Privacy Policy

Last updated: September 16, 2024

Introduction

At MENUSUITE.com, your privacy is of utmost importance to us. This Privacy Policy outlines how we collect, use, and protect your personal information when you visit our website and use our online QR menu product. By using our website and online QR menu, you consent to the data practices outlined in this policy.

1. Information Collection and Use

When you visit our website, we may collect the following types of information:

a. Personal Information: This includes any information you voluntarily provide us with, such as your name, email address, and phone number when you fill out a contact form, sign up for our email marketing, or make a purchase on our website.
b. Usage Information: This includes data about your browsing behavior, the device you use to access our website, and your IP address.
c. Cookies: We use cookies to remember your preferences and previous orders, enhance your user experience, and display relevant ads. You can change your browser settings to refuse cookies or alert you when a cookie is being sent. However, some parts of our website may not function properly without cookies.
d. IP address, Location, Country, Region and City: We use MaxMind.com to collect and process geographic location data from website visitors. We use this information to provide location-based services to our website visitors, analyze website traffic and improve our website's functionality and prevent fraudulent transactions. We do not sell or rent this information to third parties.

2. Lawful Basis for Processing

We process your personal information based on the following legal grounds under the GDPR:

a. Consent (Article 6(1)(a) GDPR): When you voluntarily provide personal information, such as when filling out contact forms or subscribing to marketing communications, we process this data based on your consent. You have the right to withdraw your consent at any time.

b. Contract Performance (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which you are a party, such as when you make a purchase or create an account on our website.

c. Legal Obligation (Article 6(1)(c) GDPR): We may process your data to comply with legal obligations, such as tax and accounting requirements.

d. Legitimate Interests (Article 6(1)(f) GDPR): We process certain data to pursue our legitimate interests, such as improving our services, preventing fraud, and securing our systems. We ensure that these interests do not override your fundamental rights and freedoms.

3. Information Sharing

We engage with GDPR-compliant third-party processors, including Google Analytics, WooCommerce, and others. We review the compliance of these third parties regularly to ensure they continue to meet GDPR standards. You can review their data processing practices through their privacy policies.

4. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption: We use SSL encryption to protect data transmitted over the internet.
Access Controls: Access to personal data is restricted to authorized personnel who need it for their job functions.
Regular Testing: We regularly test and evaluate the effectiveness of our security measures.
Anonymization and Pseudonymization: When possible, we anonymize or pseudonymize personal data to minimize the risk in case of unauthorized access.

5. Data Breach Notification

In the event of a data breach involving your personal information, we will notify you and the relevant authorities within 72 hours, as required by GDPR. We will also take measures to mitigate the impact and prevent future breaches.

6. Data Portability

Upon request, we will provide your personal information in a structured, commonly used, and machine-readable format, enabling you to transfer your data to another service provider.

7. Your Rights and Choices

Under the GDPR, you have the following rights regarding your personal information:

a. Right of Access: You have the right to request confirmation as to whether we process your personal data and access to the personal data we hold about you.

b. Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.

c. Right to Erasure (“Right to be Forgotten”): You have the right to request the deletion of your personal data under certain conditions.

d. Right to Restrict Processing: You can request that we limit the processing of your personal data under specific circumstances.

e. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

f. Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

g. Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

h. Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of these rights, please:

Contact Us: You can reach out via our contact form on the website or through the Crisp Chat service. Please specify which rights you wish to exercise and provide sufficient information for us to process your request.
Verification: We may need to verify your identity before processing your request to ensure that your personal data is protected from unauthorized access.
Response Time: We will respond to your request within one month of receipt. If necessary, this period can be extended by two further months, in which case we will inform you of the extension and the reasons for the delay.

8. Right to Lodge a Complaint

If you have any concerns about our processing of your personal data, you have the right to lodge a complaint with the Hellenic Data Protection Authority or your local supervisory authority.

Contact Information:
Hellenic Data Protection Authority
Website: www.dpa.gr
Address: Kifisias Ave. 1-3, 115 23, Athens, Greece
Phone: +30-210 6475600
Email: contact@dpa.gr

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA), including the USA, where data protection laws may differ from those in your country. In such cases, we ensure that appropriate safeguards are in place to protect your personal data, including:

Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission, which provide safeguards for personal data transferred outside the EEA.

