1. Information that We collect
When you use our services, like for instance, visit our Website, our web server will temporarily record certain information from the device you use:
- Your session identifier,
- Your IP address, and information generated from anonymized IP address that includes: a computer host name, geographic location (if you have set your system to allow transmission of geolocation information), time of visit, web page URL, referring website, security tokens (for authentication and information submission, like RFP forms),
- The access date,
- The file request of the client (file name and URL),
- The HTTP response code and the website from which you are visiting us,
- The number of bytes transferred during the connection,
- and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (such as delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).
2. Type of Cookies that we use
Cookies are used to provide the following functions:
Personalization: For example, your language preference is remembered.
Session Management: To ensure that your session is routed to the correct system for the duration of your visit.
AB Testing / Multivariate Testing: We can display multiple versions of a page to a user to assess which generates the best user experience.
Advertising: We can display advertising content depending on location, language, and your past browsing history.
2.1 Analytics Cookies
Analysis cookies allow us to understand how you interact with our services in order to analyze, research and improve them (also with the help of third-party data analysis tools).
The analysis cookies which we use are as follows:
|Name of Cookie||Purpose of the cookie||Expiration|
|Adobe Analytics||To analyze how our visitors use our websites||11 months|
|Google Analytics (Analytics Providers)||To collect demographic and interest-level information and usage information from you when you visit our Site (including information about the pages you entered and exit the Site and what pages you viewed, time spent, browser, operating system, and IP address etc.).
To recognize you when you visit our Site and when you visit other sites.
If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).
|Hotjar||To record your journey on our Site||11 months|
|Datadog||To ensure the quality of service delivered to our clients by collecting errors, performance metrics and replay sessions for technical improvements.||1 day|
|Auth0||To keep the user account session connected||1 day|
|Identity aware Proxy||10 minutes|
|__cid (Datadog)||Cookie used to store the client identifier||15 years|
|_dd_s (Datadog)||Cookie used to group all events generated from a unique user session across multiple pages.||15 minutes|
|__zlcmid (Verasafe)||This Cookie is used to store the visitor’s identity across visits and the visitor’s preference to disable our live chat feature.||1 year and 2 months|
|_ga (Google Analytics)||Used to collect google analytics data||1 year and 1 month|
|_hjAbsoluteSessionInProgress (Hotjar)||Used to detect the first pageview session of a user.||30 minutes|
|_hjSessionUser (Hotjar)||Set when a user first lands on a page.||12 months|
|_hjSession (Hotjar)||Holds current session data.||30 minutes|
|ajs_anonymous_id (Segment)||Cookie used to store new visitor on our site||1 year|
|ajs_user_id (Segment)||Cookie used to store the user identifier||1 year|
|optimizelyEndUserId (Segment)||Stores a visitor’s unique Optimizely identifier. It’s a combination of a timestamp and a random number.||6 months|
|intercom-id (Intercom Messenger)||Anonymous visitor identifier cookie||8 months and 25 days|
|intercom-session (Intercom Messenger)||Identifier for each unique browser session||7 days|
|mkjs_user_id (Segment)||Analytics: user activity||1 year and 7 days|
|mkjs_group_id (Segment)||Analytics: These cookies are used to record the amount of people that visit our site, and track whether you’ve visited before.||1 year and 7 days|
|fs_uid (Segment)||Analytics: to maintain a coherent scope for a user session across multiple pages on a single website||1 year and 7 days|
2.2. Targeting / Advertising Cookies
Advertising cookies and other similar technologies allow us to place targeted advertisements on other sites you visit and to measure your activity regarding those advertisements.
