Privacy Policy

Effective Date: 2025-03-14

1. Introduction and Contact Information

This Privacy Policy describes how Information Network Group E.E. ("we," "us," or "our") collects, uses, and discloses information about you when you use our Instant QR Menu service (the "Service"), available at instantQRmenu.com. By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us at:

• Email: [email protected]

2. Data Controller

Information Network Group E.E., located at Greece, is the data controller for the personal data collected and processed through the Service.

3. Types of Data we Collect

We collect the following types of data:

• (a) Account Information: Your email address. In the future, we may also collect your business name, contact person name, business address, and phone number.
• (b) Payment Information: We use Stripe, a third-party payment processor, to handle payments. We do not store your full credit card details. We may receive limited payment-related information from Stripe, such as the last four digits of your card, the card's expiration date, and transaction IDs.
• (c) Menu Data: All information you upload to the Service related to your menus, including menu item names, descriptions, prices, images, allergen information, nutritional information, etc.
• (d) Usage Data: Information about how you interact with the Service, including your IP address, browser type, operating system, device information, referring/exit pages, date/time stamps, pages visited, features used, and QR code scan data.
• (e) Cookie Data: Information collected through cookies and similar technologies. See Section 7 for a detailed explanation of our cookie usage.
• (f) Communications Data: Records of any communications you send to us (e.g., support requests, emails).

4. How we Collect Data

We collect data in the following ways:

• (a) Directly from You: When you create an account, upload a menu, contact us, or otherwise provide information to us.
• (b) Automatically: Through cookies, server logs, and other tracking technologies when you use the Service.
• (c) From Third Parties: From Stripe (for payment processing) and potentially other third-party services. We currently only integrate with Stripe.

5. Legal Basis for Processing (GDPR Specific)

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases for processing your personal data:

• (a) Contractual Necessity: We process your Account Information, Payment Information (to the extent we receive it), Menu Data, and Communications Data to provide the Service. This processing is necessary for the performance of our contract with you (the Terms of Service).
• (b) Legitimate Interests: We process Usage Data and Cookie Data (excluding data from non-essential cookies, which requires consent) to improve the Service, analyze usage patterns, prevent fraud, ensure network security, and for our internal business purposes. These are our legitimate interests, and we have balanced them against your rights and freedoms.
• (c) Consent: We obtain your explicit consent for the use of non-essential cookies, as described in Section 7. You can withdraw your consent at any time.
• (d) Legal Obligation: We may process your data to comply with applicable legal obligations, such as tax reporting requirements or responding to lawful requests from authorities.

6. Purpose of Data Processing

We use your data for the following purposes:

• (a) Account Information: To create and manage your account, provide customer support, communicate with you about the Service (including updates and important notices), and verify your identity.
• (b) Payment Information: To process your Subscription payments through Stripe.
• (c) Menu Data: To generate and host your Menu Site, provide the core functionality of the Service, and allow you to manage your online menu.
• (d) Usage Data: To monitor and analyze the use of the Service, improve its functionality and performance, personalize your experience, prevent fraud and abuse, and for internal business reporting.
• (e) Cookie Data: As described in detail in Section 7.
• (f) Communications Data: To respond to your inquiries, provide support, and address any issues you may have.

7. Use of Cookies and Similar Technologies

We use cookies and similar technologies (collectively, "cookies") to provide and improve the Service.

What are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the website owners.

Types of Cookies We Use:

• Strictly Necessary (Essential) Cookies: These cookies are essential for the Service to function and cannot be disabled in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as logging in, or filling in forms.
• Performance Cookies: These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor directly. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. Example:
  • _ga, _gid, _gat (Google Analytics): Collects information about website usage to help us improve the Service. https://policies.google.com/privacy
• Functionality Cookies: These cookies enhance our service function. They remember your preferences (like the templates you choose).

Third-Party Cookies:

We use the following third-party services that may set cookies on your device:

• Stripe: For payment processing. https://stripe.com/privacy
• Google Analytics: For website analytics. https://policies.google.com/privacy

Managing Cookies:

You can manage or delete cookies through your browser settings. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Here are links to instructions for managing cookies in common browsers:

• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Please note that disabling essential cookies may prevent the Service from functioning correctly.

8. Data Sharing and Disclosure

We may share your data with the following categories of recipients:

• (a) Service Providers: We share data with third-party service providers who assist us in providing the Service, such as hosting providers, email providers, and payment processors (Stripe). These providers are contractually obligated to protect your data and are only authorized to use it as necessary to perform their services for us.
• (b) Legal Authorities: We may disclose your data to law enforcement agencies, government authorities, or other third parties if required to do so by law or in the good faith belief that such action is necessary to:
  • Comply with a legal obligation.
  • Protect and defend our rights or property.
  • Prevent or investigate possible wrongdoing in connection with the Service.
  • Protect the personal safety of users of the Service or the public.
  • Protect against legal liability.
• (c) Business Transfers: If Information Network Group E.E. is involved in a merger, acquisition, sale of assets, bankruptcy, or other similar transaction, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
• (d) With Your Consent: We may share your data with other third parties if we have obtained your explicit consent to do so.
• (e) Aggregated or De-identified Data: We may share aggregated or de-identified data (data that cannot reasonably be used to identify you) with third parties for any purpose, including research, analytics, and marketing.

9. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA), including the United States. When we do so, we ensure that adequate safeguards are in place to protect your data in accordance with GDPR. For transfers to the United States, we rely on Standard Contractual Clauses approved by the European Commission.

10. Data Security

We take reasonable measures to protect your personal data from unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption: We use industry-standard encryption to protect data transmitted to and from the Service (e.g., HTTPS).
• Access Controls: We limit access to your personal data to authorized employees, contractors, and service providers who need to know that information in order to operate, develop, or improve the Service.
• Regular Security Assessments: We regularly review our security practices and procedures to identify and address potential vulnerabilities.
• Data Minimization: We only collect and retain the data that is necessary for the purposes outlined in this Privacy Policy.

However, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

11. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• (a) Account Information: We retain your Account Information for as long as your account is active and infinitely after account closure to allow for account reactivation.
• (b) Payment Information: Payment information is retained by Stripe according to their privacy policy. We retain limited payment-related data received from Stripe for as long as necessary for accounting and legal compliance purposes.
• (c) Menu Data: We retain your Menu Data for as long as your account is active, and infinitely after account closure to allow for account reactivation.
• (d) Usage Data: We retain Usage Data for 3 years for analytical purposes.
• (e) Cookie Data: Cookie retention periods vary depending on the type of cookie. See Section 7 for details on specific cookie durations.
• (f) Communications Data: We retain records of your communications with us for 10 years for customer service and record-keeping purposes.

After the applicable retention period, we will securely delete or anonymize your data.

12. Your Data Protection Rights (GDPR Specific)

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent (where processing is based on consent). However, we may be required to retain some data to comply with legal obligations.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or when the processing is unlawful.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.
• Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing your data for these purposes unless we have compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
• Right to Withdraw Consent: Where we process your personal data based on your consent (e.g., for non-essential cookies), you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. In Greece, the supervisory authority is the Hellenic Data Protection Authority (www.dpa.gr).

To exercise any of these rights, please contact us using the contact information provided in Section 1. We will respond to your request within one month of receipt, or inform you if we need more time to process your request. We may need to verify your identity before fulfilling your request.

13. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers. If you believe that we might have any information from or about a child under 18, please contact us.

14. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Effective Date" at the top of this policy. We may also notify you via email or through the Service.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

15. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Email: [email protected]