Last updated on February 14, 2022

  1. Who are we ?

QEAT is a limited liability company with a capital of 500 euros, identified under the number 838 118 594 RCS Paris, whose registered office is located at 16 rue du Colisée in Paris (75008), represented by its Manager (" QEAT " or " We ").

  1. Purpose of the confidentiality charter

This document (the "Confidentiality Charter ") specifies the conditions and methods under which QEAT is required to process certain personal data relating to certain natural persons (the "Customers ") in connection with the QEAT or QEAL services (the "Services ") that it provides to restaurateurs (the "Restaurateurs " or "You "), as described in QEAT's Terms and Conditions of Sale (the "T&Cs ").

The Privacy Policy also describes what data relating to Restaurant Owners, customers of QEAT, is collected and processed.

This Privacy Policy has been drafted in consideration of the applicable legal and regulatory provisions, in particular the General Regulation of the European Parliament and of the Council relating to the protection of personal data n ° 2016/679 of April 27, 2016 (hereinafter the "GDPR ") and the Data Protection Act as amended to incorporate the provisions of said GDPR into French law.

This Privacy Policy supplements QEAT's general terms and conditions of use (the " GTC "), which form the basis of the contractual relationship between You and Us. You must accept both the terms of the T&Cs and those of the Privacy Policy when subscribing to the Services.

  1. What is the role of QEAT?

As part of the Services, QEAT is responsible for analyzing certain information that may consist of personal data relating to Customers, in order to carry out a segmentation.

The role of QEAT therefore aims to provide Services that improve the relationship between a Restaurant Owner and its Customers. This is to offer the Restaurant Owner the possibility of anticipating the specific expectations of said Customers, classified according to certain positive categories (see 5 below).

The data that You collect from your Customers and that You transmit to QEAT feeds our database and allows Us to implement the processing provided for within the framework of the Services.

Ultimately , the result of the processing implemented by QEAT is exclusively intended to qualify the database of a Restaurant Owner's Customers.

In addition, QEAT collects and processes certain personal data relating to Restaurant Owners, namely the name, first name, e-mail address, name of the restaurant, as well as the Restaurant Owner's bank details. These data are collected and processed exclusively for the purposes of proper performance of the contract concluded in relation to the Services and billing.

  1. How does QEAT collect personal data from Customers?

The provision of the Services necessarily implies the establishment of a transmission of information between the Restaurant Owners and QEAT. Without this information, QEAT cannot fulfill the role assigned to it under the T&Cs.

This transmission can be done manually or automatically by the Restaurant Owner, who sends us a file containing the information QEAT needs to provide the Services (see 4 below). The Restaurant Owner may also ask a third party, a service provider responsible for managing the restaurant's reservations, to send this file to QEAT.

QEAT itself does not collect any information relating to Customers: only the Restaurant Owners are, strictly speaking, responsible for said collection and transmission of information to QEAT for the purposes of their analysis.

  1. What personal data does QEAT process?

In accordance with the terms of the T&Cs, for the strict needs of the provision of the Services, You transmit to QEAT certain personal data which relate to your Customers and which then allow QEAT to carry out its missions.

These data are limited, since they are:

  • for the QEAT Service: the telephone number and name used by a Guest to make the reservation in your restaurant, the date of the reservation and the name of your restaurant. No other personal data relating to Customers should be provided to QEAT;
  • for the QEAL Service: the telephone number and name used by a Guest to place their order for delivery, the amount of the order, the date of delivery and the name of your restaurant.

No other personal data relating to Customers should be provided to QEAT, which does not need it and does not wish to know about it .

In particular, QEAT does not know the email address of Customers. QEAT also does not know any other Customer information that may be in your customer database.

QEAT therefore implements the principle of data minimization laid down by the GDPR, since only personal data that is strictly necessary for the provision of the Services (whether it is QEAT or QEAL) is transmitted to and then processed by QEAT.

  1. What use is made of the personal data collected?

The personal data of Customers are processed by QEAT in order to draw up a categorical portrait of them. In view of the data transmitted to us by all the Restaurateurs, QEAT is thus able to create a profile of each Guest according to various categories.


The processing of Customers' personal data does not and will never result in automated decision-making on the part of QEAT. In addition, QEAT will never contact any Guest, either on your behalf or on our behalf, for commercial prospecting or other purposes.

The personal data of Restaurant Owners is exclusively collected and processed by QEAT for the purposes of administrative and accounting management of contracts concluded in relation to the Services.

  1. On what legal basis is personal data processed by QEAT?

QEAT does not collect or process any unlawful personal data.

The personal data that We process in relation to Customers are exclusively those that You have transmitted to us and this on the sole and exclusive basis of the contract concluded between Us and You, namely the GCS, in order to provide You with the Services, and this in application of your legitimate interest in having information relating to your Customers (article 6.1.f GDPR).

The personal data that We process in relation to Restaurant Owners is processed on the basis of the contract concluded between Us and You in accordance with article 6.1. b GDPR.