The targeting/advertising cookie which we use are as follows:
|Name of the cookie||Purpose of the cookie||Expiration|
|Facebook Pixel||Identifies visitors from Facebook posts||11 months|
|Facebook Custom Audiences||Custom audiences on our website to reach you if you visit our website and send you
the right message on Facebook
|Google Conversion Linker||Detects ad click information in our conversion page URLs and stores this information to associate an ad click with a conversion||11 months|
|Google Conversion tracking||Google Conversion tracking||11 months|
|Google Remarketing||Google code specifically for remarketing/retargeting based advertising||11 months|
|Google Ads||Measures the efficiency of sponsored campaigns||11 months|
|Facebook conversion tracking||Allows click tracking on ads||11 months|
3. What types of targeting do the cookies allow?
Demographics: Target ads based on how well products and services trend with users in certain locations, ages, genders, and device types.
In-market: Show ads to users who have been searching for products and like-services.
Custom intent audiences: Choose words or phrases related to the people that are most likely to engage with sites and make purchases by using “custom intent audiences”.
Similar audiences: Target users with interests related to those on remarketing lists.
Remarketing: Target users that have already interacted with our ads, website, or app
Social media platforms: utilize information about their users in order to determine whether those users should be presented a specific advertising campaign based on criteria selected by the advertiser. This may include information collected through a pixel or similar technology placed on our website, provided by users to the social media platform (e.g., account information and usage of the social network), and information collected from third party websites that is shared with the social media platform.
We do not control the information collected by such partners or advertiser in connection with our website or the further use of information we may provide to them for the aforementioned services, and they do not process such data on our behalf.
Only the data protection policies of those third parties as the respective controllers of such data will apply to their processing of such data.
4. How to opt out?
Further information on how Google uses information can be found here https://policies.google.com/technologies/partner-sites.
To opt-out of personalized advertisements on your social media account or newsfeed and for more information on how these social media platforms use your information, please visit:
If you would like to control the use of information about you collected by Facebook from third party websites, you can visit Facebook’s ‘Off-Facebook’ privacy settings here: https://en-gb.facebook.com/off-facebook-activity
5. How can you change your preferences or block cookies?
6. Is your consent required for cookies?
In addition, you can prevent or restrict the storage of cookies on your hard disk by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time.
Please refer to your browser’s operating instructions to find out how this works. If you choose to disable cookies, some features of our website or Services may not operate as intended.
We use pixels to automatically record certain technical information about your interactions when you visit our websites or otherwise engage with us, to help deliver cookies on our websites, or count users who have visited our sites.
We also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. “Pixels” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements, and related information users.
Unlike cookies, which are stored on a user’s computer hard drive, pixels are embedded invisibly on web pages or in HTML-based emails.
The data we receive through pixels allows us to effectively promote our sites to various populations of users, and to optimize external advertisements about our sites that appear on third-party websites.
We (“we” or “SUNDAY” or “us”) pay particular attention to the respect of the regulations relating to the protection of your Personal Data (the “Regulations”), whether you are a Client who subscribed to our Services, you are an Establishment (or a member of the staff of an Establishment) using our Solution or you are an end customer who orders and/or pays your bills via our Application, but also if you are a job candidate wishing to join us or an internet user who visits our website https://sundayapp.com/ (the “Site”).
All the terms in capital letters not defined here are defined in our General Terms of Services.
1. Personal Data Protection Principles
We adhere to general data privacy principles when collecting and processing Personal Data that require us to:
- Collect and use Personal Data fairly and only for lawful and specified purposes related to our legitimate business objectives.
- Limit our Personal Data collection to what is adequate, relevant, and not excessive for the intended purpose.
- Notify individuals about our Personal Data processing practices in a clear and transparent manner.
- Ensure the accuracy of the Personal Data we collect, hold, and use.
- Retain Personal Data only for the time needed to fulfill the established purpose.
- Respect data subjects’ rights.
- Secure the Personal Data we hold.
2. What Personal Data do we collect?
Depending on the services we provide to you, we may collect, with your prior consent, in our capacity as data controller, including but not limited to, the following Personal Data:
If you are a Client who subscribed to our Services or an Establishment using our Solution: name, first name, position, professional email and postal address, telephone number, login and password for your account, copy of your and/or your staff’s ID.
