Privacy Policy

Last modified: April 2, 2022

The owner and operator of the WMenu application and the controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") is the Foundation for the Development of Entrepreneurship "Twój StartUp", NIP: 5213641211, with its registered office at 00-503 Warsaw, ul. Żurawia 6/12, lok. 766, entered in the register kept by the District Court for the capital city of Warsaw under KRS number 0000442857 (hereinafter the "Controller" or "we"), operating the website at www.wmenu.pl (the "Service").

On this page we inform you about our policy of collecting and using personal data received from Users of the Service and Internet Users (hereinafter also referred to as "You"). The policy is provided to ensure that persons whose personal data are processed by the Controller receive the broadest possible information about the scope of data processed, the methods and principles of processing, and their rights. The main legal regulation concerning the protection of personal data is Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the "GDPR").

The disclosed personal data are processed for the purpose of providing services through the Service and improving it. By using the Service and related websites, you agree to the collection and use of information in accordance with this policy.

Glossary:

1. Browser: software used to display websites (e.g., Chrome, Firefox, Safari, Edge).
2. Cookies: text files placed by a server on the device on which the Browser operates. Cookies are IT data, in particular text files, stored on the User's end device (e.g., in computer memory) and intended for use of the Service.
3. Third country: a country outside the European Economic Area.
4. Personal data: any information about an identified or identifiable natural person, in particular on the basis of an identifier such as name and surname, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
5. Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects concerning that person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
6. Service: the online service operated at www.wmenu.pl by the Foundation for the Development of Entrepreneurship "Twój StartUp", addressed to Users and Internet Users, enabling the creation and presentation of a restaurant's menu in electronic form by creating a dedicated website with the venue's offer.
7. Services: services provided by the Controller through the Service for Users.
8. Agreement: an agreement concluded between the Controller and the User in connection with the User's use of the Services through the Service.
9. Processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
10. Users: entrepreneurs using the Services provided by the Controller through the Service.
11. Account: an individual profile of the User created in the Service as a result of the registration process.
12. Internet User: a person browsing content published on the Service's websites.

Data collection and processing

By using our Service, we may ask you to provide certain information that can be used to identify you and that is necessary to provide services within the Service, contact you, or identify you. Identifying information may include, but is not limited to, your Username.

WMenu.pl does not verify the correctness of the information you provide and is not responsible for the accuracy and reliability of the data provided by the User to third parties.

WMenu.pl collects the following information provided voluntarily by the User:

• full name;

• e-mail address;

• password;

• company name and registered address;

• correspondence address;

• company tax identification number (NIP);

• contact phone number;

• logo and presentation of the user's offer;

• other data you provide to us in connection with using the WMenu Application services or that we obtain in connection with this (data on your consumer behavior, etc.).

The Service also obtains information about Users, Internet Users and their activity in the following ways:

1. by storing cookies on end devices,
2. by collecting WWW server logs (LOGS) by the administrator.

The Service may also record information about your connection parameters (timestamp, IP address).

By checking consent using the relevant form and/or actively using the WMenu application or related services, the User and Internet User confirms that they have read these Rules and accept them in full.

For what purpose do we collect personal data and for how long do we store it?

Collecting the above information is necessary to provide the Services and better understand your needs, in particular for the following reasons:

