Privacy Policy
1. Introduction
1.1. Objectives
The purpose of this document is to ensure the company’s compliance with European and international requirements and legislation. Specifically, this policy aims to ensure compliance with the EU General Data Protection Regulation (GDPR). This document applies to all Order Gurus systems, processes and people, including board members, directors, employees, suppliers and other third parties who have access to the company’s information systems.
1.2. Intended Audience
The contents of this document are not technical and they do not assume any previous knowledge of specific technologies. As such, it can be reviewed and consulted by a number of actors:
The company’s teams relating to the processes in scope. Order Gurus Top Management, as well as any other legally involved person, authority and/or organization.
1.3. Roles and Responsibilities
The company’s Top Management is responsible for the implementation and review of this policy. 1.4. Terms and Abbreviations
The abbreviations, terms, and definitions used in this document are depicted in the table below.
Terms / Abbreviations
Definitions
* Availability: Ensuring timely and reliable access to and use of information.
* Breach: An event that affects one or more of the following features: authenticity, availability, confidentiality, integrity, and validity.
* Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
* Consent: “The consent of the data subject” means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.
* Controller: The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws. Depending on the facts, the same entity can be a controller in respect of some processing activities and a processor in respect of other processing activities. It is possible for an organization to be both a controller and a processor.
* Data Breaches: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
* GDPR: GeneralDataProtection Regulation
* Incident: A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.
* InformationSecurity: Preservation of Confidentiality, Integrity and Availability of information as well as of authenticity, accountability, non-repudiation and reliability.
* Integrity: The property that data has not been modified or deleted in an unauthorized and undetected manner.
* PersonalData: Any Information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Processing: Any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. Depending on the facts, the same entity can be a controller in respect of some processing activities and a processor in respect of other processing activities. It is possible for an organization to be both a controller and a processor.
* Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular,r to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
* Validity: Absolute accuracy and completeness of information.
* Availability: Ensuring timely and reliable access to and use of information.
2. Purpose and Scope
2.1. Purpose
The purpose of this policy is to put in place a compliance framework that includes appropriate technical and organizational measures, in order to ensure that data processing is performed in compliance with the GDPR. The main objective is to protect the confidentiality, integrity, availability, authenticity and resilience of processing systems and services.
Our company focuses in providing quality services that meet every time our very strict requirements and exceed our client’s specifications. As a result, we will continue to invest in our security infrastructure and work with third-party vendors to ensure we have the appropriate contractual terms in place. This Privacy Policy is meant to help you understand the nature of the data we collect, why we collect it, and what we do with it. The above, among other things, are explicitly defined in this document.
2.2. Scope
The GDPR applies across all the Member States of the EU. Also, it applies to any organization anywhere in the world that provides services to the EU involving the processing of EU citizens’ data. Thus, this policy applies to:
* All employees of Order Gurus LLC. This category consists of regular and temporary employees, trainees and interns.
* Contractual third parties of Order Gurus with any form of access to the company’s information and information systems.
* All hardware and software systems ofOrderGurus.
3. Policy
3.1. General
This Privacy Policy is limited to personal data collected by Order Gurus as a Controller/Processor by our website www.ordergurus.com and our application. Please read carefully our Privacy Policy to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information. You acknowledge this privacy policy and consent to the processing of personal data by Order Gurus and/or third parties specified in this privacy policy. Order Gurus reserves the right to alter this privacy policy. If the changes are significant, we will notify you by email and post an announcement on our Website before they come into effect. If you have any questions or objections related to this privacy policy, please contact us via www.ordergurus.com/contact
3.2. Definitions
“Controller” refers to the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. For the purposes of this policy, the “Controller” as a term refers specifically to Order Gurus. “Processor” refers to a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. For the purposes of this policy, the “Processor” as a term refers specifically to Order Gurus. “Website/Application User” refers to individuals who use our Website/Application in order to submit an order. “Store Owner” refers to entities (restaurant, café-bar, self-service or takeaway, hotel) who have registered with Order Gurus in order to use (or potentially use) our services. “Affiliate or Partners” refers to partners that register on our website with the purpose promote our services to stores or provide additional services to them. “Personal Data” refers to any information relating to an identified or identifiable natural person. “Processing” refers to any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Please note that for the provision of our services, data processing is considered to be lawful since it is based on articles 6(b) and 6(f) of the GDPR. In cases where consent is used as a lawful basis (article 6(a) of the GDPR), then this will be required and no actions will take place without the user’s prior consent to the processing of their personal data stating the specific purpose of the processing.
3.3.Information We Collect and Process
We collect and process the following types of personal data.
3.3.1. Website/Application Users’ Data
When you use our website/application as a store owner’s customer, we may collect your name, home address, phone number and email in order for you to submit your order, and for the store owner to be able to provide the requested service. The above data are used for the purposes of the legitimate interests pursued by Order Gurus or by the store owners. In any case, your data are not further analyzed by Order Gurus. Additionally, we might collect some collective order data that are anonymous and they are used to provide basic statistics to the store owners (e.g. regarding total number of menu viewings per month, total number of orders per month, etc.). Order Gurus will never deliberately collect the personal data of children under the age of 18. Our Website/Application is not intended for use by anyone under the age of 18.
3.3.2. Store Owners’ Data
Store Owner’s personal data is provided voluntarily by the user upon registration and/or modification of a user profile. In particular, the following information is collected and stored: email, first name, last name, country, phone number, password (encrypted). Some additional information is provided for the stores (as legal entities) upon registration, including the following: name, description, alias, country, address, post code, language. The above data are used for contractual purposes related to the provision of our services (e.g. optimising a dedicated website on our platform, issuing an invoice, etc.). Your data are stored by an external provider. This is currently OVH in Frankfurt, Germany.
3.3.3. Affiliates’ Data
Affiliate’s personal data is provided voluntarily by the user upon registration and/or modification of a user profile. In particular, the following information is collected and stored: email, first name, last name, country, phone number, password (encrypted), bank account details and/or PayPal ID. The above data are used for contractual purposes related to the provision of our services (e.g. payments, etc.). Your data are stored by an external provider. This is currently OVH in Frankfurt, Germany.
3.4. Purposes of Processing your Personal Data
We process your personal data in the following ways.
3.4.1. Services
We use the information we collect in order to improve our services and to remain in compliance with our customer’s requirements. Additionally, we comply with all legislative and regulatory requirements.
* Website/Application Users’ data are collected and processed to provide our services in connection with your orders. Store Owners’ data and Affiliates’ data are collected and processed explicitly for contract-related purposes, as defined each time.
3.4.2. Functionality of the Website/Application
When you visit, register, or login in our Website/Application, we collect the following data: IP address, web browser, duration of your visit and current location. This information is used in the following ways:
To improve our website in order tobetter serve you.
* To resolve any technical issues that may arise and to improve access to certain parts of the Website.
* To provide our Services by ensuring that the application runs correctly.
* To provide you with the correct and latest version of the Application.
Contact Information
www.ordergurus.com
ORDER GURUS LLC
Head Office
BB-235913, 14350 NW 56th Court,
#107, Opa-Locka, FL,
Miami-Dade, USA, 33054
sales@ordergurus.com
Call (786) 633 2404