Privacy Policy
1. Information We Collect
For restaurants, we collect basic information such as name, email, phone number, country, payment processor ID (Stripe or SumUp), and onboard status. For customers, we collect optional information for orders, including menu item comments, customer name, and email. Our payment processors (Stripe and SumUp) may collect additional information for payment processing and fraud prevention.
2. Purpose of Data Use
We use your data to provide our digital restaurant platform services, process orders, improve our services, and comply with legal obligations. Customer information is used to facilitate order fulfillment and provide receipts.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- •Restaurant account data: Contract performance (Art. 6(1)(b)) - necessary to provide our services
- •Customer order data: Contract performance (Art. 6(1)(b)) - necessary to process and fulfill orders
- •Payment processing: Contract performance (Art. 6(1)(b)) and Legal obligation (Art. 6(1)(c)) - necessary for transactions and tax compliance
- •Analytics data: Legitimate interest (Art. 6(1)(f)) - to improve our platform and services
- •Order retention for accounting: Legal obligation (Art. 6(1)(c)) - required by Finnish Accounting Act
4. Our Role in Data Processing
Fiest Oy acts as:
- •Data Controller for restaurant account data, platform analytics, and direct customer interactions with fiest.io
- •Data Processor for restaurant customer data (order details, customer information) - restaurants are the Data Controllers for their customers' data
Restaurants using our platform are responsible for their own GDPR compliance regarding their customer data.
5. Data Retention
We retain restaurant data for the duration of the account. Upon account deletion, all data including images, menus, and settings are removed, except for order details which are retained for 6 years as required by the Finnish Accounting Act (kirjanpitolaki 1336/1997). Customer data for orders is retained as required for business operations and legal compliance.
6. Cookies
For fiest.io, we use PostHog analytics with a privacy-first approach. You can choose to accept or reject analytics cookies via our cookie banner:
- •If you accept: We use cookies to track your session and may record your browsing session (mouse movements, clicks, page views) to improve our website. Session recordings help us understand how users interact with our site. Session recording is based on your consent under GDPR Article 6(1)(a) and only occurs after you opt in.
- •If you reject: We use a privacy-preserving cookieless method that does not store any identifiable information or record sessions. You are still counted anonymously in our analytics.
For order.fiest.io, we use essential cookies for payment security and fraud detection. These cannot be disabled. We also use PostHog analytics to understand user behavior and improve our service.
For dashboard.fiest.io, we use essential cookies for security, user authentication, and dashboard settings. These cannot be disabled. We use functional cookies to save your last used state for login, and we utilize PostHog analytics to enhance the restaurant software experience and create better features.
For docs.fiest.io, we use essential cookies for documentation access. For receipts.fiest.io, we use essential cookies for secure receipt retrieval.
The analytics data helps us understand usage patterns and optimize our platform for restaurant owners.
7. Your Rights
Under the GDPR, you have the following rights:
- •Right to access your personal data
- •Right to rectification of inaccurate data
- •Right to erasure ("right to be forgotten")
- •Right to restrict processing
- •Right to data portability
- •Right to object to processing
- •Right to withdraw consent at any time (where consent is the legal basis)
We will respond to your request within one month of receiving it. If your request is complex or we receive many requests, we may extend this by up to two additional months, but we will inform you of any delay within the first month.
Restaurants can delete their account and associated data through the dashboard. Note that Fiest cannot delete information from Stripe or SumUp on your behalf - please contact them directly for payment-related data deletion.
Customers can choose not to provide optional information for orders. To exercise any other rights, contact us at info@fiest.io.
8. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu).
Website: tietosuoja.fi Email: tietosuoja@om.fi Address: PL 800, 00531 Helsinki
9. Data Transfer
Your data is processed by authorized employees and subcontractors of Fiest Oy within the EU/EEA.
Our payment processors, Stripe and SumUp, may transfer data to the United States. These transfers are protected by: - Standard Contractual Clauses (SCCs) approved by the European Commission - The EU-US Data Privacy Framework (where applicable)
For more information, please review Stripe's Privacy Policy and SumUp's Privacy Policy directly.
10. Data Disclosure
We disclose customer information to the restaurants for order fulfillment. We may disclose data to authorities as required by law, to Stripe for payment processing, and to other third parties with your consent.
11. Data Protection
We implement appropriate technical and organizational measures to protect your data, including secure data storage and transfer protocols.
12. Third-Party Services
We use the following third-party services to provide our platform:
- •Stripe - Payment processing (US/EU)
- •SumUp - Payment processing (EU)
- •PostHog - Analytics for fiest.io, dashboard.fiest.io, order.fiest.io, docs.fiest.io, and receipts.fiest.io (EU)
- •Vercel - Infrastructure and hosting (EU)
Each service processes data according to their own privacy policies. We have data processing agreements in place with all subprocessors.
13. Automated Decision-Making
We do not make automated decisions that produce legal effects or similarly significantly affect you.
Our payment processors (Stripe, SumUp) may use automated fraud detection systems. Please review their respective privacy policies for details on their automated processing.
14. Privacy Policy Changes
We may update this privacy policy as our services evolve or as required by law. For material changes that affect your rights, we will notify registered restaurants by email at least 30 days before the changes take effect. We recommend reviewing this policy periodically.
16. Terms of Service
Use of our services is also governed by our Terms of Service. We recommend reviewing both this Privacy Policy and the Terms of Service to fully understand your rights and obligations when using Fiest's services.
17. Dispute Resolution
Any disputes related to our privacy practices will be resolved as described in our Terms of Service. This includes attempting to resolve disputes through negotiations, and if unsuccessful, through the Helsinki District Court. Consumers may also refer matters to the Consumer Disputes Board (kuluttajariitalautakunta) after contacting consumer advice.
Consumer Disputes Board: Website: kuluttajariita.fi Postal address: Hämeentie 3, PL 306, 00531 Helsinki
15. Contact Information
Fiest Oy
Business ID: 3438254-5
Lapinlahdenkatu 11, 00180 Helsinki
info@fiest.io
+358 40 440 7518
Contact Persons
Elias Nurmela
Co-Founder
elias@fiest.io
Markus Marttila
Co-Founder
markus@fiest.io
Note: Our service uses Stripe and SumUp for payment processing. Please review their privacy practices independently. Stripe's Privacy Policy or SumUp's Privacy Policy.