1. Data controller
The data controller is Kilivi. Contact email: info@kilivi.cz. For data protection inquiries: kilivi.dev@gmail.com
Privacy Policy
This Privacy Policy describes how Kilivi (as data controller) collects, uses, and protects personal data in accordance with GDPR (EU) 2016/679.
Last updated: June 1, 2025
2. Personal data we process
We process: (a) business customer data: name, email, phone, business name, billing details (VAT number); (b) admin login credentials; (c) restaurant guest data: name, email, phone, reservation date, party size, special requests (which may include allergy and dietary needs as special category data under Art. 9 GDPR).
3. Purposes and legal basis
We process personal data for the following purposes: contract performance (Art. 6(1)(b) GDPR) — subscription management, billing, access to the Service; legitimate interest (Art. 6(1)(f) GDPR) — fraud prevention, security, traffic analytics; consent (Art. 6(1)(a) GDPR) — marketing communications, non-essential cookies.
4. Sub-processors
We use the following sub-processors: Stripe Inc. (payments and invoicing — USA, standard contractual clauses); SmsManager.cz (SMS reminders — Czech Republic); Google reCAPTCHA (form protection — USA, standard contractual clauses); Railway.app (hosting — USA, standard contractual clauses). An up-to-date list of sub-processors is available upon request.
5. Retention periods
Billing data is retained for 10 years (statutory obligation). Reservation data is retained for the duration of the subscription plus 12 months after termination. Login logs are retained for 90 days. Marketing consents until revoked.
6. Your rights
You have the right to: access your personal data; rectify inaccurate data; erasure ('right to be forgotten') under applicable conditions; restriction of processing; data portability; objection to processing; withdrawal of consent. Submit requests to kilivi.dev@gmail.com. We will respond within 30 days.
7. Cookies
Information about cookies is available in our separate Cookie Policy.
8. Cross-border transfers
Some sub-processors are based outside the EEA (USA). Transfers are safeguarded through standard contractual clauses under Art. 46 GDPR.
9. Contact and supervisory authority
Contact: gdpr@kilivi.cz. You have the right to lodge a complaint with the Office for Personal Data Protection (UOOU), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.