The purpose of this document is to ensure the company’s compliance with Dutch, European and international requirements and legislation.
Specifically, this policy aims to ensure compliance with the EU General Data Protection Regulation (GDPR).
This document applies to all GonnaOrder systems, processes and people, including board members, directors, employees, suppliers and other third parties who have access to the company’s information systems.
The contents of this document are not technical and they do not assume any previous knowledge of specific technologies. As such, it can be reviewed and consulted by a number of actors:
The company’s teams relating to the processes in scope.
GonnaOrder Top Management, as well as any other legally involved person, authority and/or organization.
The company’s Top Management is responsible for the implementation and review of this policy.
The abbreviations, terms, and definitions used in this document are depicted in the table below.
The purpose of this policy is to put in place a compliance framework that includes appropriate technical and organizational measures, in order to ensure that data processing is performed in compliance with the GDPR. The main objective is to protect the confidentiality, integrity, availability, authenticity and resilience of processing systems and services.
Our company focuses in providing quality services that meet every time our very strict requirements and exceed our client’s specifications. As a result, we will continue to invest in our security infrastructure and work with third-party vendors to ensure we have the appropriate contractual terms in place.
The GDPR applies across all the Member States of the EU. Also, it applies to any organization anywhere in the world that provides services into the EU involving the processing of EU citizens’ data.
Thus, this policy applies to:
understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information.
“Controller” refers to the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. For the purposes of this policy, the “Controller” as a term refers specifically to GonnaOrder.
“Processor” refers to a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. For the purposes of this policy, the “Processor” as a term refers specifically to GonnaOrder.
“Website/Application User” refers to individuals who use our Website/Application in order to submit an order.
“Store Owner” refers to entities (restaurant, café-bar, self-service or takeaway, hotel) who have registered with GonnaOrder in order to use (or potentially use) our services.
“Affiliate or Partners” refers to partners that register on our website with the purpose promote our services to stores or provide additional services to them.
“Personal Data” refers to any information relating to an identified or identifiable natural person.
“Processing” refers to any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Please note that for the provision of our services, data processing is considered to be lawful since it is based on articles 6(b) and 6(f) of the GDPR.
In cases where consent is used as a lawful basis (article 6(a) of the GDPR), then this will be required and no actions will take place without the user’s prior consent to the processing of their personal data stating the specific purpose of the processing.
We collect and process the following types of personal data.
When you use our website/application as a store owner’s customer, we may collect your name, home address, phone number and email in order for you to submit your order, and for the store owner to be able to provide the requested service.
The above data are used for the purposes of the legitimate interests pursued by GonnaOrder or by the store owners.
In any case, your data are not further analysed by GonnaOrder.
Additionally, we might collect some collective order data that are anonymous and they are used to provide basic statistics to the store owners (e.g. regarding total number of menu viewings per month, total number of orders per month, etc.).
GonnaOrder will never deliberately collect the personal data of children under the age of 18. Our Website/Application is not intended for use by anyone under the age of 18.
Store Owner’s personal data is provided voluntarily by the user upon registration and/or modification of a user profile. In particular, the following information is collected and stored: email, first name, last name, country, phone number, password (encrypted). Some additional information is provided for the stores (as legal entities) upon registration, including the following: name, description, alias, country, address, post code, language.
The above data are used for contractual purposes related to the provision of our services (e.g. optimize a dedicated website on our platform, issuing an invoice, etc.).
Your data are stored by an external provider. This is currently OVH in Frankfurt, Germany.
Affiliate’s personal data is provided voluntarily by the user upon registration and/or modification of a user profile. In particular, the following information is collected and stored: email, first name, last name, country, phone number, password (encrypted), bank account details and/or PayPal ID.
The above data are used for contractual purposes related to the provision of our services (e.g. payments, etc.).
Your data are stored by an external provider. This is currently OVH in Frankfurt, Germany.
We process your personal data in the following ways.
We use the information we collect in order to improve our services and to remain in compliance with our customers’ requirements. Additionally, we comply with all legislative and regulatory requirements.
When you visit, register, or login in our Website/Application, we collect the following data: IP address, web browser, duration of your visit and current location. This information is used in the following ways:
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
Please note that we may use trusted third-party services that track this information on our behalf, like Google Analytics, but all data used will be anonymized.
We do not collect or store any credit card details. We use mainly two (2) payment integrators (Stripe and PayPal), who are solely responsible for all the security issues relating to the processing of credit card details.
GonnaOrder may use Store Owners’ and/or Affiliates’ contact data to send important announcements only and not use it for marketing. Store owners and affiliates can subscribe to receiving marketing information via a newsletter. They can unsubscribe from these messages at any time.
Website/Application Users’ Personal Data may be collected in lists and exported to the store owners upon their request mostly for reasons related to their business (i.e., statistics). Please note that each store owner may have access only to its visitors/customers’ personal data.
Store Owners’ and/or Affiliates’ Personal Data may be transferred outside EU to call center support partners if required. These third parties may have access to your personal data and process it in order to carry out specific tasks for us, such as analysis of issues and problems.
Personal data collected by GonnaOrder from Website/Application Users of our website are kept in order to provide the required service (if any). Once the service has been completed all information is destroyed.
Personal data collected by GonnaOrder from Store Owners and Affiliates are kept as long as the aforementioned users retain their accounts. Once an account is deleted, GonnaOrder deletes all the related data.
The GDPR provides the following rights for all data subjects:
For any questions or suggestions or statements related to these issues, please contact us by contacting us via https://www.gonnaorder.com/contact
Your personal information is contained within secured networks, and is only accessible by a limited number of persons who have special access rights to such systems.
We implement a variety of security measures when a user enters, submits, or accesses the information to maintain the safety of your personal data.
We work hard to protect you from unauthorized access to data or unauthorized alteration or disclosure of information we hold. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. In particular:
Eastonstraat 174 – 1068 JE – Amsterdam