PRIVACY POLICY - EATIN MONACO

Version 1.1 - Last updated: 5 June 2026

1. Introduction

This Privacy Policy describes the conditions under which EATIN SARL collects, uses, stores, protects and shares the personal data of users of the EATIN MONACO application, the associated websites and related services.

EATIN places particular importance on the protection of privacy and undertakes to process personal data in accordance with the regulations applicable in Monaco as well as the principles arising from the General Data Protection Regulation (GDPR) where applicable.

Use of EATIN services implies acknowledgement of this Policy.

2. Data Controller

EATIN SARL
RCI Monaco: 19S08113
Registered office: 47 Avenue Hector Otto, 98000 Monaco
Email: info@eatin.mc
Telephone: +377 97 77 12 32

3. Data Collected

3.1 Identification data
  • first name, last name
  • email address
  • telephone number
  • date of birth
  • optional profile photograph
3.2 Account data
  • user ID
  • login history
  • preferences
  • account settings
  • language used
3.3 Order data
  • orders placed
  • purchase history
  • amounts spent, refunds
  • Wallet credits
  • promotions used
3.4 Delivery data
  • addresses
  • geolocation
  • delivery instructions
  • contact details required for handover of the order
3.5 Technical data
  • IP address
  • device identifiers
  • operating system
  • application version
  • connection logs
  • error reports, performance data
3.6 Payment data

Payments are processed by specialised providers. EATIN never stores full payment card numbers.

4. Geolocation

Some features require access to the user's location. Geolocation may in particular be used to determine the delivery address, improve the accuracy of services, prevent fraud, optimise routes, and improve the user experience.

The user may refuse access to their location from their device settings. Some features may then be limited.

5. Purposes of Processing

The data is used in particular to:

  • create and manage the user account
  • process orders and organise deliveries
  • manage payments and provide customer support
  • prevent fraud and protect the platform
  • improve services and produce statistics
  • send notifications
  • comply with legal obligations and defend EATIN's legitimate interests

6. Legal Bases

Processing relies in particular on the performance of the contract, the user's consent, legal obligations, and EATIN's legitimate interest.

7. Fraud Detection and Security

EATIN implements detection mechanisms designed to prevent fraudulent payments, identity theft, promotional abuse, abusive chargebacks, suspicious orders, and attacks on the security of the platform. Some decisions may be partially automated. The user may request human review where an automated decision produces a significant effect on them.

8. Communications

EATIN may send emails, push notifications, and SMS regarding order-related messages, promotional offers, and newsletters. Communications strictly necessary for the functioning of the service cannot be disabled. Marketing communications can be disabled at any time.

9. Data Sharing

Data may be disclosed only where necessary to:

  • EATIN staff: authorised personnel.
  • Drivers: information necessary for delivery.
  • Service providers: Braintree, Apple Pay, Google Pay, Firebase, Crashlytics, Google Analytics, cloud hosting providers, and security tools.
  • Authorities: where required by law or where a legitimate request is made.

10. International Transfers

Some data may be processed outside Monaco or outside the European Union. Where such transfers occur, EATIN implements the appropriate safeguards provided for by applicable regulations, in particular standard contractual clauses or equivalent mechanisms.

11. Retention Periods

Subject to legal obligations:

  • User accounts: 5 years after the last activity.
  • Order history: 5 years.
  • Accounting data and invoices: 10 years.
  • Technical logs: 24 months.
  • Analytics data: 13 months.
  • Fraud-related data: up to 5 years.

12. Security

EATIN implements technical and organisational measures designed to protect personal data (access control, encryption of communications, logging, security monitoring, secure backups). As no IT system can guarantee absolute security, EATIN cannot guarantee the complete absence of risk.

13. User Rights

The user may access, rectify, delete, or export their data, as well as restrict or object to certain processing and withdraw their consent. Any request may be sent to: info@eatin.mc.

14. Account Deletion

The user may delete their account from the application or by contacting support. Certain data may nevertheless be retained where its retention is necessary for compliance with legal obligations, the defence of EATIN's rights, fraud prevention, or accounting/tax obligations.

15. Minors

EATIN services are not intended for unaccompanied minors. Orders for alcohol remain strictly reserved for persons legally authorised to consume it.

16. Data Breach

In the event of a security incident likely to affect users rights, EATIN will take the necessary measures in accordance with applicable legal obligations.

17. Changes

EATIN may amend this Policy at any time. Significant changes may be notified via the application, by email or by any other appropriate means.

18. Contact / 19. Governing Law

For any question, contact info@eatin.mc or +377 97 77 12 32. This Policy is governed by Monegasque law. Any dispute falls under the competent courts of Monaco.


PRIVACY POLICY - EATIN MONACO (DRIVER APP)

Version 1.0 - 8 June 2026

1. Introduction

This Privacy Policy describes how EATIN SARL collects, uses, stores and protects the personal data of employees using the EATIN MONACO driver application. The driver application is a professional tool reserved for authorised EATIN employees.

2. Data Controller

EATIN SARL
RCI Monaco: 19S08113
Registered office: 47 Avenue Hector Otto, 98000 Monaco
Contact: info@eatin.mc | +377 97 77 12 32

3. Data Collected

3.1 Professional identification data

Last name, first name, employee ID, professional or personal email address used for the service, telephone number, login credentials, role or function.

3.2 Application usage data

Login/logout times, availability statuses, orders assigned/accepted/handled, delivery statuses, pickup/delivery confirmations, reported incidents, and exchanges with support.

3.3 Professional geolocation data

When the application is used during working hours, EATIN may process geolocation data to enable the proper functioning of the service (position during service, operational route, position at assignment, pickup, or delivery, and data required to manage incidents).

3.4 Technical data & 3.5 Incident-related data

IP address, device type, operating system, application version, connection logs, error reports, security data, as well as data regarding accidents, significant delays, customer disputes, or delivery problems.

4. Purposes of Processing & 5. Legal Bases

Data is used to enable access to the application, assign orders, track performance, optimise routes, ensure driver/customer safety, handle incidents, and manage disputes. This relies on the performance of the employment contract and EATIN's legitimate interest.

6. Driver Geolocation

Geolocation is used exclusively in a professional context during working hours. Geolocation must not be used for any purpose unrelated to the service. The employee must log out of the application at the end of their service.

7. Customer Data Visible to Drivers

The driver may access customer data necessary for delivery (first name, address, delivery instructions, telephone number). This information must be used only for the relevant delivery and must never be copied, retained, transmitted, or used for personal purposes.

8. Confidentiality and Security

Employees must contribute to security: do not share login credentials, lock their phone, do not leave the application unattended, do not take screenshots of customer data, and immediately report any loss, theft, or suspicious access.

9. Data Recipients & 10. Technical Service Providers

Data may be accessible to EATIN management, operational managers, support, technical/HR departments, technical service providers, hosting providers, and competent authorities.

11. International Transfers & 12. Retention Periods

Some data may be processed outside Monaco or the EU with appropriate safeguards. Employee account data is kept for the duration of the employment contract; operational delivery data up to 24 months; technical logs up to 24 months.

13. Employee Rights

Employees have the right of access, rectification, erasure, restriction, and objection. Requests can be sent to: info@eatin.mc.

14. Data Breach, 15. Changes & 16. Governing Law

Employees must report any safety incident immediately (e.g., lost/stolen phone). This policy is governed by Monegasque law, and any dispute falls under the competent courts of Monaco.