Menu
Special offer! Request a demo now and get 2 months of service for free!
Close
Menu
iiko Privacy Policy
Iiko is committed to assisting its clients comply with the General Data Protection Regulation (GDPR), which comes into effect May 25, 2018. The GDPR contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

iiko clients and partners can trust that we have made GDPR compliance a priority and have devoted significant and strategic resources toward our efforts to comply with GDPR where applicable to our business. This document outlines our approach and progress to date.

Our activities under GDPR
Like many other software companies, that work with European clients, iiko is in the process of rolling out its GDPR compliance strategy leading up to May 2018 and beyond. iiko appreciates that our clients and partners have requirements under GDPR, and iiko is committed to helping our clients and partners fulfil the requirements under GDPR and local law through the use of iiko products and services.

Below are a few examples of initiatives iiko has committed to in order to satisfy GDPR requirements that apply to both Iiko and our clients and partners:

  • Ensuring our products are designed in accordance with GDPR.
  • Committing to follow any additional security and privacy measures required under GDPR.
  • Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR. This includes Standard Contractual Clauses to be used for theregulation of such transfers.
  • Assisting with respect to security and privacy of processing, notifying regulators of breaches, and promptly communicating any breaches to clients and partners.
  • Assisting with data processing security and privacy requirements, notifying regulators of personal data breaches and promptly communicating any such breaches to our clients, partners and end-users.
  • Ensuring that Iiko staff who access and process Iiko customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
  • Holding any third parties that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
  • Commiting to carrying out data impact assessments and consulting with EU regulators where appropriate.

GDPR FAQ
Does iiko process Personal Data?
Yes, iiko processes Personal Data to provide the products and services and for other limited purposes that will be enumerated in our Privacy Policy, we are preparing to release shortly.

To give you a few examples:

  • We process personal data of our partners and clients to be able to perform pre-contractual and contractual activities, training, certification, support services.
  • We process personal data of our clients in order to provide the ability to perform their business activities using iiko software and services.
  • We may process data of customers of our clients if we are instructed by our clients to do so, which is usually related to business operations they perform using iiko products (for example, delivery service)

Is iiko controller or processor?
Actually both. In terms of software services we provide – iiko is processor. Our clients are the controllers. It is for the restaurant management teams to decide if they want to provide delivery service and store customers database, or use loyalty programs with personal bonus wallets. Or even which employee records they want to have in the iiko system, use real names or some nick names. iiko just assure their data are stored in a safely and secure manner. As a Restaurant Management System iiko do not store any special categories of data.

In terms of our interactions with our partners, clients in order to manage our relationships and our own employees – we are controllers..

Where does iiko send my data?
Our goal is to provide our partners and clients with secure, fast, and reliable services and make sure our services will help them, in turn, provide their customers with appropriate service level. Depending on service type data may be stored in different locations.

For example,

  • Data processed through iiko products and services, including customers' data and store employees data may be stored in the data center located in Germany (https://www.hetzner.com, DPA is provided upon request). Some parts of such data are stored on devices located within client's (store) local network, and therefore the responsibility of the clients, (we are preparing guideline with iiko recommendations on local network security to help our clients to be GDPR compliant)
  • Data related to contact information about our partners and clients
  • Data related to technical support service, it also may be transferred the personal data to our service providers to enable support services to be provided

Do I need to get consent from all customers of my restaurant?
It is up to restaurant management to decide, but, actually, no, this is not necessary.

For example, to perform delivery service you need to know some personal data to perform service, you just cannot provide it without knowing address or customer phone. So you don't need to ask for consent for that, as the information is necessary for you to comply with the contract for delivery that you have with your customers. Then you need to store data for a while – just to be able to provide answers in case of any complaints from your customer. Or even further, to provide better service at the repeat order and not to ask all his address info again. This is known as your "Legitimate Interest". You do not store data in vain, you do it for purpose, which is necessary for your business goals.

In iiko components, we will provide the ability to handle personal data according to your decision. If you decide to get consent from every customer of your restaurant, we can facilitate that. If instead you provide your customers with well-defined legitimate interest for storing their data under your privacy policy – it won't be necessary to tick consent mark every time you create order.