Shopping Cart
{{ item.name }}
{{ item.quantity }} x {{ item.attributes.friendly_price }}
Privacy Policy
Digiorder Privacy Policy
Last updated: [insert date]
This Privacy Policy explains how Digiorder collects, uses, stores, shares and protects personal information when you use our website, customer ordering pages, merchant dashboard, digital menu, payment features, applications and related services.
Digiorder is operated by [insert legal company name], trading as Digiorder.
For the purposes of this Privacy Policy:
“Digiorder”, “we”, “us” or “our” means [insert legal company name], trading as Digiorder.
“Platform” means the Digiorder website, merchant dashboard, customer ordering pages, digital menus, applications and related services.
“Merchant” means a restaurant, takeaway, food business, shop, café, grocery business or other business using Digiorder to receive and manage orders.
“Customer” means a person who uses Digiorder to place an order with a Merchant.
“Personal data” means information that identifies, or can reasonably identify, an individual.
This Privacy Policy applies to Customers, Merchants, Merchant staff, website visitors and anyone who contacts or interacts with Digiorder.
1. Who We Are
Digiorder provides technology that allows Merchants to create digital menus, receive orders, manage customer orders and accept online payments.
Our contact details are:
Company name: [insert legal company name]
Trading name: Digiorder
Company number: [insert company number, if applicable]
Registered address: [insert address]
Email: [insert privacy/contact email]
Website: [insert website]
If you have any questions about this Privacy Policy or how we use personal data, contact us at [insert privacy email].
2. Our Role Under Data Protection Law
Depending on how Digiorder is used, Digiorder may act as a data controller, a data processor, or an independent controller.
A controller decides why and how personal data is used. A processor handles personal data on behalf of a controller. The ICO explains that controllers exercise overall control over the purposes and means of processing personal data.
2.1 Where Digiorder is a controller
Digiorder is usually a controller when we use personal data for:
a. operating Digiorder accounts;
b. billing and subscriptions;
c. platform security;
d. fraud prevention;
e. customer support;
f. analytics and service improvement;
g. marketing our services;
h. legal compliance;
i. managing our relationship with Merchants.
2.2 Where Merchants are controllers
Merchants are usually controllers for personal data used to fulfil Customer Orders, manage Customer relationships, deal with complaints, handle refunds, provide customer service and comply with their own legal duties.
For example, when a Customer places an order with a restaurant through Digiorder, the restaurant is responsible for preparing and fulfilling that order. The restaurant may separately decide how to use Customer data for order handling, complaints, refunds, records and lawful marketing.
2.3 Where Digiorder is a processor
In some cases, Digiorder may process Customer personal data on behalf of a Merchant to provide the Platform. Where required, our Merchant Terms or data processing terms will apply.
3. Personal Data We Collect
We may collect and use the following types of personal data.
3.1 Customer Data
When a Customer places an order or uses a Merchant’s Digiorder page, we may collect:
a. name;
b. email address;
c. phone number;
d. delivery address;
e. billing details;
f. order details;
g. selected items;
h. order notes;
i. allergy or dietary notes provided by the Customer;
j. payment status;
k. refund status;
l. delivery or collection preference;
m. IP address;
n. device and browser information;
o. communication records;
p. support messages;
q. fraud, security and technical logs.
We do not recommend placing sensitive medical information in order notes. If a Customer includes allergy, dietary, health or other sensitive information in an order note, that information may be shared with the Merchant so the Merchant can process the order.
3.2 Merchant Data
When a Merchant signs up or uses Digiorder, we may collect:
a. business name;
b. owner, director, manager or staff names;
c. business email address;
d. personal or work email address;
e. phone number;
f. business address;
g. trading address;
h. company number;
i. VAT number, if provided;
j. menu information;
k. bank or payout information, where relevant;
l. Stripe or payment account information;
m. subscription and billing records;
n. invoices;
o. account login details;
p. dashboard usage data;
q. support messages;
r. identity or verification information required by payment providers;
s. technical logs and security records.
3.3 Website Visitor Data
When someone visits our website or Platform, we may collect:
a. IP address;
b. device type;
c. browser type;
d. operating system;
e. pages visited;
f. referral source;
g. approximate location based on IP address;
h. date and time of visit;
i. cookie identifiers;
j. analytics data;
k. marketing attribution data.
3.4 Payment Data
Payments may be processed by Stripe or another payment provider. Digiorder does not usually store full card numbers.
Payment providers may collect and process card details, payment method details, fraud checks, identity information, bank account details, payout information and transaction information. Stripe’s privacy materials explain how Stripe collects and uses personal data when its services are used.
4. How We Collect Personal Data
We may collect personal data when:
a. a Customer places an order;
b. a Customer contacts a Merchant through Digiorder;
c. a Merchant creates an account;
d. a Merchant uploads menu or business information;
e. a Merchant connects Stripe or another payment provider;
f. someone contacts Digiorder support;
g. someone visits our website;
h. someone accepts cookies or similar technologies;
i. someone subscribes to emails or marketing;
j. someone interacts with Digiorder on social media;
k. payment providers, delivery providers, analytics tools or other third parties provide information to us.
