Privacy Notice – customers, suppliers, visitors of the website and profiles on social media

BiteBerry s. r. o.
We take privacy very seriously.
This Privacy Notice (“Privacy Notice”) describes the manner in which we, at BiteBerry (“BiteBerry” or “we/us“), process and protect the personal data of: (i) our (potential) customers, (ii) our (potential) suppliers, (iii) the persons authorized to act on behalf of our (potential) customers and suppliers, (iv) the contact persons of our (potential) customers and suppliers and (v) visitors of our websites biteberry.com and streemlinestudio.com (“Websites”) and our profiles on social media.
We process personal data in compliance with the EU general data protection regulation, i.e. the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“) and the respective applicable local data protection acts implementing the GDPR.
In this document, we explain what type of data we process about you, the legal basis allowing us to do so, the purposes for which the data are being processed, by whom they are accessible, how you can monitor the manner of their processing, and what technical and security measures in general we use to protect your personal data. Also, you will learn about the rights in relation to processing of your personal data, and how you can exercise those rights.
By this Privacy Notice, we fulfill the obligation to inform you (in your capacity as data subject) pursuant to Article 13 and/or 14 of GDPR.

1. Who are we and how can you contact us?
BiteBerry s. r. o. with its registered seat at:
Na Bráne 4,
010 01 Žilina,
Slovak Republic,

Corporate ID (IČO): 55 353 690 registered in the Commercial Register maintained by the District Court Nitra, Section: Sro, Insert No.: 60199

If you have any questions regarding processing of your personal data, please, contact us via e-mail at support@biteberry.com or via registered mail at the address of our registered seat (above).

If you wish to exercise your rights described in Section 8 below, please, use this form or write us via email at support@biteberry.com.

2. What is personal data? What kind of personal data do we process and how do we collect them?
Personal data is any information allowing to establish your identity as individual, or any information specific to you.
We collect and process only such personal data that are necessary for us to:

  • conclude contracts with customers and suppliers and perform obligations arising thereof,
  • comply with our statutory obligations and
  • protect our legitimate interests.

If it is not absolutely necessary, we do not process any special categories of personal data within the meaning of Article 9(1) of GDPR.
Particular scope of personal data we collect and subsequently process depends on what type of data subject you are.
We obtain personal data either directly from you (e.g., when you, or the company you act on behalf of, conclude a contract with us either as customer or supplier), or indirectly from other subjects (e.g. from the delivery channel through which you have ordered the food from the restaurant using the application developed by us).

3. What categories of personal data do we process, for what purposes and on what legal basis? How long do we store your personal data? Is disclosure of your personal data to us mandatory or voluntary?

