Privacy Policy

1. Who we are

ReserveNI is operated by JAR 26 LTD, a company registered in Northern Ireland under company number NI740269.

We trade as ReserveNI.

Our registered office is 100a Main Street, Bangor, Northern Ireland, BT20 4AG.

Our trading address is 5 Church Road, Holywood, Northern Ireland, BT18 9BU.

You can contact us by email: hello@reserveni.com.

Our ICO registration number is ZC137345.

For privacy or data protection requests, please email hello@reserveni.com and clearly mark your message as a privacy request. If we publish a dedicated privacy email address, you may also use that address.

2. Scope of this policy

This policy applies to personal data we process in connection with:

• visits to our public website;
• enquiries, contact forms and demo requests;
• sales, onboarding and customer communications;
• ReserveNI business customer accounts;
• support requests;
• platform administration, security and billing;
• guest or client bookings made through ReserveNI-powered booking pages, where applicable.

Business customers who use the ReserveNI platform may receive additional contractual data-protection terms during onboarding, including a data processing addendum. Those terms govern our processing of venue-controlled guest/client data in more detail.

3. When we are controller and when we are processor

For personal data collected through our website, sales enquiries, customer accounts, billing, support, security, legal compliance, business administration and our own marketing, JAR 26 LTD trading as ReserveNI is usually the controller.

For personal data about guests, clients or end users that venues or business customers enter into or collect through the ReserveNI platform, the venue or business customer is usually the controller and ReserveNI acts as processor on that venue's behalf.

Venue customers are responsible for ensuring they have an appropriate lawful basis, privacy notice and any required consents for the personal data they collect and use through ReserveNI.

If you are a guest or client of a venue and your request relates to a booking, service, cancellation, refund, marketing message or client record controlled by that venue, you may need to contact the venue directly. We may assist the venue in responding where required by data-protection law or our customer terms.

4. Personal data we collect

Depending on how you use ReserveNI, we may collect and process the following types of personal data:

Website visitors and enquirers

• name;
• business name;
• job title or role;
• email address;
• phone number;
• enquiry details;
• marketing preferences;
• website usage information;
• IP address, browser information, device information and technical logs.

Business customers and platform users

• account holder name;
• business name and trading details;
• business address;
• email address;
• phone number;
• staff user names and roles;
• login and authentication information;
• subscription plan and billing information;
• payment-provider references;
• platform settings;
• booking-page configuration;
• support messages;
• audit logs, security logs and usage records.

Guests or clients using ReserveNI-powered booking pages

Depending on the venue's configuration, booking pages may collect:

• name;
• email address;
• phone number;
• booking date and time;
• service selected;
• venue selected;
• staff or resource selected;
• booking notes or special requests;
• cancellation or rescheduling information;
• deposit/payment references;
• reminder and communication records.

Sensitive or special-category data

Some venues may ask for information such as accessibility needs, dietary requirements, health-related information, injury information, disability-related information or other sensitive details where relevant to a booking or service.

Venues should not collect health, disability, accessibility, dietary or other sensitive information through ReserveNI unless it is necessary for the booking or service and they have a lawful basis for doing so. Where a venue collects this information, the venue is responsible for explaining this to the individual and complying with applicable data-protection law.

ReserveNI does not require venues to collect special-category data unless a specific platform feature or venue configuration makes that necessary.

5. How we collect personal data

We may collect personal data:

• directly from you when you use the website, submit a form, contact us, sign up or use the platform;
• from business customers who configure the platform or upload/import information;
• from guests or clients who make bookings through ReserveNI-powered booking pages;
• from payment providers, where payments or deposits are processed;
• automatically through website, platform, security and server logs;
• from third-party service providers used to operate, secure, support and improve ReserveNI.

6. How we use personal data

We use personal data for the following purposes:

• to operate and secure our website;
• to respond to enquiries and demo requests;
• to provide information about ReserveNI;
• to create and manage business customer accounts;
• to provide, maintain and improve the ReserveNI platform;
• to support booking pages and booking workflows configured by venues;
• to send transactional emails, confirmations, reminders, notices and service messages;
• to process subscriptions, billing records and payment-provider references;
• to provide customer support;
• to monitor usage, diagnose issues and improve performance;
• to prevent fraud, misuse, spam, unauthorised access and security incidents;
• to comply with legal, tax, accounting and regulatory obligations;
• to establish, exercise or defend legal claims;
• to send marketing communications where permitted by law.

7. Lawful bases

Where ReserveNI acts as controller, we rely on one or more of the following lawful bases:

• Contract: where processing is necessary to provide website functions, respond to service requests, manage customer accounts, provide the platform or administer subscriptions.
• Legitimate interests: where processing is necessary for running and improving our business, responding to enquiries, securing the website and platform, preventing misuse, supporting customers, keeping records and communicating with business contacts, provided those interests are not overridden by individual rights.
• Consent: where consent is required, for example for certain marketing communications or non-essential cookies/analytics.
• Legal obligation: where processing is necessary for tax, accounting, company, regulatory, data-protection or other legal obligations.
• Legal claims: where processing is necessary to establish, exercise or defend legal claims.

Where ReserveNI acts as processor for venue-controlled guest/client data, we process that data on the instructions of the relevant venue customer, subject to our customer terms and data processing terms.

