Cookies and Privacy Notice for Online Restaurant Order Management App

FIRST.- Identity of the controller

Shorebuddy S.L., as owner of the online restaurant order management app and controller of the personal data processed through it, informs users in accordance with Regulation (EU) 2016/679, Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights, and Law 34/2002 of 11 July on Information Society Services and Electronic Commerce.

Controller details:

Controller: Shorebuddy S.L.

Company ID: B75387886

Registered address:

Urb. Balcon del Golf 10
29660 Marbella
Spain

Email: david@beachbuddy.menu

Telephone: +34 666458917

SECOND.- First-layer cookies notice

Beachbuddy uses first-party and third-party cookies or equivalent technologies, where applicable, to ensure the proper functioning of the app, manage the ordering process, analyse user browsing or in-app activity and, where applicable, personalise content or measure the effectiveness of promotional actions. You may accept, reject or configure the use of non-essential cookies or similar technologies through the settings panel enabled for this purpose. For further information, please consult this notice.

THIRD.- First-layer privacy information

The personal data provided through this app shall be processed by Shorebuddy S.L. for the purpose of managing user registration, processing online restaurant orders, handling enquiries, managing payments, deliveries and incidents, and complying with applicable legal obligations. You may exercise your rights of access, rectification, erasure, objection, restriction and portability by contacting david@beachbuddy.menu. Extended information is set out below.

Privacy Notice

FIRST.- Purposes of processing

Personal data collected through the app shall be processed for the following purposes:

To manage the registration, identification and authentication of registered users.

To process, manage and fulfil online restaurant orders placed through the platform.

To manage deliveries, incidents, refunds, cancellations and customer care.

To manage invoicing, payment collection and administrative control of transactions.

To respond to requests for information, enquiries, claims or user communications.

To send commercial communications by electronic means where the user has consented or there is another lawful basis.

To analyse the use of the app through cookies, SDKs or similar technologies, under the terms described in the Cookies Notice.

To prevent fraud, unlawful use of the platform and strengthen service security.

To comply with legal obligations applicable to the controller.

SECOND.- Categories of data processed

Depending on the user’s interaction with the app, the following categories of data may be processed:

Identification data: first name and surname.

Contact data: postal address, telephone number and email address.

Account and authentication data: username, password or equivalent credentials, where applicable.

Order data: products requested, delivery address, order notes and order history.

Financial and payment data: information necessary to manage payment through the relevant payment providers.

Data regarding dietary preferences, allergies, intolerances or observations provided by the user.

Device, connection and usage data: IP address, device identifiers, operating system, app version, logs and data obtained through cookies, SDKs or similar technologies.

Geolocation data, where strictly necessary for delivery management and where the user has granted the required permissions.

THIRD.- Legal basis for processing

The legal basis for processing data shall be, as applicable:

Performance of the contractual relationship or implementation of pre-contractual measures in order to manage registration, orders and service provision.

The user’s consent for commercial communications, the use of non-essential cookies or similar technologies, geolocation where required, and, where appropriate, the processing of optional data voluntarily provided.

Compliance with legal obligations applicable to the controller.

The controller’s legitimate interest in preventing fraud, protecting app security, handling incidents and improving the service, within the limits permitted by law.

FOURTH.- Data retention

Personal data shall be retained for as long as necessary to fulfil the purpose for which it was collected and thereafter for the applicable legal limitation periods.

In particular:

Account data shall be retained while the account remains active.

Data relating to orders, invoicing and payments shall be retained for the periods required by tax, accounting and commercial legislation.

Data processed on the basis of consent shall be retained until consent is withdrawn.

Data obtained through cookies, SDKs or similar technologies shall be retained for the periods stated in the relevant table or settings panel.

FIFTH.- Data recipients

Data may be disclosed to or accessed by third parties where necessary for the provision of the service or where there is a legal obligation. In particular, the following may be involved:

Restaurants, kitchens or participating establishments that prepare or manage orders.

