This document applies to all products and services offered by CRISPOSOFT SRL (“Menoo”, “we”, “our”) to all non-partner users, including web and mobile applications, and other software that we own or control (“services”).
1. Who we are
We are CRISPOSOFT SRL, a limited liability company, headquartered in Romania, Dolj, Craiova, Str. Opanez no.2A et.3, having CUI 42752548 and registered with the National Trade Register Office under number J16/1137/09.07.2020, but we usually just use the name Menoo.
2. What data we process
In order to provide you with our services, the processing of personal data is essential. A large part of this data is transmitted to us directly, while others are collected automatically when you use our platforms. However, we strive to keep the amount of data as small as possible.
Personal data is information that can identify you or make you identifiable.
In the following description of our processing activities, we refer in each case to categories of personal data. A category includes several pieces of personal data, which are usually processed together for the stated purposes.
In general, we process the following categories of personal data for the following reasons:
Profile data (master data): Username and phone number
Reason: These are your basic data, which we absolutely need for our services. Without a phone number, you will not be able to create a profile. Together with the username, these are the basic data.
Device information and access data: Device ID, device identification, operating system and corresponding version, access time, configuration settings, information about the Internet connection (IP address)
Reason: With each access, we store this information for technical reasons. We also use parts of this information to detect suspicious behavior at an early stage and to prevent any damage.
Information about orders placed during the current session: Your username, products ordered at the venue/restaurant
Reason: Every time you place an order, this information will be added to a session for the table (identified by the QR code) where the order was placed. The session at a table begins when the first order is placed and ends when the venue staff resets the order status for that table. You will be able to view all products ordered by you and all products ordered at that table, but you will not be able to see what products other participants in the session ordered. Throughout a session, your username will be visible to restaurant staff so they can see what each participant in the session ordered, making the note at the end of it, together or separately.
Information about session history: Products ordered at the venue/restaurant
Reason: Every time a session you participated in ends, information about it will be added to your profile. You can see all this information in your profile at any time. The information should give you an overview of your own interests and previous orders. Similarly, you will only be able to see the products ordered at the table and which of these were ordered by you. You will not be able to see other participants in the session and what they ordered.
3. Who are our collaborators
We never provide your personal data to unauthorized third parties. However, as part of our activity, we use the services of selected service providers and provide them with limited and strictly monitored access to some of the data we hold. However, before sending personal data to these partner companies for them to process on our behalf, each company is individually audited. All recipients must comply with legal provisions regarding the protection of personal data and demonstrate the level of data protection with adequate evidence.
Given that the basic service provided by Menoo is the possibility of interacting with the merchant's staff, the merchant's staff will have access to your username, the orders you place within the premises, and other information strictly necessary for identifying you at the table.
4. Cookies and similar technologies
5. Fraud prevention and our platform security
To protect our customers and platform from potential attacks, we continuously monitor the activities on our platform by all visitors. For this purpose, we use various technical measures to ensure that all suspicious behaviors are detected from the beginning and prevented in time. To achieve this goal, several monitoring mechanisms run in parallel and prevent potential attackers from accessing our web platform.
The decision-making process is automated and may have a legal effect on the person concerned or may affect them similarly. If the automated decision-making produces negative consequences for you and you do not agree with this, you can contact us at email@example.com. In this case, we will individually analyze the circumstances of your case.
To prevent false orders, the merchant has the possibility to block access to the Menoo system within the premises managed by him. To make this possible, we also store your device identifier to be able to identify your right to access within the premises.
6. How long are data kept
Personal data is processed and stored for the period of the purpose for which it was collected and reasonably necessary for our legitimate interests, including fraud detection and prevention and to comply with legal obligations, including tax obligations, legal reporting and auditing.
Once the retention period expires, personal data will be deleted. Therefore, the right of access, the right to be forgotten, the right to rectification and the right to data portability cannot be applied after the retention period expires.
7. Your rights regarding data processing
You can exercise the following rights at any time:
- Right of access
You have the right to be informed about what data we store about you and how we process this data.
- Right to rectification:
If you notice that the stored data is incorrect, you can always ask us to correct it.
- Right to erasure
You can request us to delete the data we have stored about you at any time.
- Right to data portability
You can request us to transmit the data stored about you in a format that can be read in electronic format, by you or by another responsible person. (In this context, we usually use the JSON data format.)
To exercise your rights, you can contact us at any time at firstname.lastname@example.org.
8. Right to change
We reserve the right to modify this personal data processing statement in accordance with legal requirements.