You can request more information about the safeguards we have in place for international data transfers by contacting us.

10. Compliance with GDPR and CCPA

We strive to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to ensure that your personal information is protected.

11. Data Protection Officer

The Data Protection Officer (DPO) is responsible for ensuring GDPR compliance and serves as the point of contact for data protection issues. The DPO team consists of members from MENUSUITE who have access to the back office of MENUSUITE.com and you can contact us through contact page that is consistently monitored.

12. Contact Information

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at:

MENUSUITE
General Commercial Registry (ΓΕΜΗ): 171333806000
13 Papadaki Str, 54248
Thessaloniki, Greece

Please use contact form to contact us.

13. Governing Law

This Privacy Policy and any disputes related to it are governed by the laws of Greece, without regard to its conflict of laws principles.

By using MENUSUITE.com and our online QR menu product, you agree to the terms outlined in this Privacy Policy. If you do not agree with these terms, please do not use our website or online QR menu product.

14. Third-Party Links and Content

Our website and online QR menu product may contain links to third-party websites, services, or content that are not owned or controlled by MENUSUITE.com. We are not responsible for the privacy practices or the content of these third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit before providing them with your personal information.

15. Children's Privacy

MENUSUITE.com and our online QR menu product are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If you are under 16, please do not use our services or provide any personal information to us.

If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child under 16, please contact us immediately.

16. Data Retention

We retain your personal information as follows:

Inactive Accounts: 14 months
Pending/Failed/Cancelled Orders: 2 months
Completed Orders: 5 years (to comply with legal and accounting obligations)
Stripe Data: 2 years

We only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for legal, accounting, or reporting requirements.

17. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make updates, we will revise the "Last updated" date at the top of the policy. If we make significant changes to this policy, we may notify our clients by email or other means, as required by applicable law. We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices. We also encourage users of the online QR menu to review this Privacy Policy periodically to stay informed about our privacy practices.

Your continued use of our website and online QR menu product following the posting of changes to this Privacy Policy will be deemed as your acceptance of those changes.

18. Online Advertising in Online QR Menu

We use online advertising provided by Monetag in our online QR menu. Monetag may collect certain personal data from you in connection with this advertising, such as your device information, browsing history, and location data. Monetag's collection and use of this data is governed by their privacy policy, which you can review on their website. We do not have access to or control over this data collected by Monetag, as it is processed and stored solely by them. We value the privacy and security of our customers' personal data and work only with reputable third-party service providers like Monetag to ensure its protection. If you have any questions or concerns regarding Monetag's collection and use of your personal data in connection with our online advertising, please refer to their privacy policy or contact their customer support team directly.

19. International Users

If you are visiting our website or using our online QR menu product from outside Greece, please be aware that your information may be transferred to, stored, and processed in Greece and other countries where our servers and service providers are located. The data protection and privacy laws in these countries may be different from the laws of your country of residence. By using our website and online QR menu product, you consent to the transfer of your information to these countries.

20. Contacting the Data Protection Authority

If you have concerns about our handling of your personal information, you have the right to lodge a complaint with the appropriate data protection authority in your country. Please contact your local data protection authority for more information on how to file a complaint.

21. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding our use of your personal information. To learn more about these rights and how to exercise them, please refer to our CCPA Privacy Notice at the bottom of this page.

22. Accessibility

We are committed to making our website and online QR menu product accessible to all users, including those with disabilities. If you have any difficulty accessing or using our website or online QR menu product, or if you have any suggestions for improving accessibility, please contact us using the contact information provided in this Privacy Policy.

23. Language

This Privacy Policy is written in English. If there is any discrepancy between the English version and a translated version, the English version shall prevail.

24. Severability

If any provision of this Privacy Policy is found to be unlawful, void, or unenforceable, that provision shall be deemed severable from this policy and shall not affect the validity and enforceability of the remaining provisions.

