Privacy Policy

Effective date: March 6, 2026

Magyar változat

This notice applies to data processing on the FourTables website, especially on the fourtables.app domain, and to privacy roles connected to the operation of the platform. It is intended to inform data subjects in detail under Regulation (EU) 2016/679 (GDPR).

This English version is provided for convenience. In case of any inconsistency, the Hungarian version shall prevail to the extent permitted by applicable law.

1. Identification of the controller for FourTables' own processing

Service provider / controller: Füri Martin ev.

Registered seat: 8092 Pátka, Arany János utca 41.

Mailing address: 8092 Pátka, Arany János utca 41.

Contact email: sales@fourtables.app

Phone: Nincs megadva

Tax number: 59185800-1-27

EU VAT number: HU59185800

Registry court / registry authority: Nemzeti Adó- és Vámhivatal (egyéni vállalkozói nyilvántartó hatóság)

Company registration number / registration number: 57267795

Privacy contact / DPO: Külön DPO nincs kijelölve; adatvédelmi ügyekben: sales@fourtables.app

2. Scope of this notice and controller/processor roles

2.1. FourTables' own processing as controller: this includes the fourtables.app marketing website, contact forms, own analytics and measurement where consent is given, contractual and billing administration, support communication and platform-security logging, including processes related to subscription status, Stripe checkout and billing administration.

2.2. Restaurant reservation data on public booking pages, typically as processor: personal data processed on /r/[slug]booking pages is usually controlled by the relevant restaurant or hospitality venue. FourTables may act as a technology provider and data processor under the controller's instructions, within the meaning of Article 28 GDPR.

2.3. Restaurant-specific information: during the booking process, the restaurant's own privacy notice, cancellation rules and no-show policy may also apply. Terms defined by the restaurant may appear through the FourTables technology interface.

3. Details of FourTables' own processing activities

Contact request / offer request

Data processed: name, email address, phone number if provided, message content, company/restaurant details and timestamps

Purpose: contact handling, preparing offers, sales communication and follow-up

Legal basis: Article 6(1)(b) and/or Article 6(1)(f) GDPR

Retention: up to 24 months after the offer process is closed, unless a contract is concluded

Cookie consent management

Data processed: consent settings, timestamp and technical identifiers

Purpose: legal compliance and storage of consent preferences

Legal basis: Article 6(1)(c) and/or Article 6(1)(f) GDPR

Retention: typically until consent is withdrawn or until the relevant cookie expires

Analytics and marketing measurement (with consent only)

Data processed: device and browser data, page-view events, campaign parameters, anonymised or pseudonymised measurement data

Purpose: measuring website performance, SEO and campaign effectiveness

Legal basis: Article 6(1)(a) GDPR (consent)

Retention: according to the tools and settings used; the policies of the measurement platforms also apply

System security and server logs

Data processed: IP address, request identifiers, timestamps, error logs and system events

Purpose: security, abuse prevention, troubleshooting and service stability

Legal basis: Article 6(1)(f) GDPR

Retention: for the period required for security and operational purposes, typically for a limited period

Stripe checkout, subscription and billing administration

Data processed: billing name and contact details, billing email, phone number, billing address, tax number / EU VAT number, subscription plan, billing cycle, Stripe customer/subscription/invoice/payment status metadata and webhook event identifiers

Purpose: subscription activation, payment, billing-status tracking, fraud prevention, debt management, support and compliance

Legal basis: Article 6(1)(b), Article 6(1)(c) and Article 6(1)(f) GDPR

Retention: for the duration of the contract and thereafter according to accounting, tax, limitation-period and audit obligations

Contractual / billing administration on the customer side

Data processed: contact details, billing details, transaction and subscription data

Purpose: contract management, invoicing, debt management and legal compliance

Legal basis: Article 6(1)(b) and Article 6(1)(c) GDPR

Retention: according to accounting and tax-law retention obligations

4. Data sources

  • data provided directly by the data subject, including forms, contact requests and admin-account use,
  • technical data provided by the data subject's device and browser,
  • system and event logs generated while using the service,
  • payment or subscription status information received through Stripe Checkout, Stripe customer portal and Stripe webhook events,
  • status information received from other payment or billing providers, where relevant and activated.

5. Processors, recipients and provider categories

FourTables may use processors and technical providers to provide the service. Processors may act only under contract, documented instructions and appropriate technical and organisational guarantees.

  • hosting and application-infrastructure providers, including web/app hosting and database hosting
  • email and communication service providers
  • monitoring, error-tracking and analytics providers
  • Stripe payment, subscription-management and billing infrastructure, if activated
  • other payment or billing providers, if activated
  • development and operations subcontractors under appropriate confidentiality and data-protection terms

Depending on configuration, providers may include hosting, database, email, analytics, monitoring and payment platforms. The actual integrations and providers used depend on the live operational configuration.

5/A. Stripe payment and subscription processes

FourTables' current self-service billing flow may use Stripe Checkout, the Stripe customer portal and Stripe webhooks. In that case, certain personal and transactional data related to payment is processed in Stripe's systems, and FourTables may receive status and metadata required for its own contractual, billing and support purposes.

  • full card data and CVC are typically entered directly on Stripe-hosted pages; FourTables does not store them,
  • FourTables typically processes Stripe customer, subscription, invoice, checkout session and webhook metadata,
  • according to Stripe documentation, Stripe may act as controller in some situations and processor in others.

Stripe's own data processing and role allocation are governed by the Stripe Privacy Policy, the Stripe Privacy Center and, where applicable, the Stripe DPA.

6. International data transfers

Certain technical providers may process data or provide support outside the European Union / EEA, especially in the United States. In such cases, FourTables applies appropriate transfer safeguards under the GDPR, such as adequacy decisions, standard contractual clauses and supplementary technical and organisational measures, depending on the specific provider setup.

7. Cookies and similar technologies

In addition to technical elements necessary for the website to operate, FourTables activates analytics or marketing cookies and similar technologies only on the basis of the data subject's consent. Consent can be given, changed or withdrawn in the cookie banner. Necessary technical settings may operate without consent where required for secure and basic service operation.

8. Data subject rights

Data subjects have the right of access, rectification, erasure, restriction of processing, data portability and objection, and the right to withdraw consent at any time where processing is based on consent. FourTables reviews and responds to requests without undue delay and no later than the deadline required by the GDPR.

Privacy requests may be sent to: sales@fourtables.app.

9. Complaints and remedies

A data subject may lodge a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of work or place of the alleged infringement. In Hungary, the supervisory authority is the Hungarian National Authority for Data Protection and Freedom of Information (NAIH). Current authority information is available at naih.hu.

A data subject may also seek judicial remedy under the GDPR and applicable Hungarian law.

10. Automated decision-making and profiling

In its own processing activities described in this notice, FourTables typically does not apply solely automated decision-making that would produce legal effects concerning the data subject or similarly significantly affect them. Analytics and operational segmentation may occur, but this does not constitute such automated decision-making.

11. Data security

FourTables applies proportionate technical and organisational measures to protect the confidentiality, integrity and availability of data, including access controls, logging, incident handling, permission management and provider security controls.

12. Changes to this notice

FourTables may amend this notice due to legal changes, service development, new processing operations or operational changes. The amended notice becomes effective upon publication unless otherwise stated.