Back to home
Legal

Privacy Policy

Last updated: April 6, 2026

01

1. Data controller

Eleaty SAS, a simplified joint-stock company, is the data controller for your personal data in connection with the use of our services (ordering website, kiosks, kitchen display, synchronization, loyalty applications).

02

2. Data collected

We collect the following data:

  • Identity data: last name, first name, email, phone
  • Order data: purchase history, preferences, amounts
  • Loyalty data: points, tiers, coupon usage
  • Technical data: IP address, browser, connection logs
  • Payment data: managed by our certified partners (we do not store your banking data)
03

3. Purposes of processing

Your data is used for: fulfilling your orders, managing your loyalty program, improving our services through usage analysis, and sending notifications (with your explicit consent).

04

4. Retention period

Your data is retained for the duration necessary for the purposes for which it was collected, in compliance with GDPR. Order data is retained for 3 years for accounting purposes. Loyalty data is retained as long as your account is active.

05

5. Your rights

Under GDPR, you have the right to access, rectify, delete, port, and object to your data. To exercise these rights, contact us at: privacy@eleaty.fr. We commit to responding within 30 days.

06

6. Security

All data is protected by bank-grade encryption, both in transit and at rest. Our infrastructure uses end-to-end encryption. Exchanges with our servers are protected by the latest security protocols. Your data is hosted in Europe.

07

7. Cookies and audience measurement

This site does not use any cookies. Our audience measurement tool is 100% self-hosted on our own servers, does not set any cookies, does not share any data with third parties, and does not enable cross-site tracking. Collected data is anonymous and used exclusively for statistical purposes. In accordance with GDPR Article 6.1.f (legitimate interest) and ePrivacy Directive exemptions for audience measurement, no consent is required.

  • No cookies set (no session, tracking, or advertising cookies)
  • Self-hosted audience measurement tool (no data shared with third parties)
  • Data pseudonymized via technical fingerprinting (no personal identification)
  • Data retained for a maximum of 2 years, then automatically deleted
  • Legal basis: legitimate interest (GDPR Art. 6.1.f) — audience measurement exemption