Data Processing Agreement

This DPA applies where a business customer is the controller and ARNAUTCODE, operator of QRest, processes guest or employee data on its behalf.

1. Subject matter

Processing covers QR-menu hosting, orders, waiter calls, support, security, backups, and enabled features during the account term.

2. Data and people

Data may include names, contacts, orders, tables, addresses, notes, and technical identifiers relating to guests, employees, and customer contacts.

3. Our obligations

• follow documented instructions;
• maintain confidentiality and reasonable safeguards;
• assist with data-subject requests and incidents;
• delete or return data according to contract and law;
• impose suitable duties on subprocessors.

4. Customer obligations

The customer ensures a lawful basis, gives required notices, handles individual rights, controls staff access, and ensures lawful data and instructions.

5. Incidents and contact

We will notify the customer of a confirmed breach without undue delay. For a signed version, contact privacy@qrest.app.