Cookies on stolio.cz

    Necessary cookies are always used. Marketing cookies (Google, Meta) only with your consent. Learn more

    Privacy Policy

    Last updated: 13. 7. 2026

    1. Who we are

    The Stolio platform (stolio.cz) is operated by George Maisuradze, Company ID (IČO) 22168486, registered at Braunerova 563/7, Libeň, 180 00 Praha 8, Czech Republic, sole trader (OSVČ), not a VAT payer ("we" or "Stolio"). Contact: info@stolio.cz, +420 292 333 083.

    2. Two roles: controller and processor

    • Controller — for data of our customers (restaurants), stolio.cz visitors and recipients of our communications.
    • Processor — for restaurant guests' data (reservations, guest CRM). The restaurant is always the controller; processing is governed by the data processing agreement in our Terms of Service. Guests should direct requests primarily to the restaurant they booked with — we assist the restaurant in fulfilling them.

    3. Data we process

    • Customer accounts: name, email, phone, restaurant details (name, address, company ID, billing), login credentials.
    • Guest data (as processor): name, email, phone, reservation date/time/party size, visit history, notes and tags created by the restaurant.
    • Website visitors: contact-form data (name, email, message) and cookies per the Cookie Policy.
    • Operational records: email delivery logs, security and technical logs.

    4. Purposes and legal bases

    • Providing the service, incl. reservation emails to guests — performance of a contract (Art. 6(1)(b) GDPR).
    • Invoicing and accounting — legal obligation (6(1)(c)).
    • Communications to existing customers and review requests sent on a restaurant's behalf — legitimate interest (6(1)(f)), always with an unsubscribe option in every email.
    • Marketing cookies (Google Ads, Meta Pixel) — only with your consent (6(1)(a)).
    • Security and abuse prevention — legitimate interest (6(1)(f)).

    5. Recipients and processors

    • Supabase / Lovable — hosting and database
    • Stripe — payments and billing
    • Resend — email delivery
    • Google (Ads) and Meta (Pixel) — only upon marketing-cookie consent
    • Syrve — only where a restaurant activates the POS integration

    Some providers are located outside the EU; transfers are safeguarded by Standard Contractual Clauses (SCC) or an adequacy decision (EU-U.S. DPF).

    6. Retention

    • Account data — for the duration of the contract and thereafter as required by law (notably accounting rules).
    • Guest data — per the restaurant's instructions as controller; a restaurant's data is deleted when the service ends.
    • Email and security logs — for a limited period necessary for operations and proof of delivery.

    7. Your rights

    You have the right of access, rectification, erasure, restriction, data portability and objection. Consent (e.g. cookies) can be withdrawn at any time. Requests: info@stolio.cz. You may also lodge a complaint with the Czech Data Protection Authority (uoou.gov.cz).

    8. Security

    Data is protected by encrypted transport (HTTPS), database row-level security (RLS), staff role controls and encryption of sensitive integration credentials. Access is limited to those who strictly need it.