Privacy Policy

1. Scope, Ownership, and Data Roles

DineFlix Restaurant CRM is operated by Bizflix Global Limited and made available through https://dineflix.co.uk and https://crm.dineflix.co.uk.

For restaurant guest/customer data, the restaurant using DineFlix is typically the Data Controller. DineFlix acts as a Data Processor and processes such data only on the restaurant's documented instructions.

For account administration, billing, product analytics, security logging, and platform operations, Bizflix Global Limited acts as a Data Controller.

DineFlix does not sell personal data to third parties.

2. Information We Collect

Account and Business Information

Account holder and team user names, emails, phone numbers, and roles
Restaurant profile details, branch information, and operational settings
Subscription, billing, invoice, and payment reference data

Restaurant Customer Data (Processor Scope)

Guest names, phone/email details, preferences, and CRM tags
Reservations, visit history, loyalty activity, and campaign interactions
Communication metadata including WhatsApp message events where enabled

Technical and Security Data

IP address, browser/device details, log files, and diagnostics
Authentication events, audit logs, and API usage records
Cookie and similar technology signals described in Section 7

3. How We Use Data and Legal Bases

Service Delivery

Provide CRM, reservations, loyalty, and marketing workflow features
Manage tenant accounts, roles, and authentication
Generate business analytics and reports

Communications

Send transactional notifications and support responses
Enable customer communication channels including WhatsApp
Send product updates and service advisories

Improvement and Security

Monitor performance, reliability, and misuse prevention
Improve products through aggregated usage trends
Investigate incidents and maintain auditability

GDPR Legal Bases

Contract performance
Legitimate interests for security and service quality
Consent where required for marketing or optional tracking
Compliance with legal obligations

4. WhatsApp Business API and Meta App Disclosure

Opt-In Messaging Requirements

DineFlix enables restaurants to send WhatsApp messages only to users who have provided valid opt-in consent under applicable laws and WhatsApp policy requirements.

WhatsApp messaging is used only after opt-in and for approved business purposes.
Users can opt out at any time (for example STOP/UNSUBSCRIBE where supported).
Restaurants are responsible for lawful consent collection and message purpose limitation.

Meta and WhatsApp Processing

Message content and metadata may be processed by Meta/WhatsApp and authorized messaging infrastructure partners according to their own terms and privacy policies.

Prohibited Use

DineFlix does not permit spam, unlawfully sourced contacts, or prohibited messaging categories under WhatsApp Business policy.

5. Third-Party Service Providers and Sharing

We Do Not Sell Your Data

We never sell, rent, or trade personal information or restaurant customer data to third parties.

Service Providers

We use vetted processors and subprocessors for:

• Cloud hosting, storage, backup, and infrastructure
• Payment processing and billing
• Email, messaging, and WhatsApp delivery integrations
• Security monitoring and analytics

Controller Instructions

For restaurant customer data, DineFlix processes data on behalf of and under instructions from each restaurant controller.

Legal and Corporate Events

We may disclose information where legally required or in connection with merger, acquisition, or restructuring, subject to lawful safeguards.

6. Cookies and Tracking Technologies

Necessary cookies: login sessions, security, and core functionality.
Analytics cookies: performance and product improvement.
Preference cookies: user interface and language preferences.

Where required by law, non-essential tracking is enabled only with consent. You can control cookies using browser settings and site controls.

7. Data Retention

We retain data only for as long as necessary for service delivery, security, and legal compliance.
After account termination, production data is typically removed or anonymized within 30 days unless longer retention is required by law.
Encrypted backups may remain for up to 90 days before automatic overwrite.

8. Security and Compliance

Security Controls

We maintain technical and organizational measures designed to protect confidentiality, integrity, and availability of personal data.

Encryption

Encryption in transit and at rest where applicable.

Access Controls

Role-based access and authentication controls.

Monitoring

Security and operational monitoring with audit logs.

Backups

Automated backups and recovery procedures.

Incident Response

Procedures for triage, remediation, and notifications.

Compliance

Practices aligned with GDPR and SaaS data standards.

9. Your Rights and Data Deletion Requests

Rights Under GDPR and Similar Laws

You may have rights to access, correction, deletion, portability, objection, restriction, and consent withdrawal.

How Customers Request Deletion

If you are a restaurant customer, contact the restaurant first, since it is usually the data controller. DineFlix will assist controllers in handling deletion requests.

Direct Requests to DineFlix

Submit requests to support@dineflix.com. We generally respond within 30 days, subject to identity verification and legal requirements.

Messaging Opt-Out

Users may opt out of promotional messaging at any time through available unsubscribe methods, including WhatsApp opt-out instructions where supported.

10. Contact and Company Information

For privacy questions, compliance requests, or data deletion support, contact:

Privacy Contact

support@dineflix.com

https://dineflix.co.uk

https://crm.dineflix.co.uk

Legal Entity

Parent Company: Bizflix Global Limited

Location: United Kingdom

Platform: DineFlix Restaurant CRM

Quick Navigation