Effective date: 10 January 2026

​

Who we are: Sommelier Systems Pty Ltd (“Sommelier Systems”, “we”, “our”, “us”) provides software applications and services to hospitality venues (e.g., restaurants, bars, cafés) (“Customers”). We operate globally with main operations in Australia and may engage support personnel and software partners located overseas.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our websites, applications (including iOS and Android apps), and related services (collectively, the “Services”).

​

1) The information we collect

We collect personal information in three main contexts:

1. Customer venue operations (B2B):
  - Staff details (name, role, contact info), roster and shift data
  - Transaction records, table bookings/reservations, loyalty program records
  - Device and account identifiers used to access our apps
  - Support tickets, audit logs, and change histories

2. End‑users/guests:
  - Contact information (name, email, phone), booking and dining preferences
  - Payment-related metadata supplied by integrated payment providers (we do not store full card numbers)
  - Feedback, surveys, marketing preferences
 

3. Technical/usage data:

  - App and API event logs, IP address, device type, OS version, app version, crash diagnostics
  - Cookies and similar technologies on our websites and web apps

​

2) Why we collect and how we use your information

​

We process personal information to:
- Provide and operate the Services
- Improve safety, reliability, and performance
- Comply with law and audit requirements
- Facilitate Customer communications and optional marketing
- Research and analytics to improve features

​

3) Legal bases for processing (international users)

​

If Sommelier Systems offers goods/services to individuals in the EU/EEA, we process data under GDPR based on lawful bases (contract, legitimate interests, consent, legal obligation). Transfers outside EEA use Standard Contractual Clauses or other safeguards.

​

4) Cross‑border disclosures and overseas recipients

​

We may disclose personal information to:
- Customer venues
- Our support team and vetted software partners (may be overseas)
- Cloud service providers (Microsoft Azure), payment providers, analytics
- Regulators or advisers where required by law

​

5) Where we host and how we secure data (Azure)

​

Our Services are hosted primarily on Microsoft Azure. Azure employs defence‑in‑depth and maintains compliance certifications (ISO 27001, SOC, PCI DSS). We implement RBAC, MFA, encryption, network segmentation, vulnerability management, and secure development practices.

​

6) Retention

​

We retain personal information only as long as necessary for purposes described, legal obligations, dispute resolution, and enforcement. When no longer needed, we de‑identify or securely destroy data.

​

7) Your rights

​

Depending on where you live:
- Access and correction (APP 12 & 13)
- EU/EEA users: rights to access, rectification, erasure, restriction, portability, and objection

​

8) Direct marketing and consent

​

We may send updates and marketing communications if you consent or if permitted by law. You can opt out anytime.

​

9) iOS & Android app disclosures (store listings)

​

Apple App Store: include App Privacy details and ATT prompts.
Google Play: include Data safety section and Privacy Policy URL.

​

10) Cookies and similar technologies

​

We use cookies, SDKs, and similar technologies to operate websites and apps, remember preferences, measure performance, and improve features.

​

11) Children

​

Our Services are for hospitality businesses and general audiences. We do not knowingly collect data from children under local minimum ages without parental consent.

​

12) How to contact us

​

Privacy Officer: privacy@sommelier.systems
Postal: Sommelier Systems Pty Ltd, [insert address], Australia

​

13) Complaints (Australia)

​

If you have a privacy complaint, contact our Privacy Officer. If unsatisfied, you can lodge a complaint with the OAIC.

​

14) Changes to this policy

​

We may update this Privacy Policy to reflect changes to practices, technologies, or legal requirements. Updates will be posted on our website.