047 Germasogeia

Privacy contact (DPO): vlad@plattr.me
Support: help@plattr.me

Registration number HE 453678

The company determines the purposes and means of processing users' personal data.

2. Privacy contact (DPO)

Email: vlad@plattr.me

3. Scope of the Policy

The Policy applies to all visitors and users of the Platform, including:

  • regular users;
  • establishment owners;
  • establishment employees;
  • persons who create and manage content;
  • persons who interact with the Platform via a browser, mobile application, or API.

4. What data we collect

4.1. Data provided by the user independently

When registering and using the Platform:

  • First name, Last name
  • E-mail
  • Phone number
  • Year of birth
  • Password (stored in encrypted form)
  • Data of employees added by the establishment owner
  • Publications, photos, videos
  • Comments, reviews, likes
  • Information about the establishment (description, photos/videos, events)

4.2. Data collected automatically

  • IP address
  • Device identifiers
  • Language settings
  • Activity log (event logging)
  • Browser and OS data
  • Cookie and similar technology data (see section 10)

4.3. Data from public or external sources (if justified)

  • data provided by the establishment owner about their employees;
  • data about rights to the establishment (for verification);
  • data about violations (e.g., within the framework of DSA Notice & Action).

5. Grounds and purposes of data processing (GDPR Art. 6)

5.1. Performance of a contract (Art. 6(1)(b))

To provide the Platform's functionality:

  • creating and maintaining an account;
  • searching for establishments and events;
  • reserving tables;
  • publishing content;
  • subscribing to users and establishments;
  • managing establishment profiles.

5.2. Legitimate interests of the Platform (Art. 6(1)(f))

  • ensuring security and preventing fraud;
  • protecting the rights of the Platform and users;
  • improving service quality;
  • moderating content;
  • analyzing user behavior.

5.3. Compliance with legal obligations (Art. 6(1)(c))

  • DSA requirements (Notice & Action, transparency reports);
  • storage of data for law enforcement agencies;
  • accounting (if applicable).

5.4. User consent (Art. 6(1)(a))

  • marketing communications;
  • strictly necessary cookies;
  • processing of restaurant employee data provided by their employer (if consent is required under national law).

6. How we use data

We process data for the following purposes:

  • providing access to the Platform's functionality;
  • managing user and establishment accounts;
  • confirming reservations;
  • displaying recommendations and personalized content;
  • moderating content in accordance with the DSA;
  • protecting against violations and abuse;
  • communicating with users (notifications, messages, updates);
  • conducting analytics and improving the service.

7. Transfer of data to third parties

We may transfer data:

7.1. Sub-processors (GDPR Art. 28)

For example:

  • hosting providers;
  • cloud services;
  • analytics providers;
  • e-mail/SMS sending services.

All sub-processors sign a DPA and comply with the GDPR. For details, see our Data Processing Agreement (DPA).

7.2. Establishment owners

If a user interacts with an establishment (e.g., reserves a table), the relevant information is transferred to the establishment.

7.3. Partners and integrations

Only with consent or a legal basis.

7.4. Government authorities

Only if required by law.

8. Cross-border data transfer

Data may be transferred outside the EU only if there is a legal basis:

  • Standard Contractual Clauses (SCCs);
  • an adequate decision by the European Commission;
  • additional security measures.

EATAGRAM GROUP LIMITED is the controller of personal data collected from users, as that term is used in jurisdictions outside the EU.

9. Data retention periods

  • User profile — until the account is deleted.
  • Content (posts, comments) — while the account is active.
  • Event logs — 12–36 months.
  • Booking data — 18–36 months.
  • Data of establishment employees — while the establishment profile exists.

The user may request the deletion of data (see section 12).

10. Cookies and similar technologies

The platform uses:

  • mandatory cookies (for the service to function);
  • analytical cookies;
  • marketing cookies — only with the user's consent (cookie banner);
  • local browser storage.

Users can manage cookies through their browser settings or the consent banner.

11. Data moderation (DSA requirement)

The platform conducts moderation:

  • automatic;
  • manual;
  • reactive (based on complaints).

All moderation actions are documented.

The user has the right to appeal the decision (DSA Art. 17).

12. User rights (GDPR Art. 15–22)

The user has the right to:

  • Access data
  • Correction
  • Deletion ("right to be forgotten")
  • Restriction of processing
  • Data portability
  • Objection to processing
  • Withdrawal of consent
  • Complaint to the data protection supervisory authority

Requests can be sent to: vlad@plattr.me

Response time is up to 30 days.

13. Children and minors

The platform is not intended for persons under the age of 16.

Children may only register if the requirements of Art. 8 GDPR (parental consent) are met.

14. Data protection

We use technical and organizational measures, including:

  • data encryption;
  • pseudonymization;
  • access control;
  • logging of actions;
  • storage in certified data centers;
  • regular security audits.

15. Joint Controllers (Art. 26 GDPR)

In certain cases, the Platform and establishments jointly control data.

The procedure is regulated by a separate document — the Joint Controller Agreement (JCA).

16. Policy Changes

We may update the Policy as necessary.

Changes take effect after the new version is published on the Platform.

17. Contact

For privacy questions:

EATAGRAM GROUP LIMITED
Flat 15, Pot. Germasogeias, 14 Georgiou A, 4047 Germasogeia

Privacy contact (DPO): vlad@plattr.me
Support: help@plattr.me

Registration number HE 453678