Privacy policy

Effective date: 22 August 2024

Version: v.1

Personal data collected via Supa platform and application (together “Platform”) is processed by Resttech sp. z o.o. (“we”, “Company”, “RESTTECH”, “us”), a company established under the laws of Poland, legal entity code 0001097078, registered address Marszałkowska st. 126/134, 00-008 Warsaw, Poland. RESTTECH will primarily act as a data controller, responsible for processing personal data on this Platform, as defined in General Data Protection Regulation (GDPR), collected from users of its service (e.g., tip payers, waiters, restaurant administrators and other service providers) (together “Users”, “you”, “your”).

 

This Policy is intended to explain the conditions under which we, or our employees, agents, representatives, third-party service providers or anyone who has access to the personal data. Therefore, whether you use our Platform and services provided, you must read and accept our Privacy policy.

All the terms in capital letters not defined in this Policy are defined in our Terms and Conditions and other relevant agreements.

 

1.     Personal Data Protection Principles

1.1.     We adhere to general data privacy principles when collecting and processing personal data that require us to:

         collect and use personal data fairly and only for lawful and specified purposes related to our legitimate business objectives,

         limit our personal data collection to what is adequate, relevant, and not excessive for the intended purpose,

         notify individuals about our personal data processing practices in a clear and transparent manner,

         ensure the accuracy of the personal data we collect, hold, and use,

         retain personal data only for the time needed to fulfil the established purpose,

         respect data subjects’ rights,

         secure the personal data we hold.

1.2.     The information that must be completed is identified by asterisks. If you do not provide this information, we will not be able to carry out our assignment or process your request.

1.3.     You are the one who communicates the personal data to us. Their accuracy is your responsibility.

1.4.     When you are operating one or more Establishment(s), you have ensured that you have obtained all the appropriate authorizations to communicate the personal data of the persons concerned to us. Moreover, on your side, as a data processor, you are required to ensure that the processing of personal data of our teams and/or service providers as well as of the teams of your Establishments, if any, and those concerning your end customers, are in full compliance with the law and relevant regulations. These processing operations are carried out under your sole responsibility. It is also your responsibility to communicate our Privacy policy to each member of your staff in order to ensure their prior consent.

1.5.     All of the obligations incumbent upon you under this section are essential. You will indemnify us for any and all claims, actions or damages and costs that may arise from any breach by you of this Privacy policy or any applicable regulations.

2.     Why do we collect Personal data?

2.1.     We collect personal data  for the following purposes:

         provision of services (the legal basis being the fulfilment of contractual obligations between RESTTECH and the User). Your personal data will be processed as long as you maintain an account with us,

         customer support, including addressing inquiries and handling feedback and complaints (based on our legitimate interest in delivering quality customer service). We strongly recommend avoiding sharing sensitive personal information and instead providing a brief description of your concern,

         enhancing our Platform (through the use of cookies and analyzing user experience) (legal basis is your consent). We use cookies to monitor the number of visitors and gain insights into how users interact with our application. We will only do so with your explicit consent. Please be aware that you have the right to withhold or withdraw your consent at any time without any negative consequences by contacting us using the details provided in this document,

         for statistical analysis (legal basis is the User’s consent to the use of cookies). This will only occur if you provide your express consent. As with other cases, you have the right to withhold or withdraw your consent without adverse effects by reaching out to us via the contact details included here,

         direct marketing (legal basis is the User’s (Establishment’s) consent. Restaurants can request a demo version from our website. To send this demo, we collect the name, email, and phone number of the interested party. This data is stored for one month following the delivery of the demo version.

Please note, you have the option to decline our request for your personal information, though this may limit our ability to provide certain services you seek.

3.     How long do we keep Personal data?

3.1.     We keep collected information only for as long as necessary to deliver the requested services. The data we store is protected through commercially acceptable methods to prevent loss, theft, and unauthorized access, disclosure, copying, use, or modification.

3.2.     Personal data collected for service provision will be retained as long as your account remains active. Transaction-related data will be stored for up to 8 years to comply with legal requirements.

3.3.     Customer service data will be retained until your inquiry is fully resolved and for 6 months thereafter to address any potential claims. Feedback will be stored for up to 1 month, unless required for disciplinary purposes.

3.4.     Data collected for website improvements will be retained as long as the cookie remains on your device. Please refer to our Cookie policy for further details.

3.5.     Data collected for statistical purposes will also be stored as long as the cookie remains on your device. This data will be anonymized and retained for as long as it remains relevant to our business.

