Who we are

Suggested text: Our website address is: https://orders.timetoeat.me.

Privacy Policy

This Privacy Policy describes how we process information about you, including personal data and cookies.

1. General Information
   This policy applies to the Website operating at the URL: orders.timetoeat.me
   The Website Operator and Data Controller is: GAPLO LIMITED, 10625275, 192 Brettenham Road, London, United Kingdom, E17 5AY
   Contact email address of the Operator: kontakt@timetoeat.me
   The Operator is the Data Controller of your personal data with respect to the data voluntarily provided on the Website.
   The Website uses personal data for the following purposes:

• Managing a newsletter
• Conducting online chat conversations
• Presenting offers or information
  The Website collects information about users and their behavior in the following ways:
• Through data voluntarily entered in forms, which are then stored in the Operator’s systems.
• By saving cookie files (so-called “cookies”) on end-user devices.

1. Selected Data Protection Methods Used by the Operator
   The login and personal data entry points are protected in the transmission layer (SSL certificate). This ensures that personal data and login information entered on the Website are encrypted on the user’s computer and can only be read on the target server.
   Personal data stored in the database is encrypted in such a way that only the Operator holding the key can access it. This protects the data in case the database is stolen from the server.
   The Operator periodically changes its administrative passwords.
   A key element of data protection is the regular updating of all software used by the Operator to process personal data, particularly regular updates of software components.
2. Hosting
   The Website is hosted (technically maintained) on the servers of a third-party provider.
   To ensure technical reliability, the hosting company maintains server-level logs. The following may be recorded:

• Resources identified by URL (addresses of requested resources – pages, files),
• Time of request receipt,
• Time of response sending,
• Client station name – identification performed via HTTP protocol,
• Information about errors that occurred during HTTP transactions,
• URL address of the page previously visited by the user (referrer link) – in cases where the transition to the Website was via a link,
• Information about the user’s browser,
• Information about the IP address,
• Diagnostic information related to the process of independently ordering services through recorders on the Website,
• Information related to the handling of email correspondence directed to and sent by the Operator.

1. Your Rights and Additional Information on Data Use
   In certain situations, the Data Controller has the right to transfer your personal data to other recipients if it is necessary to perform a contract concluded with you or to fulfill obligations incumbent on the Data Controller. This applies to the following recipient groups:

• Hosting company on a data processing agreement basis
• Payment operators
• Operators of online chat solutions
• Authorized employees and collaborators who use the data to achieve the Website’s objectives
• Companies providing marketing services on behalf of the Data Controller
  Your personal data processed by the Data Controller will not be retained longer than necessary to perform the activities related to them, as specified by separate regulations (e.g., accounting regulations). Marketing data will not be processed for more than 3 years.
  You have the right to request from the Data Controller:
• Access to your personal data,
• Their rectification,
• Deletion,
• Restriction of processing,
• And data portability.
  You have the right to object to the processing of personal data for the purposes of the legitimate interests pursued by the Data Controller, including profiling, as referred to in point 3.2. However, the right to object cannot be exercised if there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, particularly for establishing, pursuing, or defending claims.
  You may lodge a complaint regarding the Data Controller’s actions with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
  Providing personal data is voluntary but necessary for the operation of the Website.
  Actions involving automated decision-making, including profiling, may be taken with respect to you to provide services under the concluded contract and for the Data Controller to conduct direct marketing.
  Personal data is not transferred to third countries within the meaning of data protection regulations. This means that we do not transfer it outside the European Economic Area.

1. Information in Forms
   The Website collects information voluntarily provided by the user, including personal data, if provided.
   The Website may store information about connection parameters (time stamp, IP address).
   In some cases, the Website may store information that facilitates linking the data in the form to the email address of the user filling out the form. In such cases, the user’s email address appears within the URL of the page containing the form.
   Data provided in the form is processed for the purpose resulting from the function of the specific form, e.g., to process a service request, commercial contact, or service registration. The context and description of the form clearly inform what it is used for.
2. Administrator Logs
   Information about user behavior on the Website may be logged. This data is used for Website administration purposes.
3. Key Marketing Techniques
   The Operator uses statistical analysis of Website traffic through Google Analytics (Google Inc., based in the USA). The Operator does not transfer personal data to the operator of this service, only anonymized information. The service relies on the use of cookies on the user’s end device. Regarding information about user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/
   The Operator uses remarketing techniques, which allow tailoring advertising messages to the user’s behavior on the Website. This may give the impression that the user’s personal data is used to track them, but in practice, no personal data is transferred from the Operator to advertising operators. The technological prerequisite for such activities is the enabled handling of cookies.
   The Operator uses the Facebook Pixel. This technology enables the Facebook service (Facebook Inc., based in the USA) to know that a registered person is using the Website. It relies on data for which Facebook itself is the data controller, and the Operator does not transfer any additional personal data to Facebook. The service is based on the use of cookies on the user’s end device.
   The Operator uses a solution that automates the Website’s operation with respect to users, e.g., sending an email to the user after visiting a specific subpage, provided the user has consented to receiving commercial correspondence from the Operator.
4. Information About Cookies
   The Website uses cookies.
   Cookies are IT data, particularly text files, stored on the Website User’s end device and intended for use with the Website’s pages. Cookies typically contain the name of the website they originate from, the duration of their storage on the end device, and a unique number.
   The entity placing cookies on the Website User’s end device and accessing them is the Website Operator.
   Cookies are used for the following purposes:

• Maintaining the Website User’s session (after logging in), so the user does not have to re-enter their login and password on every subpage of the Website;
• Achieving the purposes specified above in the “Key Marketing Techniques” section.
  The Website uses two main types of cookies: “session” (session cookies) and “persistent” (persistent cookies). Session cookies are temporary files stored on the User’s end device until they log out, leave the website, or close the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
  Web browsing software (web browser) usually allows the storage of cookies on the User’s end device by default. Website Users can change these settings. The web browser allows the deletion of cookies. It is also possible to automatically block cookies. Detailed information on this subject is available in the browser’s help or documentation.
  Restrictions on the use of cookies may affect some functionalities available on the Website’s pages.
  Cookies placed on the Website User’s end device may also be used by entities cooperating with the Website Operator, particularly companies such as Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), and Twitter (Twitter Inc., based in the USA).

1. Managing Cookies – How to Give and Withdraw Consent in Practice?
   If the user does not want to receive cookies, they can change their browser settings. Please note that disabling cookies necessary for authentication, security, or maintaining user preferences may hinder, and in extreme cases, prevent the use of websites.
   To manage cookie settings, select the web browser you use from the list below and follow the instructions:

Windows Phone

Edge

Internet Explorer

Chrome

Safari

Firefox

Opera
Mobile devices:

Android

Safari (iOS)

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.