Privacy Policy

Welcome to TastyQR. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our platform. By using TastyQR services, you accept the practices described in this policy. If you do not agree with this policy, please do not use our services. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with GDPR and other applicable data protection regulations.

We collect the following types of information: **Account Information:** • First and last name • Email address • Phone number • Restaurant name and address • Billing and payment information **Usage Information:** • IP address and geographic location • Browser type and device • Pages visited and actions performed • Time spent on platform • Access date and time **Restaurant Information:** • Menu, product, and pricing details • Logos and images • Order and transaction information • Analytics and performance data **Cookies and Similar Technologies:** We use cookies and similar technologies to enhance your experience, analyze usage, and personalize content.

We use the information collected for the following purposes: **Providing Services:** • Creating and managing your account • Processing orders and transactions • Providing customer support • Personalizing your experience **Improving Services:** • Analyzing platform usage • Developing new features • Identifying and resolving technical issues • Conducting research and analysis **Communication:** • Sending important service notifications • Responding to your inquiries • Sending product updates (with your consent) • Sending promotional materials (with your consent) **Security and Compliance:** • Preventing fraud and abuse • Meeting legal obligations • Protecting our rights and those of users

We do not sell, rent, or share your personal information with third parties, except in the following situations: **Service Providers:** We share information with trusted service providers who help us operate the platform: • Payment processors (Stripe, PayPal) • Cloud hosting services (AWS, Google Cloud) • Analytics services (Google Analytics) • Email service providers These providers have limited access to your information and are contractually obligated to protect it. **Legal Requirements:** We may need to disclose information if: • Required by law or legal process • Necessary to protect our legal rights • Necessary to prevent fraud or abuse • Necessary to protect user safety **Business Transfers:** In the event of a merger, acquisition, or asset sale, your information may be transferred to the new owner.

We use cookies and similar technologies to: **Essential Cookies:** Necessary for basic platform operation: • Authentication and security • Language preferences • Shopping cart functionality **Analytics Cookies:** Help us understand how you use the platform: • Google Analytics • Traffic and behavior analysis • Performance measurement **Marketing Cookies:** Used for personalized advertising: • Conversion tracking • Remarketing • Social media advertising You can control cookie usage through your browser settings or our cookie preferences panel. Note that disabling certain cookies may affect platform functionality.

We take your data security seriously and implement appropriate technical and organizational measures to protect your personal information: **Technical Measures:** • SSL/TLS encryption for all data transfers • Encryption of sensitive data in databases • Two-factor authentication available • Continuous security monitoring • Regular security updates **Organizational Measures:** • Limited data access on a need-to-know basis • Regular staff training in data security • Strict security policies and procedures • Regular security audits **Backup and Recovery:** • Daily automated backups • Geographic data redundancy • Disaster recovery plans While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute data security.

Under GDPR and Romanian data protection legislation, you have the following rights: **Right of Access:** You have the right to request a copy of the personal data we hold about you. **Right to Rectification:** You can request correction of inaccurate or incomplete data. **Right to Erasure ("Right to be Forgotten"):** You can request deletion of your personal data in certain circumstances. **Right to Restriction of Processing:** You can request limitation of how we use your data. **Right to Data Portability:** You can request transfer of your data to another service provider. **Right to Object:** You can object to the processing of your data for certain purposes. **Right to Withdraw Consent:** Where processing is based on consent, you can withdraw it at any time. To exercise these rights, please contact us at privacy@tastyqr.app. We will respond to your request within 30 days.

Our services are not intended for persons under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and discover that your child has provided us with personal information without your consent, please contact us immediately at privacy@tastyqr.app. If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers. We are committed to protecting children's privacy and complying with all applicable laws regarding online child protection.

We reserve the right to update this Privacy Policy at any time to reflect: • Changes to our data practices • Changes in applicable legislation • New features or services • Feedback from users or authorities **Notification Process:** In case of significant changes, we will notify you through: • Email to the address associated with your account • Prominent notification on the platform • Update of the "Last updated" date at the top **Effective Date:** Changes take effect on the date of posting, unless otherwise specified. Continued use of services after changes constitutes acceptance of the new policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us: **Data Protection Officer (DPO):** Email: privacy@tastyqr.app Email: dpo@tastyqr.app **General Information:** Email: contact@tastyqr.app Phone: +40 123 456 789 Address: 123 Restaurant Street, Bucharest, Romania **Business Hours:** Monday - Friday: 9:00 AM - 6:00 PM Saturday - Sunday: Closed **Response Time:** We strive to respond to all inquiries within 48 business hours. For complex requests, we may need up to 30 days, in accordance with GDPR. **Supervisory Authority:** If you are not satisfied with our response, you have the right to file a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP).