← Back to Privacy Policy
This Data Processing Addendum ("DPA") forms part of the Terms of Service between ConnectoDigital LLC ("Processor" or "we") and the restaurant or business entity using FoodMenuChat ("Controller" or "you"). This DPA governs the processing of personal data in connection with the FoodMenuChat service.
1. Definitions
- "Controller" means the restaurant or business that determines the purposes and means of processing personal data through FoodMenuChat.
- "Processor" means ConnectoDigital LLC, which processes personal data on behalf of the Controller.
- "Data Subject" means the individual customers whose personal data is processed.
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on personal data, such as collection, recording, organization, storage, etc.
2. Roles and Responsibilities
2.1 Controller Responsibilities
As the Controller, you determine:
- Which customer data fields to collect (e.g., name, phone, email, order preferences)
- Whether fields are required or optional
- The purposes for which personal data is processed
- How long personal data is retained
- Whether and how to obtain customer consent
2.2 Processor Responsibilities
As the Processor, we:
- Process personal data only as instructed by you
- Implement appropriate technical and organizational measures for data security
- Assist you in responding to data subject rights requests
- Notify you of any security breaches affecting your data
- Delete or return personal data at the end of the service term
3. Categories of Personal Data
The personal data processed may include:
| Data Category |
Purpose |
Legal Basis |
Contact Information
Name, phone number, email address |
Order processing, delivery coordination, customer service |
Contract performance, legitimate business interests |
Order Data
Menu items ordered, preferences, special requests |
Fulfill orders, improve service quality |
Contract performance |
Communication Data
WhatsApp/SMS messages, chat history |
Order confirmation, delivery updates, customer support |
Contract performance, consent |
Technical Data
IP address, device information, usage logs |
Service security, fraud prevention, analytics |
Legitimate business interests |
4. Processing Activities
4.1 Data Collection
Personal data is collected through:
- QR code menu interactions
- WhatsApp/SMS messaging initiated by customers
- Order forms and customer registration
- Website cookies and analytics (with consent)
4.2 Data Storage and Security
We implement industry-standard security measures including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security audits and updates
- Secure cloud infrastructure
- Employee training on data protection
4.3 Data Retention
Data is retained according to your instructions and applicable laws. You control retention periods through your FoodMenuChat settings.
5. Sub-Processors
We may engage sub-processors to assist with data processing. A current list of sub-processors is maintained at /privacy_policy/subprocessors/.
Important: We will notify you of any new sub-processors before they begin processing your data. You may object to new sub-processors within 30 days of notification.
6. Data Subject Rights
We will assist you in fulfilling data subject rights requests including:
- Right to access their personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
- Right to restrict processing
7. Data Breach Notification
In the event of a personal data breach, we will:
- Notify you within 72 hours of becoming aware of the breach
- Provide sufficient information to allow you to meet your notification obligations
- Cooperate with you in investigating and mitigating the breach
- Document the breach and our response
8. Data Deletion and Return
Upon termination of the FoodMenuChat service:
- We will delete all personal data within 30 days, unless retention is required by law
- You may request data export during your subscription and for 15 days after termination
- We will certify deletion upon your request
9. Audits and Inspections
You may audit our data processing practices:
- Annual audit reports available upon request
- On-site audits with 60 days advance notice
- Third-party audit acceptance
10. International Data Transfers
Personal data may be transferred to and processed in countries other than the Controller's location. We ensure appropriate safeguards including:
- Standard Contractual Clauses
- Adequacy decisions by relevant authorities
- Binding Corporate Rules (where applicable)
11. Governing Law
This DPA shall be governed by the same governing law and dispute resolution provisions as specified in the FoodMenuChat Terms of Service (American Arbitration Association, New York, NY).
12. Contact Information
For data protection inquiries or to exercise data subject rights:
Acceptance
By continuing to use FoodMenuChat services, you acknowledge and agree to the terms of this DPA.
Last Updated: November 7, 2025