PARTNER PRIVACY AND COOKIES POLICY

________________ P.S.A. pays great attention to protecting personal data and complying with the law when it collects, processes and uses such data. We want you to feel safe when you visit our site and use our services – and that is why we are providing you with this Privacy and Cookies Policy which is the integral part of the Terms and Conditions. Here you can find out about our data collection and use of data policy.

This Privacy and Cookies Policy sets forth our current privacy practices with regard to the information we collect when you interact with our site, our mobile application or by using our services. 

Capitalized terms that are not defined in this Privacy and Cookies Policy have the meaning assigned to them in the Partner Terms and Conditions.

1. Definitions

“Agreement” means the agreement on the basis of the Partner is entitled to use the Services according to the Terms and Conditions.

“Applicable laws” means all the laws and regulations relevant to the collection, processing and storage of data, especially all the data protection laws, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).

“Company” means ________________ P.S.A. with a registered office at _________________________ incorporated under the laws of Poland and registered in the companies register of the National Court Register (KRS) held by District Court _________ __ Commercial Division (___________________________) under KRS no. ____________, having EU VAT ID: ____________ and the share capital in the amount of _________ PLN.

“Cookies” means small text files stored in a web browser by a website or by an ad server. By storing certain information in a cookie, those web browsers, websites and ad servers are able to remember the Partner’s preferences and recognize websites visited and/or web browsers used from one visit to another.

“Customer” means a natural person defined in point 2.1. of the Customer Terms and Conditions that uses the Company’s Services through the Customer Partner’s Control Panel.

“Log Data” means information that is automatically reported by browser each time the Partner accesses  the Partner’s Control Panel and which is sent by the Partner’s web browser that the Company’s servers automatically record. Log Data may include information such as the Partner’s browser type, web requests, domain names or pages viewed.

“Partner” means the owner of the Restaurant who offer their food services to the Customers. 

“Partner’s Control Panel” means a web or mobile application product owned and operated by the Company intended to use by the Partners.

“Personal Information” or “Information” or “Data” or “Personal Data” means any information relating to an identified or identifiable person as defined in Partner’s Control applicable laws, particularly in article 4.1 of the GDPR. 

“Services” or “Company’s Services” mean any services provided electronically within the meaning of the Act of July 18, 2002 on provision of electronic services by the Company to Partners via the Partner Partner’s Control Panel, on the terms and within the scope of functionalities described in the Partner Terms and Conditions.

2. Introduction

This Privacy Policy applies to processing of the Partner’s Personal Information carried out by the Company when using the Partner’s Control Panel.

The data controller of the Partner’s Personal Information is the Company. 

When the Partner use the Company’s Services, the Company may collect information from the registration or contact form, correspondence with the Partner as well as its activities on the Partner’s Control Panel through the usage of Cookies and Log Data.

3. Personal Information collected by the Company

The Partner’s Data is collected through the Partner Partner’s Control Panel and processed by the Company for the following purposes: 

1. Creating the account in the Partner’s Control Panel

The processing of Personal Data for this purpose is necessary for the performance of the Agreement (article 6.1 (b) of the GDPR). The Company processes the following Personal Data of the Partner: name, surname, telephone number, email address, tax identification number, number in the relevant register, billing address, bank account number and details, Restaurant’s name, address, menu (i.e. ingredients, allergens, names, photos, descriptions, prices). If the Account is created via social networks (Google, Facebook, Instagram etc.) the Company processes also the following Personal Data of the Partner: username, email address indicated in the social media account, language settings. 

2. Provision of the Company’s Services

The processing of Personal Data for this purpose is necessary for the performance of the Company’s Services resulting from the Agreement (article 6.1 (b) of the GDPR). The Company processes the following Personal Data of the Partner: name, surname, telephone number, email address, tax identification number, billing address, bank account number and details, Restaurant’s name, address, menu (i.e. ingredients, allergens, names, photos, descriptions, prices). 

3. Processing of the Partner’s complaints, responding to the Partner’s inquiries 

The processing of the Personal Data is necessary for the purposes of the Company’s legitimate interest (article 6.1. (f) of the GDPR). The Company processes the following Personal Data of the Partner: name, surname, email address, telephone number and other information provided when creating or using the account in the Partner’s Control Panel, the content of the complaint or the inquiry and other Personal Data provided by the Partner

4. Pursuing claims or defending against the Partner’s claims 

The processing of the Personal Data is necessary for the purposes of the Company’s legitimate interest (article 6.1 (f) of the GDPR). The Company processes the following Personal Data of the Partner: name, surname, billing address, number in the relevant register or tax identification number, email address, telephone number and other information provided when creating or using the account in the Partner’s Control Panel.

