Privacy Policy

Privacy Policy

Welcome to AnyTable.ph, an app designed to make restaurant reservations easier and more accessible for everyone. This Privacy Policy outlines how we collect, use, protect, and share information about you as you use the AnyTable.ph app. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

We collect personal information that identifies you as an individual. This information is essential for providing personalized services and improving user experience. Here's what we collect:

a) First Name and Last Name
b) Street Address, City, State, Zip Code, and Cross Streets
c) Phone Number
d) E-mail Address
e) Site-specific Display Name

1.2 Sensitive Personal Information

Sensitive personal information requires additional security measures and controls to ensure its protection due to its nature. We collect:

a) GPS Location (mobile site): Detailed location data that could reveal patterns of movement or habits.
b) Customer Service Inquiries: Includes potentially sensitive issues or disputes that you may discuss with our support team.

2. Information Shared with Third Parties

We may share certain information with third-party service providers and partners who assist us in operating our app, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. Here are the types of information we might share and the circumstances under which they are shared:

2.1 Types of Information Shared

a) Personal and Contact Information: Includes names, addresses, phone numbers, and email addresses, shared with delivery services or customer support tools.
b) Order Details and Preferences: Information regarding your orders and preferences may be shared with restaurant partners and supply chain vendors to fulfill service requests.
c) Location Data: GPS data may be provided to mapping and navigation services to enhance delivery accuracy.
d) Analytics Data: Non-personally identifiable information used for analytics and market research might be shared with analytics service providers to help improve our service offerings.
e) Social Networking Information: Information related to social media interactions may be shared with social media platforms for targeted advertising and promotional campaigns.

2.2 Detailed Purposes of Sharing Data with Third Parties

When we share data with third-party service providers and partners, it is done with specific objectives that align with our business operations and commitment to enhancing user experience. Here is a detailed breakdown of the purposes for which we share data:

2.3 Enhancing Service Delivery

a) Fulfillment Services: We share personal information such as names and addresses with courier and delivery services to ensure the accurate and timely delivery of orders you place on our site.
b) Payment Processing: Financial details are shared with payment processors to facilitate smooth and secure transaction processing, reducing the risk of fraud.

2.4 Operational Efficiency

a) Customer Support Services: Contact information and relevant order details are shared with customer support service providers to help address and resolve any issues or inquiries you might have.
b) Technical Infrastructure: We work with cloud service providers who host our database and applications, ensuring robust performance and high availability of our services.

2.5 Marketing and Personalization

a) Targeted Advertising: Information like browsing habits and purchase history is shared with marketing platforms to tailor advertising to your preferences and previous interactions with the site.
b) Customer Engagement: We share limited data with email marketing platforms to send you newsletters, special offers, and updates that are relevant to your interests.

2.6 Research and Development

a) Analytics and Insights: Aggregated and anonymized data about user interactions and site usage are shared with analytics providers to help us understand user behavior patterns, improve site functionality, and develop new features that respond to user needs.

2.7 Compliance and Legal Obligations

a) Regulatory Compliance: We may share data with regulatory authorities to comply with legal requirements, such as tax laws and other government regulations.
b) Legal Processes: In cases where it is necessary to defend against legal claims or comply with court orders, subpoenas, or other legal processes, we may share data as required by law.

3. Securing of Data

3.1 Security Measures

a) Fraud Prevention: To protect against fraud and other malicious activities, we share data with security service providers who assist in monitoring suspicious or potentially fraudulent activity.

3.2 Business Transitions

a) Mergers and Acquisitions: In the event of a merger, acquisition, or sale of assets, user information may be among the transferred assets, always subject to the promises made in the pre-existing Privacy Policy unless the user consents otherwise.

3.3 Protection and Security Measures for Data Sharing with Third Parties

When sharing data with third-party service providers and partners, we implement rigorous protection and security measures to ensure the confidentiality, integrity, and availability of user data. Here is a detailed description of the security measures and protections we employ:

3.4 Data Protection Agreements

a) Contractual Obligations: All third-party service providers are bound by contract to use the information solely for the agreed-upon purposes and to maintain the confidentiality and security of the data.

3.5 Data Encryption

a) Encryption in Transit and at Rest: Data shared with third parties is encrypted during transmission and while stored on their servers. This prevents unauthorized access and ensures that data remains secure.

3.6 Access Controls

a) Limited Access: Access to data is strictly limited to personnel who need the information to perform their job functions. Strict authentication and authorization mechanisms are in place to control access.

3.7 Regular Audits and Compliance Checks

a) Third-Party Audits: We conduct regular audits of our third-party service providers to ensure compliance with our security standards and privacy policies.
b) Compliance Reviews: Regular reviews are conducted to ensure that third-party services remain compliant with relevant regulations and industry standards.

3.8 Secure Data Transmission

a) Secure Protocols: We use secure communication protocols such as HTTPS and TLS to ensure the secure transmission of data to and from third-party services.

3.9 Anonymization and Pseudonymization

a) Data Minimization: Where possible, we anonymize or pseudonymize data before sharing it with third parties, reducing the risk associated with data exposure.

3.10 Incident Response Planning

a) Rapid Response: In the event of a data breach or security incident, we have an incident response plan in place that includes notifying affected users and regulatory authorities as required.

3.11 Training and Awareness

a) Employee Training: Employees are regularly trained on data protection principles and the importance of protecting user data. This training extends to handling data shared with third parties.

