March 2022

Cookies are files that are stored on your device’s hard drive or web browser and are accessed by our server when you access our services. Other technologies may include tags, pixels, SDKs, web beacons, JavaScript, links in emails, device IDs, or similar technologies and may be used for the same purposes as cookies and stored on your hard drive until they expire. Other technologies are used to collect non-personal information or aggregate information used to enhance your experience and gather usage and performance data.

This Cookie Policy describes the practices that “Sunday” (or “us” or “we”) follows when collecting information through use of cookies and similar technologies when you access our services.

1. Information that We collect

When you use our services, like for instance, visit our Website, our web server will temporarily record certain information from the device you use:

• Your session identifier,

• Your IP address, and information generated from anonymized IP address that includes: a computer host name, geographic location (if you have set your system to allow transmission of geolocation information), time of visit, web page URL, referring website, security tokens (for authentication and information submission, like RFP forms),

• The access date,

• The file request of the client (file name and URL),

• The HTTP response code and the website from which you are visiting us,

• The number of bytes transferred during the connection,

• and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (such as delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

2. Type of Cookies that we use

We use cookies across Sunday technologies (websites, apps, etc.) to improve their performance and enhance your user experience.

Cookies are used to provide the following functions:

Personalization: For example, your language preference is remembered.

Session Management: To ensure that your session is routed to the correct system for the duration of your visit.

Usage Tracking: We use cookies to provide analysis of our users’ on-going usage of the website. This allows us to adapt our website’s offerings according to our users’ interests and facilitates on-going improvements to the website.

AB Testing / Multivariate Testing: We can display multiple versions of a page to a user to assess which generates the best user experience.

Advertising: We can display advertising content depending on location, language, and your past browsing history.

2.1 Analytics Cookies

Analysis cookies allow us to understand how you interact with our services in order to analyze, research and improve them (also with the help of third-party data analysis tools).

The analysis cookies which we use are as follows:

Name of Cookie	Purpose of the cookie	Expiration
Adobe Analytics	To analyze how our visitors use our websites	11 months
Google Analytics (Analytics Providers)	To collect demographic and interest-level information and usage information from you when you visit our Site (including information about the pages you entered and exit the Site and what pages you viewed, time spent, browser, operating system, and IP address etc.). To recognize you when you visit our Site and when you visit other sites. For more information regarding Google’s use of cookies, and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).	11 months
Hotjar	To record your journey on our Site	11 months
Datadog	To ensure the quality of service delivered to our clients by collecting errors, performance metrics and replay sessions for technical improvements.	1 day
Auth0	To keep the user account session connected	1 day
GCP_IAP_UID  (Google Cloud)	Identity aware Proxy	10 minutes
__cid (Datadog)	Cookie used to store the client identifier	15 years
_dd_s (Datadog)	Cookie used to group all events generated from a unique user session across multiple pages.	15 minutes
__zlcmid (Verasafe)	This Cookie is used to store the visitor’s identity across visits and the visitor’s preference to disable our live chat feature.	1 year and 2 months
_ga (Google Analytics)	Used to collect google analytics data	1 year and 1 month
_hjAbsoluteSessionInProgress (Hotjar)	Used to detect the first pageview session of a user.	30 minutes
_hjSessionUser (Hotjar)	Set when a user first lands on a page.	12 months
_hjSession (Hotjar)	Holds current session data.	30 minutes
ajs_anonymous_id (Segment)	Cookie used to store new visitor on our site	1 year
ajs_user_id (Segment)	Cookie used to store the user identifier	1 year
optimizelyEndUserId (Segment)	Stores a visitor’s unique Optimizely identifier. It’s a combination of a timestamp and a random number.	6 months
intercom-id (Intercom Messenger)	Anonymous visitor identifier cookie	8 months and 25 days
intercom-session (Intercom Messenger)	Identifier for each unique browser session	7 days
mkjs_user_id (Segment)	Analytics: user activity	1 year and 7 days
mkjs_group_id (Segment)	Analytics: These cookies are used to record the amount of people that visit our site, and track whether you’ve visited before.	1 year and 7 days
fs_uid (Segment)	Analytics: to maintain a coherent scope for a user session across multiple pages on a single website	1 year and 7 days

2.2. Targeting / Advertising Cookies

Advertising cookies and other similar technologies allow us to place targeted advertisements on other sites you visit and to measure your activity regarding those advertisements.

