Privacy Policy - Nine Tables

1. Introduction

Nine Systems AS ("we", "us", "our", or "Nine Tables"), organization number 936732046, located in Bergen, Norway, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Nine Tables restaurant reservation management platform and visit our website.

2. Data Controller

Nine Systems AS is the data controller responsible for your personal data. Our Data Protection Officer is Kjetil, who can be reached at [email protected] for any privacy-related inquiries.

3. Information We Collect

We collect different types of information depending on how you interact with our services:

Restaurant and User Account Data

When you register for Nine Tables, we collect information necessary to provide our services, including:

Business name and contact information
Restaurant address and location details
Opening hours and service configurations
Table layouts and seating capacity
Billing and subscription information

Guest Booking Data

When guests make reservations through your Nine Tables booking page, we process the following data on your behalf:

Name and contact details (phone number, email)
Reservation details (date, time, party size)
Dietary preferences and allergen information
Special requests and notes

For guest booking data, we act as a data processor on behalf of the restaurant (data controller). The restaurant determines how this data is used.

Website Visitor Tracking

When you visit our website, we may collect:

IP address and browser information
Pages visited and time spent
Referral source and search terms
Device type and operating system
Cookie and tracking identifiers

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract performance — processing necessary to fulfil reservations and provide our services
Legitimate interests — analytics, security, and service improvement
Consent — marketing communications and optional cookies

5. How We Use Your Information

We use the collected information for the following purposes:

Process and manage restaurant reservations
Send booking confirmations, reminders, and updates
Provide customer support and respond to enquiries
Generate analytics and business insights for restaurants
Improve our platform and develop new features
Prevent fraud and ensure platform security
Comply with legal obligations
Send marketing communications (with consent)

6. Third-Party Service Providers

We share data with carefully selected third-party service providers who assist us in operating our business. These categories include:

Restaurant partners — reservation and guest details necessary for service delivery
Cloud infrastructure providers (hosting and storage)
Payment processors for billing and transactions
Communication services (SMS and email delivery)
Analytics tools for platform improvement

A complete list of our current sub-processors is available upon request by contacting [email protected]. We require all third parties to respect the security of your data and to treat it in accordance with applicable law.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including the EU-US Data Privacy Framework for US-based providers and Standard Contractual Clauses (SCCs) approved by the European Commission for other jurisdictions.

8. Data Retention

We retain your data for as long as necessary to provide our services and fulfill the purposes described in this policy:

Active account data — retained while your account is active
Reservation records — retained for up to 3 years after the booking date
Financial records — retained as required by law (typically 5–7 years)
Marketing data — retained until consent is withdrawn

9. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

Access your personal data
Rectify inaccurate data
Erase your data (right to be forgotten)
Restrict processing of your data
Data portability
Object to processing
Withdraw consent at any time

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.

10. Cookies

We use cookies and similar tracking technologies to collect and store information about how you interact with our website. Cookie preferences are managed through our cookie consent manager. You can adjust your preferences at any time through the cookie settings link in our website footer.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, regular security assessments, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect. Your continued use of our services after any changes indicates your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer:

Kjetil, Data Protection Officer, Nine Systems AS, Bergen, Norway, Email: [email protected]

15. Supervisory Authority

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority.