MyDiner.net Logo
MyDiner.net

Privacy Policy of MyDiner.net

1. General Information

1.1. This Privacy Policy sets out the rules for the processing of personal data of Users of the MyDiner.net service, available at https://mydiner.net (hereinafter: "Service").

1.2. The Administrator of the personal data of Service Users is Antoni Paszkow conducting business in Poland under the name Antoni Paszkow - AP Digital, NIP: 6112641569, REGON: 385492476, (hereinafter: "Administrator" or "MyDiner.net").

1.3. The Administrator makes every effort to protect the privacy of Users and to process their personal data in accordance with applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR") and the Act of 10 May 2018 on the protection of personal data (i.e., Journal of Laws of 2019, item 1781).

2. Scope of Collected Data

2.1. The Administrator collects the following categories of personal data of Users:

  • Identification Data: restaurant name, NIP, REGON.
  • Contact Data: email address of persons representing the restaurant (e.g., owner, manager).
  • Data Necessary for Invoicing: full company name, address, NIP.
  • Data Regarding Service Use: information about the User's interactions with the Service, including login data, IP address, browser type, device identifier.

2.2. The Service uses cookies (so-called "cookies"). Detailed information on cookies, their types, purposes of use and how to manage them can be found in our Cookie Policy.

3. Purpose of Data Processing

3.1. The Administrator processes Users' personal data for the following purposes:

  • Provision of Service Services (including User Account management, enabling the use of Service functionalities, menu management, QR code generation, menu hosting).
  • Payment Processing (via the Paddle platform).
  • Invoicing.
  • Ensuring Service Security (including preventing fraud and abuse).
  • Analysis of Traffic on the Service (via the PostHog tool) in order to optimize the operation of the Service and adapt it to the needs of Users.
  • Communication with the User (including responding to inquiries, sending information about changes to the Terms of Service or Privacy Policy).
  • Marketing Purposes, provided that the user gives separate consent (e.g., sending a newsletter).

3.2. Users' personal data may be shared with the following categories of recipients:

  • IT Service Providers (including hosting providers, software providers).
  • Payment Service Providers (Paddle.com Market Limited).
  • Analytics Service Providers (PostHog, Inc. - https://posthog.com/privacy).
  • Entities Authorized by Law (e.g., law enforcement agencies, courts).

3.3 The Administrator does not transfer Users' personal data outside the European Economic Area (EEA), unless it is necessary for the provision of services (e.g., to Posthog, Inc.). In such a case, the Administrator ensures an adequate level of personal data protection by applying standard contractual clauses approved by the European Commission or other mechanisms provided for by the GDPR.

4. Legal Basis for Data Processing

4.1. The Administrator processes Users' personal data based on the following legal grounds:

  • Article 6(1)(b) GDPR (necessity for the performance of a contract) – with regard to data necessary for the provision of Service services, including User Account management, enabling the use of Service functionalities, payments. Providing this data is voluntary, but necessary for the conclusion and performance of the contract.
  • Article 6(1)(c) GDPR (necessity for compliance with a legal obligation) – with regard to data necessary for invoicing, including.
  • Article 6(1)(f) GDPR (legitimate interest of the administrator) – with regard to data processed for analytical purposes (via PostHog), ensuring Service security, contact with the user. The legitimate interest of the Administrator is to optimize the operation of the Service, prevent fraud and abuse, and communicate with Users. Data processed for these purposes are pseudonymized as far as possible.
  • Article 6(1)(a) GDPR (consent) – with regard to data processed for marketing purposes and for other purposes to which the User has consented. Consent can be withdrawn at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.

5. Users' Rights

5.1. Data subjects (in particular, natural persons representing the restaurant – Users) have the following rights:

  • Right of Access to Data (Article 15 GDPR) – the right to obtain from the Administrator confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and information about the purposes of the processing, categories of data, recipients of the data, period of data storage, rights, possibility of lodging a complaint with a supervisory authority and the source of the data, if not collected from the data subject.
  • Right to Rectification of Data (Article 16 GDPR) – the right to request from the Administrator the rectification of inaccurate personal data concerning them without undue delay, and to have incomplete personal data completed.
  • Right to Erasure of Data ("Right to be Forgotten") (Article 17 GDPR) – the right to request from the Administrator the erasure of personal data concerning them without undue delay if one of the grounds referred to in Article 17 GDPR applies (e.g., the data are no longer necessary in relation to the purposes for which they were collected, the data subject has withdrawn consent on which the processing is based, and there is no other legal ground for the processing).
  • Right to Restriction of Processing (Article 18 GDPR) – the right to request from the Administrator restriction of processing in the cases referred to in Article 18 GDPR (e.g., the data subject contests the accuracy of the personal data, the processing is unlawful and the data subject opposes the erasure of the personal data).
  • Right to Data Portability (Article 20 GDPR) – the right to receive the personal data concerning them, which they have provided to the Administrator, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the Administrator, where the processing is based on consent or on a contract and the processing is carried out by automated means.
  • Right to Object (Article 21 GDPR) – the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1)