Smještaj i to d.o.o. will use your personal data for the purposes of the application technical management, in order to provide you with the uninterrupted use of the mobile application services. Please be informed that we may disclose your personal data to other clients as well, in order the fulfill the purpose for which such data have been collected.
EatsyBitsy is a platform for the provision of information society services through the mobile application EatsyBitsy. Furthermore, for the first time in Croatia, it is possible to pay through a mobile application (Guest Edition). In order to provide such services, we need certain information about the registered application user. In order for the user to gain uninterrupted use of the mobile application, he/she must provide his/her basic information, which are: name and surname, email address, residence address, date of birth, mobile telephone number / telephone number and credit or debit card data in order to be able to carry out transactions through EatsyBitsy application (hereinafter: User).
WHO IS THE DATA CONTROLLER?
Smještaj i to d.o.o., as the data controller, has implemented the required technical and organizational measures in its operations in order to ensure the comprehensive protection of personal data that are processed through EatsyBitsy application. Should you have any questions concerning your personal data or our procedures related to the data protection, feel free to contact us:
SMJEŠTAJ I TO d.o.o. za turizam i usluge – putnička agencija
Nikole Tesle 13, 20 000 Dubrovnik
PERSONAL DATA PROCESSING PRINCIPLES
The processing of the Users’ personal data is governed by the following principles:
We wish to be a responsible partner and to justify the Users’ trust, so we strive to transparently provide the information concerning the processing of their personal data and concerning the corresponding rights as well as to ensure that such rights are exercised.
We collect and process personal data in accordance with the applicable European and national regulations governing the personal data protection, and we constantly ensure that the processing of the Users’ personal data is carried out under lawful terms and conditions.
- Purpose limitation
The Users’ personal data are collected and processed only for precisely specified purposes (e.g., creation of the user profile in the application), so we will not further process them for any other purpose or in any other manner which is incompatible with the purpose for which they are collected, unless there is a legal obligation to do so or the User gives his/her consent for that.
- Data minimization
Within EatsyBitsy application, we process only the Users’ data which are necessary, relevant and appropriate in relation to the purpose for which they are processed.
- Security and confidentiality
We strive to collect and further process the Users’ personal data in as safe manner as possible. For that purpose, from the conceptual design to the realization and maintenance of the application, we take care of the implementation of the appropriate technical and organizational measures for the protection of the Users’ data – for instance, anonymization, pseudonymization or encryption of personal data whenever it is possible or appropriate, protection against unauthorized or unlawful processing of data, their accidental loss, destruction or damage, regular testing of security measures, etc.
- Personal data quality
We give particular attention to the quality of the processed data. The personal data must be accurate, complete and up to date in order to ensure the maximum level of data protection. Because of that, it is necessary that the Users give their accurate data and notify us of any changes of data.
- Storage limitation
The Users’ personal data will be processed for a definite term only – as long as it is necessary to achieve the purpose of the processing, unless we are required to store or keep certain personal data on the basis of applicable regulations. In each case, after the purpose of the processing ceases to exist or the required or prescribed storage periods end, the Users’ personal data will be erased or destroyed in a safe manner in order to prevent their further unlawful or unauthorized processing.
PERSONAL DATA WE COLLECT
Through EatsyBitsy application, we collect only those Users’ data which are necessary for the successful provision of our services, i.e., for User registration, user account management, overview of restaurant offers and reviews, for making reservations and orders as well as for conducting financial transactions.
EatsyBitsy collects the Users’ data in the following manners:
- Directly from the User, in the way that the User enters his/her personal data in the required fields, i.e., fills the registration form. In such process, the User is required to provide only those personal data which are necessary for the provision of our services, i.e., for the use of the application and its functions, such as identification and contact data, etc.
- Information from third parties, when the User invites another person that is already a User of the application to share the account, whereby we use only those personal data that are necessary for the provision of our services, i.e., for the use of the application and its functions.
- Indirectly, by connecting the information systems, but only upon giving a previous adequate notice to the User.
