Privacy Policy

Last updated: March 14, 2026

This privacy policy (the "Policy") describes how menu.band ("we", "us", "our") collects, uses, and protects personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Italian Legislative Decree no. 196/2003 (as amended by Legislative Decree no. 101/2018), and the ePrivacy Directive 2002/58/EC.

1. Data Controller

The data controller for the purposes of this Policy is:

menu.band
Email: hello@menu.band
[Registered address to be added]

2. Types of Personal Data Collected

We may collect the following categories of personal data:

  • Contact information: name, email address, phone number, WhatsApp number
  • Business information: restaurant name, location, menu content
  • Technical data: IP address, browser type, device type, operating system, pages visited, time and date of visits
  • Cookie data: as described in Section 8 below
  • Communication data: messages sent via contact forms, including any attachments (menu files)

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

  • Service delivery (Art. 6(1)(b) GDPR — performance of a contract): To create and deliver digital menus as requested, communicate about your order, and provide customer support.
  • Communication (Art. 6(1)(b) GDPR): To respond to inquiries submitted through our contact forms or email.
  • Website analytics (Art. 6(1)(a) GDPR — consent): To analyze website usage and improve our services, only with your explicit consent.
  • Legal compliance (Art. 6(1)(c) GDPR): To comply with applicable laws, regulations, and legal obligations.
  • Legitimate interests (Art. 6(1)(f) GDPR): To maintain site security, prevent fraud, and improve our services.

4. Data Sharing and Transfers

We may share your data with:

  • Service providers: hosting providers, email services, and analytics platforms that process data on our behalf under appropriate data processing agreements.
  • Telegram: Contact form submissions may be forwarded via the Telegram messaging platform for notification purposes.

We do not sell your personal data to third parties. If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR (e.g., Standard Contractual Clauses).

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form data: Up to 24 months from last interaction, or until you request deletion.
  • Service-related data: For the duration of the service relationship, plus any period required by applicable law.
  • Analytics data: Anonymized and aggregated within 26 months.
  • Cookie consent records: Stored locally on your device; consent records retained for up to 12 months.

6. Your Rights

Under the GDPR and Italian data protection law, you have the following rights:

  • Right of access (Art. 15 GDPR): Request a copy of your personal data.
  • Right to rectification (Art. 16 GDPR): Request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): Request deletion of your data ("right to be forgotten").
  • Right to restrict processing (Art. 18 GDPR): Request limitation of processing in certain circumstances.
  • Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@menu.band. We will respond within 30 days as required by law.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

8. Cookie Policy

Our website uses cookies in compliance with the Italian Cookie Law and guidelines issued by the Garante per la protezione dei dati personali.

8.1 Types of Cookies We Use

  • Essential cookies: Strictly necessary for the website to function.
  • Analytics cookies: Used to collect anonymized usage data. Activated only with your explicit consent.
  • Marketing cookies: Used to display relevant advertisements. Activated only with your explicit consent.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.

10. Contact Us

For any questions, please contact us at: hello@menu.band