5. Improving of the Company’s and the Partner’s services (e.g. through customer satisfaction survey, analysis), detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement, as well as storing data for archiving and statistical purposes 

The processing of the Personal Data is necessary for the purposes of the Company’s legitimate interest (article 6.1 (f) of the GDPR). The Company processes the following Personal Data of the Partner: name, email address, telephone number and other information provided when creating or using the account in the Partner’s Control Panel, the Partner’s activity in the Partner’s Control Panel. On the basis of voluntary consent given by the Customer (article 6.1 (a) of the GDPR), aforementioned data can also be profiled by the Company.

6. Conducting necessary tax and accounting operations 

The processing is necessary for compliance with legal obligations to which the Company is subject to regarding tax and accounting law (article 6.1 (c) of the GDPR). The Company processes the following Personal Data of the Partner: name, email address, billing address, number in the relevant register or tax identification number. The Customer is obliged to provide the aforementioned data for that purpose.

7. Sending commercial information by electronic means 

The processing of Personal Data is based on the Partner’s voluntary consent (article 6.1 (a) of the GDPR). The Company processes the following Personal Data of the Partner: name, surname, telephone number, email address, name and address of the Restaurant.

8. Performing marketing of the Company’s Services 

The processing of the Personal Data is necessary for the purposes of the Company’s legitimate interest (article 6.1 (f) of the GDPR). The Company processes the following Personal Data of the Partner: name, email address, telephone number, name and address of the Restaurant, the Partner’s activity in the Partner’s Control Panel. 

4. Cookies, Log Data and similar technologies

When the Partner interacts with the Partner’s Control Panel, the Company may also collect information from their activities on the Control Panel through the usage of Cookies and Log Data.

By using those technologies the Company aims to use this information for the purpose of analytics and monitoring of the effectiveness of the Company’s performance, including the collection of the aggregate Control Panel usage data (such as the overall number of the Control Panel visitors or pages viewed).

The information mentioned above may include:

1. Information about the Partner’s interactions with the Control Panel;
2. Technical information about the Partner’s device hardware and software that may include URL information, the Partner’s IP address (to determine the Partner’s general geographic location, so that the Company can provide location-specific content), cookie data, the types of devices the Partner is using in order to access the Control Panel, device Ids or identifiers, device attributes, network connection type, browser type, language, internet service provider, clickstream data, access times, the files viewed on the Control Panel.

Cookies. The Company may collect Data from other sources, through the use of ,”cookies”. A cookie is a small text file stored on the Partner’s computer that contains information that helps the website to identify and track the visitor. Cookies do not contain viruses nor occupy space on the hard drive. 

The Company uses two types of cookies “session cookies” and cookies that are saved permanently on the Partner’s device. Session cookies are never stored permanently on the Partner’s computer and disappear when the Partner closes the session. When the Partner visits the Control Panel, the Company’s web server assigns the Partner’s browser a unique identifier string so as not to confuse the Partner with other visitor. The second type of cookies save file permanently on the Partner’s device and this is used to track how visitors move around on the website. This is only used to offer visitors better services and support. The text files can be deleted. The information stored on the Partner’s device is only a unique number, without any connection to personal information.

To opt out of cookies, the Partner can alter the settings on their internet browser to accept or reject the Partner’s Control Panel from using cookies. This may affect functionality of the Partner’s Control Panel. 

The Company uses tracking software system to monitor customer traffic patterns and the Control Panel usage to help the Company develop the design and layout of the website. This software does not enable the Company to capture any of the Partner’s Personal Data. The Partner’s Personal Data will not be shared, sold, rented or disclosed other than as described in this Privacy and Cookies Policy. Some cookies are deleted after the end of the web browser session, i.e. after closing (so-called session cookies). Other cookies are stored on the Partner’s device and allow their browser to be recognized the next time they visit the Control Panel (persistent cookies). The use of both types of cookies is based on the Company’s legitimate interest (Article 6 (1) (f) of the GDPR), consisting in proper operation of the Control Panel, creating statistics and analyzing them in order to optimize the Control Panel.

Google Analytics. Our Partner’s Control Panel uses those cookies that are small text information stored on your end device (e.g. tablet, smartphone) that can be read by the Google LLC’s IT system (third party cookies) in connection with our use of Google Analytics software. Google Analytics is an online tool for analyzing website’s and mobile application’s that automatically collects information about your use of the Partner’s Control Panel. We do not identify Partner’s Control Panel’s users with this software, and use of it is for statistical purposes only. Detailed information on how Google uses user data is available at: https://policies.google.com/technologies/partner-sites. 

