Privacy Policy
Last updated: 2026-02-12
1. General Provisions
This privacy policy sets out how TableSpot (hereinafter "We", "TableSpot", "Data Controller"), operating via the website tablespot.online, collects, uses, stores and discloses your personal data when you use our services: table reservation, order placement, payment processing and other related functions.
We process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other applicable legislation.
By using our website and services, you confirm that you have read this privacy policy and agree to the data processing conditions described herein.
2. What Personal Data We Collect
2.1. Reservation Data
When you make a table reservation, we collect the following data:
- First and last name
- Email address
- Phone number
- Reservation details (date, time, number of guests, selected table, special requests)
2.2. Payment Data
We do not directly collect or store payment card data (card number, expiration date, CVV code). Payments are processed by third-party payment service providers:
- Stripe – Stripe — an international payment platform that processes card payments (Visa, Mastercard, American Express, etc.). Stripe acts as an independent data controller with regard to your payment data. Stripe Privacy Policy.
- Paysera – Paysera — a payment service provider (Paysera LT, UAB, company code 300060819) that processes payments via bank links, electronic wallets and other payment methods. Paysera is licensed by the Bank of Lithuania and operates under the EU Payment Services Directive (PSD2). Paysera processes your payment data as an independent data controller in accordance with its privacy policy.
From payment service providers, we may only receive limited information about the payment status (whether the payment was successful), the payment amount and a unique transaction identifier. We do not store or have access to your full payment card data or bank account information.
2.3. Order Data
When you place an order through our platform, we additionally collect:
- Order contents (selected dishes, quantities)
- Order amount and payment method
- Order status and history
2.4. Technical Data
We automatically collect certain technical data when you visit our website:
- IP address
- Browser type, version and language settings
- Device type (computer, mobile phone, tablet)
- Visit date and time
- Pages viewed and referral sources
3. Data Processing Purposes and Legal Bases
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Reservation management and confirmation | Contract performance (Art. 6(1)(b)) |
| Payment processing via Stripe / Paysera | Contract performance (Art. 6(1)(b)) |
| SMS / email reminders about reservations | Legitimate interest (Art. 6(1)(f)) |
| Marketing messages and offers | Consent (Art. 6(1)(a)) |
| Website operation and improvement | Legitimate interest (Art. 6(1)(f)) |
| Fulfillment of legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Payment Processing
4.1. Payments via Stripe
Stripe processes card payments. When you choose to pay by card, you are redirected to a secure Stripe payment form. Stripe is PCI DSS Level 1 certified — the highest payment card data security standard. Your card data is encrypted and transmitted directly to Stripe servers. We never see or store your full card details.
4.2. Payments via Paysera
Paysera processes payments via e-banking, payment cards and other payment methods. When you choose to pay via Paysera, you are redirected to the Paysera payment page, where you make the payment directly through your bank or chosen payment method.
As a payment service provider, Paysera is required to identify the payer and verify transactions in accordance with EU anti-money laundering and terrorist financing prevention legislation. Paysera may process the following payment-related data:
- Payment transaction data (amount, date, time, transaction number)
- Payment card data (card type, last 4 digits) — when paying by card via Paysera
- Payer's bank name and account identifier
- IP address at the time of payment
Paysera retains payment transaction data for 10 years after the end of the business relationship, as required by the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania.
More information about data processing by Paysera can be found in the Paysera Privacy Policy.
4.3. Payment Data Security
All payments are made via encrypted SSL/TLS connections. Payment service providers (Stripe and Paysera) are responsible for the security of payment card and bank data in accordance with PCI DSS standards and the EU Payment Services Directive (PSD2), including Strong Customer Authentication (SCA).
5. Cookie Policy
Our website uses cookies — small text files stored in your browser when you visit our website. Cookies help ensure website functionality, improve user experience and analyse website traffic.
