Legal

Privacy Policy

This Privacy Policy explains how Buqq collects, uses, stores, shares, and protects personal data. Buqq is operated under the name Buqq ("we", "us", "our").

For privacy enquiries, contact us at info@buqq.online.

1. Scope of this policy

This Privacy Policy applies when you:

  • visit buqq.online;
  • make a restaurant reservation through Buqq;
  • create or manage a Vendor account;
  • use the Vendor dashboard;
  • receive booking confirmations, reminders, or notifications;
  • contact us;
  • interact with our platform, emails, or related services.

This policy applies to both Vendors and Customers.

2. Our role

For some personal data, Buqq acts as a data controller. This may include Vendor account data, billing metadata, platform analytics, security logs, support messages, and website data.

For Customer reservation data, Buqq may act as a controller, processor, or service provider depending on how the Vendor uses the platform.

Where needed, Buqq may provide Vendors with a separate Data Processing Agreement.

3. Personal data we collect

Reservation data

When a Customer makes a reservation, we may collect:

  • name;
  • email address;
  • phone number;
  • reservation date and time;
  • party size;
  • selected venue;
  • occasion type;
  • booking notes or special requests;
  • reservation status;
  • cancellation or update details;
  • approximate country derived from your IP address at the time of booking (used for internal analytics only).

Booking notes may include dietary requirements, allergies, or other health-related information. Where Customers voluntarily provide this information, it is used only to fulfil their reservation. By including such details in their booking, Customers consent to this use.

Vendor account data

When a Vendor creates or manages an account, we may collect:

  • business name;
  • legal company name;
  • contact name;
  • email address;
  • phone number;
  • billing address;
  • tax or registration details, where provided;
  • login credentials;
  • account role and permissions;
  • subscription plan;
  • billing status;
  • dashboard settings;
  • venue details, opening hours, availability, and booking rules.

Passwords are stored in hashed form. We do not store plain text passwords.

Payment and billing data

We may collect or receive:

  • subscription plan;
  • billing cycle;
  • payment status;
  • transaction references;
  • customer ID or subscription ID from our payment provider;
  • invoice or receipt metadata;
  • tax calculation metadata.

We do not store full card numbers. Card payments are handled by Polar, our payment provider.

Communications data

We may collect:

  • emails you send to us;
  • support requests;
  • replies to booking messages;
  • transactional email delivery records;
  • Telegram notification connection status where Vendors enable Telegram notifications;
  • records of messages sent by the platform.

Newsletter data

If you subscribe to the Buqq newsletter, we collect:

  • your email address;
  • approximate country derived from your IP address at the time of subscription.

Usage, analytics, and device data

Depending on your cookie choices, we may collect:

  • pages visited;
  • device type;
  • browser type;
  • approximate location such as country or city;
  • referral source;
  • interaction events;
  • session activity;
  • performance and error data.

Analytics tools only run where required consent has been given.

Security and technical data

We may collect:

  • IP address;
  • login activity;
  • authentication events;
  • security logs;
  • abuse prevention signals;
  • server logs;
  • error logs.

This data helps us protect the platform from abuse, fraud, spam, and unauthorised access.

4. How we collect personal data

We collect personal data when:

  • you enter it into a booking form;
  • a Vendor enters it into the platform;
  • you create or update an account;
  • you make a payment or subscribe to a plan;
  • you contact us;
  • you use the website or dashboard;
  • you subscribe to the newsletter via the Buqq blog;
  • cookies or similar technologies are used;
  • third-party providers send us service-related information.

5. Why we use personal data

We use personal data to:

  • create and manage restaurant reservations;
  • send booking confirmations, updates, and reminders;
  • notify Vendors of new or updated bookings;
  • provide Vendor dashboard access;
  • manage subscriptions, billing, invoices, and account status;
  • provide customer support;
  • improve platform functionality and user experience;
  • monitor performance and fix technical issues;
  • prevent fraud, spam, abuse, and unauthorised access;
  • send the Buqq newsletter where you have subscribed;
  • analyse the geographic distribution of bookings and newsletter subscribers for internal reporting;
  • comply with legal, tax, accounting, and regulatory obligations;
  • enforce our Terms of Service.

6. Lawful basis for processing

Where UK GDPR or similar data protection laws apply, we rely on one or more lawful bases.

Contract

We process personal data where needed to provide the platform, manage bookings, operate Vendor accounts, and deliver requested services.

