GDPR Compliant

PRIVACY & POLICY

Last Updated: June 2026

This Privacy Policy describes how Sidtech Projects Developments SRL collects, uses, and protects personal data in full compliance with the EU General Data Protection Regulation (GDPR - Regulation EU 2016/679).

1. Data Roles (Controller vs. Processor)

Data Controller:

Sidtech Projects Developments SRL acts as a Data Controller for the personal data collected directly from our business Clients (Restaurant Owners, Managers, and designated Staff).

Data Processor:

For any operational data managed within the app relating to a restaurant's day-to-day operations, the Company acts as a Data Processor, handling the data strictly under the instructions of the Restaurant (who acts as the Data Controller).

2. Categories of Personal Data Collected

We collect and process the following business and personal information during account onboarding and configuration:

1Full Name of the primary account holder and authorized staff members.
2Business Email Address for authentication, transactional system notifications, and invoicing.
3Phone Number for account validation and emergency operational support.
4Physical Restaurant Location / Address to display accurate local information.
5Restaurant Operating Schedule for technical orchestration of digital menu visibility.

Note

Note on End-CustomersAt present, the Platform does not collect, track, or process personal identifiable information (PII) from end-consumers browsing menus. Should features requiring consumer data be implemented in future software updates, this policy will be revised, and explicit consent mechanisms will be deployed.

3. Legal Basis for Processing

We process data under the following GDPR legal frameworks:

Art. 6(1)(b) GDPR (Performance of a Contract)

To provision, host, and maintain your restaurant management account.

Art. 6(1)(c) GDPR (Legal Obligation)

For issuing legally compliant fiscal invoices under Romanian tax laws.

Art. 6(1)(f) GDPR (Legitimate Interest)

To protect the security of our platform, detect fraud, and optimize server-side workloads.

4. Data Infrastructure & Third-Party Sharing

4.1

Hosting and Storage:

All platform databases and personal data are securely hosted within the European Union on Hostinger’s servers located physically in Frankfurt, Germany. This ensures full compliance with EU data residency requirements.

4.2

No Third-Party Authentication:

We do not utilize third-party federated identity providers (such as Google or Facebook OAuth) at this stage. All login credentials are encrypted, hashed, and processed natively on our servers.

4.3

Financial Logs:

No payment card details are stored. We track exclusively structural metadata from synchronized POS systems necessary for product inventory features.

5. Data Retention & Deletion Rights

5.1

We retain corporate and personal data for the duration of your active contract.

5.2

Data Deletion Grace PeriodUpon account deactivation or contract termination, your personal data is isolated and held for a 30-day grace period in case you choose to reinstate your service. After 30 days, the data is deleted permanently from our production environment, except for data we are legally obligated to retain for financial auditing under Romanian law (e.g., issued fiscal invoices).

6. Your Rights Under GDPR

As a data subject within the EU, you possess the right to:

Access your data

Rectify inaccurate information

Request Erasure ("Right to be Forgotten")

Restrict processing

Port your data to another vendor

To exercise these rights, please contact us directly at our registered business address or designated administrative email.