Skip to content
Back to Home

Data Processing Terms

Data-processing terms for restaurants using OrderNow modules. Effective from: 05.05.2026

Legal verification required: these terms reflect the current product map and Article 28 GDPR structure, but they should be reviewed by a lawyer before being used as a negotiated enterprise DPA.

1. Parties and roles

The processor is: Robert Dziak, operating an unregistered business activity under the OrderNow brand, Warsaw, Poland, unregistered business activity (not entered in CEIDG), contact: kontakt@ordernow.pl, +48 514 192 425.

The restaurant is the controller for personal data it enters into restaurant modules or collects through its own storefront, including guest, customer, staff, courier and supplier data.

OrderNow remains a separate controller for its own account administration, support, security, billing, legal claims and product analytics described in the Privacy Policy.

2. Processing scope

  • Subject matter: providing OrderNow software for QR menu, online ordering, reservations, delivery operations, loyalty, KDS, staff and restaurant administration.
  • Duration: for the term of the restaurant's use of OrderNow and afterwards only for deletion, export, legal claims or mandatory retention.
  • Nature and purpose: hosting, storing, displaying, transmitting, securing and supporting data processed in restaurant workflows.

3. Data categories

Depending on enabled modules, processing may include names, email addresses, phone numbers, delivery addresses, table or order identifiers, reservations, order history, loyalty balances, feedback, staff accounts, roles, shifts, courier assignments, supplier contact data and uploaded operational documents.

4. Processor obligations

  • OrderNow processes entrusted data only on documented instructions from the restaurant, including these Terms, the commercial agreement and product settings selected by authorised restaurant users.
  • OrderNow limits access to authorised persons and requires confidentiality from persons involved in providing the service.
  • OrderNow applies technical and organisational safeguards appropriate to the service, including access control, encrypted transport, backups, logging and separation of restaurant workspaces where supported by the system.

5. Sub-processors

OrderNow may use hosting, database, storage, email, analytics, monitoring and support providers listed by category in the Privacy Policy. OrderNow remains responsible for imposing data-protection obligations on sub-processors.

Material changes to sub-processors should be communicated through the Privacy Policy, product notice, email or other durable channel allowing the restaurant to object where required by law or contract.

6. Assistance and end of service

  • OrderNow assists the restaurant, within reasonable technical possibilities, with data-subject requests, security incidents, DPIA-related information and audits.
  • After service termination, OrderNow deletes or returns entrusted personal data according to product capabilities, retention rules and legal requirements.
  • If OrderNow believes an instruction infringes data-protection law, it should inform the restaurant unless prohibited by law.