1. Who We Are
Online eMenu FZ-LLC ("Online eMenu", "we", "us", "our") is the data controller for personal data collected through onlineemenu.com and the Online eMenu platform. We are registered in the Dubai Internet City free zone, UAE.
For data protection enquiries, contact our privacy team at privacy@onlineemenu.com.
2. Data We Collect
We collect information in three ways:
A. Information you give us directly
- Account registration: name, email address, phone number, business name, country
- Contact and enquiry forms: name, email, phone, message content
- Billing information: name, company, address (payment card details are processed by our payment provider — we do not store raw card numbers)
- Support communications: email or chat messages you send to us
B. Information collected automatically
- Usage data: pages visited, features used, session duration, button clicks
- Device & browser data: IP address, browser type, operating system, language preference
- Cookies and similar technologies (see Section 6)
- Error logs and performance data
C. Restaurant customer data (processor role)
When restaurants use Online eMenu to manage orders, menus, and loyalty programmes, they may collect data about their own customers. In that context, the restaurant is the data controller and Online eMenu acts as a data processor, bound by a Data Processing Agreement.
3. How We Use Your Data
| Purpose | Data used |
|---|---|
| Provide and operate the platform | Account details, usage data |
| Process payments and issue invoices | Billing name, address, email |
| Respond to support requests | Name, email, message content |
| Send transactional emails (receipts, password resets) | Email address |
| Send product updates & marketing (with consent) | Name, email |
| Improve and develop features | Aggregated usage data, error logs |
| Comply with legal obligations | As required by law |
| Prevent fraud and abuse | IP address, account activity |
4. Legal Basis for Processing (GDPR / UAE PDPL)
Where GDPR or the UAE Personal Data Protection Law applies, we rely on:
- Contract performance — processing necessary to provide the service you signed up for
- Legitimate interests — improving the platform, preventing fraud, internal analytics
- Consent — marketing emails and non-essential cookies (withdraw at any time)
- Legal obligation — complying with applicable laws such as tax and financial reporting
5. Sharing & Disclosure
We do not sell personal data. We share data only in these limited circumstances:
- Service providers: cloud hosting (AWS), email delivery, payment processing (Stripe, Telr), analytics — each bound by data processing agreements
- Legal requirements: if required by law, court order, or to protect our rights
- Business transfers: in the event of a merger or acquisition, you will be notified
Restaurant customer data is never used for Online eMenu's own marketing purposes.
6. Cookies & Tracking
| Category | Purpose | Can you opt out? |
|---|---|---|
| Essential | Login sessions, CSRF protection, load balancing | No (required) |
| Analytics | Google Analytics — page views, traffic sources (IP anonymised) | Yes — cookie banner or browser settings |
| Marketing | Retargeting, ad conversion tracking | Yes — cookie banner |
You can manage cookie preferences via our cookie banner or your browser settings. Withdrawing consent does not affect your ability to use the platform.
7. Data Retention
- Active account data: retained for the duration of your subscription plus 90 days after cancellation
- Billing records: 7 years (UAE and EU tax regulations)
- Marketing contact data: until you unsubscribe or request deletion
- Support communications: 3 years
- Website analytics logs: 26 months
After retention periods expire, data is securely deleted or anonymised.
8. Your Rights
Depending on your location, you may have the right to:
- Access — request a copy of personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data
- Restriction — ask us to limit how we process your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests or direct marketing
- Withdraw consent — for any consent-based processing, at any time
To exercise any right, email privacy@onlineemenu.com with subject "Data Rights Request". We will respond within 30 days.
EU/UK residents may lodge a complaint with your local Data Protection Authority. UAE residents may contact the TDRA.
9. Security
- TLS 1.2+ encryption in transit for all web and API traffic
- AES-256 encryption at rest for stored data
- Role-based access controls limiting staff access to data
- Regular security audits and penetration testing
- Multi-factor authentication for internal systems
If you suspect a security incident, contact security@onlineemenu.com immediately.
10. International Data Transfers
Your data may be processed in the UAE, India, the UK, or the EEA depending on the infrastructure services used. For EU/UK personal data transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions. UAE transfers comply with Federal Decree-Law No. 45 of 2021 and DIFC Data Protection Law 2020.
11. Children's Privacy
Our platform is not directed to children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact privacy@onlineemenu.com and we will delete it promptly.
12. Changes to This Policy
When we make material changes, we will update the "Last updated" date, notify active subscribers by email at least 14 days before the change takes effect, and display a dashboard notice. Continuing to use the platform after the effective date constitutes acceptance.
13. Contact Us
- Privacy enquiries:privacy@onlineemenu.com
- General:sales@onlineemenu.com
- Address: Online eMenu FZ-LLC, Dubai Internet City, Dubai, UAE
We aim to acknowledge all privacy requests within 5 business days and resolve them within 30 days.