1. to perform mutual rights and obligations arising from the Agreement (Article 6(1)(b) GDPR) and to handle complaints and claims related to concluded Agreements (processing is necessary to comply with a legal obligation incumbent on the Controller, as well as resulting from its legitimate interest – Article 6(1)(c) and (f) GDPR); in such a case we store personal data for the time necessary to perform the Agreement, and after its completion for the period necessary to demonstrate the proper performance of obligations arising from the Agreement, until the expiry of archiving periods and limitation periods for claims under the Agreement;
2. to keep internal documentation related to the Controller's business activity, which results from its legitimate interest – Article 6(1)(f) GDPR; personal data are then processed for the period necessary to pursue the Controller's legitimate interest or until a justified objection is raised by the User;
3. to maintain your profile in the Service and enable its personalization; processing takes place based on your consent and results from the Controller's legitimate interest (Article 6(1)(a) and (f) GDPR); in such a case we store data until you withdraw your consent for processing for this purpose;
4. to improve the Service and the Services we provide, which results from the Controller's legitimate interest – Article 6(1)(f) GDPR; in such a case we store personal data until you raise a justified objection to further processing;
5. for analytical, statistical, research and development purposes (processing is necessary due to the Controller's legitimate interest – Article 6(1)(f) GDPR); personal data will then be processed until an additional legal basis exists (e.g., allowing processing to perform the Agreement) – once the Controller loses this basis, personal data will be anonymized;
6. to ensure the Controller provides Services in accordance with applicable law, in particular the Service Regulations, and to fulfill mutual contractual obligations (Article 6(1)(b) GDPR), to meet legal obligations (Article 6(1)(c) GDPR) and to pursue and defend claims arising from the Agreement (Article 6(1)(f) GDPR); in such a case we store personal data for the time necessary to perform the Agreement and after its completion for the period necessary to demonstrate proper performance of obligations until the expiry of archiving and limitation periods for claims;
7. to send periodic e-mails related to the service, necessary for the performance of mutual contractual obligations (Article 6(1)(b) GDPR); in such a case we store personal data for the time necessary to perform the Agreement, and after its completion for the period necessary to demonstrate proper performance of obligations under the Agreement;
8. to provide information about new products, special offers or other information we think may interest you; in such a case we process personal data based on your consent (Article 6(1)(a) GDPR) until it is withdrawn;
9. to ensure the security of using the Services available in the Service, which is necessary to perform mutual contractual obligations, defend claims arising from the Agreement (Article 6(1)(b) GDPR), fulfill legal obligations incumbent on the Controller (Article 6(1)(c) GDPR), and in the Controller's legitimate interest (to ensure the security of provided Services – Article 6(1)(f) GDPR); in such a case we process personal data for the time necessary to perform the Agreement, and after its completion for the period necessary to demonstrate proper performance of obligations until the expiry of archiving periods or limitation periods; for legal obligations, processing is performed for the time necessary to fulfill those obligations; for security, for the period necessary to pursue the Controller's legitimate interest or until you raise a justified objection;
10. to perform other statutory obligations of the Controller, in particular tax and reporting obligations (Article 6(1)(c) GDPR) – for the time necessary to fulfill statutory obligations, in particular until the expiration of tax limitation periods;
11. to send you marketing materials in a manner compliant with applicable laws – processing is based on your consent (Article 6(1)(a) GDPR) and/or on the Controller's legitimate interest in direct marketing (Article 6(1)(f) GDPR); in such a case personal data are processed for the time necessary to pursue the Controller's legitimate interest or until a justified objection is raised, and for direct marketing no longer than until an objection is made.

Security

We are committed to ensuring the security of personal data you provide. To prevent unauthorized access or disclosure, we have put in place appropriate physical, electronic and administrative procedures to safeguard the information we collect.

In particular, the following security measures are applied:

1. protection of data against unauthorized access,
2. software updates,
3. access to an individual account in the Service only after logging in with a username and password; passwords are confidential;
4. encryption of personal data in the database;
5. SSL certificate.

How we use cookies

A cookie is a small file that asks permission to be placed on your computer's hard drive. Once you agree, the file is added and helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs and preferences by gathering and remembering information about your preferences. Cookies can be "persistent" or "session".

We use cookies to identify which pages are being used by you. This helps us analyze data about traffic in the Service and improve our website to tailor it to customer needs. We use this information only for statistical analysis and then the data are removed from the system.

In addition, we may use cookies for displaying promotional content as part of campaigns run by the Service and by external ad serving systems such as GoogleAds, AdForm, FacebookAds, which create a cookie when you visit websites. These cookies are used to present content matched to your interests ("interest based targeting"). Content is selected based on the history of pages you have visited (for example, if you browsed pages about Krakow landmarks, you may see ads for hotels in Krakow even on unrelated sites, such as a football website). The system uses "non-identifying user information." It does not track personal information such as your name, e-mail address, home address, phone number, NIP number, bank account numbers or credit card numbers. You can disable this system at any time on this page.

Cookies help us provide you with a better and more convenient website by enabling us to monitor which pages are useful and which are not. Cookies do not give us access to your computer or any information about you, other than the data you choose to share with us.

You can accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. Please be aware that this may prevent you from taking full advantage of the website.

Links to other websites

We allow ads from external services to be displayed. Some of these advertisers (e.g., Google, Facebook) may use technologies such as cookies or web beacons, which when displaying their ads on our website will send the advertisers information including your IP address, Internet provider, browser type and in some cases whether you have Flash installed. This is generally used to display ads to users based on their location or to select ads based on pages they previously visited.

