Last updated on 01-07-2024

This policy explains how we, HotTable App Ltd., registered in England and Wales with company registration number 13413570, use your personal data which you provide to us. We take our responsibilities for managing your personal data seriously.

When we say your “personal data” or “personal information” we mean any information that identifies you as a person. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

For the purposes of this Privacy Policy:

• You or User means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to HotTable App Ltd, registered in England and Wales with company registration number 13413570.
• Account means a unique account created for You to access our Service or parts of our Service.
• Website refers to MenuDelite, accessible at https://www.menudelite.io.
• Service refers to the Website.
• Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
• Personal Data is any information that relates to an identified or identifiable individual.
• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

You may provide us with personal data in one of the following ways:

• contacting us by telephone or in person where you may provide your contact details such as your name, telephone number and email address. You will also be asked to consent to our usage of your information; or
• contacting us through our website by using one of the options on our website which requires you to provide us with your personal information ; or
• registering your business on our website through the “Sign Up” functionality; or
• placing an order on our website with one of our business partners; or
• reserving a table at one of our business partners through our website.
• registering your personal user account on our website through the “Sign Up” functionality; or

Examples of the personal data we collect include your name, your email address, contact and/or employee names; and any correspondence when you contact us. We also collect information regarding your business, such as your business name, business address, the contact information of an individual responsible for managing the business, the email address & phone number associated with the business account, the image you choose to represent your business with on our website, the price level you choose to associate with your business, as well as information regarding your opening times, the tables present at your venue and their occupancy, and the menu items you wish to upload to our site. We collect your review email preferences, including but not limited to, your Google Place ID, and your Yelp Review Link. We also collect the offers that you define in the admin panel, as well as your collect “Pay Later” preferences. All this information is provided by you on a voluntary basis, as part of the registration process.

We also leverage Google Places APIs (https://developers.google.com/maps/documentation/places/web-service/overview ) in order to collect information regarding your business – this includes the opening hours, as well as your price level and information regarding ratings of your business on Google platforms.

Your Yelp account is governed by the Yelp Terms of Service available at (https://terms.yelp.com/tos/en_us/20200101_en_us/ )

As part of the registration process, you are required to create a Stripe Connect account. The data collected as part of this process is managed and handled by Stripe, Inc. and is bound by their terms and conditions and privacy policy available at https://stripe.com/en-gb/privacy. The only information we collect and store as part of this process is the account ID associated with your Stripe Connect account. This is required for us to route payments made by customers to your Stripe account.

The collection of this personal data is essential to enable us to perform our contract with you.

One of our team may, in the course of assisting you with a query or when we provide services to you, ask for your consent to use your details for further purposes such as marketing and other promotional activities. When we do this, you will be clearly advised and your specific consent will be required before we can use your information for such activities.

When placing an order on our website, or making a reservation with one of our business partners, we will collect your phone number and email address. This is required to identify you as a user in our systems, as well as associate orders and transactions with you. We will also use this email to notify you of order confirmations, order cancellations, payment confirmations, payment cancellations, booking confirmations & booking cancellations. Furthermore, when you place an order or make a reservation using our website, we create a user account for you, which will be identified by your email address. This is required in order to bind your orders, offers, loyalty points collected on the platform to your person.

When placing orders with our hotel partners, we may be asked to provide your first name and last name, room number, phone number, and email address. This information will be used by our partner for identification and verification purposes and will be stored in our systems for future use.

All financial transactions initiated by you on our platform, including orders placed with our business partners are processed by Stripe, Inc. We do not have access, or collect any information regarding your payment cards and / or other payment methods. The data you input on the “Checkout” forms is bound by the Terms and Conditions and Privacy Policy of Stripe, Inc., which is available at https://stripe.com/en-gb/privacy.

Providing our services to you: we use your personal information to open your account with us and to contact you about the goods and services that we are providing to you. Reminders and updates will be sent to you using the contact information that you provide to us. Without your personal contact information, it is difficult for us to provide our good and services to you. We must also disclose this contact information to the business you are ordering from or booking a table with so that they are able to contact you with updates regarding your order and / or booking.

Improving our services: we may analyse your personal information in order to improve our business, our website and customer services.

Marketing: we may use your personal information to contact you about promotions and other news and information about our business.  