  Purpose of processing Legal basis of processing Data subject Personal data processed Retention period Mandatory/voluntary basis of disclosure
1. Performance of contracts with customers, including granting access to the BiteBerry application developed by us (“Application”) and ensuring its operability Article 6 (1) (b) of GDPR (performance of a contract to which the data subject is party) our customers – individuals (entrepreneurs) general personal data (such as name, surname, place of business, business ID No., e-mail address, telephone number, etc.) 10 years from termination of the contractual relationship Disclosure of your personal data is voluntary. However, if we will not be provided with the necessary personal data, we will be unable to perform a contract concluded with you (or the person for whom you act).
Article 6 (1) (f) of GDPR (our legitimate interest in entering into a contract with customer – legal entity, as well as in communication with contact persons of our customer) individuals acting on behalf of our customers – legal entities, as well as contact persons of our customers general personal data (such as name, surname, corporate e-mail address, corporate telephone number, existence of labour or other relationship with respective customer, working position etc.) 10 years from termination of the contractual relationship
Article 6 (1) (f) of GDPR (our legitimate interest in ensuring the operability and functionality of the Application) individuals for whom the customer has created user account in the Application and whom the customer has added to the Application (employees, couriers, suppliers) general personal data (such as name, surname, email address, telephone number) 1 year from termination of the contractual relationship Disclosure of your personal data is voluntary. However, if we will not be provided with the necessary personal data, we will be unable to create a user account in the Application for you or add you to the Application.
individuals who have ordered food from a customer (i.e. a restaurant using the Application) general personal data (such as name, surname, delivery address, telephone number, ordered meal, method of payment, email address) term of the contract Disclosure of your personal data is voluntary. It helps the restaurant (you have ordered a food from) to manage your order by using of the Application and to arrange your order as fast and as efficient as possible.
couriers GPS location term of the contract Disclosure of your personal data is a requirement that ensues from the contract concluded between you and the restaurant that uses the Application.
2. Pre-contractual negotiations with potential customers Article 6 (1) (b) of GDPR (taking steps at the request of the data subject prior to entering into a contract) our potential customers – individuals (entrepreneurs) general personal data (such as name, surname, place of business, business ID No., e-mail address, telephone number, etc.) until conclusion of the contract or until the moment when it becomes clear that no contract will be concluded, however, for the maximum period of 6 months from the provision of the data Disclosure of your personal data is voluntary. However, if we will not be provided with the necessary personal data, we will be unable to implement the measures leading to conclusion of a contract with you (or the person for whom you act).
Article 6 (1) (f) of GDPR (our legitimate interest in implementing measures leading to conclusion of a contract with customer – legal entity, as well as in communication with contact persons of our potential customer) individuals acting on behalf of our potential customers – legal entities, as well as contact persons of our potential customers general personal data (such as name, surname, corporate e-mail address, corporate telephone number, existence of labour or other relationship with the respective potential customer, working position etc.)
3. Performance of contracts with suppliers Article 6 (1) (b) of GDPR (performance of a contract to which the data subject is party) our suppliers – individuals (entrepreneurs) general personal data (such as name, surname, place of business, business ID No., e-mail address, telephone number, etc.) 10 years from termination of the contractual relationship Disclosure of your personal data is voluntary. However, if we will not be provided with the necessary personal data, we will be unable to perform a contract concluded with you (or the person for whom you act).
Article 6 (1) (f) of GDPR (our legitimate interest in entering into a contract with supplier – legal entity, as well as in communication with contact persons of our suppliers) individuals acting on behalf of our suppliers – legal entities, as well as contact persons of our suppliers general personal data (such as name, surname, corporate e-mail address, corporate telephone number, existence of labour or other relationship with respective supplier, working position etc.)
4. Pre-contractual negotiations with potential suppliers Article 6 (1) (b) of GDPR (taking steps at the request of the data subject prior to entering into a contract) our potential suppliers – individuals (entrepreneurs) general personal data (such as name, surname, place of business, business ID No., e-mail address, telephone number, etc.) until conclusion of the contract or until the moment when it becomes clear that no contract will be concluded, however, for the maximum period of 6 months from provision of the data Disclosure of your personal data is voluntary. However, if we will not be provided with the necessary personal data, we will be unable to implement the measures leading to conclusion of a contract with you (or the person for whom you act).
Article 6 (1) (f) of GDPR (our legitimate interest in implementing measures leading to conclusion of a contract with supplier – legal entity, as well as in communication with contact persons of our potential suppliers) individuals acting on behalf of our potential suppliers – legal entities, as well as contact persons of our potential suppliers general personal data (such as name, surname, corporate e-mail address, corporate telephone number, existence of labour or other relationship with the respective potential supplier, working position etc.)
5. Raising awareness of us in online environment and related interaction with our (potential) customers Article 6 (1) (a) GDPR (consent of the data subject) individuals who granted consent with processing of their personal data in online environment (e.g. by posting of their photos) general personal data of various type you provide us with in the online environment (e.g., through our social media profiles) period of duration of the consent Disclosure of personal data is voluntary. However, if you do not provide us with your personal data, we will not be able to communicate with you in an online environment (e.g., through our social media profiles).
Article 6 (1) (f) of GDPR (our legitimate interest in raising awareness of us in the online environment) visitors of our Websites and visitors/followers of our profiles on social media until filing of a legitimate objection to the processing
6. Processing of cookies on our Websites Article 6 (1) (a) GDPR (consent of the data subject) visitors of our Websites general person data including information about the activities and preferences of the Websites visitors within the scope of the consents granted period of duration of the consent Disclosure of personal data is voluntary.
Article 6 (1) (f) of GDPR (our legitimate interest in ensuring protection and functionality of our Websites) general personal data necessary to ensure the protection and functionality of our Websites until filing of a legitimate objection to the processing Disclosure of your personal data is necessary of ensuring the protection and functionality of our Websites.
7. Communication with persons who have filled in the contact form on any of our Websites and resolving their enquiries Article 6 (1) (f) of GDPR (our legitimate interest in in dealing with enquiries of the visitors of our Websites) persons who have filled in the contact form on our Websites general personal data provided by the data subjects in the online form (such as name, surname, e-mail address, telephone number, etc.) 90 days after the relevant enquiry has been resolved Disclosure of personal data is voluntary. However, if you do not provide us with your personal data, we will not be able to deal with and resolve your enquiry posted via the contact form on our Websites.
8. The agenda of our feedback requests and satisfaction surveys Article 6 (1) (f) of GDPR (our legitimate interest to maintain and improve the relationship with our customers) our customers – individuals (entrepreneurs) or individuals acting on behalf of our customers – legal entities, as well as contact persons of our customers general personal data (such as name, surname, e-mail address, telephone number, corporate e-mail address, corporate telephone number, existence of labour or other relationship with the respective customer, working position, content of the data subject’s replies to our requests/surveys etc.) 90 days after provision of the feedback or responding to the satisfaction survey Disclosure of personal data is voluntary. However, if you do not provide us with your personal data, we will not be able to get your feedback.
9. Protection of legal claims of BiteBerry Article 6 (1) (f) of GDPR (our legitimate interest in protection of our legal claims) persons against whom we assert any legal claim and persons who assert any legal claim against us general personal data (such as name, surname address, contact email and telephone number, existence of labour or other relationship with respective person which have made legal claim against us, working position etc.)special category of personal data (e.g., health data), but only if they are relevant in a given matter until the dispute is settled out of court or until a court or other authority makes a final decision on the matter Disclosure of your personal data is voluntary. However, in most cases, we already dispose with your personal data due to existence of previous relationship with you.
10. Sending advertising newsletter (non-targeted marketing communication) Article 6 (1) (a) of GDPR (consent of data subject) persons who requested or agreed to receive the advertising newsletter general personal data (such as name, surname, contact email) duration of the consent Disclosure of your personal data is voluntary. However, if you do not provide us with the necessary personal data, we will not be able to send you an advertising newsletter, the content of which could be interesting and/or beneficial to you.
Article 6 (1) (f) of GDPR (our legitimate interest in direct marketing) existing and former customers (individuals – entrepreneurs), contact persons of existing and former customers – legal entities 2 years of the date of termination of the relevant customer’s contract with BiteBerry, or until the moment of exercise of the right to object to sending marketing information
11. Bookkeeping Article 6 (1) (c) of GDPR (compliance with our legal obligations) data subjects the personal data of which are listed in accounting documents kept by us (e.g., individuals – entrepreneurs, members of statutory bodies of legal entities, etc.) general personal data (such as business name, place of business, business ID No., tax ID No. and VAT No. of an individual – entrepreneur, name and surname of the person authorised to act on behalf of a legal entity etc.) 10 years Disclosure of your personal data is mandatory and results from the applicable tax and accounting legislation.

