Eatro

Log In
Book a Demo

Eatro Privacy Policy

1. Introduction and Scope

Eatro Tech FZ-LLC (“we,” “us,” or “our”) operates an all-in-one ordering, delivery, and loyalty Platform designed for Quick Service Restaurants (QSRs) and other merchants (our “Merchants“).

This policy details how we handle Personal Data—any data that can identify an individual—in accordance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

This policy applies to:

  • Merchants: Data related to our business partners (employees, managers, and owners).
  • End Customers: Data related to individuals placing orders directly through a Merchant’s Eatro-powered channel.

2. Legal Basis for Processing

We process your Personal Data only when we have a legal basis to do so, as recognized under the UAE PDPL:

  • Consent: You have given clear and unambiguous consent for a specific purpose (e.g., opting into marketing).
  • Contract: Processing is necessary to fulfill a contract with you or to take steps at your request before entering a contract (e.g., processing orders).
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests do not override your fundamental rights and freedoms.
  • Legal Obligation: Processing is necessary to comply with a legal obligation imposed on us in the UAE.

3. Information We Collect

A. Merchant Data (Data Controller: Eatro Tech FZ-LLC)

We collect and process this data for account management and service delivery:

  • Contact & Account Data: Name, business email, phone number, business address, and login credentials.
  • Financial Data: Bank details, billing address, and transaction records for subscription and payment gateway fees.
  • Operational Data: Restaurant details, POS system integration keys, and delivery service configurations.

B. End Customer Data (Data Controller: The Merchant)

When an order is placed through an Eatro-powered channel, we collect and process data as a Data Processor on behalf of the Merchant (the Data Controller).

  • Order & Contact Details: Customer name, phone number, email address, specific delivery address, full order history, and payment method details.
  • Technical Data: IP address and device information.

4. How We Use the Information

A. For Merchants

We use Merchant Data to:

  • Provide and maintain the Platform services, ensuring continuous order management and functionality
  • Manage billing and collect subscription and transaction fees.
  • Communicate updates, support notices, and essential service information.

B. For End Customers (Processing on behalf of the Merchant)

We process End Customer Data strictly under the instructions of the Merchant to:

  • Fulfill the customer’s order (e.g., passing address to the delivery partner).
  • Facilitate order communication (confirmation, tracking) via SMS or email.
  • Power the Merchant’s targeted and smart marketing and loyalty programs (e.g., sending triggered offers based on purchase history).

5. Data Ownership and Disclosure

A. Ownership and Control

The Merchant retains full ownership and control over all End Customer Data. Eatro Tech FZ-LLC acts only as a processor and will not use, sell, or disclose this data for our own marketing or business purposes without the Merchant’s express permission.

B. Disclosure (Sharing Data)

We may share your Personal Data (Merchant and End Customer, where relevant) with third parties who are necessary for service delivery:

  • Service Providers: Entities providing essential functions like cloud hosting (data stored within the UAE or compliant jurisdictions), payment gateways (e.g., Eatro Pay partners), and communication services.
  • Delivery Partners: Integrated courier services to facilitate last-mile delivery.
  • Legal Requirements: Where disclosure is necessary to comply with the PDPL, other UAE federal laws, or lawful requests by public authorities.

6. Data Transfer (Cross-Border)

We may store or process Personal Data outside the UAE only to the extent permitted by the PDPL and its Executive Regulations. When transferring data internationally, we ensure adequate protection through legally recognized mechanisms, such as contracts or approved data transfer protocols, to safeguard your data.

7. Your Data Subject Rights (UAE PDPL)

Under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), you have specific rights concerning your Personal Data:

  • a. Right to Access 
    • Description: You have the right to obtain confirmation about the processing of your Personal Data and to access the data being held.
    • Action: Contact us/the Merchant to request details.
  • b. Right to Request Correction/Deletion
    • Description: You can request that inaccurate data be corrected or that your data be deleted when it is no longer necessary for the purpose for which it was collected.
    • Action: Contact us/the Merchant to request changes or deletion.
  • c. Right to Restrict Processing
    • Description: You have the right to limit how we use your Personal Data in specific, legally defined circumstances.
    • Action: Contact us/the Merchant to lodge a request.
  • d. Right to Portability
    • Description: You have the right to receive your Personal Data in a structured, commonly used, and electronic format.
    • Action: Contact us/the Merchant to request transfer.
  • e. Right to Object to Processing
    • Description: You have the right to object to the processing of your Personal Data when it is based on legitimate interests or is used for direct marketing purposes.
    • Action: Use the unsubscribe link in marketing communications or contact us/the Merchant.

Note for End Customers: To exercise your rights regarding your order data, you must contact the specific Merchant (the restaurant) first, as they are the Data Controller responsible for your information.

8. Data Security and Breach Notification

We implement robust technical and organizational measures to protect Personal Data against unauthorized access, loss, or misuse, in compliance with PDPL standards.

In the event of a security breach that is likely to harm the data subject, we will comply with the PDPL’s requirement to notify the relevant UAE authorities and affected individuals within the legally stipulated timeframe.

9. Contact Information

For questions regarding this policy or to exercise your rights:

Data Controller: Eatro Tech FZ-LLC

Address: Ground Floor, DMC5, Dubai Media City, Dubai, United Arab Emirates

Email: legal@eatrotech.com