We may update this policy to reflect changes to our privacy practices, or for other operational or legal reasons. If we make material changes to this policy, we will give you notice of such changes by posting the revised policy on this Website, and where appropriate, by other means. By continuing to use this Website, Open Dining system services, or our Support Services after changes are posted, you agree to the revised policy.
Collection of Information
We collect names, phone numbers, postal/delivery addresses, email addresses, payment information, and special ordering instructions, during the ordering processes and account registration / access.
We collect data about the Open Dining services that you visit and utilize, including orders in progress and abandoned orders. We collect data about how and when you access your account and the Open Dining system, such as IP addresses, the device and browser you use, your network connection, your location (as provided by your device, with consent), and information about how you navigate and use the Services.
We use this information to give you access to and improve our Services, including processing orders. We also use this information to personalize the Services for you, and we may use this information to provide you with advertising or marketing. Finally, this information is used for fraud and risk monitoring, to detect fraudulent activity within the Services and provide honest customers with a good experience.
If you are located in the European Economic Area ("EEA"), you have certain rights with respect to your personal data. If you are a merchant, a partner, or a customer of Open Dining's Services and wish to exercise these rights, please reach out to us using the contact information below. If you are a customer of a merchant who uses Open Dining's services and wish to exercise these rights, please contact the merchants you interacted with directly, as we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.
Additionally, if you are located in the EEA, we are generally processing your information in order to fulfill contracts we might have with you, such as an order through the Services for a merchant restaurant, or otherwise to pursue our legitimate business interests listed above, unless we are required by law to obtain your consent for a particular processing operation. Specifically. we process your personal data to pursue the following legitimate interests, either for ourselves, our merchants, our partners, or other third parties (including our merchants’ customers):
- To provide merchants and others with our services and applications;
- To prevent risk and fraud on our platform;
- To provide communications, marketing, and advertising;
- To provide reporting and analytics;
- To help merchants find and integrate with apps through our app store;
- To provide troubleshooting, support services, or to answer questions;
- To test out features or additional services; and
- To improve our services, applications, and websites.
When we process personal information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organizational measures employed to protect that information can help mitigate the risks to the data subject.
Accessing, Updating, or Removing Your Information
We take reasonable steps to allow you to access, amend, delete, or otherwise control the use of your personal information. You can update many types of personal information, such as payment or contact information, directly within your account settings. If you are unable to change your personal information within your account settings, or if you are concerned about data collected as you use the Services, please contact us to make the required changes. If you are a merchant’s customer (that is, you have placed orders via an Open Dining merchant/restaurant) and wish to exercise these rights, please contact the merchants you interacted with directly, as we serve as a processor on their behalf, and can only forward your request to them to allow them to respond. It’s important to remember that if you delete or limit the use of your personal information, the Services may not function properly.
We use cookie and tracking technology for gathering information such as browser type and operating system, understanding how visitors use the Site, and customizing the Site for visitors. Personal information cannot be collected via cookies and other tracking technology; however, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.
Distribution of Information
Open Dining works with a variety of third parties and service providers to help provide you with our Services, and we may share personal information with them to support these efforts.
We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.
Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.
Commitment to Data Security
Your personally identifiable information is kept secure. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information. All emails and newsletters from the Services allow you to opt out of further mailings.
European Economic Area Data Protection
As part of providing the Services, Personal Data may be transferred to other regions, including to Canada and the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation. When we process Personal Data in the course of providing the Services, we will:
- Process the Personal Data as a Data Processor, only for the purpose of providing the Services, and as may subsequently be agreed to by you. If we are required by law to Process the Personal Data for any other purpose, we will provide you with prior notice of this requirement, unless we are prohibited by law from providing such notice;
- notify you if, in our opinion, your instruction for the processing of Personal Data infringes applicable Data Protection Legislation;
- notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Data Subject or Supervisory Authority relating to our Processing of the Personal Data;
- implement and maintain appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected;
- notify you promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data;
- ensure that its personnel who access the Personal Data are subject to confidentiality obligations that restrict their ability to disclose the Customer Personal Data; and
- upon termination of the Agreement, we will promptly initiate our purge process to delete or anonymize the Personal Data. If you request a copy of such Personal Data within 14 days of termination, we will provide you with a copy of such Personal Data.
In the course of providing the Services, you acknowledge and agree that we may use Subprocessors to Process the Personal Data. Our use of any specific Subprocessor to process the Personal Data must be in compliance with Data Protection Legislation and must be governed by a contract between Open Dining and the Subprocessor.
Governance and Severance
If any provision of the Policy is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Policy shall remain operative and binding on the parties.
The terms of this Policy shall be governed by and interpreted in accordance with the laws of the State of Ohio and the laws of United States applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of the State of Ohio with respect to any dispute or claim arising out of or in connection with this Policy.
Privacy Contact Information
By e-mail: firstname.lastname@example.org