Privacy Policy

Last updated: March 7, 2026

1. Data Controller

Menu5Star
Address: Bari, Italia
Email: info@menu5star.com
PEC: menu5star@pec.it

2. Data Collected

We collect the following categories of personal data:

  • Identity data: name, surname, email, phone number, business name, VAT number, fiscal code.
  • Browsing data: IP address, browser type, operating system, pages visited, access time. This data is collected anonymously and in aggregate through logging and analytics systems.
  • Geolocation data: country of origin (determined via IP) for automatic language and currency selection. Precise location is not tracked.
  • Payment data: managed entirely by Stripe and/or PayPal. We do not store credit card numbers on our servers.
  • Voluntarily provided data: menu content, product photos, support messages.

3. Purpose of Processing

  • Providing the digital menu service and managing the user account.
  • Payment and subscription management.
  • Service-related communications (changes, expirations, support).
  • Anonymous statistical analysis to improve the service.
  • Compliance with legal and tax obligations.
  • Management of the Ambassador and Country Manager program.

4. Legal Basis

Data processing is based on: (a) performance of the service contract, (b) explicit user consent where required, (c) legitimate interest of the controller for security and service improvement purposes, (d) compliance with legal obligations.

5. Data Retention

Personal data is retained for the duration of the contractual relationship and for the following 10 years as required by Italian tax regulations. Anonymous browsing data is retained for a maximum of 26 months. Users may request deletion of their data at any time, subject to legal obligations.

6. Data Sharing

Personal data is not sold to third parties. It may be shared with:

  • Service providers: Stripe (payments), hosting provider (Aruba S.p.A.), transactional email services.
  • Competent authorities: when required by law.

7. Extra-EU Transfer

Some data may be transferred to service providers located outside the European Union (e.g., Stripe Inc., USA). In such cases, the transfer is based on standard contractual clauses approved by the European Commission or other adequate safeguards under the GDPR.

8. Data Subject Rights

Under Articles 15-22 of EU Regulation 2016/679 (GDPR), users have the right to:

  • Access their personal data.
  • Obtain rectification of inaccurate data.
  • Obtain erasure of data (right to be forgotten).
  • Restrict processing.
  • Object to processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge a complaint with the Data Protection Authority.

To exercise your rights, contact: info@menu5star.com

9. Security

We adopt adequate technical and organizational measures to protect personal data, including: SSL/TLS encryption for all communications, secure password hashing (bcrypt), regular backups, data access limited on a "need-to-know" basis.

10. Changes

We reserve the right to modify this policy. Changes will be published on this page with the date of last update.