We have activated IP anonymization. Your IP address is shortened before forwarding. Only in exceptional cases is the full IP address transferred to a Google LLC server in the United States and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is generally not combined with other Google LLC data. The Partner’s Data is sent anonymously to Firebase Analytics. The legal basis for processing those Data by the Company is article 6.1 (f) of the GDPR, i.e. legitimate interest of the Company consisting in conducting statistics and analysis of the Partner’s Control Panel’s operation.

Log Data. Using the Control Panel involves sending queries to the server on which the Control Panel is stored. Each query directed to the server is saved in the server’s logs. Logs include, among others server date and time, information about the web browser and operating system the Partner is using. Logs are saved and stored on the server. The data saved in the server logs are not associated with specific person using the Control Panel and are not used by the Company to identify the Partner. Server logs are only additionally used to operate the Control Panel, and their content is not disclosed to anyone except those authorized to operate the server.

5. Opt-out. 

During the first visit to the Control Panel, the Partner is shown information on the use of cookies. The Partner can prevent the recording of Personal Data collected by cookies regarding their use of the Control Panel as well as the processing of this Personal Data by installing the browser plug-in located at the following address: https://tools.google.com/dlpage/gaoptout. Details related to Data processing within Google Analytics and explanations prepared by Google can be found at: https://support.google.com/analytics/answer/6004245.

The Partner’s browser may also offer tools to enable or disable cookies by modifying the settings in browser. However, it should be noted that certain features of the Control Panel may not work if some types of cookies are deleted or disabled. Some third parties may use cookies and other technologies. The Company recommends to read their privacy policy.

Some browsers provide helpful cookie guides:

Chrome:	https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
Firefox:	http://support.mozilla.org/en-US/kb/Cookies
Internet Explorer:	http://support.microsoft.com/kb/278835
Safari 5 for Mac:	https://support.apple.com/en-us/HT201265
Opera:	http://help.opera.com/Linux/10.50/en/cookies.html
Alternatively:	http://www.allaboutcookies.org provides advice on how to do this, and further information on cookies and how to manage them.

6. The Partner’s rights

The Partner has the right to access their Data and manage it by contacting the Company by email address: ____________ or by using a contact form. 

The Partner has following rights provided by the Applicable laws:

1. The right to be informed 

The Company is publishing this Privacy Policy to keep the Partner informed of what the Company does with the Partner’s Personal Information. 

2. The right of access 

The Partner has the right to access their Information and to request a copy of their Data. 

3. The right to rectification

The Partner has a right to rectify their Data by contacting the Company through the use of the contact details provided above.

4. The right to erasure (“the right to be forgotten”) 

In some circumstances the Partner has the right to the erasure of their Data without undue delay. Those circumstances include situations when: the Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; the Partner’s consent withdrawal to consent-based processing; the processing is for direct marketing purposes; and the Data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

5. The right to restriction of processing 

In some circumstances the Partner has the right to restrict the processing of their Data. Those circumstances are the following: the Partner’s contest of the accuracy of the Data; processing is unlawful but the Partner opposes erasure; the Company no longer needs the Data for the purposes of the processing, but the Partner requires Data for the establishment, exercise or defense of legal claims; and the Partner has objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, the Company may continue to store the Partner’s Data. However, the Company will only otherwise process it: with the Partner consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

6. The right to Data portability 

The Company must allow the Partner to obtain and reuse their Personal Data for their own purposes across Services in a safe and secure way without it affecting the usability of the Partner’s Personal Data. This right only applies to Personal Data that the Partner have provided to the Company as the Data Controller. The Data must be held by the Company by consent or for the performance of the Terms and Conditions and the processing is carried out by automated means.

7. The right to object 

In certain circumstances, the Partner has the right to object to the processing of their Personal Data where, for example, their Personal Data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for the Company to continue to process the Partner’s Personal Data, or if the Partner’s Data is being processed for direct marketing purposes.  

8. The right to withdraw consent

If the Partner has given the Company consent to process their Data, the Partner has the right to withdraw their consent at any time, and the Company has to stop processing the Data unless the Company has other legal grounds for processing the Data. The withdrawal of consent does not affect the compliance of the processing which was made on its basis before the withdrawal of consent.

9. The right to complain to a Supervisory Authority 

The Partner has the right to lodge a complaint with the Supervisory Authority in particular if they feel that the Company has not responded to requests to solve a problem regarding data protection.

7. Security information

The Company follows strict procedures in the storage and disclosure of the Partner’s Personal Data, and to protect it against accidental loss, destruction or damage. Only qualified and authorized employees are permitted to access Personal Data, and they may do so only for permitted business functions. The Company maintains physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of the Partner’s Personal Data. The Company’s security procedures mean that the Company may request proof of the Partner’s identity before a disclosure of the Personal Data to the Partner. 