25. No Waiver

Our failure to enforce any provision of this Privacy Policy shall not be construed as a waiver of our right to enforce such provisions in the future.

26. Changes to Our Services

We may modify, suspend, or discontinue our website or online QR menu product at any time, for any reason, without notice to you. We will not be liable to you or any third party for any modification, suspension, or discontinuance of our website or online QR menu product.

27. Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) when introducing new technologies or processing activities that are likely to result in a high risk to the rights and freedoms of individuals. DPIAs help us identify and minimize data protection risks.

28. Employee Training and Awareness

We ensure that all employees who have access to personal data receive appropriate training on data protection and privacy obligations. This training includes understanding GDPR requirements, our internal policies, and best practices for protecting personal data.

29. Third-Party Data Processors

We may engage third-party data processors to process your personal information on our behalf for the purposes described in this Privacy Policy. We have Data Processing Agreements (DPAs) in place with all third-party processors, which require them to protect your personal data in accordance with GDPR standards.

We share personal data with third parties only when necessary, such as:

Service Providers: To facilitate our services (e.g., payment processors like Stripe, analytics providers like Google Analytics).
Legal Obligations: To comply with legal requirements or respond to lawful requests by public authorities.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity.

30. Data Protection by Design and Default

We are committed to implementing data protection by design and default principles in our website and online QR menu product. This means that we consider privacy and data protection from the earliest stages of designing and developing our services and take proactive steps to ensure that personal information is protected at every stage.

31. Data Minimization

We adhere to the principle of data minimization by collecting only the personal data that is necessary for the specific purposes outlined in this Privacy Policy. We regularly review our data collection practices to ensure that we do not collect or retain unnecessary personal data.

32. Anonymization and Pseudonymization

When possible, we use anonymization and pseudonymization techniques to protect your personal information. Anonymization is the process of removing or altering information that can be used to identify an individual, while pseudonymization replaces identifying information with artificial identifiers. These techniques help minimize the risk of unauthorized access and use of your personal information.

33. Privacy Impact on Business Operations

We recognize that privacy and data protection can impact our business operations. As such, we regularly review and assess the impact of our data processing activities on your privacy rights and update our policies and practices accordingly.

34. Accountability and Record Keeping

We maintain records of our data processing activities, including the purposes for which personal information is processed and the categories of data subjects affected, if any data processing activity is outside the intended use like order processing. This helps us demonstrate our compliance with data protection laws and regulations and ensures that we are accountable for our data processing activities.

35. Consent Management

When we rely on your consent to process your personal information, we provide clear and transparent information about the specific activities requiring consent. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

36. Data Processing Agreements

When we share your personal information with third-party data processors or service providers, we enter into Data Processing Agreements (DPAs) to ensure that these parties comply with the same data protection standards that we follow. These agreements include provisions related to data security, privacy, and confidentiality, as well as the rights of data subjects and the obligations of data processors.

37. Cross-Border Data Transfers

Your data may be transferred outside the EU, including to the USA. We use safeguards such as Standard Contractual Clauses (SCCs) as outlined in Namecheap’s Data Processing Addendum.

38. Privacy Audits and Assessments

We may periodically conduct privacy audits and assessments to evaluate our compliance with this Privacy Policy and applicable data protection laws. These audits help us identify areas for improvement and ensure that our privacy practices remain up-to-date and effective.

39. Cooperation with Data Protection Authorities

We are committed to cooperating with data protection authorities and complying with their guidance and decisions in relation to our data processing activities. If you have concerns about our handling of your personal information, you have the right to lodge a complaint with the appropriate data protection authority in your country.

40. Regular Review and Updates

We regularly review and update our data protection and privacy practices to ensure that they remain effective and compliant with applicable laws and regulations. This may include revising our internal policies, procedures, and employee training programs, as well as updating our technical and organizational security measures.

41. CCPA Privacy Notice for California Residents

This CCPA Privacy Notice applies to California residents and supplements the information contained in our main Privacy Policy. The California Consumer Privacy Act (CCPA) provides California residents with specific rights regarding their personal information.

