Introducing Takeout: Be among the first restaurants accepting takeout orders with MENU! LEARN MORE

MENU PRIVACY POLICY

FOR USERS OF THE MENU APP

MENU Technologies AG undertakes to protect the privacy of its users and visitors. The following privacy policy describes the data that MENU Technologies AG (‘MENU’ or ‘we/us’) processes and how we use the data to provide greater benefit for users and visitors to our website www.menu.app (‘Website’), our customer apps for users of mobile devices (‘Apps’) and our on-demand services (collectively referred to as ‘Services’). Please read the following provisions carefully in order to learn about our data protection guidelines.

You acknowledge this privacy policy and consent to the processing of personal data by MENU and/or third parties specified in this privacy policy. MENU reserves the right to alter this privacy policy.

If you have any questions related to this privacy policy, please contact us at privacy@usemenu.com


1. DEFINITIONS

‘User’ refers to a person who uses the Website and/or Apps and/or who has registered with MENU in order to use the Service or for potential use.

‘Participating Restaurant’ refers to third parties that are solely responsible for the gastronomic and restaurant services.

2. GENERAL

MENU never deliberately collects the personal data of children under the age of 18. The App is not intended for use by anyone under the age of 18. If you believe that your under-age child is using the App and therefore providing us with personal data, please contact us at privacy@usemenu.com. We will endeavour to delete the App account and the personal data in question.

The party responsible for the processed personal data is

MENU Technologies AG,
Dammstrasse 19,
6315 Zug,
Switzerland.
E-Mail: privacy@usemenu.com

The Participating Restaurants and other companies may be involved in the processing of data in connection with activities on the Website and/or App and/or in connection with the services described in this privacy policy. The Participating Restaurants and other companies will pursue the purposes described in this privacy policy and comply with the applicable data protection legislation.

We collect and process personal data in a variety of ways. Personal data is provided voluntarily by the user at the time of creation and/or modification of a user profile and when interacting with or using the website, apps and/or services, and through email communication with support staff and other employees. For Users of the Apps and/or Services, this includes the following information in particular: Name, email address, password (encrypted), restaurant orders, user agent at registration, IP address, credit card information (not stored by MENU; see section 3.4 below), comments on orders, business email address, people entertained, occasion, signature. The data of the Participating Restaurant comprises name, address, email address, password (encrypted), telephone number, VAT, currency, tip, contact, bank details and employees.

In cases in which you provide us with legally admissible data about other people (e.g. issuance of a receipt or personal data of employees at a Participating Restaurant), you hereby confirm that the relevant personal data and its processing by us as described in this privacy policy comply with data protection legislation. Thus, you must inform the person in question and obtain their consent to the processing of their personal data for the purposes set out in this privacy policy.

Your personal data will be stored by an external provider. This is currently Nine Internet Solutions AG in Zurich, the servers of which are located mainly in Switzerland.

3. WHY DO WE PROCESS YOUR PERSONAL DATA?
3.1 TECHNICAL OPERATION AND FUNCTIONALITY OF THE WEBSITE AND APP

When you visit our Website, our web administrators process your personal data, including technical data such as your IP address, internet history, internet browser and the duration of your visit/session in order to ensure that our Website runs smoothly. Additionally, in certain cases your browser can request your current location in order to optimise your user experience. Our web administrators use this technical data to manage the Website; for example, resolution of technical issues or improvement of access to certain parts of the Website. Thus, we ensure that you continue to find information on the Website quickly and easily.

When you use our App, we process your personal data, including technical data such as your IP address and device type. We use this data to provide the Services, ensure that the App runs correctly, resolve technical issues, provide you with the correct and latest version of the App, and improve features of the App.

The legal basis for the technical operation and functionality of the website and the app is Art. 6 para. 1(f) of the General Data Protection Regulation (GDPR) and Art. 6 para. 1(b) GDPR.

3.2 CUSTOMER SERVICES

When you register as a User, we collect your name, email address, password, IP address, device type and your credit card number and expiry date (see above).

We use your personal data and contact information to provide the services, for communication purposes in connection with your orders, to advertise offers and to make announcements relating to the services; for instance, if our services are temporarily unavailable due to maintenance work. We use your personal data and registration data to create and administrate your MENU account. We reserve the right to deactivate your account if we suspect that you are using our App to commit fraud or illegal acts, or if you violate our terms of use.

The legal basis for customer services is Art. 6 para. 1(f) GDPR and Art. 6 para. 1(b) GDPR.

3.3 ACTIVATION OF THE MENU APP

LOCATION INFORMATION

We collect and process location information only in Participating Restaurants and when you use your mobile to place an order through the App, provided that you have granted your prior consent. We use the relevant data to inform the Participating Restaurant where the order has been placed, in order that the service staff can process the order.

The legal basis for processing location information is Art. 6 para. 1(b) GDPR.

PERSONAL DATA

When you place an order through the App, we provide the Participating Restaurant with your first name and/or surname, your order and the table number from which you placed the order, in order that the service staff can process your order.

