Privacy / GDPR conformity
The platform www.spritz.mobi and “Spritz” mobile application is a service of Spritz International Kft. based in H-2096 ÜRÖM, Fülemüle 8., Hungary. Spritz International Kft. provides its services, especially the use of the mobile application, the backend systems and the database according to the following terms and conditions.
Spritz is a contactless ordering system providing full order management for HORECA/Hospitality service providers.
This system offers to the owners of the HORECA/Hospitality establishments the possibility of configuring the menu, prices, delivery mode of their establishment and making these available for their guests.
Note: The services offered by Spritz are characterized by a continually evolving technology.
Spritz International reserves the right to bring modifications to the services offered at its own discretion and at any time as deemed necessary, and whenever the technology changes; these modifications would be involving the services and the way these services are offered to the client, our goal being a continual improvement and optimization of the services provided.
Contracts and Registration
The use of the contactless ordering system is based on a contract between Spritz International or its affiliates and the HORECA/Hospitality provider. HORECA/Hospitality provider can use the system after signing the contract and getting username/password to access Spritz system. Spritz is creating separate spaces for each customer in Spritz system without any visibility to third parties of their sensitive information. Guests of the HORECA/Hospitality establishments can use the contactless ordering system after registration in Spritz mobile application which includes giving their valid email address and creating a password for the application.
The representative of the restaurant is responsible for the online data input. The self-management program is accessible 24 hours a day via the Internet subject to the availability of such service offered to the client by the Internet service provider.
The username and password necessary for logging into the management system of Spritz will be chosen by the person representing the HORECA/Hospitality provider. This person will be responsible for ensuring the confidentiality and for not disclosing of such information to third parties.
Contactless Ordering System
Orders are placed completely online through a secure SSL server, based on the data previously entered into the system by the HORECA/Hospitality provider’s manager who is assuming total responsibility for the accuracy of information.
The customer/guest and the HORECA/Hospitality provider are the only parts in the contract; each part will receive a confirmation of the order in real time through the Spritz application and management systems.
Evidently, Spritz International or any affiliates of Spritz International do not act as an intermediary; it is only providing the software allowing the contactless ordering. Not acting as an intermediary Spritz International or any affiliates are completely relieved of any disputes between the HORECA/Hospitality provider and its customers.
Duration of the Contract
The contract becomes effective at the date of registration and has an unlimited validity. The cancellation of the contract is possible at any time for both parties with a one month notice period.
Information regarding the data handling
Spritz International is serious about protecting the privacy of our users. Therefore, Spritz International applies the General Data Protection Regulation (GDPR) (EU) 2016/679 to ensure that their privacy is protected.
Should Spritz International ask you (the user) to provide certain information by which you can be identified when using this application, be assured that it will only be used in accordance with this privacy statement.
Please, read the following carefully to understand our views and practices regarding personal data and how we process it.
2. NAME AND ADDRESS OF THE CONTROLLER
The Data Controller is:
– Spritz International Ltd.
– Address: H-2096 ÜRÖM, Fülemüle 8., Hungary
– Email: firstname.lastname@example.org
– Corporate registry number: 13-09-206019
3. DATA COLLECTED THROUGH THE SPRITZ APPLICATION:
Spritz International may collect and process the following data:
Users may give us information about themselves by filling in forms on www.spritz.mobi or Spritz mobile application or by corresponding with us by phone, e-mail address or otherwise. This includes information you provide when you register for as HORECA/Hospitality provider. This information includes but is not limited to name, email address, postal address, billing address, telephone number, username and password.
b) Users may also give us information about the properties where they use our Services, including the property address.
c) Upon each of the User’s visits to www.spritz.mobi or Spritz mobile application, we may automatically collect technical information, including the Internet Protocol (IP) address used to connect users’ computers to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
d) Spritz International may also collect information about users’ visit to www.spritz.mobi or Spritz mobile application, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
e) Spritz International does not collect payment card details of our users. In order to pay for the fees related to our Services we use third party payment processors that will collect and process the payment card details of our users.
f) Spritz International is also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers) and may receive information about you from them.
4. PURPOSES OF THE PROCESSING
The purposes for which the personal data are processed are the following.
– Providing users with the Spritz Contactless Ordering Services;
– Support and assist users in using the Services
– Customize the Services to the individual needs of users;
– Notify users about changes to our Services.