If you are a customer of one of our Clients (i.e. bar, festival, restaurant, food court, stadium or other Establishments) who uses the Application: last name, first name, gender, date of birth, email address, postal address, telephone number, account login and password, unique identification number of your device, location data, a profile photo as well as any comments you post on the Application. We may also collect your food preferences, allergies and intolerances as well as your payment methods.
If you are a candidate for a position with us: last name, first name, email address, telephone number, CV, photograph, LinkedIn profile, IP address, languages spoken and past work experience, diplomas obtained and studies completed, hobbies, as well as any data that is voluntarily communicated via the application forms or in the cover letters
If you are an Internet user of our Site: name, first name, email address, telephone number, postal code, your restaurant and any POS communicated via the contact forms and any other information transmitted via the contact email addresses.
When you browse our Site or use our Application, we may also collect your IP address via our cookies. For more information, see our Cookies Policy.
The information that must be completed is identified by asterisks. If you do not provide this information, we will not be able to carry out our assignment or process your request.
You are the one who communicates the Personal Data to us. Their accuracy and updating is your responsibility.
When you are a Client operating one or more Establishment(s) or having registered Beneficiary Companies, you have ensured that you have obtained all the appropriate authorizations to communicate the Personal Data of the persons concerned to us.
3. Why do we collect Personal Data?
The processing of Personal Data is strictly necessary for the business purpose you have entrusted to us, for the use of our Services, the Solution, the Application, the use of our Site or the processing of your requests. We will notify you of the specific business purpose when we first collect the data. Any Personal Data collection and processing we conduct must also comply with that notice and any other related privacy disclosures. We cannot use Personal Data for new, different, or incompatible purposes unless the data subject consents to the new use after receiving a revised privacy notice.
Therefore, they are only used for:
- The verification of your identity and status,
- The execution and the follow-up of the contract which binds us to you,
- The creation of your account and your accesses,
- The use of the Solution, the Services, the Site or the Application,
- Our marketing and sales prospecting operations, subject to your prior consent,
- The processing of your requests for information and quotes and your job applications,
- The management of unpaid bills, claims and possible litigation,
- The processing of requests to exercise your rights in accordance with section 5 below,
- More generally, the respect of legal and regulatory obligations incumbent upon us.
- Aggregate Information: We may share aggregate and anonymized/pseudonymized Personal Data to third parties in order to promote or describe use of our Services, the Solution or the Application, for research, marketing, advertising, or other commercial purposes.
In order to allow us to constantly improve our Services and our Solution, we may also anonymize Personal Data.
4. How long do we keep Personal Data?
We only keep Personal Data for the time strictly necessary for the legitimate business purposes mentioned above, i.e:
- If you are a Client who subscribed to our Services or an Establishment using our Solution, or a Customer using our our Application: 5 (five) years from the collection of Personal Data, then in intermediate archiving with punctual and restricted access for a maximum period of 10 (ten) years, in accordance with accounting regulations,
- If you have sent us a request for information or a quote via our Site: 3 (three) years from the date of receipt of your request,
- If you have applied for a job with us: 2 (two) years from the date of receipt of your application if it is not accepted,
- If you have sent us a request to exercise your rights: 5 (five) years from receipt of your request.
We will take all reasonable steps to destroy, or erase from our systems, all Personal Data that we no longer require and follow all applicable records retention schedules and policies.
5. What are your rights?
You have rights when it comes to how we handle your Personal Data. These rights vary depending on where you reside but generally you have the right to access, modify and delete your Personal Data. As such, you can:
- Access all of your Personal Data, or only the Personal Data on which we would have based a decision concerning you,
- Obtain a copy of it,
- Request that your Personal Data be, as the case may be, corrected, completed, updated or deleted, subject to the exceptions provided for by the Regulations,
- Define the treatment of your Personal Data after your death (conservation, deletion or transmission to a third party that you have previously designated),
- Prevent our use of your Personal Data for direct marketing purposes.