The legal basis for processing the order information mentioned above is Art. 6 para. 1(b) GDPR.

3.4 PAYMENT PROCESSING

If you register as a user, your credit card data will be passed on to and processed by our PCI-compliant payment services provider, SIX Payment Services AG (Hardturmstrasse 201, 8021 Zurich, Switzerland) and/or Braintree Payment Solutions LLC (222 W Merchandise Mart Plaza, Suite 800, Chicago, IL 60654, US), a Paypal subsidiary, in order to process payments for orders placed through the app. MENU may pass on this credit card data to other PCI-compliant payment services providers at a later date. MENU itself does not collect any credit card information.

The legal basis for payment processing is Art. 6 para. 1(b) GDPR.

3.5 MARKETING

MENU may use your contact data to send you general information about new developments at MENU. You can unsubscribe from these messages at any time.

The legal basis for processing data for marketing purposes is Art. 6 para. 1(f) GDPR.

3.6 COMPILATION OF ADMINISTRATIVE AND STATISTICAL DATA

MENU uses your anonymised, aggregated personal data in order to monitor the features of the Service used most often, analyse patterns of use and determine where we should provide our Services and focus our efforts. We may disclose this information to third parties for statistical purposes and for analysis of the sector.

3.7 COOKIES / GOOGLE ANALYTICS

MENU uses cookies. Cookies are small text files that a website installs on your computer or mobile device when you visit a page or website for the first time. Cookies help us to recognise your device when you next visit the website. Cookies work in different ways. For example, cookies enable us to retrieve your settings and interests. Cookies can help us analyse how well our website is working and adjust our content in such a way that you receive information tailored to your interests. The cookies store and transmit only your session ID.

The legal basis for processing personal data with cookies is Art. 6 para. 1(f) GDPR.

Most browsers can be set not to accept cookies or to notify you when you receive a cookie. In the ‘Help’ section of most browsers, you will find information on how to change your browser settings. If you decide to deactivate and/or delete cookies, please note that some MENU functions may no longer be available.

Furthermore, we use a tool called Google Analytics to collect information about your use of the Website. Google Analytics collects data such as the frequency of visits to the Website, the pages you view and pages you visited before visiting our Website. However, if IP anonymisation is enabled on this website, Google will first shorten your IP address within member states of the European Union and other signatories to the agreement on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the US before being shortened. The information we receive from Google Analytics is used exclusively to improve our Website. Google Analytics collects only the IP address assigned to your computer on the date of your visit to the Website; not your name or other personal data. We do not associate the information collected through Google Analytics with any other personal data. Although Google Analytics installs a permanent cookie through your web browser in order to recognise you when you next visit the Website, no one but Google is able to use the cookie. The use and disclosure of the data collected by Google Analytics about your visits to the Website are subject to the limitations set out by the terms of use of Google Analytics and Google’s privacy policy. Through deactivation of cookies in your browser, you prevent recognition by Google Analytics when you next visit the Website.

The legal basis for processing personal data with cookies is Art. 6 para. 1(f) GDPR.

3.8 LEGAL BASIS FOR PROCESSING OF PERSONAL DATA

If we obtain the consent of a given person to process their personal data, Art. 6 para. 1(a) of the EU General Data Protection Regulation (GDPR) will serve as the legal basis for processing that personal data.

Art. 6 para. 1(b) GDPR will serve as the legal basis when processing personal data required to fulfil a contract to which the person concerned is a party. This also applies to processing operations required to carry out pre-contractual measures.

If personal data must be processed to meet a legal requirement to which our company is subject, Art. 6 para. 1(c) GDPR will serve as the legal basis.

If vital interests of the person concerned or another individual require the processing of personal data, Art. 6 para. 1(d) GDPR will serve as the legal basis.

If processing is required to protect a legitimate interest of our company or a third party, and the interests, basic rights and basic freedoms of the person concerned do not outweigh the first interest mentioned, Art. 6 para. 1(f) GDPR will serve as the legal basis for such processing.

3.9 NO OBLIGATION TO PROVIDE PERSONAL DATA

You are under no obligation to provide your personal data. However, without your personal information, we cannot or can only partially provide our services to you.

4. DISCLOSURE OF YOUR DATA BY US/TRANSMISSION TO THIRD COUNTRIES

We may employ various third parties and external companies to render the Services or to enable us to render them, process payments, provide customer support, provide Participating Restaurants with location information, render Website-related services (e.g. maintenance, database management, web analysis and feature improvement) and assist us in analysis of how people use our Services. These third parties have access to your personal data and process it in order to carry out these tasks for us.

