Reserving Privacy Policy

Last updated: April 7, 2025

Introduction

At Reserving, we respect your privacy and are committed to protecting your personal data. This Privacy Policy describes what information we collect from users of our mobile application Reserving (available globally on the App Store and Google Play), how we use it, with whom we share it, and the choices and rights you have regarding your data. Our goal is to comply with the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable international privacy regulations, ensuring that your personal data is processed lawfully, fairly, and transparently. By creating an account or using our application, you declare that you have read and accepted this Privacy Policy and, where applicable, grant your explicit consent for the processing of your personal data.

Personal Data We Collect

Reserving collects only the personal data necessary to create your account and provide you with the service. The types of information we may request include:

First and last name: To identify you in the application and address you personally (e.g., when making a reservation or sending communications).
Profile picture: (Optional) To personalize your account and display an image associated with your profile within the app.
Phone number: To verify your identity, enhance account security, and communicate with you via calls or messages (e.g., sending confirmations or verification codes).
Email address: To use as a login credential, send you important service notifications (confirmations, reservation changes, term updates), and allow for account recovery or support communication.

We do not collect any other sensitive personal data without your consent. Reserving does not use cookies in the mobile application, nor does it employ third-party analytics or tracking tools (like Google Analytics) integrated into the app. We also do not collect location data, browsing history, or other additional data beyond what you provide directly when registering or using our features. If we need to collect additional personal data in the future, we will request your explicit consent beforehand and update this Policy accordingly.

Use of Personal Data

We use your personal data solely for legitimate and explicit purposes, primarily to offer you an efficient and personalized service. Specifically, Reserving may use your information to:

Provide the core service: Create and manage your user account, authenticate your identity upon login, and allow you to make reservations or use the functions for which the app was designed. Your name and, where applicable, profile picture may be displayed within the application (e.g., in your profile section or when confirming a reservation).
Communicate with the user: Send you confirmations, notices, or reminders related to your use of the application. For example, we might use your email address to send a reservation receipt or your phone number to send an SMS verification message or urgent notification. We may also contact you to provide technical support or respond to your inquiries.
Improve experience and support: Analyze internally (without third-party external tools) how the application is used, detect errors, and optimize functionalities. This will always be done without directly identifying you in any report; our analysis is aggregated and aimed at improving the service, never at individually profiling users.
Comply with legal or contractual obligations: Use and retain certain data when necessary to comply with applicable laws, regulatory requirements, or to enforce our Terms of Service and this Privacy Policy. For example, we may use necessary information to manage disputes, prevent fraudulent activities, ensure platform security, or respond to legitimate requests from competent authorities.

Reserving does not use your personal data for direct marketing purposes without your consent. We do not perform automated profiling with legal effects on you, nor do we make decisions based solely on automated processing of your data that could significantly affect you. In summary, your data will be used exclusively to provide the requested service and improve your experience, always respecting the principles of minimization (we only use what is necessary) and purpose limitation.

Sharing and Disclosure of Data

Your privacy is fundamental; therefore, we do not sell your personal data to third parties under any circumstances. We will only share your information in the following cases and always respecting appropriate safeguards:

Trusted service providers: We may use external companies or providers that help us operate the application or deliver our services to you (e.g., cloud data hosting services, email or SMS message delivery, technical maintenance services). These providers are shared only the personal information necessary to perform the functions we have contracted them for (e.g., providing your name and email address to an email service provider to send you a confirmation email). They are all subject to contractual confidentiality obligations and compliance with data protection laws; they cannot use your information for any purpose other than the one agreed upon.
Legal requirement or protection of rights: We may disclose your personal data if necessary to comply with a legal obligation, judicial process, or binding governmental request (e.g., a court order). Likewise, we may share information if we believe in good faith that it is necessary to protect our legal rights, the safety of our users or the general public, or to enforce our policies (e.g., investigating potential fraud, security incidents, or violations of the Terms of Service).
Corporate transactions: If Reserving is involved in a merger, acquisition, asset sale, corporate restructuring, or other business process, your personal data could be transferred as part of that transaction. If this occurs, we will ensure the confidentiality of your information is maintained and notify you promptly of any change of control in the processing of your data, ensuring that the new controller respects conditions equal to or stricter than those established in this Policy.

