Privacy Policy — restaurant.digital

1. Data Controller

The controller of personal data processed in connection with the use of the restaurant.digital service is:

Core Duo sp. z o.o. ul. Lipowa 3D, 30-702 Krakow, Poland KRS 0001091475, NIP 6793292643, REGON 527947734

GDPR-related contact: contact@restaurant.digital

2. Legal basis for processing

We process your personal data on the following legal bases:

Purpose	Legal basis (GDPR)
Provision of site-generation services	Art. 6(1)(b) — performance of a contract
Fulfilling the right to claim a site	Art. 6(1)(b) — performance of a contract
Ensuring the security of the service	Art. 6(1)(f) — legitimate interest
Handling complaints and reports	Art. 6(1)(c) — legal obligation
Analytics (upon consent)	Art. 6(1)(a) — consent
Marketing (upon consent)	Art. 6(1)(a) — consent
Financial settlements	Art. 6(1)(c) + tax laws

3. Scope of data collected

3.1. Data collected automatically (on every visit)

• IP address (anonymised — last octet in IPv4 / last 80 bits in IPv6)
• Browser User-Agent
• Date and time of the visit
• Address of the page visited
• Record of cookie consent (stored locally in the browser)

3.2. Data collected when a site is generated

• Restaurant name
• Restaurant address (city and country are sent to the AI model; the full address

is stored locally)

• Restaurant contact details (email, phone)
• Cuisine type, style, description
• Photos uploaded by the User
• User's email address (when claiming a site)

3.3. Data collected on registration/claiming (claim)

• Site owner's email address
• Verification token identifier (temporary, TTL 24h)
• Time of site claim

3.4. Data in activity logs

• Administrative actions (suspensions, flags, deletions)
• Error (crash) logs with anonymised IP, 90-day retention
• Email delivery logs (24-hour retention)

4. Purposes and recipients of data

4.1. Purposes of processing

1. Service delivery: site generation, editing, hosting
2. Identity verification: claim process, magic-link login
3. Security: abuse detection, rate-limiting, crash reporting
4. Handling requests: takedowns, DSARs, complaints
5. Analytics (upon consent): traffic and conversion statistics
6. Sending notifications: verification emails, administrative notices

4.2. Recipients of data

We may entrust your data to the following categories of recipients:

Category	Entities	Basis	Location
Hosting	Core Duo's own servers	Internal DPA	Poland / EU
DNS/CDN	Cloudflare	DPA + SCC	USA (adequacy)
AI	xAI (Grok)	DPA + data minimisation	USA (adequacy)
Email provider	SMTP provider (to be determined)	DPA	EU
Stock photos	Pexels, Envato	—	various
Photo galleries	Google (Places API — metadata only after sc-404)	DPA + SCC	USA (adequacy)

We do not sell your personal data.

5. Transfers to third countries

Some data may be transferred outside the European Economic Area (EEA):

• USA: xAI (Grok), Cloudflare, Google (metadata only), Pexels
• Transfers are carried out on the basis of Standard Contractual Clauses (SCC)

or the EU-US Data Privacy Framework, where applicable.

6. Data retention periods

Type of data	Retention period
Account data (after site claim)	Until account deletion + 30-day grace period
Unclaimed generated sites	30 days from generation (auto-suspension)
Emails (magic-link messages)	24 hours
Verification tokens	24 hours
Error logs	90 days
Analytics events	26 months
Takedown reports and statements of reasons (DSA art. 17)	5 years (DSA art. 24(5) — lex specialis with respect to art. 118 of the Polish Civil Code)
Accounting data (where applicable)	5 years (Polish Accounting Act)

7. Your rights (GDPR)

You have the following rights in connection with the processing of your personal data:

7.1. Right of access (Art. 15)

You may request information about the data we process. How: email to contact@restaurant.digital — our DPO will respond within 30 days.

