Privacy Policy

RezervaMasa is operated by "Elite Dev" SRL, fiscal code: 1023600033840, legal address: mun. Chișinău, or. Chișinău, str. Dacia bd., 50, ap. 41. Privacy contact: [email protected]. If the request relates to a specific booking, order, or venue, include the phone number, date, venue, and a short description so we can locate the record.

This policy applies to visitors of rezervamasa.md, guests, account holders, Telegram login users, people who create guest bookings without signing in, users who send feedback, users who place interactive-menu orders, and venue representatives using app.rezervamasa.md. It covers public RezervaMasa pages, venue pages, the interactive menu, photo menu, feedback forms, venue onboarding forms, widgets, APIs, and back-office tools.

Depending on the flow, we may process: - account data: name, phone number, email, language, profile photo or avatar, Telegram ID, Telegram username, phone verification status; - booking data: venue, venue address, date, time, table, room, party size, comment, status, confirmation, cancellation, no-show history, guest/authorized flag; - interactive menu and order data: selected items, quantity, amount, service mode, delivery/takeaway, delivery address, coordinates, courier or venue comments, cutlery, tips, payment method on receipt; - feedback and support data: ratings, comments, contact details, contact consent, complaints and issue reports; - technical data: IP address, user-agent, device, language, session ID, cookies, localStorage, UTM parameters, UI events, error and action logs; - security data: Turnstile token, honeypot fields, form completion time, fingerprint/session hash, rate-limit events, anti-spam signals and blocks.

Most data comes directly from you when you fill in forms, sign in, share your phone number, book a table, add items to cart, choose a delivery address, leave feedback, or contact support. Some data comes from venues when they process a booking, change a status, add internal notes, or communicate operationally through the admin panel. Technical and security data is generated automatically by the browser, server, anti-spam services, and integrations when needed for security, stability, and abuse prevention.

We use data to: - display venue pages, menus, hours, contacts, maps, and available actions; - create, verify, temporarily hold, confirm, modify, or cancel bookings; - support guest bookings without an account and distinguish them from authenticated bookings; - send the venue the information needed to serve the guest, confirm a booking, or fulfil an order; - send service notifications through the website, Telegram, SMS, email, web push, or internal hostess/admin channels; - process feedback, complaints, reports, and business inquiries; - protect the platform from spam, false bookings, mass table blocking, fraud, attacks, scraping, and unauthorized access; - keep records, audit actions, analyze service quality, diagnose errors, and improve the product.

We rely on legal bases available under Moldovan personal data law, including Law No. 133/2011, and other applicable rules. Depending on the operation, the basis may be performance of a requested service or pre-contractual steps, consent, legitimate interest in security and abuse prevention, legal obligations, or protection of rights in a dispute. Anti-fraud and abuse checks may be performed without separate consent when necessary to prevent, detect, or investigate fraud related to an information society service.

RezervaMasa allows bookings by authenticated users and by guests without an account. Guest bookings may be subject to additional checks, temporary holds, limits by IP, phone, device, venue, table, time, and other signals. A phone number is needed so the venue can confirm the booking, contact the guest, and reduce false requests. If the phone is not verified or appears risky, the booking may be marked unverified, sent to manual processing, limited, or cancelled.

The interactive menu may store favorites and cart data in the browser through localStorage. To place an order, we may process name, phone, email, cart contents, comments, service mode, payment method on receipt, cutlery, tips, delivery address, and coordinates. If you use "my location" or select an address, the browser may share coordinates. We may use Geoapify reverse geocoding and autocomplete only to fill the address and improve delivery checkout. Preparation and delivery times are estimates. Actual fulfilment depends on the venue, kitchen load, courier availability, distance, traffic, and other circumstances.

We use cookies, localStorage, sessionStorage, pixels, tags, and similar technologies for sessions, authentication, security, language, cookie preferences, favorites, cart, analytics, and measurement. Details are provided in the Cookies Policy. Disabling required technologies may prevent sign-in, booking, cart, consent confirmation, and abuse protection from working correctly.

We do not sell personal data. Data may be shared with the venue selected for a booking or order, venue staff in app.rezervamasa.md, technical providers for hosting, email, SMS, Telegram, push, analytics, anti-spam, maps and address suggestions, and legal, accounting, or public authority recipients when required by law or needed to protect rights. The venue is responsible for actual service, kitchen, delivery, prices, allergen information, order fulfilment, and communication with the guest after receiving data through the platform.

The platform may use Telegram, Cloudflare Turnstile, Google Tag Manager/Google Analytics, Meta Pixel, Yandex Metrica, Geoapify, Google Maps or external map links, email/SMS/push providers, hosting, and infrastructure services. When you open Telegram, Google Maps, social networks, payment services, or another external service, that provider may apply its own privacy rules.

Some infrastructure, analytics, maps, anti-spam, or communication providers may process data outside Moldova. We apply reasonable contractual, organizational, and technical measures based on the nature of the transfer. Where applicable law requires a separate basis or safeguard for cross-border transfer, we assess the transfer and limit it to what is necessary.

We keep data only as long as needed for accounts, bookings, orders, feedback, support, anti-fraud, audit, accounting, and protection of rights. Sessions, temporary tokens, Turnstile data, and some technical logs are usually retained for shorter periods. Booking history, orders, payment-on-receipt information, complaints, blocks, and legally relevant events may be retained longer.

We use technical and organizational measures to reduce the risk of unauthorized access, alteration, loss, disclosure, or abuse. These include access controls, logs, request limits, anti-spam checks, separated roles, HTTPS, and internal procedures. No online system is completely risk-free. If you suspect unauthorized use of your account, phone number, or booking, contact us as soon as possible.

Within applicable law, you may request access, correction, update, blocking, deletion, restriction, objection, withdrawal of consent, and information about recipients of your data. To protect accounts and third parties, we may request identity or phone ownership verification. Some data may be retained where necessary for law, security, anti-fraud, accounting, or dispute resolution. If you believe your rights are violated, you may contact the National Center for Personal Data Protection or another competent authority.

RezervaMasa is not intended for independent use by children. If a minor creates a booking or order, the legal representative or accompanying adult is responsible for data accuracy, payment, and the visit, unless applicable law provides otherwise.

We may update this policy when the product, law, integrations, providers, or business processes change. The current version is published on the website and applies from publication unless stated otherwise.