In order to provide our services and operate our website, we use various third parties which are carefully selected by us.  These parties include companies which provide business functions such as email, marketing assistance, accounting, payment processing, data management and website support. All of these third parties have in place policies and procedures to ensure adherence to the General Data Protection Regulation (‘GDPR”). In some circumstances, your data may be transferred to or stored at a location outside the European Economic Union (“EEA”) and processed by individuals acting for one of these third parties. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the GDPR. Where it is necessary to process data outside the EEA, we will ensure that the relevant third party processing the data has either provided the required contractual undertakings as specified by the EU or is a signatory of the EU-US Privacy Shield Framework.

There are certain scenarios where we may have to share your personal information with other parties and examples of these scenarios are set out below:

• For legal reasons, we may be required to share your data with law enforcement agencies, governments, etc. This may be as part of an investigation, or it may be to prevent fraud prevention.
• Where your data may be required to protect against harm to the rights of property or person as permitted by law.
• Where your data may be required to prevent or protect against serious physical harm to an individual.
• If we are involved in an acquisition, a merger, sale of assets, or liquidation. If this circumstance arose, appropriate undertakings would be obtained from the third party.

Personal information may also be collected automatically using cookies. Cookies are small files that are automatically saved to your device as a result of the websites you visit.  Cookies track, save and store information. Cookies may enable us or a third party to recognise you and make your next visit easier, and our services more useful to you, by giving you tailored options based on the information that has been stored from your last visit. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the web site.

We use the following cookies in the following ways on our web site:

• In order to identify your locale and your language preferences, and to determine which language the website should be presented to you in;
• Google Analytics - The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. Google's privacy policy is available to read at http://www.google.com/policies/privacy/ .

Session cookies:

• In order to store your email address, the code of the table you have entered as well as the items you have placed in your basket;
• In order to store the access tokens and their expiry information associated with your authenticated session on our site ;

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies.  For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.  Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

Access to the personal data we hold on you: You have the right to ask us for a copy of the personal information we hold on you, a “subject access request”. There is no fee for this. However, requesting subsequent copies of such information within an unreasonably short period may be chargeable.

Right to rectify or erase your personal data: You also have the right to have any inaccuracies corrected or removed and in certain circumstances you may ask us to erase your personal data.  If you would like us to erase the personal data we hold about you, please get in touch specifying why you would like us to do so.

Right to withdraw consent: If you have given us consent to use your personal details you may withdraw this consent at any time by contacting us at support@menudelite.io with the subject of the email including the phrase “Request to Withdraw Consent for Personal Data Collection”.  

Right to limit processing your data: You may also instruct us to cease processing your data if no longer relevant, or if there are no other legal or contractual obligations for us to do so.

If you have any enquiries and/or wish to exercise any of your rights in this privacy policy please contact us at support@menudelite.io.

You also have the right to make a complaint about our data processing activities to the Information Commissioner’s Office.  Further details can be found at https://ico.org.uk.

We hold your personal data only for as long as is necessary for the specified purpose. Once you have closed your account with us, we will delete all of the information that we hold on you apart from your email address which we will hold on our marketing database. We will also keep invoicing and other accounting records which are necessary to satisfy HMRC.

Our website may have links to other websites. This Privacy Policy only applies to this website. You should therefore read the privacy policies of the other websites when you are using those sites.

We do not sell your data and have not done so in the past 12 months.

This Privacy Policy is reviewed by us on a regular basis and may be updated from time to time. Please ensure that you are familiar with these changes.

By providing your email address, you consent to receive promotional emails from us. You can unsubscribe at any time by clicking the 'unsubscribe' link or contacting us directly. Please note that transactional emails related to your account or requested services may still be sent.

By providing your phone number, you consent to receive promotional emails from us. You can unsubscribe at any time by replying ‘STOP’ or contacting us directly. Please note that transactional SMS messages related to your account or requested services may still be sent.

Users will have an opportunity to unsubscribe to any emails or mailings by clicking on an “unsubscribe” hyperlink contained in promotional emails sent. Users can opt out of promotional emails, certain non-promotional emails necessary for the proper functioning of the SaaS product, such as essential service notifications, may still be sent.

MenuDelite+ collects certain information from restaurants to facilitate their participation in our loyalty program. This information may include: • Contact information (such as name, email address, phone number) • Restaurant details (location, menu offerings, promotional details) • Login credentials for account access

MenuDelite+ uses the collected information for the following purposes: • To provide and manage the MenuDelite+ services • To communicate with restaurants, including sending promotional materials and updates related to the MenuDelite+ program • To ensure compliance with program requirements and local regulations • To improve our services and develop new features

MenuDelite+ does not share or sell restaurant information to third parties for marketing purposes. However, we may share information with trusted service providers who assist us in operating our website, conducting our business, or servicing restaurants, provided that those parties agree to keep this information confidential.

