Location and GDPR compliance
BuonMenu is based in Italy and data is hosted mainly in Europe. When we transfer data outside Europe we always make sure that the companies are compliant with EU privacy laws: all our service providers are GDPR compliant.
Data we hold
BuonMenu stores data about:
- Visitors (i.e. the users who visit BuonMenu and read the menus)
- Restaurants (i.e. the customers that sign up to BuonMenu in order to publish a menu)
Data held on visitors
We don't collect personal data from visitors. However, as all websites do, we may collect some log information and stats required for debugging, security and development in general.
Data held on restaurants
BuonMenu collects account information for each user, including:
- Basic information like name and email address
- Billing information required for invoices and payments (we rely on third-party services that are PCI compliant)
- Data required for publishing or technical purposes
- Log information required for debugging, security and development in general
Data persistence and rectification
Restaurants can use the account features to remove or update their data.
Backups and logs can have a duration up to 1 year.
Access to data and portability
You can access to your account and copy your data at any time.
Data collected is used for:
- account and billing
- publication and technical purposes in general
- logs and analytics, in order to improve BuonMenu
- sending account alerts or news about BuonMenu to our users.
Restaurant consent is explicitly provided because they perform actions on BuonMenu.
Visitors also accepts this policy by using our service.
Data protection and security
We care about security and we follow best practices to reduce the risk of data breaches.
Data breaches will be notified to our registered users within 72 hours, after having become aware of it.
Data is collected and manipulated both on our own devices and on third-party servers. Our web application is hosted on Heroku. Data is also stored on Amazon Web Services. We also use many different services suited for specific purposes, for example: Cloudflare for security and DDoS mitigation, Sendgrid for emails, G Suite for support emails, Logz.io for logs, Chargebee for invoicing, Stripe for payments.
Analytics and cookies
Beside that we use third party services (Google Analytics) for analytics. Data collected by those services is anonymized (IP anonymization) and it is not merged with data from other sources (i.e. it is used only for analytics and not shared to other services like Adwords).
Data holder is AbstractBrain srls unipersonale (P. IVA: 02516920036), located in Via G. B. Palletta, 11, 28865 Crevoladossola (VB), Italy.
Inside the company, the Data Protection Officer is Marco Colli, born in Domodossola, the 27th of february 1991 and residing in Crevoladossola (VB), Italy.