Privacy Policy

How Eaty City OÜ collects, uses, and protects your personal data.

This Privacy Policy ("Policy") describes how Eaty City OÜ ("Company", "we", "us") collects, uses, and protects personal data in connection with the Platform and Services. This Policy applies to Customers, Merchants, and users of the Platform.

01Company details

Eaty City OÜ
Registry code: 17472625
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115, Estonia
Contact: info@eatycity.com

02Legal framework

This Policy is governed by the General Data Protection Regulation ("GDPR"). Depending on the context:

  • Merchant acts as Data Controller for Customer data
  • Company acts as Data Processor (platform services)
  • Company may act as Independent Controller for certain data (e.g. platform analytics, security)

03Data we collect

3.1 Customer data

  • Name
  • Email address
  • Phone number
  • Order details
  • Transaction history
  • Loyalty balance
  • Device and usage data
  • IP address

3.2 Merchant data

  • Company name
  • VAT number
  • Business address
  • Contact persons
  • Payment account details

3.3 Technical data

  • Log files
  • Device identifiers
  • Cookies and tracking data

04Purpose of processing

We process personal data for:

  • Providing the Platform and Services
  • Processing transactions via Stripe, Inc.
  • Managing the Loyalty Program
  • Analytics and reporting
  • Fraud prevention and security
  • Legal compliance

05Legal basis

Depending on context, processing is based on:

  • Performance of a contract
  • Legitimate interests (platform improvement, fraud prevention)
  • Legal obligations
  • Consent (where required)

06Loyalty Program data

Loyalty-related data:

  • Is used solely for promotional and engagement purposes
  • Does not represent financial accounts
  • Is not treated as stored value

07Data sharing

We may share data with:

  • Payment providers (e.g. Stripe)
  • Hosting providers
  • Analytics providers
  • Legal authorities (if required)

We do not sell personal data.

08International transfers

Where data is transferred outside the EEA, we ensure safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions

09Data retention

We retain personal data:

  • As long as necessary for the Services
  • To comply with legal obligations
  • To resolve disputes

After this, data is deleted or anonymized.

10Data subject rights

Under GDPR, individuals have the right to:

  • Access their data
  • Rectify inaccuracies
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing

Requests may be sent to: info@eatycity.com

11Security

We implement appropriate security measures:

  • Encryption (TLS)
  • Access controls
  • Monitoring and logging
  • Secure infrastructure

12Cookies

The Platform may use cookies and similar technologies for:

  • Authentication
  • Analytics
  • Performance

A separate Cookie Policy may apply.

13Third-party services

Payments are processed via Stripe, Inc. Use of such services is subject to their own privacy policies.

14Children

The Platform is not intended for children under 16. We do not knowingly collect such data.

15Changes to this Policy

We may update this Policy with 30 days' notice via Platform or website.

16Contact

For any privacy-related questions: info@eatycity.com

17Legal status

This Privacy Policy:

  • Forms part of the contractual framework
  • Applies to Platform use
  • Is legally binding upon publication