Outside of the situations above, Reserving does not share your personal data with third parties. In particular, we will not transfer your information to advertisers or social media platforms, nor do we conduct "sales" of personal data as defined by the CCPA. Any necessary information exchange will always be done in compliance with applicable privacy regulations and minimizing the data disclosed.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. In general terms:

Active account: As long as you maintain an active account with Reserving and continue to use our services, we will securely retain your data in our systems. This is necessary to identify you, authenticate your access, and provide you with the app's functionalities (e.g., maintaining your profile and reservation history).
Inactive account: If you stop using the application for a prolonged period, we might contact you to ask if you wish to keep your account. If your account remains inactive for an extended period (e.g., 12 months) without response, we may delete or anonymize your personal data, after notification, to protect your privacy and minimize the storage of unnecessary information.
Deletion upon request: If you decide to delete your account (or exercise your right to erasure/deletion, see User Rights section), we will proceed to delete or anonymize your personal data from our production systems. Once we confirm your deletion request, your data will be removed within a reasonable timeframe (typically within 30 days) from our active databases. Please note that residual information may persist in secure backup copies for a short additional period, but such copies will remain protected and eventually be overwritten according to our backup cycles; during that time, your data will not be available for active use or shared with anyone.
Retention for legal obligations: In certain cases, we may need to retain some of your personal data even after your account deletion, if required by law or for limited legitimate purposes. For example, we might keep records of transactions or communications (including your email or phone number) for a specific time to comply with tax regulations, resolve disputes, prevent fraud, or fulfill legal data retention obligations. In any case, such retained data will be duly blocked (i.e., stored restrictively) and only accessible to fulfill those obligations, being deleted as soon as the legal retention period expires.

Once the applicable retention period ends, we will securely delete your personal data or anonymize it (so it can no longer be associated with you). In summary, we will not keep your data longer than necessary and periodically review stored information to ensure it remains relevant for the stated purposes.

User Consent

Registering and using Reserving implies your informed consent to the processing of your personal data as described in this Policy. We implement an explicit consent mechanism: when creating an account, you will be asked to check a box ("checkbox") confirming that you have read and accepted this Privacy Policy (as well as our Terms of Service). Only when you have granted that consent can we proceed to register your account and use your data as established herein. This consent is voluntary, and you have the right to withdraw it at any time.

Please note that, in certain cases, processing your data may be necessary for the performance of the contract we have with you (e.g., processing your reservations or maintaining your account). In such situations, even if you decide to withdraw your consent, we might continue processing some data based on another valid legal basis (such as contractual fulfillment or legitimate interests, always within the limits of the law) to finalize pending services or comply with legal obligations. However, if you withdraw consent for data processing activities that we perform solely based on your consent, we will cease such processing (e.g., stop sending optional communications).

To withdraw your consent, you can delete your account in the application or contact us through the means indicated in this Policy (see Exercising Rights and Contact section). Withdrawing consent will not affect the lawfulness of data processing before such withdrawal. It is important to mention that without your consent for essential processing (or without an alternative legal basis), we may not be able to continue providing you with the use of the application, which could imply the deactivation or deletion of your account if we no longer have a legal basis to process your data.

User Rights Over Their Data

As a user of Reserving, you have various rights regarding your personal data, in accordance with GDPR, CCPA, and other data protection laws. At any time, you can exercise the following rights:

Right of Access: request confirmation of whether we are processing your personal data and, if so, access it. You have the right to obtain a copy of the personal data we store about you, as well as information about the purposes of the processing, the categories of data involved, the third parties with whom it is shared, and the expected retention period.
Right to Rectification: ask us to correct or update your personal data that may be incomplete or inaccurate. If, for example, your name or email address has changed or contains errors, you can request rectification, or correct it yourself directly through the profile editing options within the app (when available).
Right to Erasure (Deletion): request the deletion of your personal data in certain circumstances. This includes the "right to be forgotten," whereby, at your request, we will delete all personal information we hold about you, provided there is no legal obligation preventing us or other legitimate grounds for retaining it. Upon exercising this right, we will proceed to permanently delete your account and associated data, as described in the Data Retention section.
Right to Object: object, on grounds relating to your particular situation, to the continued processing of your personal data when such processing is based on our legitimate interest or that of a third party. You also have the right to object at any time to the processing of your data for direct marketing purposes. If you exercise this right, we will stop processing your data for the objected purposes, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
Right to Data Portability: request that we provide your personal data in a structured, commonly used, and machine-readable format, or transmit that data to another controller where technically feasible. This right allows you to take the data you have provided us (e.g., your name, photo, email, phone number) and reuse it in other services. If requested, we will provide you with a digital file containing your basic collected data, or, if feasible, transfer your data directly to the new provider you indicate, after verifying your identity and legal requirements.

