Who's in control of my personal data?
The Ontapp app is Ontapp Ltd ‘Us’. We are a registered company in England under company number 12674131 and our registered office address is: Front Suite, First Floor, 131 High Street,
Teddington, Middlesex, TW11 8HH
Information we collect from you
When you register for an Ontapp account we collect the following information from Facebook, Google or the form provided (we call this Account Information):
your first name and surname;
your email address;
your mobile phone number;
your Facebook or Google profile picture
you date of birth;
If you register as a business we also collect the following
business location information;
If you set up your Ontapp App account to pay for goods from businesses listed on the app, our payment processors (Stripe and Square) collects the following information (‘payment information’)
Name on card
If you have setup a business account the following data is also stored by Stripe(not by Us).
Name of account holder
We collect your profile picture if you provide this information in the settings.
Information we collect about you.
Each time you use the App or our site, we may automatically collect and process the following information:
Technical information about your Mobile Device or computer (in each case Device). Including, where available, your Device’s IP address and other unique identifiers, operating system and browser type, as well as your Mobile Device’s mobile network information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual;
Details about your use of the App or our site. Including pages and screens you visit, length of visit, and buttons and links you clock on. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
App Transaction Logs. If you take part in a ‘Transaction’ – by sending an order to a business, or by responding to an order as a business, then we log the following details of the transaction:
Name and email address of the person sending the order ('Customer') and of the business responding to the order ('Business')
Location of the Customer when they send the request
The date and time of the request
The items in your order, customisation text, amounts and prices
When the order is marked as prepared
When the order is marked as served/collected/delivered
The outcome of the transaction e.g. 'paid', 'failed', 'refunded'
Your location. If you select ‘Notifications On’ within the App and set Location Services to ‘Always’ within your phone’s privacy settings, then your location is continuously and anonymously recorded for the purposes of making ('Customer') and receiving ('Business') relevant order requests (see section 5 below).
What do you use my personal data for?
We use your Account Information to identify you as a unique user and create a public profile so you can identify yourself and interact with other users. Customer public profile consists of your first name and profile pictures. Business public profiles consist of the name of the business/venue/event, location, description, menus and the order points for that business.
We use your email address to send you emails for reasons of legitimate business interests. These include service messages about Ontapp, for example to let you know if Ontapp is experiencing technical issues.
We will also use your email address to send you messages about Ontapp for reasons of legitimate business interest – including advice on how to use the App more efficiently and effectively, information about new features and how to use them, or how you can increase the money you can make from using Ontapp as a Business, or savings and promotional offers as a Customer. You can choose not to receive these emails by following the instructions in each email to unsubscribe.
Your Payment Information is used by our Payment Processors (Stripe & Square) to process outgoing payments, and Stripe to make payments into your account (Businesses).
We use Technical information about your Mobile Device or computer and Details about your use of the App or our site to:
To administer the App and our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical purposes;
To improve the App and our site and to ensure that content from the App and our site is presented in the most effective manner for you and for your Device;
As part of our efforts to keep the App and our site safe and secure;
We collect App Transaction Logs for the following purposes:
In order to detect any breaches of our Terms & Conditions of use (for example, using the App for a prohibited purpose)
So that the information is available as required to aid any legal or law enforcement investigation
To support customer service enquiries into specific transactions
To support our work to improve the quality of the service we provide
Who do we share your personal data with, and where is it stored?
We use the following data processors to store your data:
By submitting your Personal Data, you agree to the transfer, storing and processing of your Personal Data by MixPanel.
Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”)—an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. To ensure the adequate protection of personal data, we have certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework.
By submitting your Personal Data, you agree to the transfer, storing and processing of your Personal Data by all our data processors.
How long do you keep my personal data for?
We will keep your Account Information and Payment Information for as long as your account remains open. You can close your account at any time by emailing email@example.com and asking to close your account. It will take 30 days for this personal data to be deleted.
We keep App Transaction Logs for seven years. This is so we are able to respond to any query by you, the parties you have transacted with, or any law enforcement official, about specific transactions.
What rights do I have?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
If you want to exercise any of these rights, please email us at firstname.lastname@example.org.
A right to access your information
You have a right to ask us to send you a copy of all the personal data that we hold about you (subject to some exceptions).
A right to an electronic copy of your information
You can also ask us to send you the Account Information that we hold about you in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.
A right to object to us processing your information
You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing.
If you make a request to exercise your right to object, if we have legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
A right to ask us not to send you messages about our service
You can ask us not to send you messages about using the Ontapp service. You can do this by following the "unsubscribe" instructions in any email you receive from us.
A right to have inaccurate data corrected
You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
A right to have your data erased
A right to have processing of your data restricted
You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
How can I contact you?
What if this policy changes?