GDPR
Last updated: May 2026
reserveme.ai operates in accordance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP). This page explains how we meet our obligations, how to exercise your rights, and how we handle international transfers and sub-processor changes. It is a summary of the Data Processing Addendum (DPA) offered to every Customer at contracting.
1. Legal framework
The Platform is operated by Reservingtech OĂś (Estonian registry code 17199141). Our processing complies with the GDPR, the Swiss FADP and, for UK-origin data, the UK GDPR. In the event of conflict between this summary and the executed DPA, the DPA prevails.
2. Our roles
When you visit our marketing website, contact us or sign up for a trial, we act as data controller. When a Customer uses the Platform to manage its fleet, send quotations, run outbound communications or deploy the Widget, the Customer is the controller and we act as processor, strictly on the Customer's documented instructions.
3. Your rights under the GDPR and FADP
Data subjects may exercise the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21) and to not be subject to solely automated decisions with legal or similarly significant effect (Art. 22). You may also lodge a complaint with a supervisory authority — in Estonia the Andmekaitse Inspektsioon, in Switzerland the FDPIC.
4. How to exercise your rights
Where we process your data on behalf of a Customer, please submit your request directly to that Customer; we will assist them to respond within the timelines required by law. Where we process your data as controller — for example if you contacted us or created a trial — write to privacy@reserveme.ai. We may ask for reasonable information to verify your identity before acting on a request.
5. Data Processing Addendum
We make an Article 28 GDPR Data Processing Addendum available to every Customer. The DPA defines the subject matter, duration, nature, purpose and categories of personal data processed; the obligations of reserveme.ai as processor; sub-processor engagement rules; audit assistance; and deletion at the end of the service. Customers can obtain the current DPA by writing to privacy@reserveme.ai.
6. International transfers
Personal data is processed in the European Economic Area, Switzerland, the United Kingdom and in countries covered by an adequacy decision. Where personal data is transferred outside those areas, we rely on the EU Standard Contractual Clauses (2021), supplemented by the Swiss FDPIC addendum for transfers from Switzerland and the UK International Data Transfer Addendum for transfers from the United Kingdom.
7. Sub-processors and change notices
We engage sub-processors for cloud infrastructure, AI inference, payments, messaging (email, WhatsApp, SMS), error monitoring and support/CRM. The current register is published on our Security page. We give Customers at least 14 days' notice of the addition or replacement of any sub-processor, during which Customers may object on reasonable data-protection grounds.
8. Breach notification
If we become aware of a Personal Data Breach affecting Customer Data, we notify the affected Customer without undue delay and in any event within 72 hours, including the nature of the breach, the categories and approximate number of data subjects and records concerned, the likely consequences, and the measures taken or proposed to address it. Suspected incidents can be reported to security@reserveme.ai.
Privacy contact
For GDPR requests, DPA access or any data-protection question, reach our privacy team.
privacy@reserveme.ai