These rights can be exercised free of charge, within the limits provided by current regulations. Additionally, you have the right to withdraw your consent at any time (when processing is based on consent, see Consent section) and the right to lodge a complaint with the competent data protection supervisory authority. For example, if you are in the European Union, you can contact the data protection agency of your country of residence (in Spain, the Agencia Española de Protección de Datos – AEPD) if you believe data protection legislation has been breached. Similarly, if you reside in California, you have the right to complain to the California Attorney General or another designated authority under the CCPA.

Reserving will not discriminate against any user for exercising their privacy rights. This means we will not deny you service, provide a lower level of service, or retaliate in any way just because you have decided to exercise any of the rights described above. We value your trust and control over your data, so your privacy choices will not negatively affect how we treat you as a customer (consistent with CCPA requirements and other applicable laws). Note, however, that if you exercise certain rights like deleting essential data, we may no longer be able to provide the service, but this will be a necessary technical consequence (not a penalty), and we will inform you clearly if this occurs.

Exercising Rights and Contact

To exercise any of the rights described above, or if you have questions or concerns related to privacy and the use of your data, you can use the following communication channels with us:

Within the application: In the Settings or Configuration section of the Reserving app, you will find options related to privacy. For example, there will be a “Delete Account” function you can use to directly request the deletion of your data and the cancellation of your account. There may also be shortcuts to update your information (exercise rectification) or contact us via a support form. These integrated tools are designed to facilitate the exercise of your rights quickly and easily.
By email: You can also contact us at any time by sending an email to our privacy team at privacy@reserving.app (example). In your message, clearly state which right you wish to exercise or what information you need. Please include the necessary data to locate your account (such as the associated email address) and detail your request. If you prefer, you can send us your request in writing through any other official contact method provided within the app or on our website.

To protect your security and that of all our users, we may need to verify your identity before processing a rights request. This may involve asking you to confirm from the registered email address or providing additional information necessary to confirm that you are the data subject. This verification aims to prevent unauthorized third parties from accessing or deleting your personal data without permission.

Once your legitimate request is received, our team will respond as soon as possible, in any case within the deadlines required by law. Under GDPR terms, we will typically send you a response no later than 30 calendar days from receiving your request (extendable by 60 additional days for particularly complex requests, in which case you will be informed of the extension). For California residents exercising rights under the CCPA, we will respond within the legal timeframe (usually 45 days, with a possible extension of another 45 days if necessary and upon notification). Responses and actions resulting from your request (e.g., providing data or confirming deletion) will be provided free of charge, unless the requests are manifestly unfounded or excessive, in which case we might charge a reasonable fee or refuse the request as permitted by law (but we will clearly inform you of the reasons).

You can contact us in Spanish or the language most comfortable for you; our team will do their best to assist you in your language. Any communication regarding privacy will be treated as a priority. Remember that, in addition to the above methods, you can always access and correct certain basic profile information directly from the application by going to the Profile or Account section, which may be the quickest way to keep your data updated. For other rights requiring our intervention (such as portability or confirmation of stored data), we will be available via the mentioned contact channels.

Data Security

Reserving implements both technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. We understand the sensitivity of the information you entrust to us, so we take its safeguarding seriously. Some of the security measures we apply are:

Encryption of data in transit and at rest where appropriate. For example, our application communicates with our servers via secure HTTPS/TLS connections, meaning the information you send or receive is encrypted so third parties cannot easily intercept it. We also store passwords securely (hashed/salted) and protect sensitive data with database-level encryption where relevant.
Restricted access control: Only authorized personnel of Reserving (and our trusted service providers, to the extent necessary) have access to personal data, and only for the described purposes. We have implemented internal policies so that any access to your data is justified and monitored. Our team receives training in privacy and security practices to ensure your information is handled correctly.
Secure storage: We use data centers and cloud services that meet high standards of physical and logical security. Your data is stored on servers protected by firewalls, intrusion detection systems, and other security mechanisms. We perform regular backups of information to prevent data loss, and these backups are stored securely.
Assessments and testing: We regularly review our information collection, storage, and processing practices to ensure we comply with this Privacy Policy and current regulations. We also conduct security tests (such as vulnerability scans) on our application and systems to proactively identify and fix potential weaknesses.

While we strive to protect your data to the best of our ability, you should be aware that no data transmission or storage system is completely infallible. Therefore, we cannot guarantee absolute security. However, in the unlikely event of a security breach that significantly compromises your privacy, we will notify you as soon as possible about the incident and take the necessary corrective measures, in accordance with our legal obligations (e.g., following GDPR breach notification requirements or other applicable laws). We also recommend that you take steps to protect your own account credentials (such as using a strong password and not sharing it). Together, company and user, we can maintain the security of your personal data.