7.2. Right to rectification (Art. 16)

You may correct inaccurate data. How: in the site editor (Contact tab) or by email.

7.3. Right to erasure (Art. 17)

You may request erasure of your data. How: the "Delete My Site" button in the editor, or by email. Deletion takes place after a 30-day grace period.

7.4. Right to restriction of processing (Art. 18)

You may request restriction of processing in specific situations. How: email to contact@restaurant.digital

7.5. Right to data portability (Art. 20)

You may receive your data in machine-readable form (ZIP with site.json + photos). How: email contact@restaurant.digital — our DPO compiles and delivers the export within 30 days.

7.6. Right to object (Art. 21)

You may object to processing based on legitimate interest. How: email or the cookie preferences panel.

7.7. Right not to be subject to automated decisions (Art. 22)

We do not use fully automated decision-making or profiling producing legal effects.

7.8. Right to lodge a complaint

You may lodge a complaint with the President of the Polish Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO):

• UODO: ul. Stawki 2, 00-193 Warsaw
• Email: kancelaria@uodo.gov.pl
• Website: https://uodo.gov.pl

8. Cookies and similar technologies

We use cookies and localStorage for:

Category	Purpose	Duration	Consent required
Essential	Session, CSRF, cookie-consent preferences	Session / 1 year	No
Analytics	Google Analytics (if enabled by the site owner)	26 months	Yes
Marketing	Ads (if enabled by the site owner)	13 months	Yes

Details in the Cookie Policy.

8a. Reporting illegal content

In short: - Spotted content on a site we host that breaks the law? Submit a notice at https://restaurant.digital/takedown. - We process notices without undue delay, within the time limits set out below (from 4 hours for CSAM up to 14 days for unclear cases). - The procedure is free of charge and available in Polish and English. - Legal basis: DSA arts. 11, 12, 14, 16, 17 and 23(2).

8a.1. Canonical URL. The Controller offers a mechanism for reporting illegal content in accordance with art. 16 DSA. The canonical (permanent) URL of the notice form is https://restaurant.digital/takedown. The address is permanent, easy to access, user-friendly and allows notices to be submitted exclusively by electronic means, as required by art. 16(1) DSA.

8a.2. Alternative channels. A notice may also be submitted:

• a) by email to contact@restaurant.digital (a priority address — not subject to the form's rate-limiting);
• b) in writing to: Core Duo sp. z o.o., ul. Lipowa 3D, 30-702 Krakow, Poland.

8a.3. DSA Point of Contact for authorities (art. 11 DSA). Member State authorities, the European Commission and the European Board for Digital Services contact the Controller at the canonical URL https://restaurant.digital/dsa-contact and by email at dsa@restaurant.digital. Languages supported: Polish (PL) and English (EN).

8a.4. Point of contact for recipients of the service (art. 12 DSA). Recipients of the service (Users, Restaurant Owners) may communicate with the Controller at contact@restaurant.digital. Communication does not rely solely on automated tools — every message is handled by a member of staff.

8a.5. Mandatory elements of a notice (art. 16(2) DSA). To be "sufficiently precise and adequately substantiated", a notice should contain:

• a) legal reasoning — an explanation of why the reporting party considers the content to be illegal (infringement of copyright, personality rights, defamation, hate speech, unfair commercial practices); you do not need to be a lawyer — a clear description of the problem is sufficient;
• b) precise location — the URL of the page or of the specific part of the content, together with a description allowing the item to be identified if the URL changes;
• c) identification of the reporting party — full name or company name and an email address; notices concerning offences under arts. 3–7 of Directive 2011/93/EU (CSAM) may be anonymous;
• d) good-faith statement — confirmation that the information provided is accurate and complete to the best of the reporting party's knowledge.

The form at https://restaurant.digital/takedown automatically enforces each of the fields above.