8. Guest bookings and venue-controlled data

Where you make a booking with a venue through a ReserveNI-powered booking page, the venue is usually responsible for deciding why and how your booking data is used.

ReserveNI provides the software and technical infrastructure that allows the venue to manage bookings, reminders, customer records, deposits and related communications.

The venue is responsible for its own services, booking rules, cancellation policies, refunds, customer communications, marketing permissions and privacy information.

If your request relates to a booking, refund, cancellation, no-show, venue service, venue marketing message or venue-held client record, you should usually contact the venue first.

9. Payments and deposits

Where payments, deposits or subscription payments are made in connection with ReserveNI, they are processed by third-party payment providers such as Stripe.

ReserveNI does not hold booking money. Booking deposits and venue payments are processed and managed through the venue and/or the relevant payment provider.

We may receive payment-related information such as payment status, payment references, customer identifiers, subscription references, connected-account identifiers, transaction metadata, invoices, billing status and fraud/security signals. We do not receive full card numbers from payment providers.

Payment providers process personal data in accordance with their own terms and privacy policies.

10. Emails, SMS and service messages

ReserveNI and venues using ReserveNI may send transactional or service messages, such as booking confirmations, reminders, cancellation notices, deposit requests, account emails, security messages and support communications.

These messages are generally necessary to provide the website, platform, booking or customer service requested.

Marketing emails, promotional SMS messages, newsletters, offers, rebooking campaigns or similar marketing communications will only be sent where permitted by law. You can opt out of ReserveNI marketing communications at any time by using the unsubscribe option where provided or by contacting us.

Venues are responsible for ensuring they have the correct permissions to send their own marketing communications through or in connection with ReserveNI.

11. Cookies and similar technologies

We use cookies and similar technologies where necessary to operate, secure and improve our website and platform.

If we use only strictly necessary cookies, we will not use those cookies for advertising or non-essential tracking.

If we introduce analytics, advertising, tracking pixels, heatmaps or other non-essential cookies or similar technologies, we will update this policy and, where required, ask for consent before those technologies are used.

You can usually control cookies through your browser settings. Blocking some cookies may affect how the website or platform works.

12. Who we share personal data with

We may share personal data with trusted third-party providers who help us operate, secure and support ReserveNI. These may include:

• hosting and infrastructure providers;
• database and authentication providers;
• payment providers such as Stripe;
• email and SMS providers;
• customer support and CRM tools;
• analytics providers, where enabled;
• professional advisers, such as accountants, lawyers and insurers;
• regulators, public authorities, courts or law enforcement where required by law.

Examples of providers we may use include Stripe for payments, Supabase for database/authentication, Vercel for hosting, and email/SMS providers for transactional communications. This list should be kept accurate and updated to reflect the providers actually used.

We do not sell personal data to advertisers.

13. International transfers

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we will take steps designed to ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement/Addendum or other lawful transfer mechanisms where required.

Venue-controlled guest/client data may also be subject to the venue's own privacy information and data-processing arrangements.

14. How long we keep personal data

We keep personal data only for as long as needed for the purposes described in this policy, including to provide services, comply with legal obligations, resolve disputes, maintain security and enforce agreements.

As a guide:

• website enquiry and demo request data is usually kept for up to 24 months after the last meaningful contact;
• marketing-contact records are kept until you unsubscribe or object, plus a suppression record so we do not contact you again by mistake;
• customer account and subscription records are kept for the duration of the customer relationship and then for a period needed for legal, accounting, tax and dispute purposes;
• billing, invoice and accounting records are usually kept for up to 6 years;
• support records are usually kept for up to 3 years after the matter is closed;
• technical, audit and security logs are usually kept for a shorter period unless needed to investigate misuse, fraud, security incidents or legal issues;
• guest booking and client data controlled by venues is retained in accordance with the relevant venue's settings, instructions and our customer terms;
• backups may retain limited data for a temporary period before being overwritten or deleted in the ordinary backup cycle.

We may retain limited information for longer where necessary to comply with law, maintain suppression lists, resolve disputes, prevent fraud, enforce terms or establish, exercise or defend legal claims.

15. Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include access controls, authentication, encryption in transit, logging, monitoring, backups, staff access controls, vendor due diligence and internal procedures.

No website, platform or transmission method is completely secure. Business customers are responsible for keeping their own accounts, passwords, devices, staff permissions and venue configurations secure.

16. Your rights

Depending on the circumstances and applicable law, you may have rights to:

• access your personal data;
• correct inaccurate personal data;
• request deletion of your personal data;
• restrict processing;
• object to processing;
• request data portability;
• withdraw consent where processing is based on consent;
• complain to the Information Commissioner's Office.

To exercise your rights, email hello@reserveni.com and clearly mark your message as a privacy request.

If your request relates to venue-controlled guest/client data, we may need to refer you to the relevant venue or consult the venue before responding.

We may need to verify your identity before acting on a request.

17. Children and minors

ReserveNI is not intended for children to create business accounts or manage venue services.

Some venues may use ReserveNI to manage bookings made by adults on behalf of children or young people. In those cases, the venue is responsible for ensuring it has appropriate privacy information, permissions and safeguards for the booking and service provided.

18. Automated decision-making

We do not currently use personal data collected through the public website to make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.

If this changes, we will update this policy and provide any information required by law.

19. Complaints

If you have concerns about how we handle personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator. Further information is available at www.ico.org.uk.

20. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with the updated date shown above.