– Providing users with the information requested through the webforms;
– Providing users with information about other services we offer that are similar to those that users have already purchased or enquired about (only if users have consented to this). We inform that in each commercial communication users receives, we will provide users with the appropriate information to exercise their right of objection in case they wish to object to the sending of commercial communications. The acceptance to send commercial information is always revocable, without retroactive effects.
– Understanding and optimizing how Services are used, and improve the Services including by ensuring content is presented in the most effective manner for users and their computers;
– Measuring or understanding the effectiveness of advertising we serve to users and others, and to deliver relevant advertising to users;
Spritz International will not use users’ personal data for profiling purposes and will not take any automated decision based on it.
5. DATA STORAGE
The data shall only be stored for the time strictly required for each purpose of the processing and shall promptly be deleted straight afterwards, without prejudice to the legal storage obligations provided for by the law. According to that:
– In case where users purchase Spritz International products or subscribe to Spritz International Services through the website or mobile application, the personal data will be kept as long as the contractual relationship between the parties is maintained and, in any case, until legal liabilities are extinguished definitively (by expiry of the statute-of-limitations period).
– In all other cases, the personal data provided will be kept as long as the data deletion is not requested by the user. Likewise, data will be kept according to the legal time-frame set forth in legal, fiscal and accounting matters, taking as reference the date of the request for data deletion.
6. LEGAL BASIS FOR THE PROCESSING
The legal bases for the processing are the following:
– In case where users purchase Spritz International products or subscribe to Spritz International Services through the website, the legal basis for the processing is the performance of the contract entered into the parties.
– In all other cases, the legal basis for the processing is the consent provided by the user.
7. DATA DISCLOSURE
Users personal data may be disclosed to third parties that are companies that provide services to Spritz International.
These third parties are:
– Other service providers, payment providers and third party applications that integrate with the Services, for the performance of any contract we enter with them or our users;
– Advertisers that require the information to select and serve relevant adverts to our users and others; and
– Analytics providers that assist Spritz International in the improvement and optimization of Spritz International’s Services.
Some personal data of our users may be stored in or transferred to a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for Spritz International or one of our business partners or service providers. By using the Services, users acknowledge and agree that we may be transferring, storing and processing their personal data outside of the country in which they reside. Spritz International will take all steps reasonable necessary to ensure that users’ data are treated securely.
Spritz International also may disclose personal data of our users as required by law, or when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or the safety of others, investigate fraud, or respond to a government request.
8. RIGHTS OF THE DATA SUBJECT
Each user (data subject) has the following rights regarding its personal data:
a) Right of confirmation: to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may at any time contact our data protection officer or another employee of the controller.
b) Right of access: to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.
c) Right to rectification: to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
d) Right to erasure (Right to be forgotten): to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and as long as the processing is not necessary:
– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
– The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) of the GDPR, or point (a) of Article 9 (2) of the GDPR, and where there is no other legal ground for the processing.
– The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
– The personal data have been unlawfully processed.
– The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
– The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
e) Right of restriction of processing: to obtain from the controller restriction of processing where one of the following applies:
– The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data.
– The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
– The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
– The data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
f) Right to data portability: to receive the personal data concerning the user, which was provided to a controller, in a structured, commonly used and machine-readable format. The user shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided as long as the processing is based on consent and the processing is carried out by automated means. Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and does not adversely affect the rights and freedoms of others.
g) Right to object: to object, on grounds relating to the user’s particular situation, at any time to processing of personal data concerning the user which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.
h) Right to withdraw data protection consent: to withdraw consent to processing of the user personal data at any time.
If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact Spritz International by sending the appropriated request at the following addresses:
– H-2096 ÜRÖM, Fülemüle 8., Hungary
Finally, each data subject has the right to lodge a complaint before the appropriate Data Supervisory Authority.
We are committed to ensuring that users information is secure. In order to prevent unauthorized access or disclosure, Spritz International has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
When our users enter sensitive information on our site, we encrypt the transmission of that information using secure socket layer technology (SSL).
Nevertheless, please note that no data transmission over the Internet or information storage technology can be guaranteed to be totally secure. As a result, whilst we strive to protect our users’ information, we cannot ensure or warrant the security of any information which users send to us, and the users do so at their own risk.
www.spritz.mobi and the mobile application may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, Spritz International cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
12. VALIDITY AND MODIFICATIONS