You also have the right to object to:
- the re-use of your Personal Data for solicitation purposes, notably commercial solicitation; the processing of your Personal Data, for legitimate reasons, except if this processing is because of a legal or regulatory obligation.
Finally, the right to data portability offers you the opportunity to retrieve your Personal Data in a structured, open and machine-readable format.
The exercise of these rights is done directly by sending an email to email@example.com. In order to verify the identity of the applicant, we ask you to attach a copy of your identity card to the request to exercise your rights.
We commit ourselves to communicate the information requested under the conditions set out above, within a maximum of 1 (one) month from the receipt of the request. This period may be extended by a maximum of 1 (one) month if the request is complex or requires further study. In case of extension of the deadline for processing the request, the applicant has the possibility to ask us to freeze the use of his Personal Data, during the deadline for processing the request.
6. With whom is the Personal Data shared?
We may only send the Personal Data we hold to persons intervening within the framework of our activity. That includes our staff and the staff of our parent company, Sunday App Inc., PBC (305 Delmont Dr, NE 30305 Atlanta, United States), and any of its affiliates, notably in the sales, IT, client services, accounting departments, if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions.
We may subcontract certain Personal Data processing activities. Beforehand, we have ensured that all of these service providers present the appropriate guarantees, particularly in terms of Personal Data protection.
We may only share the Personal Data we hold with third parties such as our service providers if all the following conditions apply:
They have a need to know the information for the purposes of providing the contracted services.Sharing the Personal Data complies with the privacy notice provided to you, the data subject, and, if required, your consent has been obtained.They have agreed to comply with the required data security policies and procedures and to put adequate security measures in place.
The transfer complies with any applicable cross border transfer restrictions
To date, there are external services responsible for fulfilling our social, accounting and tax obligations as well as our technical service providers (such as Google Analytics). We provide you with a list of our subcontractors. In case of change, we will inform you in advance.
7. Is the Data transferred outside the European Union and the European Economic Area?
In accordance with our obligations, when Personal Data is transferred to a country that is not located in the European Union and the European Economic Area (EEA), or to a country considered not to offer an adequate level of protection according to the European Commission, we undertake to (i) seek your consent, (ii) put in place appropriate procedures in order to comply with the Regulation, in particular in the event that authorization from a competent authority is required, and (iii) to put in place appropriate safeguards with respect to the supervision of such transfer in order to ensure a necessary and adequate level of protection, such as the implementation of binding corporate rules or the conclusion of standard contractual clauses adopted by the European Commission.
In this context, we inform you that we may transfer Personal Data outside the European Union to our parent company, Sunday App Inc., PBC located in the United States, or to one of its affiliates, notably Application Sunday Inc, located in Canada. We have, as such, put in place all the appropriate measures in order to manage this transfer, in accordance with the applicable Regulation.
In the event that we proceed with other transfers, we will seek your prior consent, unless otherwise required by law on important public interest grounds.
8. What privacy and security measures do we have in place?
The protection of Personal Data is an important issue for us.
To this end, we ensure that our team members, partners and subcontractors who, by virtue of their function/role, may have access to Personal Data, are subject to a strict obligation of confidentiality.
We have put in place technical and organizational measures to protect Personal Data against damage, loss, misappropriation, intrusion, disclosure, alteration or destruction.
If, in spite of the measures taken, we should be informed of a violation within Sunday of the Personal Data, likely to generate a risk for the rights and freedoms of the persons concerned, we undertake to notify, under applicable data privacy laws, the violation in question to the competent control authority at the latest 72 (seventy-two) hours after having become aware of it, and to the person concerned as soon as possible.
9. To whom should you address your requests or complaints?
You can also contact your national data protection agency.