Rapid-Res
Same restaurants, just quicker

Privacy Policy

At Rapid‑res (“Rapid‑res”, “we”, “us”, “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share and protect your information when you use our website, mobile apps, and platform services (collectively, the “Services”). It also explains the rights you have under UK data‑protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Rapid‑res Ltd is the data controller responsible for your personal data.

  • Registered office: 11 The Office Village, North Road, Loughborough, Leicestershire, LE11 1QJ, United Kingdom
  • Company number: 15787797
  • Email: hello@rapid‑res.com

Personal Data We Collect

We process the following categories of personal data: • Identity data – name, title. • Contact data – email, phone number, billing/delivery address. • Booking data – restaurant chosen, date/time, party size, menu selections, dietary notes. • Payment data – last four digits of card, transaction ID (processed by Stripe; Rapid‑res never stores full card details). • Technical data – IP address, device/browser type, cookies. • Marketing preferences – opt‑in/opt‑out choices.

How We Use Your Data & Lawful Basis

We only process personal data when a lawful basis applies:

  • To create and manage your account (Contract).
  • To process bookings, pre‑orders and payments (Contract).
  • To send service emails/SMS (e.g., booking confirmations) (Legitimate Interest).
  • To share order details with the chosen restaurant (Contract).
  • To improve and secure our Services (Legitimate Interest).
  • To send marketing communications if you have opted in (Consent).

Cookies & Tracking

We use cookies and similar technologies to remember preferences, analyse site traffic and tailor content. You can manage cookies via your browser settings. See our separate Cookie Notice for details.

A cookie is also used for authentication purposes which contains a signed token with a one hour expiry, this token contains the user’s unique identifier, name and email address.

Who We Share Your Data With

  • Restaurants to fulfil your booking and order.
  • Stripe (payment processor) for secure transactions.
  • Trusted IT vendors (hosting, analytics) under data‑processing agreements.
  • Regulators or authorities where required by law.

We never sell your personal data.

International Transfers

If we transfer data outside the UK, we ensure appropriate safeguards are in place (e.g., UK IDTA, SCCs) to protect your information.

Data Security

We apply technical and organisational measures (encryption in transit, access controls, regular penetration testing) to keep data secure. Our data resides within cloud services which are all geographically located within the UK. Production access is limited to relevant staff members with stringent security protocols and all access to production data is audited.

Data Retention

We keep personal data only for as long as necessary to fulfil the purposes outlined above, including any legal, accounting, or reporting requirements. Typically, booking data is retained for seven years for tax purposes, after which it is anonymised or deleted.

Retention of User Data

We retain personal data collected through Facebook (e.g., app-scoped IDs, names and email) only as long as necessary to facilitate our application with “login with Facebook” functionality.

Unless ongoing business needs or legal requirements arise, the data is deleted as soon as it is no longer necessary. In general, data no longer actively used by our app will be purged promptly—normally within 120 days of its last required use (subject to legal obligations).

Users can have their data deleted via a manual request to hello@rapid-res.com. We will acknowledge their request, provide a confirmation number, and complete deletion within 30 days. We will also notify the user of completion of the data removal and they can use the confirmation number to track the progress of the deletion of their data.

If any data cannot be deleted due to legal obligations (e.g., tax, fraud, or litigation defences), we will notify the user, retain only the minimum required data, and maintain proof of the legal basis for retention.

Deletion of Facebook Platform Data

In line with Meta's Platform Terms (Section 3.d), we will delete all Facebook-provided Platform Data when:

  • It is no longer needed for legitimate business purposes;
  • A user requests deletion, or deletes their account;
  • We cease operation of the app;
  • Meta explicitly requests deletion;
  • It is required by law; or when data was received in error

Your Rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure (“right to be forgotten”).
  • Restrict or object to processing in certain circumstances.
  • Data portability.
  • Withdraw marketing consent at any time.

To exercise any of these rights, contact us at hello@rapid‑res.com. We will respond within one week.

Complaints

If you have concerns about our use of your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Changes to this Policy

We may update this Privacy Policy from time to time. Any material changes will be notified via our website or email.