NowMenu Logo NowMenu

Privacy Policy

Last update: April 04, 2026

1. Identity and Contact Details of the Data Controller

Pursuant to Art. 13 of Regulation (EU) 2016/679 (GDPR), we inform you that your personal data will be processed by GOLDENSIO Sociedad Limitada, with registered office located in 35660 La Oliva, Fuerteventura, Spain, registered under NIF ESB72723364 (hereinafter "Data Controller" or "NowMenu"). You may contact the Data Controller for any clarification regarding your data by writing to: info@nowmenu.it.

2. Categories of Processed Personal Data

The NowMenu platform acts as a SaaS (Software as a Service) infrastructure provider. The logs and managed interactions include:

  • Navigation and Usage Data: IP addresses, tracking logs, diagnostic information for server diagnostics and traffic optimization.
  • Restaurateur Data (Tenants): Full name, email addresses, company data and payment or billing details, processed for platform access and optional credit or service purchases.
  • End User Data (Consumers): We do not proactively collect names or email contacts of the final menu users, unless they explicitly register for notifications or use third-party trackers previously accepted. "Favorite Dishes" are stored solely within the customer's device Local Storage.

3. Purposes and Legal Basis of Processing

We process your information exclusively in connection with the following regulatory pillars:

  • Contractual Execution (Art. 6(1)(b) GDPR): Providing the use of QR generators and the menu editing dashboard; providing public hosting of menus for the restaurant.
  • Legal Obligations (Art. 6(1)(c) GDPR): Retention of Stripe invoices and accounting records pursuant to the Spanish fiscal jurisdiction for Restaurateurs.
  • Explicit Consent (Art. 6(1)(a) GDPR): Exclusive use of marketing tracking, remarketing (e.g., Meta Pixel), and session metrics (Google Analytics 4). The citizen may opt out of this purpose by disabling non-essential cookies via the banner at the bottom of the page or by clearing their browser history.
  • Legitimate Interest: Cybersecurity against DDoS (Cloudflare), analysis against piracy, and banking system fraud.

4. Processing Methods and Data Security

All information processes adopted by NowMenu implement TLS 1.2+ and AES-256 encryption standards at rest for backends in Europe, preventing malicious decoding. We do not extract permanent copies, strictly excluding the commercialization, sale, or forced transfer of datasets and customer records of our Restaurants to third-party funds.

5. Data Retention Period

Analytical navigation information is erased after a maximum period of 14 months. The remaining Restaurateur data expires 10 years after the last invoiced renewal due to administrative and tax constraints, unless a prior official request for deletion occurs.

6. Role of the Restaurateur as Independent Controller

Whenever a restaurant establishment uses artificial intelligence services on our software or obtains third-party contacts by collecting leads within the dashboard, the restaurateur acts as an Independent Data Controller locally for those specific data, with GoldenSio merely acting as a technological partner in the capacity of "Data Processor".

7. Exercise of Data Subject Rights

The subject to whom the intercepted data belongs retains the full and complete right, within the scope of the EU Reg., to demand from the Data Controller Access, Revocation, Erasure (Art. 17 GDPR), Automated Opposition, and Portability by submitting a simple ticket to the address mentioned above (info@nowmenu.it).


Disclaimer: This document has been automatically translated to facilitate the user's reading. In the event of any discrepancies, linguistic inaccuracy, disputes, or legal interpretation, the original Italian version legally precedes and rigorously prevails over this translated text.