  1. To whom is the data processed by QEAT communicated?

The personal data relating to Customers that We process, in accordance with the T&Cs and this Privacy Policy, are intended for Us and Us alone, for the sole purpose of providing the Services You have ordered from Us.

Data processing is carried out in a fully automated manner: no human intervention is necessary on QEAT's side.

This data is not transmitted to any third party whatsoever, in particular no commercial partner of QEAT, with the exception of certain technical service providers duly selected by QEAT, who are responsible for hosting our database as well as providing maintenance of this database, as well as to the service provider responsible for sending campaigns by SMS and to the service provider responsible for producing statistics. In all cases, QEAT has entered into a written contract with each of these service providers containing strict confidentiality and security obligations, at least equivalent to those provided for in this Privacy Policy.

In any case, no third party whatsoever has the right to access the data for the purpose of contacting the Customers or carrying out any unauthorized processing on the data concerning them.

  1. How long are personal data kept?

It is important to remember that the data processed by QEAT is not directly identifiable by us, since QEAT never knows the Customers.

This data is kept by QEAT for a firm period of 12 (twelve) rolling months from the last known reservation in a QEAT partner restaurant. At the end of this period and without updating, the data will be permanently erased from our database.

Certain data will only reappear in our database if the Guest concerned makes a new reservation at one of QEAT's partner restaurants. In this case, however, the reservation history will have been lost, which the Restaurant Owner acknowledges and accepts.

  1. QEAT respects the choice of data subjects .

QEAT respects the rights that are granted to natural persons – and, therefore, to Customers – under the GDPR and the Data Protection Act.

In particular, according to these texts, interpreted in the light of the recommendations of the Article 29 Group, all data subjects must be informed of the existence of processing of their personal data resulting in profiling, i.e. say to the evaluation of certain personal aspects of the Clients.


In accordance with the stipulations of the T&Cs, QEAT cannot be held liable in this respect, the Restaurant Owner being personally responsible for informing Customers.

In addition, the GDPR and the Data Protection Act provide for reinforced rights in terms of profiling. As this is profiling for the sole purpose of analysis or evaluation without the purpose of prospecting or even decision-making (automated or not), Customers have a right to erasure and a right of opposition.

Thus, You must give your Customers the possibility of requesting the deletion of personal data concerning them, as well as that of opposing the processing of their personal data for profiling purposes. In this respect, the Restaurant Owner is required to inform QEAT in the event of a Guest's opposition to receiving commercial prospecting SMS ("opt-out").

In all cases, QEAT will implement requests to exercise Customers' rights from the moment it becomes aware of them. After verifying the identity of the person making a request, You must therefore send said request (accompanied by proof of identity) to QEAT by means of an electronic message sent to the address . QEAT will implement the necessary measures as soon as possible.

You are aware that in the event of exercise of the right of erasure or the right of opposition, QEAT will no longer be able to provide the Services in relation to the Guest concerned, for which QEAT cannot be held responsible.

With regard to personal data relating to Restaurant Owners , they may be subject to the same decisions as above (in particular the right of opposition). In the event of opposition, the Services can no longer be provided by QEAT and the T&Cs will be automatically terminated.

  1. How are the personal data of data subjects protected?

QEAT undertakes to implement and maintain, at its expense, appropriate technical and organizational measures for the processing and security of the personal data of Customers and Restaurant Owners with regard to the nature of the data processed and the risks incurred.

The measures put in place are thus adapted to the particular risks presented by its processing activities, in order to protect the personal data of Customers against destruction, loss, modification, unauthorized disclosure or access, accidentally or unlawfully. .

Thus, with regard to the technical measures put in place by QEAT:

  • all personal data is stored on servers located in France, at OVH;
  • a logging and tracking system allows us to detect any suspicious activity in real time; all access attempts are recorded and saved in the logs;
  • we carry out security tests on a regular basis to ensure that the system is not vulnerable to this type of attack.

With regard to organizational measures:

  • only the managers of QEAT may possibly have access to the personal data of the persons concerned, under the conditions provided for in this Confidentiality Charter;
  • the servers used are controlled by security groups.

QEAT also undertakes to keep, update and keep complete and accurate records concerning the processing of personal data implemented within the framework of the Services. These records detail its processing activities.

  1. Are international data transfers implemented?

No. Customers' personal data is stored on servers located in France.

  1. Notification of Personal Data Breaches

In the event of a breach of personal data, whatever it may be, QEAT shall, without delay and no later than 24 (twenty-four) hours after becoming aware of such breach, inform the Restaurant Owners and provide them with sufficient details of the nature of the said breach in order to enable them to comply with their obligations under the applicable texts.

  1. Update of the Privacy Policy

This Privacy Policy may be amended from time to time. Any changes will be implemented after notifying You. In this case, the date of "Last update" mentioned above will be modified. The new version of the Charter will come into force from this date.

* * *