FOR USERS OF THE MENU APP
‘User’ refers to a person who uses the Website and/or Apps and/or who has registered with MENU in order to use the Service or for potential use.
‘Participating Restaurant’ refers to third parties that are solely responsible for the gastronomic and restaurant services.
MENU never deliberately collects the personal data of children under the age of 18. The App is not intended for use by anyone under the age of 18. If you believe that your under-age child is using the App and therefore providing us with personal data, please contact us at email@example.com. We will endeavour to delete the App account and the personal data in question.
The party responsible for the processed personal data is
MENU Technologies AG,
We collect and process personal data in a variety of ways. Personal data is provided voluntarily by the user at the time of creation and/or modification of a user profile and when interacting with or using the website, apps and/or services, and through email communication with support staff and other employees. For Users of the Apps and/or Services, this includes the following information in particular: Name, email address, password (encrypted), restaurant orders, user agent at registration, IP address, credit card information (not stored by MENU; see section 3.4 below), comments on orders, business email address, people entertained, occasion, signature. The data of the Participating Restaurant comprises name, address, email address, password (encrypted), telephone number, VAT, currency, tip, contact, bank details and employees.
Your personal data will be stored by an external provider. This is currently Nine Internet Solutions AG in Zurich, the servers of which are located mainly in Switzerland.
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
3.1 TECHNICAL OPERATION AND FUNCTIONALITY OF THE WEBSITE AND APP
When you visit our Website, our web administrators process your personal data, including technical data such as your IP address, internet history, internet browser and the duration of your visit/session in order to ensure that our Website runs smoothly. Additionally, in certain cases your browser can request your current location in order to optimise your user experience. Our web administrators use this technical data to manage the Website; for example, resolution of technical issues or improvement of access to certain parts of the Website. Thus, we ensure that you continue to find information on the Website quickly and easily.
When you use our App, we process your personal data, including technical data such as your IP address and device type. We use this data to provide the Services, ensure that the App runs correctly, resolve technical issues, provide you with the correct and latest version of the App, and improve features of the App.
The legal basis for the technical operation and functionality of the website and the app is Art. 6 para. 1(f) of the General Data Protection Regulation (GDPR) and Art. 6 para. 1(b) GDPR.
3.2 CUSTOMER SERVICES
When you register as a User, we collect your name, email address, password, IP address, device type and your credit card number and expiry date (see above).
The legal basis for customer services is Art. 6 para. 1(f) GDPR and Art. 6 para. 1(b) GDPR.
3.3 ACTIVATION OF THE MENU APP
We collect and process location information only in Participating Restaurants and when you use your mobile to place an order through the App, provided that you have granted your prior consent. We use the relevant data to inform the Participating Restaurant where the order has been placed, in order that the service staff can process the order.
The legal basis for processing location information is Art. 6 para. 1(b) GDPR.
When you place an order through the App, we provide the Participating Restaurant with your first name and/or surname, your order and the table number from which you placed the order, in order that the service staff can process your order.
The legal basis for processing the order information mentioned above is Art. 6 para. 1(b) GDPR.
3.4 PAYMENT PROCESSING
If you register as a user, your credit card data will be passed on to and processed by our PCI-compliant payment services provider, SIX Payment Services AG (Hardturmstrasse 201, 8021 Zurich, Switzerland) and/or Braintree Payment Solutions LLC (222 W Merchandise Mart Plaza, Suite 800, Chicago, IL 60654, US), a Paypal subsidiary, in order to process payments for orders placed through the app. MENU may pass on this credit card data to other PCI-compliant payment services providers at a later date. MENU itself does not collect any credit card information.
The legal basis for payment processing is Art. 6 para. 1(b) GDPR.
MENU may use your contact data to send you general information about new developments at MENU. You can unsubscribe from these messages at any time.
The legal basis for processing data for marketing purposes is Art. 6 para. 1(f) GDPR.
3.6 COMPILATION OF ADMINISTRATIVE AND STATISTICAL DATA
MENU uses your anonymised, aggregated personal data in order to monitor the features of the Service used most often, analyse patterns of use and determine where we should provide our Services and focus our efforts. We may disclose this information to third parties for statistical purposes and for analysis of the sector.
3.7 COOKIES / GOOGLE ANALYTICS
The legal basis for processing personal data with cookies is Art. 6 para. 1(f) GDPR.
Most browsers can be set not to accept cookies or to notify you when you receive a cookie. In the ‘Help’ section of most browsers, you will find information on how to change your browser settings. If you decide to deactivate and/or delete cookies, please note that some MENU functions may no longer be available.
The legal basis for processing personal data with cookies is Art. 6 para. 1(f) GDPR.
3.8 LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
If we obtain the consent of a given person to process their personal data, Art. 6 para. 1(a) of the EU General Data Protection Regulation (GDPR) will serve as the legal basis for processing that personal data.
Art. 6 para. 1(b) GDPR will serve as the legal basis when processing personal data required to fulfil a contract to which the person concerned is a party. This also applies to processing operations required to carry out pre-contractual measures.
If personal data must be processed to meet a legal requirement to which our company is subject, Art. 6 para. 1(c) GDPR will serve as the legal basis.
If vital interests of the person concerned or another individual require the processing of personal data, Art. 6 para. 1(d) GDPR will serve as the legal basis.
If processing is required to protect a legitimate interest of our company or a third party, and the interests, basic rights and basic freedoms of the person concerned do not outweigh the first interest mentioned, Art. 6 para. 1(f) GDPR will serve as the legal basis for such processing.