8a.6. Acknowledgement of receipt and timely processing (art. 16(4) and 16(6) DSA). The Controller acknowledges receipt of a notice without undue delay, and no later than within 3 business days. Notices are processed:

• a) within 4 hours of becoming aware — for content that is immediately harmful (CSAM, incitement to imminent violence, active fraud);
• b) within 3 business days — for notices of manifest illegality (copyright with proof of registration, personal data with evidence of infringement);
• c) within 7 business days — for notices requiring investigation (trade mark disputes, borderline cases);
• d) within 14 business days — for unclear notices or notices likely to fall outside scope.

These time limits correspond to the standard of "timely, non-arbitrary and objective" handling in art. 16(6) DSA and to the obligation to "act expeditiously to disable access" under art. 14(1) of the Polish Act on the Provision of Electronic Services (UŚUDE).

8a.7. Statement of reasons (art. 17 DSA). Every decision of the Controller that results in restricting the visibility of content, removing it, suspending a Site or terminating an account is documented and delivered both to the reporting party and to the Restaurant Owner, in the form of a written statement of reasons containing:

• a) the type of measure taken (removal, restriction, labelling, rejection);
• b) the territorial and temporal scope of the measure;
• c) the facts and circumstances on which the decision is based;
• d) the legal or contractual basis (a specific provision of law, clause of the Terms of Service or AUP);
• e) information about available remedies (internal appeal under 8a.8, out-of-court dispute settlement under art. 21 DSA, judicial proceedings).

Statements of reasons are kept in the Controller's internal register for 5 years (lex specialis under DSA art. 24(5) with respect to the general retention period in § 6 of this Policy). Legal basis for processing: art. 6(1)(c) GDPR (legal obligation).

8a.8. Appeals against decisions (voluntary quality standard). A Restaurant Owner whose content has been restricted or removed, and a reporting party whose notice has been rejected, may lodge an internal appeal within 6 months of the date of the decision. Appeals are free of charge and accepted by electronic means at contact@restaurant.digital, marked "Appeal — moderation decision". Decisions on appeals are taken within 14 business days of receipt by a person independent of the person who issued the original decision. The Controller relies on the exemption from the obligations of Section 3 of the DSA (arts. 20–28) as a micro-enterprise within the meaning of Recommendation 2003/361/EC (art. 19 DSA); this appeal procedure is provided voluntarily as a quality standard.

8a.9. Out-of-court dispute settlement (art. 21 DSA). Once the internal procedure is exhausted, the parties may choose an out-of-court dispute settlement body certified by the European Commission. The current list is available at https://digital-strategy.ec.europa.eu/en/policies/dsa-out-of-court-dispute-settlement. Choosing this route does not deprive either party of the right to judicial proceedings.

8a.10. Bad-faith notices (art. 23(2) DSA). The Controller reserves the right to suspend processing of notices from persons or entities that have previously submitted manifestly unfounded notices on repeated occasions. Benchmark: 3 unfounded notices in a month → warning; at the 4th → suspension of processing of notices for 2 months. Suspension is preceded by a warning and an opportunity to respond. Knowingly submitting a false notice may constitute the offence of false accusation (art. 234 of the Polish Criminal Code).

Cross-references: Terms of Service § 15, docs/legal/notice-and-takedown-procedure.md (full operational procedure), docs/legal/content-moderation-policy.md, section 13 of this Policy.

9. Children's data

The Service is not intended for persons under the age of 16. We do not knowingly collect data from children. If you learn that a child has provided us with their data, please contact us and we will erase it without undue delay.

10. Changes to the Privacy Policy

We may update this Privacy Policy. Material changes will be announced at least 14 days in advance by email or via a notice in the Service.

