Privacy Policy - Alpiccolino

Privacy Policy for www.alpiccolino.nl

Effective Date: October 26, 2023

1. Introduction

Welcome to Alpiccolino! We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and disclose your personal data when you use our website www.alpiccolino.nl (the "Website") for food delivery services.

2. Who We Are

Al PiccoLino, operating under the name Alpiccolino, is responsible for the processing of your personal data collected through this Website. You can contact us regarding this Privacy Policy at:

Al PiccoLino
Roerdompstraat 5
1551 GJ Westzaan
Nederland
Info@alpiccolino.nl
+31 (0)6 87690299

3. Personal Data We Collect

We collect personal data from you when you use our Website, specifically in the following ways:

Account Registration (Optional):

  • Email address
  • Password
  • Name

Automatic Account Creation (During Order):

  • Email address (initially)
  • Name
  • Phone number
  • Delivery Address

    • (These details are collected during the order process and used to complete your account profile)

Order Placement (With or Without Account):

  • Name
  • Email address
  • Phone number
  • Delivery address
  • Order details (items you order)
  • Delivery instructions (day and time of delivery)
  • Payment information (depending on the payment method selected)

4. Purposes of Processing Your Personal Data

We use your personal data for the following purposes:

  • Verstrekken en Beheren van Uw Account: Om uw account op onze Website aan te maken en te beheren, indien u ervoor kiest te registreren of wanneer automatisch een account wordt aangemaakt na een bestelling.
  • Verwerken en Uitvoeren van Bestellingen: Om uw maaltijdbezorgingsbestellingen te verwerken, inclusief het aannemen van uw bestelling, het regelen van de bezorging en het communiceren met u over de status van uw bestelling.
  • Klantencommunicatie: Om met u te communiceren over uw bestellingen, uw vragen te beantwoorden en klantenondersteuning te bieden.
  • Betalingsverwerking: Om uw betalingen voor bestellingen te verwerken.
  • Verbeteren van Onze Diensten: Om websitegebruik en bestelpatronen te analyseren om onze diensten en klantervaring te verbeteren.

5. Legal Basis for Processing Your Personal Data

We rely on the following legal bases under applicable data protection law for processing your personal data:

Contractual Necessity:

The processing of your personal data is necessary for the performance of a contract to which you are a party, specifically to process and fulfill your food delivery orders. This includes using your data to:

  • Manage your account (if created).
  • Take and process your orders.
  • Arrange for food delivery.
  • Process payments.
  • Communicate with you about your order.

Legitimate Interests:

We may also process your personal data based on our legitimate interests, provided that such interests are not overridden by your rights and interests. These legitimate interests include:

  • Improving our services: Analyzing website usage and order patterns to enhance our Website, services, and customer experience.
  • Customer support and communication: Responding to your inquiries and providing efficient customer support.
  • Website security and fraud prevention: Ensuring the security of our Website and preventing fraudulent activities.

Consent:

We will rely on your consent for specific processing activities, such as using your email address or phone number for marketing communications and promotional offers. When we rely on consent, we will:

  • Clearly explain what you are consenting to.
  • Obtain your explicit consent (e.g., through a clear opt-in mechanism).
  • Provide you with the right to withdraw your consent easily at any time.

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients for the purposes described below:

Payment Processors:

To process your online payments, we use third-party payment processors, namely Stripe and PayPal. When you make a payment through our Website, your payment information is collected and processed securely by these payment processors. We do not directly store your full payment card details on our Website. We encourage you to review the privacy policies of Stripe and PayPal to understand how they process your payment data.

Service Providers for Website Operation:

We utilize third-party service providers to support the operation and functionality of our Website. This includes providers for:

  • Website hosting: Our Website is hosted by a hosting service provider to ensure its availability and security.
  • Website functionality and analytics: We use plugins and third-party tools to enhance our Website's features, analyze website usage, and improve user experience.

    • (These providers may have access to personal data to provide their services to us. We ensure that these providers are contractually obligated to protect your data and process it only in accordance with our instructions and applicable data protection laws.)