4. To whom do we disclose your personal data?
We do not make your personal data public. We neither disclose, nor provide your personal data to any entities other than those described below.

  1. External suppliers
    We provide your personal data to some of our suppliers. In doing so, we ensure that the selection of our suppliers and their processing of your personal data is fully compliant with the GDPR. Such external suppliers include providers of the following services:
    • Providers of cloud computing solutions (having servers in the EU) – e.g. AWS
    • Standard software providers (e.g. Microsoft, Google)
    • Law firm providing legal services (based in the EU)
    • Provider of development, management and technical support of our Websites (based in the EU)
    • Webhosting provider (based in the EU)
    • Provider of management of social media profiles (based in the EU)
    • Social network platform operators – e.g. LinkedIn
    • Transport, courier and postal companies
    • Providers of other software solutions used by us in connection with operation of the Application, e.g. Auth0, Twilio
    • Providers of payment processing services, e.g. Stripe
    • Provider of accounting services (based in the EU)

    In addition, BiteBerry cooperates with companies providing it with analytical and advertising services and participating in the implementation of its marketing campaigns (e.g., Google LLC and Meta Platforms, Inc.). These companies allow us to better understand how users use our Websites, place our advertising online and measure its performance. In doing so, they may use cookies and similar technologies to collect data about your interaction with us, as well as with other sites. For more information about these services and on protection of your privacy, please, see the cookies preferences on our Websites.