5. How We Use Personal Data
We use personal data for the following purposes.
5.1 To provide the Platform
We use personal data to:
a. create and manage accounts;
b. display digital menus;
c. process and transmit Orders;
d. notify Merchants of Orders;
e. allow Customers to place Orders;
f. process payments and payment statuses;
g. support refunds and disputes;
h. provide dashboards, reports and order history;
i. provide technical support;
j. maintain platform functionality.
5.2 To manage Merchant relationships
We use Merchant data to:
a. onboard Merchants;
b. manage subscriptions;
c. issue invoices;
d. process subscription payments;
e. provide support;
f. contact Merchants about their account;
g. monitor platform usage;
h. enforce our Merchant Terms;
i. prevent misuse of Digiorder.
5.3 To process Orders
We use Customer data to:
a. send the Order to the Merchant;
b. identify the Customer to the Merchant;
c. provide delivery or collection details;
d. send order confirmations or updates;
e. support refunds, cancellations and complaints;
f. keep records of Orders.
5.4 To improve and secure Digiorder
We use data to:
a. detect errors and bugs;
b. monitor uptime and performance;
c. prevent fraud and abuse;
d. protect accounts;
e. investigate suspicious activity;
f. improve user experience;
g. develop new features;
h. analyse platform performance.
5.5 To communicate with users
We may use personal data to:
a. respond to enquiries;
b. provide customer support;
c. send service messages;
d. send account notices;
e. send billing notices;
f. notify users of changes to our terms or policies;
g. send security alerts.
5.6 For marketing
Where permitted by law, we may use personal data to:
a. send marketing emails;
b. promote Digiorder services to Merchants;
c. advertise Digiorder online;
d. measure marketing campaigns;
e. send updates about new features, offers or services.
Users can opt out of marketing messages at any time by using the unsubscribe link or contacting us.
We will not sell Customer personal data to third parties.
6. Our Lawful Bases for Using Personal Data
Under UK GDPR, we need a lawful basis to use personal data. The ICO explains that lawful bases include consent, contract, legal obligation, legitimate interests and others.
We may rely on the following lawful bases:
6.1 Contract
We use personal data where necessary to provide Digiorder services, manage Merchant accounts, process Orders, provide support, process subscriptions and operate the Platform.
6.2 Legitimate interests
We use personal data where necessary for our legitimate business interests, including:
a. operating and improving Digiorder;
b. preventing fraud;
c. maintaining security;
d. supporting Merchants and Customers;
e. analysing platform performance;
f. enforcing our terms;
g. protecting our legal rights;
h. sending relevant business-to-business marketing where legally permitted.
We only rely on legitimate interests where those interests are not overridden by the rights and freedoms of individuals.
6.3 Legal obligation
We may use personal data to comply with legal, tax, accounting, regulatory, court, law enforcement or payment compliance obligations.
6.4 Consent
We may rely on consent for certain cookies, marketing communications, optional features or where required by law. Consent can be withdrawn at any time.
6.5 Vital interests
In rare cases, we may use personal data where necessary to protect someone’s life or safety, such as in relation to serious food allergy or emergency concerns.
7. Sharing Personal Data
We may share personal data with the following parties.
7.1 Merchants
When a Customer places an Order, we share relevant Customer data with the Merchant so the Merchant can fulfil the Order.
This may include name, phone number, email address, delivery address, order details, order notes, allergy or dietary notes, payment status and refund information.
7.2 Payment providers
We may share personal data with Stripe or other payment providers to process payments, refunds, payouts, fraud checks, chargebacks, disputes, identity verification and compliance checks.
7.3 Delivery providers
Where delivery integrations are used, we may share relevant Order and delivery information with delivery providers.
7.4 Service providers
We may share data with trusted service providers who help us operate Digiorder, including:
a. hosting providers;
b. email providers;
c. SMS or notification providers;
d. analytics providers;
e. customer support tools;
f. payment providers;
g. accounting providers;
h. legal advisers;
i. security providers;
j. software developers and technical contractors.
Where required, we use contracts to protect personal data.
7.5 Legal and regulatory bodies
We may share personal data with regulators, courts, law enforcement, tax authorities, payment networks, fraud prevention bodies or other authorities where required or permitted by law.
7.6 Business transfers
If Digiorder is sold, merged, restructured, financed, acquired or transferred, personal data may be shared with the buyer, investor, group company, adviser or successor organisation.
8. International Transfers
Some of our service providers may process personal data outside the United Kingdom.
Where personal data is transferred internationally, we will take steps required by applicable data protection law, such as using adequacy regulations, approved contractual safeguards, data processing terms or other lawful transfer mechanisms.
9. Cookies and Similar Technologies
Digiorder may use cookies, pixels, local storage, device identifiers and similar technologies.
