Effective Date: December 28, 2024
PLEASE READ THIS PRIVACY POLICY AND DATA PROTECTION NOTICE ("POLICY") CAREFULLY BEFORE USING THE SERVICES.
1.1. For the purposes of this Policy, unless the context otherwise requires:
"Controller" means Tabletopp, acting as the data controller under applicable privacy laws;
"Data Protection Laws" means all applicable legislation relating to data protection and privacy including without limitation the Israeli Privacy Protection Law, 5741-1981, and where applicable, the EU General Data Protection Regulation (GDPR);
"Personal Data" means any information relating to an identified or identifiable natural person as defined under applicable Data Protection Laws;
"Processing" means any operation or set of operations performed on Personal Data or sets of Personal Data;
"Services" means the Tabletopp platform, website, applications, QR code generation services, menu customization tools, and related services;
"User" means any individual or entity accessing or using the Services, including Venue Operators and End Users.
2.1. This Policy governs the Processing of Personal Data in connection with the Services.
2.2. By accessing or using the Services, Users expressly acknowledge they have read and understood this Policy.
3.1. Venue Operator Data The Controller Processes the following categories of Personal Data for Venue Operators:
3.1.1. Account Information: (a) Business contact details; (b) Authentication credentials; (c) Payment processing information; (d) Platform configuration preferences.
3.1.2. Operational Data: (a) Menu content and customization data; (b) QR code generation records; (c) Usage analytics and metrics; (d) Service interaction logs.
3.2. Analytics Data The Controller collects anonymous, aggregate analytics data tied to restaurant menus only, including:
3.2.1. Menu Analytics: (a) Total menu view counts per restaurant per day; (b) QR code scan counts per restaurant per day; (c) Aggregate item view counts per menu item per day; (d) Hourly distribution of menu views per restaurant.
3.2.2. Privacy Safeguards: (a) No personal data is collected from menu viewers; (b) No individual user behavior or sessions are tracked; (c) All analytics are anonymous and aggregated; (d) Analytics data is restricted by Row Level Security - restaurants can only access their own data; (e) Analytics features vary by subscription tier: - Digital Menu tier: No analytics - Professional tier: Basic analytics (menu views and QR scans) - Business tier: Advanced analytics (item views and peak hours).
3.2.3. Data Processing: (a) Analytics are processed to fail silently to ensure uninterrupted menu viewing; (b) Data is stored in a dedicated analytics database with appropriate security measures; (c) All timestamps and counts are aggregated at the restaurant level.
3.2.4. End User Privacy: The Controller emphasizes that menu viewing is anonymous. No personal data, device information, or individual user behavior is collected from end users viewing menus.
4.1. The Controller Processes Personal Data under the following legal bases:
4.1.1. Contractual Necessity: (a) For the performance of the Services; (b) To fulfill our contractual obligations.
4.1.2. Legitimate Interests: (a) To improve and optimize the Services; (b) To prevent fraud and ensure security; (c) To comply with legal obligations.
4.1.3. Consent: Where required by applicable law, Processing based on explicit consent.
5.1. The Controller Processes Personal Data for the following purposes:
5.1.1. Service Provision: (a) Platform operation and maintenance; (b) QR code generation and management; (c) Menu customization and display; (d) Payment processing; (e) Technical support services.
5.1.2. Service Enhancement: (a) Analytics and performance optimization; (b) Security and fraud prevention; (c) Service improvement and development.
6.1. Retention Period The Controller shall retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy.
6.2. Data Deletion Requests 6.2.1. Upon receipt of a valid deletion request, the Controller shall Process such request within sixty (60) days.
6.2.2. The Controller reserves the right to retain certain Personal Data: (a) As required by applicable laws; (b) For legitimate business purposes; (c) For fraud prevention; (d) For dispute resolution.
7.1. The Controller does not: (a) Sell Personal Data to third parties; (b) Share Personal Data for marketing purposes; (c) Transfer Personal Data between unaffiliated Venue Operators.
7.2. The Controller may share Personal Data with: (a) Service providers processing data on our behalf; (b) Legal authorities where required by law; (c) Relevant parties in business transfers or acquisitions.
8.1. The Controller implements appropriate technical and organizational measures including: (a) Encryption protocols; (b) Access controls; (c) Security monitoring; (d) Incident response procedures.
9.1. Subject to applicable law, Users may exercise the following rights: (a) Right to access Personal Data; (b) Right to rectification; (c) Right to erasure; (d) Right to restrict Processing; (e) Right to data portability; (f) Right to object to Processing.
9.2. Exercise of Rights To exercise these rights, Users shall submit requests to legal@tble.top.
10.1. The Services utilize: (a) Essential cookies for platform functionality; (b) Analytics cookies for performance measurement; (c) Preference cookies for user settings.
11.1. The Controller reserves the right to modify this Policy at any time.
11.2. Material changes shall be notified through: (a) Service notifications; (b) Email communications; (c) Website announcements.
12.1. All data protection inquiries shall be directed to: Email: legal@tble.top
12.2. Response Time The Controller shall acknowledge inquiries within seven (7) business days and provide substantive responses within sixty (60) days.
13.1. This Policy shall be governed by and construed in accordance with the laws of Israel.
13.2. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts of Tel Aviv, Israel.