3.12 Secure Disposal

a) Data Disposal Protocols: When data is no longer needed, secure disposal methods are used to ensure that data cannot be recovered or misused.

4. Our Commitment to Your Privacy Rights Under GDPR and CCPA

At our app, we are dedicated to upholding and respecting the privacy rights granted by the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Here is how we ensure these rights are protected and facilitated:

4.1 Types of Information Shared

We offer the following rights to our users, aligning with GDPR requirements:

a) Right to Access
We provide you with the ability to access your personal data upon request, ensuring you can review, verify, and check for accuracy.

b) Right to Rectification
If your personal data is inaccurate or incomplete, we correct it promptly upon your request.

c) Right to Erasure
We respect your right to be forgotten. You can request the deletion of your personal data when it no longer serves the purpose for which it was collected.

d) Right to Restrict Processing
We allow you to restrict the processing of your personal data under certain conditions, providing control over how your information is used.

e) Right to Data Portability
We facilitate the transfer of your data to another entity, providing it in a structured, commonly used, and machine-readable format.

f) Right to Object
We respect your right to object to the processing of your data, especially for direct marketing purposes.

g) Rights Related to Automated Decision Making
We ensure that you are not subject to decisions based solely on automated processing that have a significant impact on you, without human intervention.

4.2 Under CCPA

We uphold the following rights for California residents:

a) Right to Know
You can request and receive detailed information about how we collect, use, and share your personal data over the past 12 months.

b) Right to Delete
Upon your request, we delete your personal information from our records and direct our service providers to do the same.

c) Right to Opt-Out
We provide you with the option to stop the sale of your personal information to third parties.

c) Right to Non-Discrimination
We guarantee that you will receive equal service and pricing, even if you exercise your privacy rights.

c) Right to Opt-In
For our users under 16, we require affirmative consent before selling their personal information. For those under 13, we seek parental consent.

5. Children's Privacy Policy Under GDPR and CCPA

Our organization is committed to safeguarding the privacy of children, adhering strictly to the requirements set forth by the General Data Protection Regulation (GDPR) for children in the European Union and the California Consumer Privacy Act (CCPA) for children in California. This combined policy provides a comprehensive overview of our practices regarding the collection, use, and protection of personal information from children under the age of 16 (under GDPR) and 13 (under CCPA).

5.1 Collection of Information of

a) Personal Information: We do not knowingly collect personal information from children under the age of 16 (EU) and 13 (California) without obtaining prior verifiable parental consent. If we discover that personal information has been collected from a child without appropriate consent, we will delete this information promptly.
b) Purpose of Collection: Personal information from children is only collected to provide services such as educational content, subscriptions, and interactive communications. This collection is strictly limited to what is necessary to participate in the activity.

5.2 Parental Rights

a) GDPR and CCPA Rights: Under both regulations, parents have rights to access, review, and request the deletion of their child's personal information. Additionally, parents can object to further processing of their child's data.
b) Consent Withdrawal: Parents can withdraw consent at any time, prompting us to stop any further collection or processing of their child’s information. Under CCPA, parents can also opt out of the sale of their child’s personal information.

6. Data Retention Policy

6.1 Purpose

This Data Retention Policy aims to ensure that our organization retains personal data only for the period necessary to fulfill the purposes for which the data was collected and to comply with applicable legal, tax, and regulatory requirements. This policy is in accordance with the General Data Protection Regulation (GDPR) for our users in the European Union and the California Consumer Privacy Act (CCPA) for our users in California.

6.2 Scope

This policy applies to all personal data processed by our organization, regardless of the data format. It covers data stored on digital and physical media, including data stored in "the cloud," on local servers, personal devices, and paper files.

6.3 Data Retention Principles

a) Data Minimization: We only collect data that is necessary for the purposes stated at the time of collection and we do not retain it longer than necessary to fulfill those purposes.
b) Purpose Limitation: Data is retained based on the specified, explicit, and legitimate purposes communicated to data subjects at the time of data collection.

6.4 Data Retention Periods

a) Customer Data

1. Retention: Retained for the duration of the customer relationship plus a period of six years to comply with tax and contract laws.
2. Deletion: After this period, customer data will be securely deleted unless legal proceedings require further retention.

b) Employee Data

1. Retention: Employee data is retained for the duration of employment and seven years thereafter, considering labor law requirements and pension obligations.
2. Deletion: Data is then reviewed and deleted if no longer necessary.

c) Marketing Data

1. Retention: Data used for marketing purposes is kept until the user unsubscribes or requests deletion. Additionally, if there has been no engagement for three years, the data will be considered for deletion.
2. Deletion: Unsubscribed users’ data is promptly removed from all marketing databases.

d) Legal Records

1. Retention: Data held for legal purposes is retained as per the advice of legal counsel, and in accordance with statutory limitation periods.
2. Deletion: This data is reviewed annually and deleted if no longer required for legal defense or obligations.

e) Data Review and Deletion Process

Data will be reviewed at regular intervals to ensure it is not kept beyond the necessary period. The process for data deletion involves secure methods that ensure data cannot be reconstructed or recovered. This includes digital data wiping and physical destruction of paper files.

f) Exceptions

Exceptions to these retention periods may occur if there are legal holds or other regulatory requirements that necessitate longer retention.

7. Amendments to the Policy

This policy may be updated periodically to reflect changes in our practices or changes in the regulatory environment. Such changes will be communicated through our standard channels for policy changes.

8. Contact Information

For questions or concerns about our data retention practices, please contact us through support@anytable.ph.