top of page
Sommelier white logo .png

Privacy Policy For sommelier.cloud

Effective Date: 1 April 2026

1. Introduction

Sommelier Systems Pty Ltd (“Sommelier Systems”, “we”, “our”, “us”) provides software applications and services to hospitality venues (e.g., restaurants, bars, cafés) (“Customers”). We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our websites, applications (including iOS and Android apps), and related services (collectively, the “Services”).

2. The Information We Collect

We collect personal information in three main contexts:

  • Customer Venue Operations (B2B): Staff names, roles, contact information, roster and shift data, device/account identifiers, support tickets, audit logs, and change histories.

  • End-Users / Guests: Contact information (name, email, phone), booking/dining preferences, feedback, and marketing preferences.

  • Technical & Usage Data: IP addresses, device types, OS version, app version, crash diagnostics, and API event logs.

  • Payments: We process payment-related metadata via integrated providers. We do not store full credit card numbers.

3. Why We Collect and How We Use Your Information

We process data to:

  • Provide and operate the Services for hospitality venues.

  • Facilitate communications between Customers and Guests.

  • Improve safety, reliability, and app performance.

  • Conduct research and analytics to develop new features.

  • Facilitate optional marketing. You may opt-out of marketing communications at any time using the 'unsubscribe' link in our emails.

  • Comply with legal requirements and audit obligations.

4. Legal Bases for Processing (International Users)

For individuals in the EU/EEA, we process data under the GDPR based on:

  • Contract: To provide the services you requested.

  • Legitimate Interests: To improve our platform and maintain security.

  • Consent: Where you have explicitly opted-in.

  • Legal Obligation: To comply with tax or regulatory laws.

5. Cross-Border Disclosures & Overseas Recipients

We may disclose personal information to:

  • Customer Venues: Where you make a booking.

  • Global Support: Our vetted software partners and staff located overseas.

  • Service Providers: Microsoft Azure (Cloud), payment gateways, and analytics tools.

  • Law Enforcement: Where required by law or to protect our legal rights.

  • Note: We use Standard Contractual Clauses (SCCs) to ensure data remains protected during international transfers.

6. Data Security & Hosting (Azure)

Our Services are primarily hosted on Microsoft Azure, which follows strict security protocols (ISO 27001, SOC, PCI DSS).

  • Our Measures: We implement Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), end-to-end encryption, and regular vulnerability scans.

  • Data Breach: In the event of a data breach, we will notify affected individuals and relevant authorities as required by applicable law.

7. Retention & De-identification

We retain information only as long as necessary for the purposes outlined. Once no longer needed, we will securely destroy or de-identify the data so it can no longer be linked to you.

8. Children’s Privacy

Our Services are intended for a general audience. We do not knowingly collect personal information from children under the local minimum age (e.g., 13 or 16) without parental consent. If we find such data, we delete it immediately.

9. Your Rights

Depending on your location, you have the following rights:

  • Australia (APP): Access and correction of your data.

  • EU/EEA (GDPR): Rights to erasure, restriction of processing, data portability, and the right to object.

  • California (CCPA/CPRA): The right to know what data is collected and to opt-out of the "sale" of personal info.

10. Cookies and Similar Technologies

We use both session cookies (which expire when you close your browser) and persistent cookies (which stay on your device until deleted) to:

  • Remember your login sessions.

  • Understand how you use our apps and improve performance.

  • You can manage cookie settings through your browser or device settings.

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of those external sites.

12. App Store Disclosures

  • iOS: We comply with Apple’s App Privacy details and App Tracking Transparency (ATT).

  • Android: We provide a transparent Data Safety section as per Google Play policies.

13. Contact Us & Complaints

If you have questions or a complaint regarding your privacy, please contact:

Privacy Officer

Email: privacy@sommelier.systems

Postal: Sommelier Systems Pty Ltd, Unit 1A, 188 Carrington Street, Adelaide, SA 5000, Australia.

For Australian residents: If unsatisfied, you may contact the OAIC at www.oaic.gov.au.

14. Changes to This Policy

  • We may update this policy periodically. The "Effective Date" at the top will indicate when the latest changes were made.

bottom of page