Internal review cadence. The Controller maintains this Policy under a cadence aligned with GDPR art. 24(1) (measures "kept under review"): an annual baseline review (15 January each calendar year) plus event-triggered mandatory re-reviews. Trigger catalogue includes: new sub-processor, new data category, new lawful basis, cross-border transfer change, regulatory change (GDPR delegated acts, AI Act phased entry, UODO / AEPD / EDPB guidance), security incident, DSAR class-action or surge pattern, formal recommendation from retained counsel or the Data Protection Officer. Full procedure, versioning rules (semver-lite: 1.0 → 1.1 minor textual update; 2.0 structural rewrite), and the trigger catalogue are maintained in the internal document docs/legal/review-triggers.md (sc-1018 — supersedes the prior quarterly-review assumption).

11. Contact

Core Duo sp. z o.o. ul. Lipowa 3D, 30-702 Krakow Email: contact@restaurant.digital

Data Protection Officer (DPO): Grzegorz Książczyk

13. Legal status of the Controller in relation to Generated Sites

In short: - We act as the hosting provider of your Site once you have claimed it — not as publisher or editor. - We do not review each photo, description or menu item in advance. - If we receive a substantiated notice that a specific piece of content is unlawful, we react in line with the procedure in section 8a. - Legal basis: art. 14 of the Polish Act on the Provision of Electronic Services (ustawa o świadczeniu usług drogą elektroniczną, UŚUDE) + art. 6 of Regulation (EU) 2022/2065 (Digital Services Act, DSA).

13.1. Role of the Controller. In relation to content published on Generated Sites after they have been claimed by the Restaurant Owner, the Controller acts as a hosting service provider within the meaning of art. 14(1) of the Polish Act of 18 July 2002 on the Provision of Electronic Services (Journal of Laws of 2020, item 344, as amended; hereinafter "UŚUDE") and as a hosting service provider within the meaning of art. 3(g)(iii) of Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 (Digital Services Act, hereinafter "DSA"). The Controller does not carry out prior (ex ante) monitoring or moderation of content submitted by Restaurant Owners and stored in the Service. In practice: you are the author and publisher of the content after claim; we are the server host — in the same way that Allegro does not inspect every listing, and YouTube does not watch every video before it is published.

13.2. Exclusion of liability (safe harbour). In accordance with art. 14(1) UŚUDE and art. 6(1) DSA, the Controller is not liable for content stored at the request of the Restaurant Owner where:

• a) it does not have actual knowledge of the unlawful character of that content, nor of facts or circumstances from which unlawfulness is apparent; and
• b) upon obtaining an official notification or credible information about the unlawful character of that content, it acts expeditiously to disable access to it (art. 14(1) in fine UŚUDE; art. 6(1)(b) DSA).

13.3. Material scope of the exclusion. The exclusion of liability described in 13.2 covers only content supplied by the Restaurant Owner after claiming the Site (in particular photographs, descriptions, contact details and menu items). It does not cover:

• a) content generated by the Controller in the course of creating the default draft of the Site (until its acceptance by the Owner during the claim process) — liability for such content is governed separately by § 8 of the Terms of Service and by the AI Content Policy;
• b) technical elements of the Service supplied by the Controller (infrastructure, templates, components);
• c) situations in which the Restaurant Owner acts under the authority or control of the Controller (art. 6(2) DSA — not applicable to the architecture of the Service);
• d) situations in which the Service would present a given piece of information in a manner that leads an average consumer to believe that it originates from the Controller (art. 6(3) DSA — not applicable: Generated Sites carry a "Powered by restaurant.digital" marker and, after claim, clearly identify the Owner).

13.4. Consequences of obtaining knowledge of unlawful content. Upon receipt by the Controller of an official notification (for example, a court or administrative order) or credible information (for example, a notice conforming to art. 16 DSA, as described in section 8a of this Policy) about the unlawful character of content, the Controller loses the conditional exclusion of liability in relation to that content unless it acts expeditiously to disable access to it. The procedure, deadlines and effects of a notice are described in section 8a of this Policy and in the "Notice-and-takedown procedure" document (docs/legal/notice-and-takedown-procedure.md).