Cookies may be used to:
a. keep users logged in;
b. remember basket or checkout information;
c. secure accounts;
d. process Orders;
e. analyse website usage;
f. improve performance;
g. personalise content;
h. measure marketing;
i. support advertising.
Some cookies are necessary for the Platform to work. Others, such as analytics or marketing cookies, may require consent.
The ICO explains that PECR sits alongside UK GDPR and provides specific rules for cookies and similar technologies.
You can control cookies through your browser settings and, where available, through our cookie banner or cookie settings tool.
10. Analytics and Advertising
We may use analytics and advertising tools such as:
a. Google Analytics;
b. Google Ads;
c. Meta Pixel;
d. TikTok Pixel;
e. Microsoft Advertising;
f. other analytics, attribution or advertising tools.
These tools may collect information about website visits, clicks, pages viewed, device information, referral source and interactions with our Platform.
We will use cookie consent tools where required by law.
Replace this section with the specific tools Digiorder actually uses before publishing.
11. How Long We Keep Personal Data
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy.
Retention periods may depend on:
a. the type of data;
b. the reason it was collected;
c. legal, tax or accounting requirements;
d. payment disputes or chargeback periods;
e. fraud prevention needs;
f. support history;
g. contractual obligations;
h. whether an account remains active;
i. whether deletion has been requested.
As a guide:
a. Merchant account data may be kept while the account is active and for a reasonable period after closure.
b. Order records may be kept for business, tax, dispute and support purposes.
c. Payment and billing records may be kept for legal, tax, accounting and fraud prevention purposes.
d. Support messages may be kept to resolve issues and improve service.
e. Marketing data may be kept until consent is withdrawn or the user opts out.
f. Technical logs may be kept for security, debugging and fraud prevention.
Where we no longer need personal data, we will delete, anonymise or securely retain it where required by law.
12. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
These may include:
a. password protection;
b. access controls;
c. encryption where appropriate;
d. secure hosting;
e. monitoring and logging;
f. backups;
g. staff or contractor access restrictions;
h. payment provider security controls;
i. software updates and maintenance.
However, no online system is completely secure. Users are responsible for keeping their login details secure and notifying us promptly if they suspect unauthorised access.
13. Customer Responsibilities
Customers should ensure that the information they provide when placing an Order is accurate.
Customers should not include unnecessary sensitive personal information in order notes.
If Customers have questions about food preparation, allergens, ingredients, delivery, refunds or complaints, they should contact the Merchant directly unless the issue relates to Digiorder’s Platform.
14. Merchant Responsibilities
Merchants are responsible for using Customer personal data lawfully.
Merchants must:
a. only use Customer data for lawful purposes;
b. keep Customer data secure;
c. restrict access to authorised staff;
d. not sell Customer data;
e. not spam Customers;
f. not use Customer data for unrelated marketing without lawful permission;
g. handle privacy requests properly;
h. comply with UK GDPR, PECR and other applicable laws.
Merchants should have their own privacy policy where required.
15. Marketing Communications
We may send marketing communications to Merchants, prospective Merchants or users who have agreed to receive them.
You can opt out at any time by:
a. clicking the unsubscribe link in an email;
b. contacting us at [insert email];
c. changing your marketing preferences, where available.
Even if you opt out of marketing, we may still send important service messages, account notices, security alerts, billing notices and legal updates.
16. Children
Digiorder is not intended for use by children.
We do not knowingly collect personal data from children. If we become aware that a child has provided personal data to us without appropriate permission, we may delete it.
Merchants are responsible for complying with any laws relating to age-restricted products or services.
17. Your Data Protection Rights
Depending on the situation, individuals may have the following rights:
a. the right to be informed about how personal data is used;
b. the right of access to personal data;
c. the right to correct inaccurate personal data;
d. the right to request deletion of personal data;
e. the right to restrict processing;
f. the right to object to processing;
g. the right to data portability;
h. the right to withdraw consent;
i. the right to complain to the ICO.
These rights are not absolute and may depend on the circumstances.
To exercise your rights, contact us at [insert privacy email].
We may need to verify your identity before responding.
18. Complaints
If you are unhappy with how we use your personal data, please contact us first so we can try to resolve the issue.
You also have the right to complain to the Information Commissioner’s Office, the UK data protection regulator.
19. Links to Other Websites
Digiorder may contain links to Merchant websites, payment providers, delivery providers, social media pages or other third-party websites.
We are not responsible for the privacy practices, content or security of third-party websites.
You should read the privacy policies of any third-party websites or services you use.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
When we make changes, we may update the “Last updated” date at the top of this page.
If we make material changes, we may notify users by email, dashboard notice, website notice or another appropriate method.
Your continued use of Digiorder after changes take effect means you acknowledge the updated Privacy Policy.
21. Contact Us
For privacy questions, requests or complaints, contact:
Digiorder
Legal company name: [insert legal company name]
Email: [insert privacy email]
Website: [insert website]
Address: [insert business address]