For this purpose, your personal data will be transmitted to countries other than Switzerland and processed there, including countries (e.g. the US) that do not have similar data protection legislation as Switzerland. You hereby consent to the transmission and processing of your personal data to/in such countries, in particular the US. We transmit personal data to bodies in countries outside the European Union (third countries) as far as prescribed by law (such as tax reporting obligations)

- If you have agreed that this is justified by a legitimate interest, and no higher legitimate interests of the person concerned preclude this, or
- It is necessary for the provision of our services to you

These are, in particular:

- PCI-compliant payment services providers for payment processing (currently Braintree Payment Solutions LLC)
- Shift 6 Ltd. (Appsee) to improve the user experience of our service. Person-specific data transmitted anonymously.
- Functional Software Inc. (Sentry) to improve the stability of our service. No credit card data or passwords are transmitted.
- Google Inc. (GSuite) for email communication.

To protect your personal data, we have agreed the EU standard contractual clauses with the recipients of your data.

MENU will disclose your personal data in so far as prescribed or required by law; e.g. to justify, assert or defend against legal claims or proceedings, and data concerning safety in an emergency.

In addition, your personal data is transmitted via a POS system to the restaurant in which you want to place an order.

5. YOUR RIGHTS

As a User, you are entitled to information about your personal account. This also concerns information that you have provided to us when placing orders through the App. You can exercise your rights under data protection legislation – e.g. the right to demand that your personal data is corrected or deleted at any time, or the right to object to the processing of your personal data – by sending an email to privacy@usemenu.com or by contacting us at the address specified in section 9. Please enclose a copy of your personal ID card or passport for the purposes of identification.

Every person concerned has a right of access according to Art. 15 GDPR. According to Art. 16 GDPR, the person concerned can request the correction of inaccurate personal data. According to Art. 17 GDPR, they have a right of cancellation and a right to restriction of processing, according to Art. 18 GDPR. Similarly, the person concerned may object to processing of their personal data under the conditions in Art. 21 GDPR. Every person concerned has a right to data portability according to Art. 20 GDPR. In Germany, sections 34 and 35 of the Federal Data Protection Act apply as supplements to the right of access and right to erasure. You may assert these rights by contacting: privacy@usemenu.com

You have the right to withdraw your data protection consent agreement at any time. Withdrawal of your consent does not affect the legality of processing done on the basis of your consent before withdrawal of your consent.

In addition, you have the right to lodge a complaint with the relevant data protection supervisory authority, according to Art. 77 GDPR in conjunction with section 19 of the Federal Data Protection Act.

MENU reserves the right to charge a reasonable administrative fee for the provision of such information if (1) the requested information has already been made available to the User within 12 months of the current query and the User is unable to demonstrate a legitimate interest in the renewed disclosure of the information; (2) the provision of the information would require an exceptionally high amount of work. The fee may not exceed CHF 350.

You may also update your personal data through your MENU account and revoke any consent you have granted.

6. AUTOMATED INDIVIDUAL DECISION MAKING, INCLUDING PROFILING

You will not be subject to a decision based on automated processing according to Art. 22 GDPR in connection with the provision of our services. If we employ such methods in individual cases, you will be informed of this and of your associated rights in accordance with statutory requirements.

Some of your data is processed automatically in order to evaluate specific personal characteristics (profiling). In particular, your ordering habits will be analysed for product advertising purposes.

7. DATA STORAGE

Unless indicated otherwise in this privacy policy, we store your data until you delete your MENU account. If you wish to delete your MENU account or require us to no longer use your data to render services for you, please contact us at privacy@usemenu.com.

After your account has been deleted, we will erase your personal data unless it is required to fulfil legal obligations or settle disputes.

8. SECURITY

MENU has taken reasonable technical and organisational steps to prevent the loss or unauthorised processing of your personal data. For this purpose, your personal data is stored securely in our database; we take standard, economically reasonable security precautions, such as firewalls and SSL (Secure Socket Layers), and physically secure the locations where the data is stored.

However, as effective as our security precautions may be, no security system is infallible. We cannot guarantee the security of our database or that the information you provide to us will not be intercepted over the internet as it is transferred to us. The transfer of your data to MENU is always at your own risk. We recommend that you do not share your password with anyone.

9. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy in order to account for changes to our information and data processing procedures. If the changes are significant, we will notify you by email and post an announcement on our Website before they come into effect. Your continued use of the Website and/or App and/or Services constitutes your acknowledgement and acceptance of the updated privacy policy. We recommend that you visit this page regularly in order to learn about changes to our data protection measures.

10. CONTACT INFORMATION

privacy@usemenu.com
menu.app

MENU Technologies AG
Dammstrasse 19
6301 Zug
Switzerland

11. Information on your right to object, according to Art. 21 GDPR
11.1 Right to object in particular situations

You have the right to object to processing of your personal data for reasons arising from your particular situation when it is processed on the basis of Art. 6 para. 1(e) (data processing carried out in the public interest) or Art. 6 para. 1(f) (data processing for the purposes of legitimate interests); the same applies to profiling done on the basis of those provisions.

If you lodge an objection, we will no longer process your personal data. This does not apply if we can demonstrate urgent, legitimate reasons for processing that outweigh your interests, rights and freedoms, or if processing is done to assert, exercise or defend legal claims.

11.2 Where to send your objection

You can lodge your objection informally by sending an email with your name, address and date of birth to: privacy@usemenu.com