3.9 NO OBLIGATION TO PROVIDE PERSONAL DATA
You are under no obligation to provide your personal data. However, without your personal information, we cannot or can only partially provide our services to you.
4. DISCLOSURE OF YOUR DATA BY US/TRANSMISSION TO THIRD COUNTRIES
We may employ various third parties and external companies to render the Services or to enable us to render them, process payments, provide customer support, provide Participating Restaurants with location information, render Website-related services (e.g. maintenance, database management, web analysis and feature improvement) and assist us in analysis of how people use our Services. These third parties have access to your personal data and process it in order to carry out these tasks for us.
For this purpose, your personal data will be transmitted to countries other than Switzerland and processed there, including countries (e.g. the US) that do not have similar data protection legislation as Switzerland. You hereby consent to the transmission and processing of your personal data to/in such countries, in particular the US. We transmit personal data to bodies in countries outside the European Union (third countries) as far as prescribed by law (such as tax reporting obligations)
- If you have agreed that this is justified by a legitimate interest, and no higher legitimate interests of the person concerned preclude this, or
- It is necessary for the provision of our services to you
These are, in particular:
- PCI-compliant payment services providers for payment processing (currently Braintree Payment Solutions LLC)
- Shift 6 Ltd. (Appsee) to improve the user experience of our service. Person-specific data transmitted anonymously.
- Functional Software Inc. (Sentry) to improve the stability of our service. No credit card data or passwords are transmitted.
- Google Inc. (GSuite) for email communication.
To protect your personal data, we have agreed the EU standard contractual clauses with the recipients of your data.
MENU will disclose your personal data in so far as prescribed or required by law; e.g. to justify, assert or defend against legal claims or proceedings, and data concerning safety in an emergency.
In addition, your personal data is transmitted via a POS system to the restaurant in which you want to place an order.
5. YOUR RIGHTS
As a User, you are entitled to information about your personal account. This also concerns information that you have provided to us when placing orders through the App. You can exercise your rights under data protection legislation – e.g. the right to demand that your personal data is corrected or deleted at any time, or the right to object to the processing of your personal data – by sending an email to firstname.lastname@example.org or by contacting us at the address specified in section 9. Please enclose a copy of your personal ID card or passport for the purposes of identification.
Every person concerned has a right of access according to Art. 15 GDPR. According to Art. 16 GDPR, the person concerned can request the correction of inaccurate personal data. According to Art. 17 GDPR, they have a right of cancellation and a right to restriction of processing, according to Art. 18 GDPR. Similarly, the person concerned may object to processing of their personal data under the conditions in Art. 21 GDPR. Every person concerned has a right to data portability according to Art. 20 GDPR. In Germany, sections 34 and 35 of the Federal Data Protection Act apply as supplements to the right of access and right to erasure. You may assert these rights by contacting: email@example.com
You have the right to withdraw your data protection consent agreement at any time. Withdrawal of your consent does not affect the legality of processing done on the basis of your consent before withdrawal of your consent.
In addition, you have the right to lodge a complaint with the relevant data protection supervisory authority, according to Art. 77 GDPR in conjunction with section 19 of the Federal Data Protection Act.
MENU reserves the right to charge a reasonable administrative fee for the provision of such information if (1) the requested information has already been made available to the User within 12 months of the current query and the User is unable to demonstrate a legitimate interest in the renewed disclosure of the information; (2) the provision of the information would require an exceptionally high amount of work. The fee may not exceed CHF 350.
You may also update your personal data through your MENU account and revoke any consent you have granted.
6. AUTOMATED INDIVIDUAL DECISION MAKING, INCLUDING PROFILING
You will not be subject to a decision based on automated processing according to Art. 22 GDPR in connection with the provision of our services. If we employ such methods in individual cases, you will be informed of this and of your associated rights in accordance with statutory requirements.
Some of your data is processed automatically in order to evaluate specific personal characteristics (profiling). In particular, your ordering habits will be analysed for product advertising purposes.
7. DATA STORAGE
After your account has been deleted, we will erase your personal data unless it is required to fulfil legal obligations or settle disputes.
MENU has taken reasonable technical and organisational steps to prevent the loss or unauthorised processing of your personal data. For this purpose, your personal data is stored securely in our database; we take standard, economically reasonable security precautions, such as firewalls and SSL (Secure Socket Layers), and physically secure the locations where the data is stored.
However, as effective as our security precautions may be, no security system is infallible. We cannot guarantee the security of our database or that the information you provide to us will not be intercepted over the internet as it is transferred to us. The transfer of your data to MENU is always at your own risk. We recommend that you do not share your password with anyone.
10. CONTACT INFORMATION
MENU Technologies AG
11. Information on your right to object, according to Art. 21 GDPR
11.1 Right to object in particular situations
You have the right to object to processing of your personal data for reasons arising from your particular situation when it is processed on the basis of Art. 6 para. 1(e) (data processing carried out in the public interest) or Art. 6 para. 1(f) (data processing for the purposes of legitimate interests); the same applies to profiling done on the basis of those provisions.
If you lodge an objection, we will no longer process your personal data. This does not apply if we can demonstrate urgent, legitimate reasons for processing that outweigh your interests, rights and freedoms, or if processing is done to assert, exercise or defend legal claims.
11.2 Where to send your objection
You can lodge your objection informally by sending an email with your name, address and date of birth to: firstname.lastname@example.org