13.5. Informing the recipient of the service about disabling access. In accordance with art. 14(3) UŚUDE, where the Controller disables access to content on the basis of credible information (as distinct from an official notification), it promptly informs the Restaurant Owner, providing reasons (DSA art. 17 — statement of reasons). The appeal procedure is described in section 8a of this Policy.

13.6. No general monitoring obligation. The Controller is not obliged to monitor or actively seek out facts or circumstances indicating the unlawful character of content stored at the request of the Restaurant Owner — in accordance with art. 15 UŚUDE and art. 8 DSA. This exclusion is without prejudice to orders of courts or authorities requiring specific actions to address unlawful content (art. 9 DSA).

13.7. DSA Point of Contact. The Controller designates a single point of contact for Member State authorities, the European Commission and the European Board for Digital Services (art. 11 DSA) at the canonical URL https://restaurant.digital/dsa-contact; email: dsa@restaurant.digital; languages: Polish, English. For recipients of the service (art. 12 DSA), the point of contact is contact@restaurant.digital.

Cross-references: Terms of Service § 14 (account suspension and deletion), Terms of Service § 15 (reporting illegal content), section 8a of this Policy (notice procedure and appeals), docs/legal/notice-and-takedown-procedure.md, docs/legal/content-moderation-policy.md.

14. Risks, functions of software and prohibitions (UŚUDE art. 6 + art. 8(3)(2)(b))

In short: - Using the internet carries certain risks — we list them explicitly in 14.1 and show you how to protect yourself. - Cookies and session tokens are, in legal terms, "software" — the table in 14.2 explains why we install them. - On sites hosted by the Service, you must not publish illegal content (14.3). - Legal basis: UŚUDE art. 6(1) (risks), art. 6(2) (function of the software), art. 8(3)(2)(b) (prohibition on unlawful content).

In accordance with art. 6 of the Polish Act of 18 July 2002 on the Provision of Electronic Services, the Controller informs the User of specific risks linked to the use of the Service (art. 6(1)) and of the function and purpose of software installed on the User's device (art. 6(2)). In accordance with art. 8(3)(2)(b) UŚUDE, the User is under a duty not to supply content of an unlawful character.

14.1. Specific risks of using the Service (art. 6(1) UŚUDE). The Controller applies risk-reducing measures (TLS 1.3, HSTS, CSP, CSRF tokens, IP anonymisation, automatic session logout, password hashing). Even so, the User should be aware of the following risks:

• a) interception of transmissions (sniffing, MITM) — in particular on open Wi-Fi networks without encryption; recommendation: use trusted networks or a VPN and check the HTTPS padlock in the address bar;
• b) phishing — messages impersonating the Service; the Controller never asks for a password by email; official magic-link URLs always point to the restaurant.digital domain;
• c) malicious software (malware, keyloggers, ransomware) — on the User's device these may lead to the compromise of access credentials; recommendation: up-to-date antivirus software and operating system updates;
• d) account takeover through compromise of the email inbox — because magic-link authentication relies on control of the inbox, loss of control over the inbox = loss of control over the Site; recommendation: enable two-factor authentication on the inbox;
• e) DoS/DDoS attacks — may temporarily prevent access to the Service; the Controller uses Cloudflare as a protection layer, without any guarantee that such attacks can be entirely avoided;
• f) unlawful interference by third parties with the content of a Generated Site before it is claimed by the Owner — if a third party gains control of the email inbox given in the questionnaire and performs the claim, recovery of the Site requires the verification procedure described in § 4 of the Terms of Service;
• g) loss of access to content — in the event of account suspension (Terms of Service § 14) or a finding that content is unlawful (section 8a), the content may become unavailable; recommendation: the Owner should regularly keep local backups (ZIP export in the editor);
• h) risk of inaccuracies in AI-generated content — text, descriptions and images generated by xAI Grok are not reviewed by a human before first presentation; after claim, the Owner is required to verify the content (Terms of Service § 8(4)).

