Privacy Policy

Last updated: 9 March 2026

1. Data Controller

This Privacy Policy explains how Mies Reservations (“Mies”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you visit miesreservations.com or use our restaurant reservation management service. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

The data controller responsible for your personal data is Mies Reservations. You can reach us at info@miesreservations.com.

2. Data We Collect

When you register for an account we collect your first name, last name, email address, phone number, date of birth, and restaurant name. This is necessary to create and maintain your account and provide you access to the service.

If you subscribe to our newsletter we collect your email address. You can unsubscribe at any time by clicking the unsubscribe link in any newsletter email or by contacting us directly.

When restaurant owners use the service to manage reservations, they may enter customer data including customer names, email addresses, phone numbers, party size, and optional information such as dietary requirements or allergies. Mies processes this data on behalf of the restaurant owner (see our Data Processing Agreement).

3. Payments

Payments are processed by Stripe, Inc. We never store your full card details on our servers. Stripe may collect and process your payment card information, billing address, and transaction history in accordance with their own Privacy Policy. We receive a payment confirmation and a subscription status from Stripe.

4. Analytics & Tracking

We use Vercel Analytics to collect aggregated, anonymised information about how visitors use our website (e.g. page views, referrer, device type). This data does not identify you personally and no cookies are used for this purpose.

Only if you accept cookies, we load the following third-party services:

  • Google Analytics 4tracks page views, scroll depth, section views, and time on page. Automatically captures UTM parameters for campaign attribution.
  • Meta Pixel (provided by Meta Platforms, Inc.) — tracks page views and certain interactions to measure advertising effectiveness. We also send server-side events via the Conversions API, which includes your IP address and user agent for deduplication.
  • Microsoft Clarityrecords anonymised session replays including mouse movements, clicks, and scrolls to help us improve the user experience.

If you decline cookies, none of these tracking services are loaded and no data is sent to Google, Meta, or Microsoft.

5. Cookies & Consent

We use a consent banner when you first visit our site. Your choice is stored in your browser’s local storage under the key mies_consent and persists until you clear your browser storage. No tracking cookies are set before you give consent.

Supabase auth cookies keep you logged in to your account. The Meta Pixel sets _fbp and _fbc cookies only when you have given consent. You can withdraw your consent at any time by clearing your browser’s local storage, after which the consent banner will reappear on your next visit.

6. Legal Basis

The legal basis for processing your account and payment data is performance of a contract (Art. 6(1)(b) GDPR). Newsletter subscriptions and analytics tracking are based on your consent (Art. 6(1)(a) GDPR). Anonymised analytics via Vercel are processed on the basis of our legitimate interests (Art. 6(1)(f) GDPR).

7. Sub-processors & Data Sharing

We share personal data only with the following trusted sub-processors, each bound by a Data Processing Agreement and/or Standard Contractual Clauses where required:

  • Supabase, Inc.database hosting (account data, reservation data, newsletter emails; stored in the EU region)
  • Stripe, Inc.payment processing (certified under the EU-U.S. Data Privacy Framework)
  • Vercel, Inc.website hosting and anonymised analytics (certified under the EU-U.S. Data Privacy Framework)
  • Meta Platforms, Inc.marketing pixel, only when you have given consent (certified under the EU-U.S. Data Privacy Framework)
  • Microsoft Corporationsession recording via Clarity, only when you have given consent
  • n8n (self-hosted)webhook automation for email confirmations and notifications

We do not sell your personal data to any third parties.

8. International Transfers

Some of our third-party processors are based outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or certification under the EU-U.S. Data Privacy Framework.

9. Data Retention

  • Account data is retained for as long as your account is active and deleted within 30 days of account closure upon request.
  • Payment records are retained for 7 years to comply with financial and tax regulations.
  • Newsletter emails are retained until you unsubscribe, then deleted promptly.
  • Reservation data is retained for as long as the restaurant owner’s account is active. Audit logs are retained indefinitely for compliance.
  • Analytics data is aggregated and anonymised so no personal retention period applies.
  • Meta Pixel data is governed by Meta’s own retention policies.

10. Your Rights

As a data subject in the EU/EEA you have the right to access, rectify, erase, or restrict processing of your personal data, the right to data portability, the right to object to processing based on legitimate interests, and the right to withdraw any consent at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with your national data protection authority, such as the Dutch Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl. To exercise any of these rights, please contact us at info@miesreservations.com and we will respond within 30 days.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including encrypted connections (TLS), row-level security for tenant isolation, and access controls. However, no method of transmission over the internet is completely secure and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page. Continued use of our service after changes are posted constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this Privacy Policy please contact us at info@miesreservations.com.