Back
Privacy Policy

Last updated: 1/15/2025

Introduction

zapfood ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform.

Data Controller

Supersite (business ID: 2629485-2), operating the zapfood platform, is the data controller responsible for your personal data. Address: Säveltie 1 F 6, 01390 Vantaa, Finland. We determine how and why your personal data is processed.

Legal Basis for Processing

We process your personal data based on: (a) contractual necessity — to provide the services you have subscribed to; (b) legitimate interest — to improve our platform, prevent fraud, and ensure security; (c) legal obligation — to comply with tax, accounting, and other regulatory requirements; (d) consent — for marketing communications and optional analytics, which you may withdraw at any time.

Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email address, password)
  • Business information (restaurant name, address, contact details)
  • Payment information (processed securely through our payment providers)
  • Usage data (how you interact with our platform)
  • Cookie and tracking data (see our Cookie Policy)

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Send you updates, security alerts, and support messages
  • Analyze usage patterns to improve our platform
  • Comply with legal obligations

Information Sharing

We may share your information with:

  • Payment processors (Stripe, Paytrail, Visma Pay) for secure payment handling
  • Email service providers for transactional communications
  • Analytics providers to improve our services
  • Cloud hosting providers for data storage
  • File storage providers for uploaded content (images, documents)

International Data Transfers

Some of our service providers may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your personal data in accordance with GDPR requirements.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. Accounting and transaction data is retained for 6 years as required by Finnish Accounting Act (kirjanpitolaki). After account deletion, personal data is removed promptly, except where retention is required by law.

Your Rights

Under GDPR, you have the following rights:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to request deletion of your data
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent at any time, where processing is based on consent
  • Right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuojavaltuutetun toimisto, tietosuoja.fi)

Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, regular security assessments, and access controls.

Cookies

We use cookies and similar tracking technologies to maintain your session and preferences. You can manage your cookie preferences through our cookie consent banner.

Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us: Supersite (business ID: 2629485-2), Säveltie 1 F 6, 01390 Vantaa, Finland. Email: [email protected]

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes with reasonable advance notice by email and by posting the updated policy on this page with a new "Last updated" date.