- Automatically, by User’s use of services provided by EatsyBitsy website or application. For instance, we collect data about the User’s IP address, his/her approximate location, communication time and duration, etc.
During the registration, which is a requirement for the processing of orders, reservations and financial transactions through EatsyBitsy mobile application, the User is requested to provide certain personal data such as name and surname, address, email address, phone number and date of birth and to choose a username and password. The User is free to decide whether he/she wishes to provide such personal data. If certain person does not wish to disclose his/her personal data for any reason, i.e., to register, he/she may access the application as a Guest, however, in such a case he/she will not be able to use certain functions, such as making orders and reservations, since such data are necessary for the technical feasibility of such services.
The data about the application use are collected from the User and from the Guest, including the data about device and location data. The data about the use are generated automatically during the use, and include: data about the device which accessed the application and device’s operating system as well as date, time and duration of the communication. The location data include the approximate location on the basis of IP address, as well as the exact geographical location of your device, if you previously approved it, for the purpose of selecting and displaying the restaurants in your geographical proximity.
EatsyBitsy does not collect sensitive personal data such as the data concerning the User’s health. Our application includes a textbox “Notes” which allows the User to put notes and special requests related to individual food orders or reservations. The User independently enters such information in the application in order to inform the restaurant about it or to request the restaurant to make a special adjustment, and at the request of the User, they are made available to the selected restaurant in order for it to successfully fulfill the User’s request. The User should be aware that certain entered data may belong to the category of sensitive personal data (e.g., allergies, medical diagnoses relating to nutrition), however, EatsyBitsy does not apply any special processing procedures to them.
In order to enable the provision of the direct payment services through the application, it is necessary to enter certain financial data about the User’s credit or debit cards. After the User enters the data about his/her card during the first purchase, a process shall be activated in which his/her personal data (name and surname, address, card number) will be stored by Web Studio d.o.o. (hereinafter: WS-Pay) as the provider of card processing and charging services. WS-Pay will store such data in accordance with PCI DSS certificate, which is the highest degree of data security and confidentiality. The stored data concerning the card will be activated only for the purpose of processing the transaction if the User requests it when making the next purchase. The User can opt-out from storing such data at any time in his/her User profile. In such a case, the User will have to manually enter the payment information during each transaction.
Furthermore, certain information (such as the type of your internet browser, number of visits, average time spent on the pages, viewed contents, etc.) will be processed automatically when accessing EatsyBitsy website. The collected data will be used only for the purpose of estimating the attractiveness of our website, and will not produce any legal effect in relation to the User.
CONSENT AND USER CHOICES
The User’s consent means freely given, specific, informed and unambiguous indication of the User’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data for specific purposes. The consent is given by electronic means within the application interface.
By checking the relevant consent checkbox, the User gives his/her consent for one or more of the aforementioned purposes of the processing (the so-called opt-in). The categories of personal data which are processed for specific purposes are strictly limited to those which are necessary.
The User may revoke his/her consent at any time, however, it will not affect the legality of the processing that was performed on the basis of such consent before the consent has been revoked, by notifying Smještaj i to d.o.o. in writing to the address Nikole Tesle 13, 20000 Dubrovnik, with a reference to “GDPR”‘, in electronic form to email@example.com or in oral form to the phone number +385 99 582 7525. Furthermore, after we receive the notice of revocation, we will confirm the receipt in writing, and the personal data which are the subject matter of the revocation notice will not be processed anymore as of the date of the consent revocation.
RIGHTS OF USERS AS DATA SUBJECTS
Pursuant to Articles 15 – 22 of the General Data Protection Regulation, the User has the following rights as the data subject whose personal data are processed: right of access to his/her personal data processed by EatsyBitsy, right to rectification of inaccurate or incomplete data, right to erasure (“right to be forgotten”), right to restriction of processing, right to object and right to data portability.
In a case of any questions related to such rights or their exercising, the User may refer to the email address: firstname.lastname@example.org, by submitting a written request for:
- rectification of inaccurate or incomplete data,
- erasure of account,
- restriction of data processing,
- objection and
- exercising the right to data portability.
