TODO:AR

In this Data Processing Addendum:

• "Controller" means the venue operator — the Menumize account holder who determines the purposes and means of processing guest personal data.
• "Processor" means Naya Farms (trading as Menumize), which processes personal data on behalf of the Controller.
• "Data Subjects" means the restaurant guests whose personal data is processed through the Menumize platform.
• "Personal Data" means any information relating to an identified or identifiable natural person, including phone numbers, names, visit history, and feedback submitted through the platform.
• "Processing" means any operation performed on Personal Data, including collection, storage, retrieval, use, disclosure, and deletion.
• "Sub-processor" means a third party engaged by Menumize to process Personal Data in connection with the platform services.

The venue operator (Controller) determines what guest data is collected and for what purposes. Menumize (Processor) processes that data solely on the Controller's instructions, as set out in the Terms of Service and this Addendum.

Menumize will not process Personal Data for any purpose other than providing the contracted platform services. Menumize will not sell, rent, or use guest Personal Data for its own advertising or profiling activities.

Each party remains independently responsible for complying with applicable data protection laws in respect of its own role. The Controller is responsible for ensuring it has a lawful basis for collecting and using guest Personal Data, and for providing guests with appropriate notice of their rights.

Menumize processes the following categories of Personal Data on behalf of the Controller:

• Guest phone numbers (primary identifier), names, and contact details captured at the point of QR code scan or reservation
• Visit history, scan timestamps, and table context data
• Feedback ratings, categories, and comments submitted by guests
• Loyalty stamp history and reward redemption records
• Reservation details including date, time, party size, and reference codes
• WhatsApp message delivery logs (message ID, status, timestamp)

Processing is carried out for the duration of the Controller's active subscription. Upon termination of the subscription, Menumize will retain the data for 90 days, after which it will be permanently deleted unless the Controller has requested an earlier export or deletion.

The Controller consents to Menumize engaging the following sub-processors to provide the platform services. Menumize will ensure each sub-processor is bound by data protection obligations no less protective than those in this Addendum:

• Vercel — application hosting (United States)
• Neon — database hosting (United States)
• Meta (WhatsApp Business API) — message delivery infrastructure (global)
• 360dialog — WhatsApp Business API intermediary (EU/global)
• Resend — transactional email delivery (United States)
• Ably — real-time event infrastructure (global)

Menumize will notify the Controller of any material changes to its sub-processor list with reasonable advance notice, giving the Controller the opportunity to object. If an objection cannot be resolved, the Controller may terminate the subscription.

Menumize will assist the Controller in fulfilling Data Subject rights requests — including requests for access, rectification, erasure, restriction, and portability — within a timeframe that allows the Controller to meet applicable legal deadlines (typically 30 days).

Controllers may initiate a data subject rights request by contacting Menumize at info@menumize.com, specifying the guest's phone number or other identifier and the nature of the request.

Where a Data Subject submits a request directly to Menumize, Menumize will promptly forward the request to the relevant Controller. Menumize will not respond directly to Data Subjects on behalf of Controllers without the Controller's authorisation, except as required by law.

Menumize implements appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• Encryption of Personal Data in transit (TLS) and at rest
• Access controls ensuring that only authorised Menumize personnel can access Personal Data, on a need-to-know basis
• Confidentiality obligations for all staff and contractors with access to Personal Data
• Regular security reviews of platform infrastructure and code
• Logical separation of venue data to prevent cross-tenant access

In the event of a Personal Data breach that is likely to result in a risk to the rights and freedoms of Data Subjects, Menumize will notify the Controller without undue delay and in any case within 72 hours of becoming aware of the breach, providing sufficient detail to enable the Controller to meet its own notification obligations.

Personal Data processed by Menumize is stored on Neon's Postgres infrastructure (United States) and served via Vercel's edge network. These transfers are conducted on the basis of standard contractual clauses or equivalent transfer mechanisms recognised under applicable data protection law.

WhatsApp message content is processed through Meta's global infrastructure as part of the WhatsApp Business API. Controllers should note that Meta's data practices are governed by Meta's own terms and privacy policies.

Menumize does not intentionally transfer Personal Data to jurisdictions without an adequate level of data protection without first implementing appropriate safeguards.

Menumize will, upon reasonable written request from the Controller, provide information reasonably necessary to demonstrate compliance with this Addendum, including information about security measures and sub-processor agreements.

Formal on-site audits of Menumize's data processing activities are available by prior written arrangement. The Controller shall give at least 30 days' advance notice, conduct audits during normal business hours, and bear the reasonable costs of any such audit. Menumize may refuse or limit audits that it reasonably considers to be disruptive, unreasonably frequent, or that would compromise the security or confidentiality of other customers' data.

This Addendum terminates automatically upon the expiry or termination of the Controller's Menumize subscription. Upon termination, Menumize will, at the Controller's election:

• Delete all Personal Data within 90 days of termination, or
• Return a machine-readable export of the Controller's data before deletion, upon written request submitted within 30 days of termination.

Aggregated, anonymised analytics data — from which no individual can be identified — may be retained by Menumize beyond the termination date to improve its services. Such data is not considered Personal Data under this Addendum.

Menumize is owned and managed by Naya Farms (نايا للأعلاف والدواجن), a sole proprietorship registered in Lebanon under Commercial Register No. C.O8097, Baabda Court, Ministry of Justice.

For all DPA-related queries, data breach notifications, or data subject rights assistance requests, contact us:

• Email: info@menumize.com
• WhatsApp: +961 3 513 968
• Address: Property 2283, Section 5, Block A, 8th Floor, Haret Hreik, Baabda, Lebanon