Legitimate interests

We process personal data where needed for legitimate business interests, including platform security, service improvement, fraud prevention, technical monitoring, support, and transactional communications.

We record approximate booking country from your IP address at reservation time for internal analytics. This data does not identify you individually and is not used for marketing purposes.

Consent

We rely on consent for non-essential analytics cookies and similar technologies where required. You can withdraw cookie consent through the cookie settings tool where available.

We also rely on consent for newsletter subscriptions. You may withdraw consent at any time by using the unsubscribe link in any newsletter email.

Legal obligation

We process and retain some data where required for tax, accounting, legal, regulatory, or compliance reasons.

7. Sharing personal data

We do not sell personal data.

We may share personal data with trusted service providers who help us operate Buqq, including providers for hosting, database storage, payment processing, tax calculation, transactional email, analytics, security, error monitoring, and Telegram notifications where enabled by a Vendor.

Our current service providers include:

We may also share data where required by law, regulation, legal process, or to protect our rights, users, platform, or business.

8. Vendor access to Customer data

When a Customer makes a reservation with a Vendor, the Vendor may receive reservation details such as the Customer's name, contact details, booking time, party size, and notes.

Vendors are responsible for how they use Customer data outside Buqq, including staff access, exports, offline records, follow-up communications, and compliance with their own legal obligations.

Customers should contact the relevant Vendor directly about venue-specific use of their reservation data.

9. Cookies and similar technologies

Buqq may use cookies and similar technologies. For full details of the cookies we set, their purpose, and how to manage your preferences, see our Cookie Policy.

Essential cookies

Essential cookies are needed for login, security, session management, and core platform functionality. These cookies are necessary for the platform to work.

Analytics cookies

Analytics cookies help us understand how people use Buqq and improve the service. Analytics cookies are only used where consent has been given.

Managing cookies

You can manage non-essential cookie choices through the cookie banner or settings tool where available.

10. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, unless a longer period is required by law.

Our expected retention periods are:

  • reservation data: up to 2 years for booking records, customer service, reporting, and dispute handling;
  • Vendor account data: for the life of the account and up to 2 years after account closure;
  • billing and payment records: up to 7 years for tax, accounting, and legal compliance;
  • support messages: up to 2 years after the issue is resolved;
  • security logs: up to 90 days, unless needed for an ongoing investigation;
  • analytics data: according to the analytics provider's retention settings.

11. International transfers

Personal data may be processed in countries outside your country of residence, including the United Kingdom, the European Economic Area, the United States, and Singapore, where some of our service providers operate.

Where required, we use appropriate safeguards for international transfers, such as standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

12. Your rights

Depending on where you live and which laws apply, you may have rights over your personal data, including the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your data;
  • restrict certain processing;
  • object to processing based on legitimate interests;
  • receive certain data in a portable format;
  • withdraw consent where processing is based on consent;
  • complain to a data protection authority.

To exercise your rights, contact info@buqq.online. We aim to respond within one month. We may need to verify your identity before responding.

Some rights are not absolute and may depend on legal requirements, business records, security needs, or the role Buqq plays in processing the data.

13. Complaints

If you are unhappy with how we handle your personal data, please contact us first at info@buqq.online so we can try to resolve the issue.

If UK data protection law applies, you may also have the right to complain to the UK Information Commissioner's Office (ico.org.uk).

14. Security

We use reasonable technical and organisational measures to protect personal data.

These may include:

  • HTTPS encryption;
  • hashed passwords;
  • access controls;
  • role-based permissions;
  • secure infrastructure providers;
  • monitoring and logging;
  • backups;
  • abuse prevention tools.

No system is completely secure, and we cannot guarantee absolute security.

15. Children

Buqq is not intended for use by children.

Customers should only make reservations if they are legally able to do so or have permission from a parent or guardian where required.

We do not knowingly collect personal data from children for account creation or Vendor use.

16. Marketing communications

We may send transactional messages related to bookings, accounts, payments, security, or service updates.

We will only send marketing emails where we have a lawful basis to do so. You can unsubscribe from marketing emails using the unsubscribe link or by contacting us.

Transactional emails may still be sent where needed to provide the service.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be posted on this page with a new "Last updated" date.

Where changes are material, we may notify registered Vendors by email or dashboard notice.

18. Contact

For privacy questions or requests, contact us at info@buqq.online.