4.     What are your rights?

4.1.     You have rights when it comes to how we handle your Personal data. These rights vary depending on where you reside but generally you have the right to access, modify and delete your Personal data. As such, you can:

       access all of your Personal data, or only the Personal data on which we would have based a decision concerning you,

       obtain a copy of it,

       request that your Personal data be, as the case may be, corrected, completed, updated or deleted, subject to the exceptions provided for by the Regulations,

       prevent our use of your Personal data for direct marketing purposes.

You also have the right to object to:

      the re-use of your Personal data for solicitation purposes, notably commercial solicitation; the processing of your Personal data, for legitimate reasons, except if this processing is because of a legal or regulatory obligation.

Finally, the right to data portability offers you the opportunity to retrieve your Personal data in a structured, open and machine-readable format.

4.2.     The exercise of these rights is done directly by sending an email to dpo@supa.pl  In order to verify the identity of the applicant, we ask you to attach a copy of your identity card to the request to exercise your rights. We commit ourselves to communicate the information requested under the conditions set out above, within a maximum of 1 (one) month from the receipt of the request. This period may be extended by a maximum of 1 (one) month if the request is complex or requires further study. In case of extension of the deadline for processing the request, the applicant has the possibility to ask us to freeze the use of his Personal data, during the deadline for processing the request.

5.     With whom is the Personal data shared?

5.1.     We may only send the Personal data we hold to persons intervening within the framework of our activity. That includes our staff and the staff of our partners, merchants, vendors etc.

5.2.     We may subcontract certain Personal data processing activities. Beforehand, we have ensured that all of these service providers present the appropriate guarantees, particularly in terms of personal data protection.

5.3.     We may only share the Personal data we hold with third parties such as our service providers if all the following conditions apply:

         they have a need to know the information for the purposes of providing the contracted services. Sharing the Personal data complies with the privacy notice provided to you, the data subject, and, if required, your consent has been obtained,

         they have agreed to comply with the required data security policies and procedures and to put adequate security measures in place. The transfer complies with any applicable cross border transfer restrictions.

5.4.     If the Restaurant requests us to share your personal information (email address, contact information, etc.) for the purposes of marketing or commercial communications, RESTTECH may do so solely at its election, but only under the condition that you expressly consent to the sharing of this information and only if you are able to review the Restaurant’s Privacy Policy.

5.5.     To date, there are external services responsible for fulfilling our social, accounting and tax obligations as well as our technical service providers (such as Google Analytics). In case of change, we will inform you in advance.

5.6.     We use a payment service provider Viva Payment Services Single Member S.A. This service provider processes your personal data for its own business related purposes, therefore, we urge you to read carefully their Terms and Conditions and Privacy notice.

6.     Is the Data transferred outside the European Union and the European Economic Area?

6.1.     In accordance with our obligations, when Personal data is transferred to a country that is not located in the European Union and the European Economic Area (EEA), or to a country considered not to offer an adequate level of protection according to the European Commission, we undertake to (i) seek your consent, (ii) put in place appropriate procedures in order to comply with the Regulation, in particular in the event that authorization from a competent authority is required, and (iii) to put in place appropriate safeguards with respect to the supervision of such transfer in order to ensure a necessary and adequate level of protection, such as the implementation of binding corporate rules or the conclusion of standard contractual clauses adopted by the European Commission.

7.     What privacy and security measures do we have in place?

7.1.     The protection of Personal data is an important issue for us. To this end, we have put in place technical and organisational measures to protect Personal data against damage, loss, misappropriation, intrusion, disclosure, alteration or destruction.

7.2.     If, in spite of the measures taken, we should be informed of a violation within RESTTECH of the Personal data, likely to generate a risk for the rights and freedoms of the persons concerned, we undertake to notify, under applicable data privacy laws, the violation to the competent control authority at the latest 72 (seventy-two) hours after having become aware of it, and to the person concerned as soon as possible.

8.     To whom should you address your requests or complaints?

8.1.     If you have any questions or complaints regarding the processing carried out or the exercise of your rights, you can contact us at any time by email: dpo@supa.pl.

8.2.     You can also contact the Data Protection Office in Warsaw via: kancelaria@uodo.gov.pl.

9.     Changes to our Privacy Policy

We reserve the right to modify our Privacy Policy, in particular in order to take into account any changes in GDPR.

 

Converted to HTML with WordToHTML.net