Brand

Smart Dining

Skip to document content

Legal centerDPA

Data Processing Agreement

Contractual terms for Restaurant Partners who act as controllers and appoint Smart Dining as a processor of personal data under GDPR and similar laws.

Effective April 11, 2026 Version 1.0.0 Smart Dining legal suite

Summary

This DPA forms part of the Terms for business customers where regulated processing applies. Executed order forms may add additional security requirements.

Last updated: April 11, 2026

On this page
  1. Roles
  2. Subprocessors
  3. Security and assistance
  4. Deletion or return

Roles

Restaurant Partner is the controller for guest and staff personal data it instructs us to process for its purposes. Smart Dining processes such data only on documented instructions unless required by law, in which case we inform the Partner unless prohibited.

Subprocessors

We maintain a list of subprocessors and will give notice of changes where required. You may object to a new subprocessor on reasonable data-protection grounds.

Security and assistance

We implement appropriate technical and organizational measures and assist with breach notification, impact assessments, and data subject requests as required by Article 28 GDPR and analogous provisions.

Deletion or return

At the end of services, we delete or return personal data according to the Terms unless retention is required by law.