5.1. Essential Cookies
These cookies are essential for the website to function and cannot be disabled. They are used for core functions such as page navigation, session management and access to protected areas of the website.
| Cookie | Purpose | Duration |
|---|---|---|
| __session | User authentication and session management | Session |
| __clerk_db_jwt | Authentication token (JWT) | Session |
| locale | Saving selected language preference | 1 year |
| cookie_consent | Saving your cookie preferences | 1 year |
5.2. Analytics Cookies
These cookies help us understand how visitors use our website by collecting anonymous information about visits.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Google Analytics | Website traffic analysis and statistics | 2 years |
5.3. Third-Party Cookies
When using payment services, Stripe and Paysera may set their own cookies on their domain websites during the payment process. These cookies are managed by the respective providers and are subject to their privacy policies.
5.4. Cookie Management
You can manage and delete cookies in your browser settings. Please note that disabling essential cookies may prevent some website features from working properly. You can find information about cookie management in your browser's help section:
6. Data Retention Periods
| Data Category | Retention Period |
|---|---|
| Reservation data | 2 years from the reservation date or until account deletion |
| Order data | 3 years (per accounting requirements) |
| Payment transaction information | Per payment provider policy (Stripe / Paysera — up to 10 years) |
| Technical logs | 90 days |
| Marketing consents | Until withdrawal |
7. Data Transfers to Third Parties
We may transfer your personal data to the following data recipients, only to the extent necessary for providing our services:
| Recipient | Purpose | Data Location |
|---|---|---|
| Stripe, Inc. | Card payment processing | EU / USA (with standard contractual clauses) |
| Paysera LT, UAB | Payment processing via bank links and cards | EU (Lithuania) |
| Convex, Inc. | Cloud database and server infrastructure | EU / USA (with standard contractual clauses) |
| Twilio, Inc. | SMS message delivery | EU / USA (with standard contractual clauses) |
| Resend | Email message delivery | EU / USA |
When personal data is transferred outside the EU/EEA, we ensure an adequate level of data protection by using European Commission-approved Standard Contractual Clauses (SCCs) or other GDPR-compliant safeguards.
8. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR) you have the following rights:
- Right of access — to obtain information about what data of yours is being processed and how it is used.
- Right to rectification — to request that inaccurate or incomplete data be corrected.
- Right to erasure ("right to be forgotten") — to request that your data be deleted when it is no longer necessary for the purposes for which it was collected.
- Right to restrict processing — to request that the processing of your data be restricted, for example while the accuracy of the data is being verified.
- Right to data portability — to receive your data in a structured, commonly used and machine-readable format.
- Right to object — to object to data processing for direct marketing purposes.
- Right to withdraw consent — to withdraw previously given consent to data processing at any time.
- Right to lodge a complaint — to contact the State Data Protection Inspectorate (vdai.lrv.lt), if you believe your data is being processed unlawfully.
To exercise your rights, write to us at info@tablespot.lt. We will respond within 30 calendar days of receiving your request.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration or destruction:
- SSL/TLS encryption for all data transmission
- Payment data processed by PCI DSS certified providers (Stripe, Paysera)
- Access control and authentication
- Regular security review
- Database encryption at rest
10. Data of Minors
Our services are not intended for persons under 16 years of age. We do not knowingly collect personal data of minors. If we learn that we have collected data of a minor without parental or guardian consent, we will take steps to delete such data.
11. Changes to the Privacy Policy
We may update this privacy policy at any time. We will inform you of significant changes by publishing an updated version on our website with a new "Last updated" date. We recommend reviewing this policy periodically.
12. Contact Information
If you have questions about this privacy policy, the processing of your personal data, or wish to exercise your rights, please contact us:
- Email: info@tablespot.lt
- Website: tablespot.online
For matters related to Paysera payment data processing, you can contact the Paysera Data Protection Officer directly: dpo@paysera.com
For matters related to Stripe payment data processing, you can contact Stripe directly: stripe.com/privacy