  2. Compliance with Obligations Resulting from Legal regulations
    We may also provide your personal data to other persons in order to comply with our obligations resulting from the applicable legal regulations or lawful requests received from public authorities. Such categories of recipients include various public authorities, including authorities competent to exercise control over our activities, or other authorised bodies in connection with archiving of documents.
  3. Asserting and defending legal claims
    We may also disclose your personal data to other persons for the purpose of asserting our legal claims or defending ourselves effectively against claims brought against us. Such categories of recipients include, in particular, courts (including arbitrators and arbitration tribunals), executors, notaries, translators, experts or other relevant public authorities.
  4. Our Employees
    Your personal data can also be accessed by our employees. Our employees might have access to your personal data on a strictly need-to-know basis typically governed and limited by working position of the particular employee.
  5. Prospective investors
    If we sell any part of our business or our assets, we may need to disclose your personal data to prospective investors for due diligence purposes.

5. Transfer of personal data to third countries or international organizations
By default, we seek not to transfer your personal data to a third country outside EU and/or European Economic Area (“Third Country”).
However, some of our external suppliers specified in Section 4.1 above or their suppliers/processors might have servers located in Third Countries, e.g. in the United States of America (“U.S.”).
Any transfer of personal data outside EU or European Economic Area is done by us only under strict compliance with GDPR. In case of recipients in Third Countries which (under the opinion of the European Commission) not ensure adequate level of protection of personal data, we insist on concluding EU model Standard Contractual Clauses (SCC) with us or follow equivalent safeguards in place. In respect of transfer of personal data to U.S., most of our external suppliers are members of the EU-U.S. Data Privacy Framework.
We do not intend to transfer personal data to any international organization.

6. How do we protect your personal data?
We continuously evaluate and modernize our implemented safety, technical and organizational measures to secure a safe processing of your personal data. We protect the personal data storing database against damage, destruction, loss and unauthorized use. Should you wish to receive more information concerning the security of your personal data, do not hesitate to contact us at support@biteberry.com.

7. How long do we store your data?
We store your personal data only for periods of time as may be required to attain the purpose for which your data have been collected. If we process your personal data on the basis of our legitimate interest, they continue to be processed until the reason for the processing ceases to exist, or until you exercise your right to object to the processing. However, please note that even if a reason for processing of your personal data ceases to exist, this does not automatically mean that we erase your personal data. As a matter of fact, we may – and in certain cases we are required to – continue processing personal data for a different purpose (e.g., archiving) supported by another legal basis.
For more detailed information concerning personal data storage periods, please see table in Section 3 above.

8. What are your rights?
As we process your personal data, you can exercise a number of rights against us as set out below. You can exercise these rights by filling in this online form or sending an email to support@biteberry.com. We will inform you of the manner of disposal of your request within 30 days of its delivery. In justified cases, this time limit may be extended to 60 days; in such a case, we will notify you in advance.

9. Existence of automated decision-making, including profiling
We carry out profiling for the purpose of predicting your future interests and displaying targeted advertising. We create individual profiles based on the analysis of your personal data (which you have provided to us directly, which we have
obtained from your browsing on internet, or which our suppliers have provided to us) in order to provide you with offers that are relevant and interesting to you.

10. Personal data concerning minors
We do not, and do not intend to process personal data of persons below 16 years of age. Should we become aware of any processing of such data, this will be immediately discontinued and those personal data will be erased.

