Terms & Conditions
Last updated: 26 March 2026
Section A — General Terms
A1. Introduction
These Terms & Conditions (“Terms” or “Agreement”) govern your use of the website miesreservations.com and the reservation management service provided by Mies Reservations (“Mies”, “we”, “us”, or “our”). By creating an account or using our service you agree to be bound by these Terms. If you do not agree, please do not use our service.
A2. Definitions
“Service” means the Mies restaurant reservation management platform, including all features, tools, and content accessible through our website and applications. “Customer” or “you” refers to any individual or entity that registers for an account or otherwise uses the Service. “Subscription” refers to the plan you choose to access the Service. “User” refers to any individual authorised by the Customer to use the Service under the Customer’s account.
A3. License Grant
Subject to these Terms, Mies grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service for the duration of your Subscription. All intellectual property rights in the Service remain exclusively with Mies Reservations or its licensors. We may add to, change, or discontinue any component of the Service at any time.
A4. License Restrictions
You shall not:
- Reverse engineer, decompile, or disassemble the Service or any part thereof
- Sublicense, resell, rent, lease, or redistribute access to the Service
- Use the Service for competitive analysis, benchmarking, or to build a competing product
- Remove, alter, or obscure any proprietary notices in the Service
- Use the Service for any unlawful purpose or in violation of applicable regulations
- Interfere with or disrupt the integrity or performance of the Service
- Upload or transmit viruses, malware, or any other harmful code
A5. Account Registration
To use the Service you must create an account by providing accurate and complete information, including your name, email address, phone number, and restaurant name. You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account. You bear full responsibility for account security and all actions taken under your credentials. You must notify us immediately at info@miesreservations.com if you suspect any unauthorised use of your account.
A6. Subscriptions & Payments
Access to the Service is available through free and paid Subscription plans. Prices are displayed on our website and may be updated from time to time. We will notify you of any price changes at least ten (10) days before your next billing cycle. Payments are processed securely by Stripe, Inc. By subscribing you authorise us to charge the payment method on file on a recurring basis until you cancel. All fees are non-refundable and exclusive of applicable taxes unless stated otherwise. The Subscription automatically renews for the same duration unless cancelled before the end of the current period.
A7. Free Trial
We may offer a free trial period at our discretion. At the end of the trial your Subscription will automatically convert to a paid plan unless you cancel before the trial expires. We will remind you before the trial ends.
A8. Cancellation & Refunds
You may cancel your Subscription at any time from your account settings. Cancellation takes effect at the end of the current billing period and you will retain access until then. We do not provide refunds for partial billing periods. If you believe you have been charged in error, please contact us within 14 days of the charge.
A9. Intellectual Property
All content, trademarks, logos, and intellectual property displayed on the Service are owned by or licensed to Mies Reservations. You may not copy, reproduce, distribute, or create derivative works from any part of the Service without our prior written consent. You retain ownership of the data you upload to the Service.
A10. Feedback
Any suggestions, ideas, or feedback you provide about the Service become the exclusive property of Mies Reservations. You assign all rights, title, and interest in such feedback to us without any obligation of compensation or attribution. We may use feedback for any purpose, including to improve the Service.
A11. Customer Data & Privacy
Your use of the Service is also governed by our Privacy Policy and Data Processing Agreement (Section B), which explain how we collect, use, and protect personal data. You are responsible for ensuring that the data you enter into the Service (including guest information) complies with applicable data protection laws, and that you have obtained any necessary consent from data subjects.
We may use aggregate, de-identified data derived from your use of the Service for analytics, benchmarking, and improving our products. Such data will not identify you or your customers.
A12. Third-Party Services
The Service may integrate with or link to third-party services (e.g. payment processors, email providers). Mies is not responsible for the availability, accuracy, or data practices of third-party services. We are not liable for any damage or loss caused or alleged to be caused by your use of third-party integrations.
A13. Service Availability
We strive to keep the Service available at all times but do not guarantee uninterrupted access. We may perform scheduled or unscheduled maintenance that causes temporary degradation or outages. We will make reasonable efforts to minimise disruption and notify you of planned downtime in advance.
A14. Termination & Suspension
Either party may terminate this Agreement by providing thirty (30) days’ written notice following a material breach by the other party, provided the breach remains uncured during that period. Mies may suspend your access immediately and without notice if: (a) there is a security risk to the Service or its users; (b) you fail to pay fees when due; (c) you violate the license restrictions; (d) you engage in abusive or unlawful conduct; or (e) you breach these Terms.
Upon termination, any unpaid fees become immediately due. Mies may delete your data thirty (30) days after termination unless you request an export before that time.
