Privacy Policy (GDPR)

1. Scope

This policy describes how QwikEat processes personal data in connection with the use of the SaaS solution by Merchants and their end customers.

2. GDPR roles

• The Merchant acts as the Data Controller for its customer data.
• QwikEat Ltd acts as the Data Processor within the meaning of Article 28 of the GDPR.

3. Categories of data processed

• Identification data (first name, last name, email, phone)
• Order data
• Technical data (logs, IP, session identifiers)
• Order-related messages (e.g., WhatsApp if enabled)

Payment data: QwikEat does not process any banking data. Payments are handled exclusively by the Merchant's payment provider (e.g., Stripe).

4. Purposes of processing

• Order transmission and management
• Technical operation of the platform
• Customer support and technical assistance
• Security and fraud prevention
• Continuous service improvement

5. Legal basis

• Contract performance
• Legal obligations
• Legitimate interest (security, improvement)

6. Subprocessors

QwikEat may use technical subprocessors (hosting, messaging, monitoring, analytics) selected for their security and GDPR compliance guarantees.

7. Transfers outside the European Union

When data is transferred outside the EU, QwikEat implements appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

8. Retention period

Data is retained only for as long as strictly necessary for the purposes pursued and legal obligations.

9. Rights of data subjects

Under the GDPR, individuals have rights of access, rectification, erasure, objection, restriction, and portability.

Contact: privacy@qwikeat.co

10. Supervisory authority

Office of the Commissioner for Personal Data Protection – Cyprus