In any case, the User has the right to lodge an objection to the authority competent for supervising the protection of personal data. In Croatia, it is the Personal Data Protection Agency, Martićeva 14, 10 000 Zagreb, www.azop.hr.
STORAGE TIME LIMITATION
We take seriously the principles of data minimization, purpose limitation and storage limitation set out in the General Data Protection Regulation (EU 2016/679). Therefore, EatsyBitsy application stores the User’s personal data only in such period of time which is necessary for achieving the purposes for which they are collected. Such period of time is usually the period necessary for providing the requested service and certain further period in accordance with out legitimate business interests, applicable limitation periods and periods for exercise of legal claims. After the expiration of the applicable prescribed periods or after the purpose of the processing ceases to exist, the User’s personal data will be immediately erased or anonymized.
We store your data until the moment of deactivation of your account, except the data for which the applicable regulations require a longer storage period.
PERSONAL DATA SECURITY AND PROTECTION
When designing EatsyBitsy application, as well as during the provision of services through it, we have implemented various technical and organizational measures for the protection of the User’s personal data from unauthorized access, loss, disclosure, modification, destruction or other abuses.
Smještaj i to d.o.o. puts significant efforts in ensuring the personal data security and the compliance with the applicable data protection regulations (General Data Protection Regulation, Act on Implementation of the General Data Protection Regulation, etc.). Your data are protected from loss, destruction, manipulation, unauthorized access and unauthorized publishing. The employees of Smještaj i to d.o.o. are obliged to keep your data confidential and to observe the applicable regulations. Furthermore, Smještaj i to d.o.o. has implemented the most modern technical and organizational measures in order to ensure the security of your data.
All parties involved in the User’s personal data processing are also legally obliged to ensure the confidentiality and adequate safety of personal data. If, in spite of all implemented safety measures, the confidentiality or availability of the User’s personal data will be breached in any way, we will immediately notify the competent supervisory authority and/or Users as data subjects, in accordance with the applicable European and national regulations.
RECIPIENTS AND TRANSFER OF THE USER’S DATA
We may share the User’s personal data with other entities and authorities in the course of our business operations, during the provision of services requested by you and in order to ensure compliance with our legal obligations. Such entities and authorities include, without limitation: public (regulatory or state) authorities, persons and departments competent for the personal data processing, IT system administrators, external partners that maintain IT systems, business partners that provide services to the Users on their demand (restaurants and WS-Pay), as well as other providers of various services and suppliers that work on the fulfillment of any agreement on our behalf.
In order to increase the quality of our services, we transfer the personal data to our business partners (restaurants) that provide services on demand of the Users. Our business partners (restaurants) have access to the personal data (name and surname, nickname, phone number) in order to be able to provide the highest possible quality service to the application end user. Furthermore, our business partner WS-Pay ha access to the personal data (name and surname, nickname, date of birth, email address, residence address, phone number, credit/debit card number) in order to be able to perform the charging function through the mobile application.
LINKS TO EXTERNAL SITES AND THIRD PARTIES
If you gave an express consent to receive the Newsletter, we may send you electronic newsletter with commercial advertising contents. The data you provided us in order to subscribe to the Newsletter will be used only for sending the Newsletter. If you wish to cancel your subscription to the Newsletter, you may do it at any time using the option “cancel subscription” which is contained in the Newsletter. In a case of cancellation of the subscription, we will stop processing the personal data we collected for such purpose.
We store the collected data only during the period in which you receive the newsletter without cancelling your Newsletter subscription.
The legal basis for receiving the newsletter is your consent (Article 6 (1) of the General Data Protection Regulation). If you do not give your consent, you will not receive the newsletter. Therefore, you are not required to provide such data and/or consent to the newsletter subscription.
If our Newsletter will be delivered to you by our business partner, such business partner will be deemed as the data processor for the purposes of such case. Please be informed that our business partner also keeps your data secure by implementing the appropriate and the most modern technical and organizational measures. Our business partner is prohibited from using such personal data for any other purpose, except the purpose for which we provided such data to it.