This policy describes how we process the personal data of users of the Rosso Fuoco Club mobile application (the "App"), operated by Rosso Fuoco, a restaurant based in Poland (the "we" or "Controller"). We process data in accordance with Regulation (EU) 2016/679 (GDPR).
1. Data controller
Rosso Fuoco — Poland.
For any privacy-related request you can write to us at:
privacy@rossofuoco.eu.
2. Data we collect
- Account data: name, email address, phone number.
- Order data: products ordered, amounts (in PLN), delivery addresses, order notes, purchase history.
- Loyalty program: points earned, loyalty tier, vouchers/gift cards.
- Push notifications: device identifier for notifications (push token), device type and operating system.
- Technical data: the minimum information needed for the App to function and remain secure.
The App does not access the device's camera, microphone, GPS location, contacts or gallery.
3. Purposes and legal basis
- Account and order management — performance of the contract (Art. 6(1)(b) GDPR).
- Loyalty program — performance of the contract and legitimate interest (Art. 6(1)(b)/(f)).
- Push notifications (offers, order status) — consent, revocable at any time (Art. 6(1)(a)).
- Tax and accounting obligations — legal obligation (Art. 6(1)(c)).
4. Push notifications
Push notifications are only sent if you grant permission at the system level. You can turn them off at any time from your device settings or by logging out of the App. For the technical delivery of notifications we use the services of Expo, Apple (Apple Push Notification service) and Google (Firebase Cloud Messaging).
5. Data sharing
We do not sell your data. We share it only with providers who help us deliver the service, acting as data processors:
- Hosting and infrastructure: to run our servers.
- Payments: Stripe and/or SumUp to process payments (we do not store full card details).
- Notifications: Expo, Apple, Google to deliver push notifications.
6. Data retention
We retain data for as long as necessary for the purposes described and to comply with legal obligations (in particular tax obligations). When an account is closed, data that is no longer needed is deleted or anonymized.
7. Your rights
Under the GDPR you have the right to: access, rectification, erasure, restriction, objection and data portability, as well as the right to withdraw consent and to lodge a complaint with the competent supervisory authority (in Poland: UODO). To exercise them, write to privacy@rossofuoco.eu.
8. Account deletion
You can request the deletion of your account and associated data directly from the App (Profile section) or by writing to privacy@rossofuoco.eu.
9. Minors
The App is not intended for children under 16 and we do not knowingly collect their data.
10. Changes
We may update this policy. Changes will be published on this page with an updated revision date.