MenuDelite+ implements reasonable security measures to protect the information we collect from unauthorized access, use, alteration, or disclosure.

MenuDelite+ retains restaurant information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Restaurants have the right to: • Access their personal information held by MenuDelite+ • Update or correct their information if it is inaccurate or incomplete • Request the deletion of their information under certain circumstances

MenuDelite+ reserves the right to update or modify this Privacy Policy at any time. We will notify restaurants of any changes by posting the revised policy on our website or by other means of communication.

For questions or concerns regarding this Privacy Policy or MenuDelite+'s data practices, please contact us at support@menudelite.com.

Welcome to MenuDelite+ Privacy Policy. This policy outlines how MenuDelite+ collects, uses, and protects your personal information when you use our app.

2.1 Personal Information: We may collect personal information such as your name, email address, phone number, and billing information when you create an account and subscribe to MenuDelite+. 2.2 Usage Data: We collect information about your interactions with our app, including usage data, preferences, and actions taken within the app.

3.1 To Provide Services: We use your personal information to provide you with access to discounts, manage your account, and process transactions. 3.2 Improvement of Services: We may use collected data to improve our app, services, and customer support based on your feedback and usage patterns. 3.3 Communication: We may use your contact information to communicate with you about your account, updates, and promotional offers related to MenuDelite+.

4.1 Third-Party Service Providers: We may share your information with trusted third-party service providers who assist us in operating our app, conducting business, or servicing you. 4.2 Legal Compliance: We may disclose your information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court or government agency).

5.1 Data Security: MenuDelite+ implements appropriate technical and organizational measures to protect your personal information against unauthorized access, misuse, or loss. 5.2 Retention: We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

6.1 Access and Updates: You have the right to access and update your personal information stored by MenuDelite+. 6.2 Data Portability: Upon request, we can provide you with a copy of your personal data in a structured, machine-readable format. 6.3 Account Deletion: You may request the deletion of your account and associated personal information. Please note that some information may be retained as necessary to comply with legal obligations or resolve disputes.

7.1 Updates: MenuDelite+ reserves the right to update this Privacy Policy at any time. We will notify you of any changes by posting the new Privacy Policy on our website or app. 7.2 Acceptance: By using MenuDelite+, you acknowledge and agree to the terms of this Privacy Policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at support@menudelite.com.

Saudi Arabia Clauses

Data Storage and Localization

We ensure that any personal data collected from users in Saudi Arabia will be stored locally unless explicit consent is obtained for international data transfers. Such transfers will only occur in compliance with the Personal Data Protection Law (PDPL) of Saudi Arabia, and where required, authorization from the Saudi Data and Artificial Intelligence Authority (SDAIA) will be sought.

Data Subject Rights

In addition to your rights under GDPR, if you are a resident of Saudi Arabia, you have the right to:

• Access and obtain copies of your personal data.
• Request correction or deletion of inaccurate or outdated data.
• Withdraw consent to the processing of your personal data at any time.
• Request details of how your personal data is being processed and shared.

Consent for Data Processing

For residents in Saudi Arabia, by providing your personal data, you expressly consent to its collection, processing, and storage. For sensitive personal data, such as financial information, we will seek explicit and informed consent prior to collection and processing, in line with local regulations.

Data Breach Notification

In the event of a data breach that affects your personal data, we will promptly notify the relevant local authority, including the SDAIA for Saudi Arabia, as well as affected individuals if the breach is likely to result in significant harm to their privacy or personal data. Notification will occur as soon as reasonably possible following the detection of the breach.

Cross-Border Data Transfers

We will not transfer your personal data outside of Saudi Arabia unless:

• You provide explicit consent.
• The transfer is necessary to fulfill a legal obligation or contract.
• We have implemented adequate safeguards to ensure the security and privacy of your data in the destination country, subject to approval from the relevant authorities.

Sensitive Personal Data

In accordance with the laws of Saudi Arabia, we recognize that sensitive personal data requires additional safeguards. Sensitive personal data includes, but is not limited to, information about racial or ethnic origin, religious beliefs, health, biometric data, and financial information. We will only process such data when absolutely necessary and with explicit consent from you.