  1. Right of access
    You have the right to request access to your personal data according to Article 15 of GDPR. In simple terms, you have the right to obtain from us a confirmation whether we do, or do not process your personal data. If we do, you
    have the right to be provided with access to such personal data, as well as the information about the categories of your personal data we process, for what purpose(s), to whom were your personal data disclosed, from what source
    we have obtained the data (unless we have obtained them from you), whether they were transferred to a Third Country, period of their storing, as well as how to request rectification, erasure or restriction on the processing of
    your personal data, the right to object to such processing and the right to file a complaint to the relevant supervisory authority.
  2. Right to rectification
    You have the right to rectification according to Article 16 of GDPR. We really care that we process only correct and complete personal data. If, however, you discover or believe that this is not the case, you have the right to
    request that we either rectify, or update your personal data.
  3. Right to erasure (Right to be forgotten)
    You have the right to erasure of personal data according to Article 17 of GDPR. This means that you may request that we erase personal data concerning you that we process, provided that no exemption stipulated by law applies,
    and that one of the following conditions is satisfied:
    • your data are no longer needed for the purposes for which they have been collected;
    • you withdraw your consent to processing of personal data and, at the same time, there is no legal basis backing their processing;
    • you raise an objection to the processing of your personal data backed by one of our legitimate interests and, at the same time, there are no overriding legitimate interests backing their continuing processing, or you raise an objection to their processing for direct marketing purposes;
    • personal data were processed unlawfully. Also, we will inform other recipients of your personal data that you have exercised your right of erasure. Accordingly, those additional recipients should erase all references/links to your personal data if this is feasible, having regard to the available technology and the costs of implementation of those steps.
  4. Right to restriction of processing
    You have the right to restriction of processing according to Article 18 of GDPR. In simple terms, you may request that we restrict processing of your personal data, as long as one of the following reasons is concerned:
    • if you believe that your personal data we process are incorrect, until their accuracy is verified;
    • processing of your personal data is unlawful and you chose to request restriction of their processing rather than their erasure;
    • we no longer need your personal data for their processing; however, you may still need those data to evidence, enforce and defend your legal claims;
    • if you object to processing of your personal data, until it is established whether legitimate reasons for their processing overrides your legitimate interests. If your objection is successful and processing of your personal data is to be restricted, we will inform you in advance if restriction on processing is lifted.
  5. Right to data portability
    You have the right to data portability according to Article 20 of GDPR. Briefly speaking, if we process your personal data based on your consent (Article 6 (1) (a) of GDPR) and/or based on a contract concluded with you (Article 6 (1) (b) of GDPR) and the processing is performed through automated means, you have the right to obtain those data in a structured, commonly used and machine-readable format. You may transfer those data also to third persons and, on your request, we will thus transfer your data directly to a processor of your choice, provided that this is technically feasible.
  6. Right to object
    You have the right to object against processing (including profiling) based on legitimate or public interest and the right to object against the processing for direct marketing purposes (including profiling) according to Article 21 of GDPR. This means that (on grounds relating to your particular situation) you have the right to object to processing of your personal data carried out on the basis of our legitimate interest, including profiling based on our legitimate interest. Unless we demonstrate compelling legitimate grounds for the processing which override your rights and freedoms, we are no longer allowed to process your personal data. If we process your personal data for direct marketing purposes, you have the right to object at any time to such processing (including profiling) to the extent that it is related to such direct marketing. If you object to such processing, we will no longer be allowed to process your personal data for those purposes. In each marketing-related e-mail (if any), we will offer you the possibility to unsubscribe if you no longer wish to receive marketing information from us. You can do so by clicking on the “Unsubscribe” link located at the bottom of our marketing e-mails.
  7. Right to withdraw consent
    If we process your personal data under a consent given by you, you are entitled to withdraw such consent at any time e.g. by sending an official letter to the address of registered seat of BiteBerry, by sending an e-mail to support@biteberry.com or by filling in this online form. However, please be aware that withdrawal of your consent has no bearing on legitimacy of any processing of your personal data under your consent prior to its withdrawal.
  8. Filing complaintsIf you believe that we process your personal data in breach of the applicable legal regulations governing the protection of personal data, you are entitled to lodge a complaint with our
    principal supervisory authority, namely the Office for Personal Data Protection of the Slovak Republic at the following address:
    Úrad na ochranu osobných údajov Slovenskej republiky
    Hraničná 12, 820 07 Bratislava 27, Slovenská republika
    https://dataprotection.gov.sk/uoou/sk.
    If your habitual residence or place of work is in another Member State of the European Union, you may lodge your complaint also with the supervisory authority in that member state.

11. Existence of automated decision-making, including profiling
We carry out profiling for the purpose of predicting your future interests and displaying targeted advertising. We create individual profiles based on the analysis of your personal data (which you have provided to us directly, which we have
obtained from your browsing on internet, or which our suppliers have provided to us) in order to provide you with offers that are relevant and interesting to you.

12. Personal data concerning minors
We do not, and do not intend to process personal data of persons below 16 years of age. Should we become aware of any processing of such data, this will be immediately discontinued and those personal data will be erased.