Delivery Personnel:

Food delivery is carried out by our own employees. We share necessary order information (such as name, delivery address, phone number, and order details) with our delivery personnel to fulfill your orders.

Legal Compliance and Protection:

We may disclose your personal data to legal authorities or other third parties when we believe it is necessary to:

  • Comply with applicable laws, regulations, or legal processes.
  • Respond to requests from public authorities.
  • Protect our rights, privacy, safety, or property, and/or that of our users or others.
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our Terms of Service.

Business Transfers:

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any such change in ownership or control and the choices you may have regarding your personal data.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. Data Security

We take reasonable and appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Secure Website Connection (HTTPS): Our Website uses HTTPS encryption to secure communication between your browser and our servers, protecting your data during transmission.
  • Access Controls: We implement access controls to limit access to personal data to authorized personnel who need it to perform their job functions.
  • Regular Security Assessments: We conduct regular assessments of our security measures to ensure they remain effective and up-to-date.
  • Protection of Payment Information: As mentioned in Section 6, payment processing is handled by Stripe and PayPal, who utilize secure technologies to protect your payment information. We do not directly store your full payment card details on our systems.
  • Data Minimization: We strive to collect and retain only the personal data that is necessary for the purposes outlined in this Privacy Policy.

However, please remember that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach, we will comply with applicable data protection laws, including notification requirements.

8. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, and to comply with applicable legal obligations. Specifically:

Order Data:

We will retain order data (including order details, delivery information, and related communication) for as long as necessary to process and fulfill your orders, provide customer support, handle any order-related inquiries or disputes, and for our internal record-keeping and business analysis purposes. Generally, we will retain order data for as long as you have an account and for 2 years thereafter. We may need to retain certain order data for longer periods to comply with legal and regulatory obligations, such as tax or accounting requirements.

Account Data:

If you create an account, we will retain your account data as long as your account is active. If you close your account or it becomes inactive for a prolonged period, specifically for 1 year of inactivity, we may retain your account data for a limited period for customer service purposes, to handle any outstanding issues, and as permitted by applicable law. In some cases, we may anonymize or aggregate account data after it is no longer needed for active service provision.

Marketing Consent Data:

If we process your personal data based on your consent (e.g., for marketing communications), we will retain records of your consent as long as necessary to demonstrate compliance with applicable law and until you withdraw your consent. Upon withdrawal of consent, we will cease processing your data for marketing purposes.

General Principle:

We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. When we no longer need your personal data, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

You have the right to request deletion of your personal data in certain circumstances, as described in Section 9 "Your Rights" below.

9. Your Rights

You have certain rights regarding your personal data that we collect and process, and we want to make it easy for you to exercise these rights. Depending on your location and applicable data protection laws, your rights may include the following:

  • Right to Access: You have the right to request confirmation as to whether we process your personal data, and to request access to the personal data we hold about you and information about our processing activities.
  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data we hold about you. You can update your account information directly through your account settings on our Website, or by contacting us.
  • Right to Erasure ("Right to be Forgotten"): In certain circumstances, you have the right to request the deletion of your personal data. This right may apply if the personal data is no longer necessary for the purposes for which it was collected, if you withdraw your consent (where applicable), or if the processing is unlawful.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing based on our legitimate interests and processing for direct marketing purposes.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that our processing of your personal data infringes applicable data protection laws. For the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens.

How to Exercise Your Rights:

To exercise any of these rights, please contact us using the contact details provided in Section 2 "Who We Are" of this Privacy Policy. We will respond to your request in accordance with applicable data protection laws. We may need to verify your identity before processing your request.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or for other operational, legal, or regulatory reasons. We will post any changes on this page and update the "Effective Date" at the top of this Privacy Policy.

If we make material changes to this Privacy Policy, we will take reasonable steps to notify you. This may include:

  • Posting a prominent notice on our Website for a reasonable period before the changes become effective.
  • Sending you an email notification to the email address you have provided to us, if appropriate and if we have your email address.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of the Website after the posting of changes constitutes your acceptance of such changes.

This Privacy Policy was last updated on October 26, 2023.