UAE Clauses

Data Collection and Processing

We adhere to the UAE's Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Personal data collected from users in the UAE will be processed lawfully, fairly, and transparently. We will ensure that data is processed for specific and legitimate purposes, with your explicit consent where necessary. Sensitive personal data, such as information relating to health, finances, and biometric data, will be processed only when necessary and with your explicit consent in compliance with UAE law.

Data Subject Rights

If you are a resident of the UAE, you have the following rights under the UAE Federal Decree-Law No. 45 of 2021:

• Access to your data: You may request a copy of your personal data that we hold.
• Correction: You can request correction of inaccurate or incomplete data.
• Deletion: You can request the deletion of your personal data under certain conditions.
• Restriction: You have the right to request the restriction of the processing of your personal data in certain circumstances.
• Objection: You have the right to object to the processing of your data if it is based on a legitimate interest or for direct marketing purposes.

Consent and Processing of Sensitive Data

As per UAE Federal Decree-Law No. 45 of 2021, we will seek your explicit consent before collecting or processing any sensitive personal data, including but not limited to financial information. This consent will be informed, specific, and unambiguous. You may withdraw your consent at any time, and we will cease the processing of such data unless it is required by law.

Breach Notification

In the event of a data breach that may affect the privacy or security of your personal data, we will notify the UAE Data Office and affected individuals as soon as reasonably possible. Our notification will include the nature of the breach, the data involved, and any potential risks to your personal data, along with the steps taken to mitigate the impact.

Egypt Clauses

Data Collection and Processing

In accordance with Egypt's Data Protection Law No. 151 of 2020, we process your personal data lawfully, fairly, and transparently. We collect and process data only for legitimate, specific, and clear purposes. Sensitive personal data, including financial information, will be processed only with your explicit consent and as necessary for fulfilling our contractual or legal obligations.

Data Subject Rights

If you are a resident of Egypt, you have the following rights under the Egyptian Data Protection Law No. 151 of 2020:

• Access: Request access to the personal data we hold about you.
• Correction: Request that inaccurate or incomplete data be corrected.
• Deletion: Request the deletion of your personal data under specific conditions.
• Objection: Object to the processing of your personal data for direct marketing or based on legitimate interests.
• Consent Withdrawal: Withdraw your consent for data processing at any time, and we will stop processing your personal data unless required by law.

Data Storage and Localization

In the event of cross-border data transfers, we will ensure that adequate protections are in place in the destination country to safeguard your data.

Consent and Processing of Sensitive Data

In compliance with Egypt's Data Protection Law, we will seek your explicit consent for the collection and processing of sensitive personal data, including financial information. Such data will be handled with the highest levels of security, and you may withdraw your consent at any time.

Breach Notification

In the event of a data breach that may compromise the security of your personal data, we will notify the Egyptian Personal Data Protection Center and affected individuals without undue delay. The notification will include details of the breach, the data affected, potential risks, and measures taken to mitigate the impact.

Kuwait Clauses

Data Collection and Processing

We comply with Kuwait’s Law No. 20 of 2014 on Electronic Transactions in processing and managing personal data collected from individuals in Kuwait. Personal data will be processed fairly, transparently, and for lawful purposes as authorized by you. Sensitive personal data will only be processed with explicit consent and as necessary for meeting contractual or legal obligations.

Data Subject Rights

Kuwaiti residents have the following rights under Kuwait’s data protection guidelines:

• Access: You may request access to your personal data.
• Correction: You can request correction or updating of inaccurate or incomplete data.
• Deletion: Request the deletion of personal data when there is no longer a lawful reason to retain it.
• Consent Withdrawal: You may withdraw your consent at any time, and processing based on consent will cease accordingly.

We will respond to these requests in compliance with applicable Kuwaiti laws and regulations.

Data Storage and Localization

Cross-border data transfers will occur only with explicit consent or if required for fulfilling contractual obligations, provided adequate protections are in place to secure your personal data outside Kuwait.

Consent and Processing of Sensitive Data

In accordance with Kuwait’s Electronic Transactions Law, we will collect and process sensitive personal data only when necessary and with your explicit consent. You have the right to withdraw your consent at any time.

Breach Notification

In the event of a data breach affecting personal data security, we will notify affected individuals promptly, detailing the nature of the breach, data involved, potential risks, and steps taken to mitigate the impact. We may also notify relevant Kuwaiti authorities as required by law.