A15. Confidentiality
Both parties agree to keep confidential any proprietary or non-public information received from the other party. This obligation does not apply to information that is publicly known, independently developed, or lawfully obtained from a third party without restriction.
A16. Indemnification
You agree to indemnify and hold harmless Mies Reservations from any claims, damages, or losses arising from your breach of these Terms, your use of the Service, or your violation of applicable laws. Mies will indemnify you against third-party claims alleging that the Service infringes their intellectual property rights, provided you notify us promptly and grant us control of the defence.
A17. Limitation of Liability
To the maximum extent permitted by law, Mies Reservations ’s aggregate liability under this Agreement shall be limited to the fees paid by you during the three-month period immediately preceding the claim. Neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or business opportunities.
A18. Disclaimer of Warranties
The Service is provided “as is” and “as available” without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Mies disclaims all conditions, representations, and warranties not expressly set out in these Terms.
A19. Assignment
You may not assign or transfer your rights or obligations under these Terms without our prior written consent. Mies may freely assign this Agreement and may use subcontractors to perform its obligations.
A20. Modifications to the Terms
We reserve the right to modify these Terms at any time. When we make material changes we will update the “Last updated” date at the top of this page and notify you at least ten (10) days in advance via email or through the Service. Continued use of the Service after changes are posted constitutes acceptance of the updated Terms.
A21. Governing Law
These Terms are governed by and construed in accordance with the laws of the Netherlands. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the courts of Amsterdam, the Netherlands.
A22. Entire Agreement
These Terms, together with the Privacy Policy and Section B (Data Processing Agreement) below, constitute the entire agreement between you and Mies Reservations with respect to the Service and supersede all prior agreements and understandings.
A23. Contact
If you have any questions about these Terms, please contact us at info@miesreservations.com.
Section B — Data Processing Agreement
Forming an integral part of the Terms & Conditions above.
B1. About This DPA
This Data Processing Agreement (“DPA”) forms an integral part of the Terms & Conditions (the “Agreement”) between Mies Reservations (“Processor”, “Mies”) and the restaurant owner or entity that has registered for an account (“Controller”, “Customer”). In the event of a conflict between this DPA and Section A, the terms of this DPA shall prevail with respect to data protection matters.
B2. Roles & Responsibilities
The Controller determines the purposes and means of processing personal data of restaurant customers and other individuals whose data is entered into the Service (“Data Subjects”). The Processor processes personal data solely on behalf of the Controller and in accordance with the Controller’s documented instructions.
The Controller warrants that it has a valid legal basis (e.g. legitimate interest or consent) for all personal data entered into the Service, and that it has informed Data Subjects of the processing in accordance with GDPR Articles 13 and 14.
B3. Description of Processing
The Processor processes the following categories of personal data entered by the Controller through the Mies reservation management service:
| Data Category | Examples |
|---|---|
| Identity data | Customer name, title/salutation |
| Contact data | Email address, phone number |
| Reservation data | Date, time, party size, table assignment, reservation status, waitlist status |
| Special category data | Dietary requirements, allergies, special remarks (optional, entered by Controller) |
| Technical data | IP address and user agent of website visitors (consent-gated analytics only) |
| Audit data | Action logs recording who created, modified, or deleted a reservation, including timestamps and changed fields |
Data Subjects include: (a) the Controller’s restaurant customers whose reservations are managed through the Service; (b) the Controller’s staff and users who access the Service; and (c) website visitors who interact with the Controller’s booking widget.
B4. Purpose & Duration
The Processor processes personal data on behalf of the Controller to provide the reservation management service pursuant to the Agreement, including:
- Storing and displaying reservation data in the Controller’s dashboard
- Sending reservation confirmations, reminders, and cancellation notices via email
- Processing waitlist entries and automatic table assignments
- Maintaining audit logs of reservation changes for accountability
- Accepting reservations via the Controller’s embeddable booking widget
The Processor shall not process personal data for any purpose other than those described above unless instructed by the Controller in writing. Processing continues for the duration of the Controller’s active account. Upon termination, see B10 (Retention & Deletion).
B5. Sub-processors
The Controller authorises the Processor to engage the following sub-processors. The Processor shall notify the Controller at least thirty (30) days before adding or replacing a sub-processor. The Controller may object in writing within that period; if the objection is not resolved, the Controller may terminate the Agreement. All sub-processors are bound by data protection obligations not less onerous than those set out in this DPA.