The Partner should note to avoid sending Personal Data through insecure channels or networks. The Partner shall protect themselves against unauthorized access to their password and to their devices and under no circumstances share the Partner’s password with anyone.

8. International transfer of Data

The Company may transfer Data to a country outside of the European Economic Area (EEA) based on a decision of the European Commission, stating that a third country may be considered as providing an adequate level of data protection or based on Standard Contractual Clauses Partner’s Control Panelroved by the European Commission (EU Commission Decision on standard contractual clauses for the transfer of Personal Data to processors established in third countries under Directive 95/46/EC). If the Partner is located in the EEA, the Partner may contact us if they require a copy of the safeguards which the Company has put in place to protect the Partner’s Data transferred outside of the EEA and the Partner’s privacy rights in these circumstances. The Partner may also learn more about EU Commission Decision on standard contractual clauses for the transfer of Personal Data to processors established in third countries here https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087 and here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. 

9. Retention of your Information

The Company stores the Partner’s Information for a period of time required for the purposes for which it was collected using generally accepted security standards and in compliance with the Applicable laws. The Company will not retain the Partner’s Personal Information for longer than required.

In particular, the Company stores Information about the Partner through the period of use of the Company’s Services. The Partner should note that even if they delete their account in the Partner’s Control Panel, the Company may have the right to process the Partner’s Data for the purpose of creating statistics, pursuing claims or defending against claims, handling complaints and chargebacks as well as in order to meet the tax and accounting law requirements, where such processing will last only for the period of time necessary to achieve the intended purposes (e.g. for pursuing claims or defending against claims, the period of retention of the Partner’s Data is no longer than limitation period for claims as defined in statutory law applicable to the Company).

The Partner’s Data shall be processed for marketing purposes until the Partner objects to it. Where the Partner has consented to marketing communications via email or other telecommunication means for the Company’s marketing purposes, the Partner may withdraw their consent at any time by contacting the Company. In these circumstances, the Partner’s Personal Data will be processed until their withdrawal of the consent.

Partner and event Data associated with cookies is stored by Google Analytics and Google Firebase on servers for a period of 14 (fourteen) months. After the end of the period, stored Data will be automatically deleted once a month.

When we no longer need your Personal Data, we will securely erase it. We will also consider if and how we can minimize over time the scope of Personal Data that we use, and if we can anonymize your Personal Data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

10. Disclosures

The Company may disclose the Partner’s Personal Data only to the following trusted third parties:

1. Authorized third parties – the Company may share the Data with parties directly authorized by the Partner to receive that Data, such as when the Partner authorizes a third party (e.g. payment service providers) to access their Data. The use of the Data by an authorized third party is subject to the third party’s privacy policy. Within the Partner’s Control Panel, the Company discloses the following Personal Data of the Partner for relevant payment service provider (Stripe Inc.): a name, email address, billing or shipping address and transaction details. After a transaction, the Partner’s private Information (credit cards, social security numbers, financials, etc.) shall not be stored in the Company’s servers. Stripe’s privacy policy can be found here: https://stripe.com/en-pl/privacy. 
2. Safety, legal purposes and law enforcement – the Company may use and disclose the Data when it shall be necessary: (i) under applicable law, and (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
3. Service providers – the Company also engages third parties that support the operation of our Services (acting on our behalf) such as analytics providers or IT services providers:
   • Google Analytics (privacy policy: https://policies.google.com/privacy?hl=en-US);
   • Google Firebase (privacy policy:  https://support.google.com/firebase/answer/6318039, https://policies.google.com/privacy and www.google.com/policies/privacy/partners/);
   • Google Maps (privacy policy: https://policies.google.com/privacy?hl=en-US and https://support.google.com/contributionpolicy/answer/7401426?hl=en&ref_topic=7422769);
   • Here Maps (privacy policy: https://legal.here.com/en-gb/privacy);
   • Google Play Store (privacy policy:  https://support.google.com/googleplay/android-developer/topic/9877467 and https://policies.google.com/privacy?hl=en-US);
   • App Store (privacy policy:  https://www.apple.com/legal/privacy/en-ww/ and https://developer.apple.com/app-store/app-privacy-details/).

11. General Provisions 

In case of any questions regarding this Privacy and Cookies Policy, the Partner may contact us using the information below:

________________ P.S.A. with a registered office at _________________________ incorporated under the laws of Poland and registered in the companies register of the National Court Register (KRS) held by District Court _________ __ Commercial Division (___________________________) under KRS no. ____________, having EU VAT ID: ____________ and the share capital in the amount of _________ PLN

and by email address: _______________ .

The Company may change this Privacy and Cookies Policy from time to time by updating its provisions.