Privacy Policy

This Privacy Policy (“Policy”) describes how Eaty City OÜ (“Company”, “we”, “us”) collects, uses, and protects personal data in connection with the Platform and Services.

This Policy applies to Customers, Merchants, and users of the Platform.

1. Company Details

Eaty City OÜ
Registry code: 17472625
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tartu mnt 67/1-13b, 10115, Estonia
Contact: info@eatycity.com

2. Legal Framework

This Policy is governed by the General Data Protection Regulation (“GDPR”).

Depending on the context:

  • Merchant acts as Data Controller for Customer data
  • Company acts as Data Processor (platform services)
  • Company may act as Independent Controller for certain data (e.g. platform analytics, security)

3. Data We Collect

3.1 Customer Data

We may process:

  • Name
  • Email address
  • Phone number
  • Order details
  • Transaction history
  • Loyalty balance
  • Device and usage data
  • IP address

3.2 Merchant Data

  • Company name
  • VAT number
  • Business address
  • Contact persons
  • Payment account details

3.3 Technical Data

  • Log files
  • Device identifiers
  • Cookies and tracking data

4. Purpose Of Processing

We process Personal Data for:

  • Providing the Platform and Services
  • Processing transactions via Stripe, Inc.
  • Managing Loyalty Program
  • Analytics and reporting
  • Fraud prevention and security
  • Legal compliance

5. Legal Basis

Depending on context, processing is based on:

  • Performance of a contract
  • Legitimate interests (platform improvement, fraud prevention)
  • Legal obligations
  • Consent (where required)

6. Loyalty Program Data

Loyalty-related data:

  • Is used solely for promotional and engagement purposes
  • Does not represent financial accounts
  • Is not treated as stored value

7. Data Sharing

We may share data with:

  • Payment providers (e.g. Stripe)
  • Hosting providers
  • Analytics providers
  • Legal authorities (if required)

We do not sell personal data.

8. International Transfers

Where data is transferred outside the EEA, we ensure safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions

9. Data Retention

We retain Personal Data:

  • As long as necessary for Services
  • To comply with legal obligations
  • To resolve disputes

After this, data is deleted or anonymized.

10. Data Subject Rights

Under GDPR, individuals have the right to:

  • Access their data
  • Rectify inaccuracies
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing

Requests may be sent to: info@eatycity.com

11. Security

We implement appropriate security measures:

  • Encryption (TLS)
  • Access controls
  • Monitoring and logging
  • Secure infrastructure

12. Cookies

The Platform may use cookies and similar technologies for:

  • Authentication
  • Analytics
  • Performance

A separate Cookie Policy may apply.

13. Third-Party Services

Payments are processed via Stripe, Inc.. Use of such services is subject to their own privacy policies.

14. Children

The Platform is not intended for children under 16. We do not knowingly collect such data.

15. Changes To This Policy

We may update this Policy with 30 days’ notice via Platform or website.

16. Contact

For any privacy-related questions:

Email: info@eatycity.com

17. Legal Status

This Privacy Policy:

  • Forms part of the contractual framework
  • Applies to Platform use
  • Is legally binding upon publication
Privacy Policy