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Supabase, Inc. | Database hosting, authentication, file storage | EU (Frankfurt) | EU hosting; SOC 2 Type II |
| Stripe, Inc. | Payment processing for Controller subscriptions | USA | EU-U.S. DPF; PCI DSS |
| Vercel, Inc. | Website and application hosting | USA | EU-U.S. DPF; SOC 2 |
| n8n (self-hosted) | Webhook automation for email notifications | EU | EU hosting |
| Meta Platforms, Inc. | Marketing analytics (consent-gated, website visitors only) | USA | EU-U.S. DPF |
| Microsoft Corporation | Session recording via Clarity (consent-gated, website visitors only) | USA | EU-U.S. DPF; ISO 27001 |
Meta and Microsoft only process data from website visitors who have given consent. They do not process restaurant customer reservation data.
B6. Data Processing Requirements
The Processor shall:
- Process personal data only on documented instructions from the Controller, unless required by applicable law
- Ensure that persons authorised to process personal data are subject to appropriate confidentiality obligations
- Implement and maintain the security measures described in B7
- Assist the Controller in responding to Data Subject requests (B8)
- Notify the Controller of data breaches in accordance with B9
- Support the Controller in fulfilling its obligations under GDPR Articles 32–36 (security, DPIAs, prior consultation)
- Notify the Controller if, in the Processor’s opinion, an instruction infringes GDPR or other applicable data protection law
- Inform the Controller of any legally binding request for disclosure of personal data by a law enforcement authority, unless prohibited by law
B7. Security Measures
The Processor implements appropriate technical and organisational measures to protect personal data, including:
Data Protection
- Encryption in transit (TLS/HTTPS) using industry-standard algorithms and certificates
- Encryption at rest for all database storage
- All personnel with access to personal data are subject to confidentiality obligations
- Infrastructure hosted with providers that maintain SOC 2 Type II and/or ISO 27001 certifications
Access Control
- JWT-based authentication with automatic token refresh for all API access
- Row-level security (RLS) policies ensuring complete tenant isolation — each restaurant can only access its own data
- Service role separation: client-side queries are scoped to the authenticated restaurant; administrative access requires separate credentials
- Multi-tenant storage architecture with application-level access enforcement
Incident Management
- System logging and monitoring for anomaly detection
- Security incident documentation, tracking, and resolution procedures
- Prompt notification to Controller of any unauthorised access incidents (see B9)
B8. Data Subject Rights
The Processor shall assist the Controller in fulfilling its obligations to respond to requests from Data Subjects exercising their rights under GDPR, including rights of access, rectification, erasure, restriction of processing, data portability, and objection.
If the Processor receives a request directly from a Data Subject, it will promptly forward the request to the Controller and will not respond independently unless legally required to do so.
B9. Data Breach Notification
The Processor shall notify the Controller promptly, and in any event within forty-eight (48) hours, after becoming aware of a personal data breach affecting the Controller’s data. The notification shall include:
- The nature of the breach, including the categories and approximate number of Data Subjects and records affected
- The name and contact details of the Processor’s point of contact
- The likely consequences of the breach
- The measures taken or proposed to address the breach and mitigate its effects
The Processor shall document all data breaches, including their facts, effects, and remedial actions taken, and make this documentation available to the Controller upon request.
B10. Retention & Deletion
Personal data is retained for as long as reasonably needed to deliver the Service. Upon termination of the Controller’s account, the Processor shall, at the Controller’s choice, either return all personal data to the Controller or delete it within thirty (30) days, unless retention is required by applicable law.
The Controller may request an export of their data before account closure. Audit logs may be retained for a longer period where required for legal compliance but will be deleted upon the Controller’s written request after the applicable retention period has expired.
B11. Audit & Compliance
The Processor shall make available to the Controller all information necessary to demonstrate compliance with this DPA and GDPR obligations. The Controller (or a qualified third-party auditor mandated by the Controller) may conduct an audit once per twelve-month period upon reasonable written notice.
The Controller shall reimburse the Processor’s reasonable costs incurred in connection with any audit, unless the audit reveals a material breach of the Processor’s obligations under this DPA.
B12. International Transfers
Where personal data is transferred to sub-processors outside the European Economic Area (EEA), the Processor ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or certification under the EU-U.S. Data Privacy Framework, as indicated in the sub-processor table above.
B13. General Provisions
This DPA is effective for the duration of the Agreement. The Processor may amend this DPA to reflect changes required by applicable law, judicial or regulatory orders, updates to the Service, or changes that are to the Controller’s benefit. The Processor will provide reasonable notice of material changes.
B14. Contact
For questions regarding this DPA, please contact us at info@miesreservations.com.