You may also find links (references) on our website to other websites, in particular YouTube and other similar video content services. However, after using these links and leaving our website, please remember that we have no control over that website. Therefore, we cannot be responsible for the protection and privacy of any information you provide while visiting such websites, and such sites are not governed by this privacy policy. You should be cautious and review the privacy statements applicable to the website in question.

Control over your personal data

We do not sell your personal data to third parties, but we may share it with our contractors or public authorities.

At the same time, we inform you that the transfer of personal data to external recipients will occur when:

1. it is necessary to use the services of an external entity,
2. it is necessary for agreements concluded with external entities,
3. it is necessary for the proper provision of the Service,
4. it is necessary for analytical purposes, including optimizing the Service and the Services provided by the Controller,
5. it results from generally applicable legal provisions,
6. it is necessary to defend claims or rights of the Controller, including in connection with ongoing proceedings,
7. circumstances arise that constitute a threat to life, health, property or security,
8. it is necessary to perform a service for the Service's contractors.

Based on your consent, personal data may be transferred for advertising and marketing purposes to the Service's contractors. We may use your personal data to send you promotional information about third parties that we think may be of interest to you.

Personal data may be transferred to Stripe (stripe.com) as the payment gateway operator in the WMenu application, due to a legal obligation to conduct mandatory sanctions screening and AML (anti-money laundering) monitoring of transactions carried out through the WMenu Application.

You may request information about the personal data we store by writing to info@wmenu.pl.

If you believe that any personal data we hold are incorrect or incomplete, please write to us as soon as possible at the address indicated. We will promptly correct any information found to be incorrect.

Your personal data may be transferred to third countries or international organizations outside the European Economic Area in connection with the provision of the Service; in such cases, all transfers will be based on standard contractual clauses adopted by the European Commission, ensuring an adequate level of protection in accordance with applicable regulations.

User rights

Under the GDPR, you have the following rights related to control of personal data processing:

1. the right to access personal data (including obtaining information about the type of personal data processed by the Controller and receiving a copy of your personal data);
2. the right to request correction, updating or rectification of personal data;
3. the right to request deletion of personal data if they are incomplete, outdated, untrue, collected in violation of the law or no longer necessary for the purpose for which they were collected; regardless of the above, you may delete your Account from the Service (this is not equivalent to deleting Personal Data);
4. the right to lodge a complaint with the supervisory authority for personal data protection – i.e., the President of the Personal Data Protection Office (e.g., if you consider that the processing of personal data violates GDPR or other data protection regulations);
5. the right to request restriction of personal data processing;
6. the right to object to the processing of Personal Data if the processing is based on the Controller's legitimate interest or for direct marketing purposes.

If your personal data are processed based on consent, you have:

1. the right to withdraw consent at any time;
2. the right to data portability.

The right to object to the processing of personal data applies to the following cases:

1. processing of your personal data for direct marketing purposes; if you exercise your right to object, the Controller will cease processing personal data for this purpose;
2. your particular situation – you have the right to object to processing of personal data also in cases other than direct marketing. This requires you to indicate your particular situation that justifies the Controller ceasing processing of personal data to the extent indicated in the objection. The Controller will then cease processing your personal data unless the necessity of processing overrides your rights or the processing is necessary to establish, pursue or defend claims.

Automated processing of personal data

We inform you that we use your personal data for automated decision-making, including profiling, taking into account information contained in cookies. Profiling will affect the functionality and quality of the Service, the content of your profile, as well as the content of the offer dedicated to you and content displayed on external services, in particular Google and Facebook environments. In addition, profiling is carried out to achieve the purposes described in this Policy.

Profiling affects your use of the Service, as it allows the Controller to improve the quality of using the Service and assess your personal preferences and interests. Therefore, profiling also includes monitoring and tracking individual User behaviors.

Changes to the Privacy Policy

The Privacy Policy is effective as of April 2, 2022.

We reserve the right to update or change the Privacy Policy at any time in the event of changes in law, court rulings, guidelines of supervisory authorities, introduction of Codes of Good Practice (if the Controller is bound by such codes), changes in technology, methods, purposes or legal bases for processing Personal Data. Therefore, you should periodically review this Policy. Continued use of the Service after changes to the Privacy Policy are posted on this page constitutes acceptance of the revised Privacy Policy.

If we make material changes to the Privacy Policy, we will notify you by e-mail to the address provided or by placing appropriate information in the Service. The Controller strives to keep this Policy up to date and to update it.

Contact us

If you have any questions about the Privacy Policy, contact us by sending a request to info@wmenu.pl.