Furthermore, Reserving adopts the principle of “privacy by design and by default” in its development. This means that from the conception phases of the app, we have integrated privacy considerations, minimizing the amount of data we request and configuring our systems so that their initial settings protect privacy to the greatest extent possible. Likewise, our company maintains internal documentation on the flow and management of personal data (record of processing activities) and conducts periodic compliance checks. These internal measures, although not directly visible to the user, ensure that we handle your data according to industry best practices and current legal requirements.

Use of Cookies and Tracking Tools

Our mobile application does not use cookies. Cookies are small data files typically used in web browsers to track information; since Reserving is a native mobile application, we do not rely on cookies to operate. Likewise, we have chosen not to incorporate third-party analytics or advertising tools within the app that could track your behavior. This means we do not use services like Google Analytics, advertising SDKs, or similar tracking technologies in our application that collect information about your usage beyond what is necessary for basic functionality.

Any usage information we obtain is anonymous and statistical, collected internally to measure service performance (e.g., how many active users there are, which features are used most) but without individualized profiles. If we decide to use any analytics tools or collect additional usage data in the future, we will do so only after updating this Privacy Policy and, if required by law, requesting your prior consent. Your peace of mind is important to us, so you can use Reserving with the confidence that we are not monitoring your activity for advertising purposes or sharing your usage habits with third parties.

International Data Transfers

Reserving offers its services to users in multiple countries, so your personal data may be transferred to and stored in jurisdictions other than your own. Specifically, the information we collect may be processed on servers located in the United States or other countries outside the European Economic Area (EEA) or your country of residence. We recognize that different countries may have different data protection laws, but in any case, we will apply adequate safeguards to protect your information when transferred internationally.

If you are located in the European Union or another region with laws governing data transfers outside that region, we will ensure that your data has a level of protection equivalent to that in your country. This may include signing Standard Contractual Clauses approved by the European Commission or other valid legal mechanisms to permit international data transfers under GDPR. Similarly, if we transfer data of residents of California or other US states to another jurisdiction, we will comply with CCPA/CPRA requirements and other relevant laws. We also consider international legal frameworks such as Brazil's General Data Protection Law (LGPD) and other local regulations to ensure any transfer complies with applicable provisions.

By using Reserving, you understand and agree that your data may be transmitted to servers located in another country. However, this will always be done in accordance with this Policy and taking all necessary measures to safeguard the confidentiality and integrity of your personal data. If in a particular case we must transfer data to a third party in a country that does not offer adequate protection guarantees, we will inform you and, if required by law, request your consent before making such a transfer. Our priority is to keep your data secure regardless of where it is processed.

Changes to this Privacy Policy

Privacy legislation and our internal practices may change over time. Therefore, Reserving reserves the right to update or modify this Privacy Policy when necessary. If we make significant (material) changes to how we collect, use, or share your personal data, or to the rights you have, we will notify you clearly through appropriate means. We may notify you of changes, for example: by sending an email to the address associated with your account, displaying a prominent notice within the application the next time you open it, or via a push notification. In such communication, we will summarize the changes made and, if required by law, request your consent again for the proposed new data processing practices.

At the top of this Policy, we indicate the date of the last update, so you can easily check if there have been changes since you last reviewed it. We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information. Any modification will take effect from the date of publication of the revised policy (or the date indicated as effective in the update). Your continued use of Reserving after the new version of the Policy has come into effect will constitute your acceptance of the changes made. If you do not agree with the modifications, you will have the freedom to deactivate or delete your account at any time.

Contact and Inquiries

If you have doubts, inquiries, or comments about this Privacy Policy, or about how Reserving processes your personal data, do not hesitate to contact us. We appreciate the opportunity to address your concerns and improve our practices. You can communicate with our privacy team via email at privacy@reserving.app (or the designated contact channel found in our app/website). You can also send us your questions in writing to our office's postal address (if applicable, we will provide the physical address in the app documentation or on our official website).

We will strive to respond to your inquiries as soon as possible. If you write to exercise a privacy right or report a specific issue, please clearly state your request and relevant details so we can assist you efficiently. Your trust is very important to us; therefore, we are committed to resolving any privacy-related matter in good faith and transparently.

Thank you for reading our Privacy Policy. We hope it is clear how we handle your information. If you have any suggestions on privacy aspects we can improve, we would love to hear them. At Reserving, protecting your data is not just a legal compliance issue, but a fundamental pillar of our service.