This Data Processing Agreement (“Agreement”) forms part of the Terms & Conditions and applies to the processing of personal data by RMS France in the context of providing its Restaurant Management System services.

This Agreement is established in accordance with Article 28 of the General Data Protection Regulation (GDPR).

Data Controller:
The customer (restaurant, business, or organization) using RMS France services.

Data Processor:
RMS France
Address: Caen 14000, France
Email: info@rmsfr.com

RMS France processes personal data solely for the purpose of providing, maintaining, and improving its Restaurant Management System platform, including but not limited to:

·        Order management

·        Reservation management

·        POS operations

·        Customer management

·        Staff and delivery management

·        Reporting and analytics

RMS France does not process personal data for any purpose other than those instructed by the Data Controller.

Depending on the services used, the following categories of personal data may be processed:

·        Customer identification data (name, phone number, email)

·        Order and reservation data

·        Payment references (no storage of full card details)

·        Staff data (name, role, schedules, permissions)

·        Delivery-related information

·        Technical data (IP address, device logs, usage logs)

·        Restaurant customers

·        Restaurant staff and delivery personnel

·        Authorized users and administrators

RMS France processes personal data only:

·        On documented instructions from the Data Controller

·        In compliance with applicable EU and French data protection laws

If RMS France believes an instruction violates GDPR, it will inform the Data Controller without undue delay.

RMS France ensures that all persons authorized to process personal data:

·        Are bound by confidentiality obligations

·        Receive appropriate data protection training

RMS France implements appropriate technical and organizational measures to protect personal data, including:

·        Secure authentication and access controls

·        Role-based permissions

·        Encrypted data transmission

·        Regular system monitoring

·        Backup and recovery mechanisms

These measures are designed to protect data against unauthorized access, loss, or disclosure.

RMS France may engage subprocessors to deliver certain technical services (e.g. hosting, payment processing, SMS services).

·        Subprocessors provide sufficient GDPR-compliant safeguards

·        Subprocessors are bound by data protection obligations equivalent to this Agreement

A list of subprocessors may be provided upon request.

Where personal data is transferred outside the European Economic Area (EEA), RMS France ensures appropriate safeguards are in place, including:

·        EU Standard Contractual Clauses (SCCs), where applicable

RMS France assists the Data Controller in fulfilling GDPR obligations related to:

·        Right of access

·        Right to rectification

·        Right to erasure

·        Right to restriction

·        Right to data portability

·        Right to objection

Requests are handled without undue delay.

In the event of a personal data breach, RMS France will:

·        Notify the Data Controller without undue delay

·        Provide relevant information to support legal obligations under GDPR

Upon termination of services, RMS France will:

·        Delete or return all personal data to the Data Controller

·        Retain data only where legally required

RMS France makes available all information necessary to demonstrate compliance with this Agreement and GDPR.

Reasonable audits may be conducted by the Data Controller, subject to prior notice and confidentiality obligations.

Each party is responsible for its own compliance with GDPR obligations.
 RMS France shall not be held liable for data processing activities carried out by the Data Controller in violation of GDPR.

This Agreement is governed by French law.
Any disputes shall fall under the exclusive jurisdiction of the courts of France.

For all data protection matters, contact:

Email: info@rmsfr.com
Address: Caen 14000, France