Privacy Policy

Last updated: 1 January 2024

This Privacy Policy explains how Octa Cloud ("we", "us", "our") collects, uses and protects your personal data when you use our website and software services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully before using our services. By using the Octa Cloud platform or website, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Octa Cloud (operated by OCTA CLOUD LTD, registered in England and Wales) is a software company providing subscription-based restaurant software to independent restaurants and hospitality businesses in the United Kingdom.

For the purposes of UK GDPR, Octa Cloud is the data controller for personal data collected through our website and software platform.

You can contact us regarding data protection matters at: [email protected]

2. What Data We Collect

We collect the following categories of personal data:

2.1 Account and Business Data (Restaurant Customers)

• Business name, trading name and address
• Contact person name, email address and phone number
• Billing information (processed securely by our payment provider — we do not store card details)
• Login credentials (username and encrypted password)
• Subscription plan and account settings

2.2 Website Usage Data

• IP address and browser type
• Pages visited and time spent on pages
• Referring URL and device type
• Cookie data (see Section 7)

2.3 Contact and Enquiry Data

• Name, restaurant name, email address and phone number submitted through contact forms
• Content of messages and enquiries sent to us

2.4 Platform Usage Data

• Feature usage logs and activity within the Octa Cloud platform
• Menu configuration and order data (held on behalf of restaurant customers)
• Support tickets and communications

3. How We Use Your Data

We use the personal data we collect for the following purposes:

3.1 To Provide Our Services

• To create and manage your Octa Cloud account
• To deliver the software platform and all features included in your subscription
• To process your annual subscription payments
• To provide customer support and respond to enquiries

3.2 To Manage Our Business Relationship

• To send subscription invoices, receipts and billing communications
• To notify you of platform updates, maintenance windows and important service information
• To manage account renewals and cancellations

3.3 To Improve Our Platform

• To analyse platform usage and identify areas for improvement
• To conduct internal research and product development
• To monitor platform performance and security

3.4 To Comply with Legal Obligations

• To maintain records required by law
• To respond to legal requests and regulatory requirements
• To prevent fraud and misuse of our services

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract: Processing necessary to perform our subscription agreement with you — including account management, software delivery and billing.
• Legitimate interests: Processing necessary for our legitimate business interests — including platform improvement, security monitoring and fraud prevention — where these interests are not overridden by your rights.
• Consent: Where you have given us explicit consent, such as for marketing communications. You may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable law and regulatory requirements.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Account data: Retained for the duration of your subscription and for 7 years after termination (for accounting and legal purposes).
• Billing records: Retained for 7 years in accordance with HMRC requirements.
• Contact enquiries: Retained for 2 years from the date of enquiry.
• Website usage data: Retained for 13 months from collection.
• Support communications: Retained for 3 years from the date of resolution.

Where data is no longer needed for its original purpose, we securely delete or anonymise it.

6. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete data.
• Right to erasure: You may request that we delete your personal data in certain circumstances.
• Right to restrict processing: You may request that we restrict the way we process your data in certain circumstances.
• Right to data portability: You may request that we provide your data in a structured, machine-readable format.
• Right to object: You may object to processing based on our legitimate interests.
• Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated means that significantly affect you.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

7. Cookies

Our website uses cookies to improve your experience. Cookies are small text files stored on your device by your web browser.

7.1 Types of Cookies We Use

• Essential cookies: Required for the website and platform to function correctly. These cannot be disabled.
• Analytics cookies: Help us understand how visitors use our website, so we can improve it. Used with your consent.
• Preference cookies: Remember your settings and preferences for a better experience.

7.2 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information on how to manage cookies, visit your browser's help documentation.

7.3 Third-party Cookies

We may use third-party analytics tools (such as Google Analytics) that set their own cookies. These tools are used to help us analyse website usage in aggregate form. We configure these tools in accordance with data minimisation principles and do not share personally identifiable information with analytics providers.

8. Sharing Your Data

We do not sell your personal data to third parties. We may share your data with:

• Payment processors: To process your annual subscription payments securely. Our payment processor is responsible for the security of payment card data, which we do not store.
• Cloud infrastructure providers: Our platform is hosted on secure cloud infrastructure. Hosting providers process data on our behalf under appropriate data processing agreements.
• Customer support tools: We use professional software tools to manage customer support communications, subject to appropriate data processing agreements.
• Legal and regulatory authorities: Where required by law, regulation or court order.

All third parties who process data on our behalf are required to comply with UK GDPR and are bound by data processing agreements.

9. International Data Transfers

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including the use of the UK International Data Transfer Agreement or adequacy decisions.

10. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction or damage, including:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Access controls and authentication requirements
• Regular security reviews and vulnerability assessments
• Staff training on data protection responsibilities

11. Subscription Billing

Octa Cloud charges restaurants an annual software subscription fee. Billing information is collected and processed by our payment provider. We retain records of subscription payments for accounting and legal compliance purposes.

Octa Cloud does not process, hold or settle customer payments on behalf of restaurants. Our billing relationship is solely between Octa Cloud and our restaurant subscribers. We are not a payment processor, money transmitter or financial institution.

12. Children's Privacy

Our services are intended for business use by restaurants and hospitality operators. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify existing customers of material changes by email. The date of the most recent update is shown at the top of this page.

14. How to Complain

If you are unhappy with how we handle your personal data, please contact us first at [email protected] so we can try to resolve your concern.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

• Website: ico.org.uk
• Helpline: 0303 123 1113

15. Contact Us

For any questions about this Privacy Policy or your personal data, please contact us:

• Email: [email protected]
• Post: Octa Cloud, London, United Kingdom