If anything concerns you from a security perspective, write to contact@restaurant.digital. We treat every incident as a priority.

14.2. Function and purpose of software and data (art. 6(2) UŚUDE). The Controller installs on the User's device the following kinds of software and data that do not form part of the content of the service:

Type	Function	Purpose	Retention	Legal basis
Session cookies (strictly necessary)	Maintaining the login session, CSRF protection, cookie preferences	Provision of the service	Session / 1 year	Art. 173(3) of the Polish Telecommunications Act (consent exemption)
LocalStorage (preferences)	Remembering editor choices (language, theme) and wizard state	Usability	Until cleared by the User	Legitimate interest (art. 6(1)(f) GDPR)
Analytics cookies (after consent)	Google Analytics — traffic and conversion measurement	Statistics / optimisation	26 months	Consent (art. 6(1)(a) GDPR; art. 173(1) Polish Telecommunications Act)
Marketing cookies (after consent)	Personalised advertising (if enabled by the Owner)	Advertising	13 months	Consent
Magic-link tokens (query string)	Verification of the Site claim	Passwordless authentication	24 hours	Performance of a contract (art. 6(1)(b) GDPR)
Telemetry events (anonymised)	Detection of errors and attacks	Security of the Service	90 days (error logs), 26 months (analytics aggregate)	Legitimate interest / consent

A detailed list of all cookies (name, domain, type, duration, description) is available at docs/legal/cookies.en.md. The software above is ancillary (infrastructural, analytics, marketing) — it does not execute any code independently beyond the functions described in the table, does not modify the User's system and does not collect data beyond the scope declared.

14.3. Prohibition on supplying content of an unlawful character (art. 8(3)(2)(b) UŚUDE). The User is under a duty not to supply through the Service, or to publish on a Generated Site after claim, content of an unlawful character. The prohibition covers in particular:

• a) infringement of third-party rights — copyright (unlicensed copies of works), related rights, trade marks, personality rights (image, reputation), personal data (for example, publishing photographs of staff without consent);
• b) criminalised content — child sexual abuse material (art. 202 §§ 3–4 of the Polish Criminal Code), incitement to crime (art. 255 of the Polish Criminal Code), hate speech (arts. 256–257 of the Polish Criminal Code), defamation (art. 212 of the Polish Criminal Code), insult (art. 216 of the Polish Criminal Code);
• c) content misleading to consumers — false information about prices, composition or origin of products (for example, "fresh fish" where the fish is frozen), unauthorised reliance on certifications or awards, breaches of the Polish Act of 23 August 2007 on counteracting unfair commercial practices;
• d) content endangering health or life — promotion of illegal substances, prohibited health claims about foodstuffs (Regulation (EC) 1924/2006);
• e) discriminatory content — on grounds of sex, race, religion, sexual orientation or disability;
• f) content compromising the security of the Service — malware, scripts, iframes, SQL-injection, XSS payloads, link farms, SEO spam;
• g) content breaching sector-specific rules — including the prohibition on advertising alcoholic beverages above 18 % ABV (art. 13 of the Polish Act of 26 October 1982 on upbringing in sobriety), restrictions on tobacco advertising — as appropriate to the type of restaurant business; see the AUP for details.

A full list of prohibited uses is set out in § 7 of the Terms of Service and in the Acceptable Use Policy (docs/legal/acceptable-use-policy.md). A breach of the prohibition may trigger the measures described in section 8a of this Policy and in § 14 of the Terms of Service (account suspension, removal of content, notification to law-enforcement authorities).

Cross-references: Terms of Service § 7 (duties of the User), Terms of Service § 8 (AI content), Terms of Service § 14 (account suspension and deletion), Terms of Service § 15 (reporting illegal content), docs/legal/acceptable-use-policy.md (AUP), docs/legal/cookies.en.md (detailed list of cookies), section 8a of this Policy.

---