Under the CCPA, California residents have the following rights:

The right to know what personal information is collected, used, shared, or sold, both as to the categories and specific pieces of personal information.
The right to delete personal information held by businesses, subject to certain exceptions.
The right to opt-out of the sale of personal information. We do not sell your personal information.
The right to non-discrimination for exercising your CCPA rights.

To exercise any of these rights, please contact us using the contact information provided in our Privacy Policy. We will respond to your request in accordance with the CCPA and any applicable laws and regulations.

42. Payment Gateway

We use Stripe as our third-party payment processor to handle transactions on our website. When you make a purchase, your payment information, including credit card details, is securely transmitted to Stripe. We do not store or have access to your full payment information.

Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry. Their use of your personal data is governed by their Privacy Policy, which we encourage you to review.

43. Login with Google

We use Google's social login to allow users to create accounts on our web store. When you use this feature, Google may collect certain information from you, such as your name, email address, and profile picture. We do not have access to your Google password or any other sensitive information associated with your Google account.

By using Google's social login to create an account on our web store, you agree to Google's Privacy Policy and Terms of Service. You can view Google's Privacy Policy at https://policies.google.com/privacy and their Terms of Service at https://policies.google.com/terms.

Please note that we may also collect other information from you when you use our web store, such as your shipping and billing address, payment information, and order history. We use this information to process your orders, communicate with you about your purchases, and provide a better shopping experience.

44. Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and use personal information about you, including to serve interest-based advertising.

44.1 Cookie Consent

When you first visit our website, you will be presented with a cookie banner requesting your consent to the use of non-essential cookies. You can manage your cookie preferences at any time through our Cookie Consent Manager.

45. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. If this changes in the future, we will update this Privacy Policy and inform you accordingly.

46. Marketing Communications and Opt-Out

We may communicate with you about updates, promotions, and other information related to our services. If you have consented to receive marketing communications, you can opt out at any time by clicking the "unsubscribe" link in the emails or by contacting us.

47. Crisp Chat Service

47.1 Introduction

We utilize Crisp Chat, a live chat service provided by Crisp IM SARL, to facilitate real-time communication with our website visitors. This service enhances your experience by allowing immediate assistance and support.

47.2 Data Collection and Processing

When you interact with us via Crisp Chat, we may collect and process the following personal data:

Chat Content: Information you voluntarily provide during the chat session, such as your name, email address, and message content.
Technical Data: Details like your IP address, browser type, operating system, referral URLs, and pages viewed.

47.3 Purpose of Data Processing

The personal data collected through Crisp Chat is processed for the following purposes:

To respond to your inquiries and provide customer support.
To improve our services based on your feedback.
To analyze usage patterns and enhance website functionality.

47.4 Legal Basis for Processing

The processing of your personal data via Crisp Chat is based on:

Consent (Article 6(1)(a) GDPR): By initiating a chat session, you consent to the processing of your personal data.
Legitimate Interests (Article 6(1)(f) GDPR): Necessary for our legitimate interests in providing efficient customer service and improving our services.

47.5 Data Retention

We retain your chat data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

47.6 Data Sharing and Transfer

Your personal data collected via Crisp Chat may be transferred to and stored on servers located outside the European Economic Area (EEA). Crisp IM SARL ensures compliance with GDPR through appropriate safeguards, such as Standard Contractual Clauses (SCCs), to protect your data during these transfers.

47.7 Your Rights

You have the following rights concerning your personal data:

Right of Access: Request access to your personal data.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data under certain conditions.
Right to Restrict Processing: Request restriction of processing under certain circumstances.
Right to Data Portability: Receive your data in a structured, commonly used format.
Right to Object: Object to processing based on legitimate interests.
Right to Withdraw Consent: Withdraw your consent at any time.

47.8 Exercising Your Rights

To exercise your rights, please contact us at:

Contact Page: Visit our Contact Page to submit your request.
Crisp Chat: Use the Crisp Chat feature available on our website for immediate assistance.

We will respond to your request within one month of receipt.

47.9 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

47.10 Third-Party Privacy Policies

This Privacy Policy does not cover the privacy practices of Crisp IM SARL. We encourage you to review their Privacy Policy for more information on how they handle your personal data.