Delivery companies, logistics operators or personnel in charge of delivery.

Financial institutions, payment gateways and payment service providers.

Technology, hosting, cloud, maintenance, messaging, analytics, crash-reporting, push notification or customer support providers acting as processors.

Public authorities, courts, tribunals or law enforcement bodies where legally required.

If international data transfers take place, they shall be carried out subject to the appropriate safeguards required by applicable law.

SIXTH.- User rights

The user may exercise the rights of access, rectification, erasure, objection, restriction of processing, portability and withdrawal of consent at any time by sending a request to david@beachbuddy.menu or to the controller’s postal address.

If the user considers that their rights have not been properly addressed, they may lodge a complaint with the Spanish Data Protection Agency (AEPD).

SEVENTH.- Mandatory nature of the data

The app’s forms and screens shall identify mandatory fields required to manage registration, orders or enquiries. Failure to provide the required data may make it impossible to provide the service or properly process the request.

EIGHTH.- Security

The controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and to protect personal data against loss, alteration, unauthorised processing or improper access.

NINTH.- Specific warning regarding dietary preferences and location data

Where the user provides information regarding allergies, intolerances or special dietary requirements, such information should be limited to what is strictly necessary for the proper management of the order. Before final publication of this notice, it is advisable to assess whether such processing may involve special categories of data and whether additional explicit consent is required.

Where the app uses geolocation data for delivery or address selection, the user must be clearly informed of that use and, where required, asked for the corresponding device permission and privacy consent.

TENTH.- Amendments

The controller reserves the right to amend this Privacy Notice in order to adapt it to legal, interpretative or operational changes affecting the app. Any amendments shall be published within the app, on the related website or through other appropriate means.

Cookies Notice

FIRST.- What cookies and similar technologies are

Cookies and similar technologies, such as SDKs, local storage, pixels or mobile identifiers, are tools that may be installed or activated on the user’s device when using the app or related landing pages. They allow information to be stored and retrieved regarding use of the service and, depending on their configuration, may be used to recognise the user or device.

SECOND.- Types of cookies or similar technologies used

This app may use strictly necessary first-party technologies required for the functioning of the platform, including session management, authentication, security, load balancing, maintenance of user preferences and the ordering process, for which consent is not required where permitted by law.

The app may also use third-party cookies or similar technologies that require user consent, such as:

Analytics or measurement technologies.

Advertising or marketing technologies.

Personalisation technologies.

Technologies associated with third-party services or external integrations.

Push notification or attribution tools, where applicable.

An updated table or settings panel should be included stating for each cookie or homogeneous group of technologies its name, provider, purpose, duration, type of identifier used and whether it involves international data transfers.

THIRD.- Purpose of cookies and similar technologies

Cookies or similar technologies used in the app may serve to:

Enable access to and proper use of the platform.

Remember user preferences and settings.

Maintain active sessions.

Analyse usage patterns and user behaviour statistically.

Measure the performance of campaigns or promotional actions.

Improve user experience and optimise the service.

Manage security, fraud prevention and service integrity.

FOURTH.- Management, rejection and withdrawal of consent

The user may accept, reject or configure the use of non-essential cookies or similar technologies through the settings panel available in the app or related website. The user may also restrict certain identifiers through the privacy settings of their device or browser, depending on the technology used.

Disabling certain technologies may affect the proper functioning of the app or limit some of
its features.

FIFTH.- Changes to the Cookies Notice

This Cookies Notice may be modified in the future to adapt it to regulatory, technical or operational changes. Users are advised to review it periodically.

SIXTH.- Contact

For any questions regarding this Cookies Notice or the use of similar technologies, you may contact david@beachbuddy.menu.

SEVENTH.- Legal reference

This Cookies Notice is drafted, among other provisions, in accordance with article 22.2 of Law 34/2002 of 11 July, as well as the interpretative criteria in force issued by the Spanish Data Protection Agency.