The targeting/advertising cookie which we use are as follows:

Name of the cookie	Purpose of the cookie	Expiration
Facebook Pixel	Identifies visitors from Facebook posts	11 months
Facebook Custom Audiences	Custom audiences on our website to reach you if you visit our website and send you the right message on Facebook	11 months
Google Conversion Linker	Detects ad click information in our conversion page URLs and stores this information to associate an ad click with a conversion	11 months
Google Conversion tracking	Google Conversion tracking	11 months
Google Remarketing	Google code specifically for remarketing/retargeting based advertising	11 months
Google Ads	Measures the efficiency of sponsored campaigns	11 months
Facebook conversion tracking	Allows click tracking on ads	11 months

 

3. What types of targeting do the cookies allow?

Demographics: Target ads based on how well products and services trend with users in certain locations, ages, genders, and device types.

In-market: Show ads to users who have been searching for products and like-services.

Custom intent audiences: Choose words or phrases related to the people that are most likely to engage with sites and make purchases by using “custom intent audiences”.

Similar audiences: Target users with interests related to those on remarketing lists.

Remarketing: Target users that have already interacted with our ads, website, or app

Social media platforms: utilize information about their users in order to determine whether those users should be presented a specific advertising campaign based on criteria selected by the advertiser. This may include information collected through a pixel or similar technology placed on our website, provided by users to the social media platform (e.g., account information and usage of the social network), and information collected from third party websites that is shared with the social media platform.

We do not control the information collected by such partners or advertiser in connection with our website or the further use of information we may provide to them for the aforementioned services, and they do not process such data on our behalf.

Only the data protection policies of those third parties as the respective controllers of such data will apply to their processing of such data.

4. How to opt out?

To opt out of the collection of personal information as part of the Google DoubleClick services (and personalization across Google partner websites and google search) please visit: www.google.com/ads/preferences/html/opt-out.html.

Further information on how Google uses information can be found here https://policies.google.com/technologies/partner-sites.

To opt-out of personalized advertisements on your social media account or newsfeed and for more information on how these social media platforms use your information, please visit:

Facebook: https://en-gb.facebook.com/privacy/explanation

Instagram: https://help.instagram.com/519522125107875

Twitter: https://twitter.com/en/privacy

If you would like to control the use of information about you collected by Facebook from third party websites, you can visit Facebook’s ‘Off-Facebook’ privacy settings here: https://en-gb.facebook.com/off-facebook-activity

5. How can you change your preferences or block cookies?

You can change your consent preferences regarding the use of cookies by accessing your preference center.

6. Is your consent required for cookies?

When you use our services, you are notified of the use of cookies and asked to provide your consent for cookies which are not strictly necessary for the services proper operation (for example, Targeting / Advertising cookies).

In addition, you can prevent or restrict the storage of cookies on your hard disk by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time.

Please refer to your browser’s operating instructions to find out how this works. If you choose to disable cookies, some features of our website or Services may not operate as intended.

7. Do we use Pixels (aka web beacons/web bugs/javascript)?

We use pixels to automatically record certain technical information about your interactions when you visit our websites or otherwise engage with us, to help deliver cookies on our websites, or count users who have visited our sites.

We also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. “Pixels” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements, and related information users.

Unlike cookies, which are stored on a user’s computer hard drive, pixels are embedded invisibly on web pages or in HTML-based emails.

The data we receive through pixels allows us to effectively promote our sites to various populations of users, and to optimize external advertisements about our sites that appear on third-party websites.

Privacy Policy

March 2022

We (“we” or “SUNDAY” or “us”) pay particular attention to the respect of the regulations relating to the protection of your Personal Data (the “Regulations”), whether you are a Client who subscribed to our Services, you are an Establishment (or a member of the staff of an Establishment) using our Solution or you are an end customer who orders and/or pays your bills via our Application, but also if you are a job candidate wishing to join us or an internet user who visits our website https://sundayapp.com/ (the “Site”).

This Privacy Policy applies to all Personal Data (defined as data directly or indirectly related to a natural person, such as identifier, name, identification number, location data, online identifier) that we collect, maintain, transmit, store, retain, or otherwise use, in the course of using our Services, regardless of the media on which that data is stored. Personal Data is subject to certain legal safeguards based on where the data subject resides as specified in the Regulations. Our Privacy Policy is intended to explain the conditions under which we, or our employees, agents, representatives, third-party service providers or anyone who has access to the Personal Data we collect will process the Personal Data. Therefore, whether you use our website, Services, Application or Solution or apply for a job with us or send us requests for information, you must read and accept our Privacy Policy.

All the terms in capital letters not defined here are defined in our General Terms of Services.

1. Personal Data Protection Principles

1.1.

We adhere to general data privacy principles when collecting and processing Personal Data that require us to:

• Collect and use Personal Data fairly and only for lawful and specified purposes related to our legitimate business objectives.
• Limit our Personal Data collection to what is adequate, relevant, and not excessive for the intended purpose.
• Notify individuals about our Personal Data processing practices in a clear and transparent manner.
• Ensure the accuracy of the Personal Data we collect, hold, and use.
• Retain Personal Data only for the time needed to fulfill the established purpose.
• Respect data subjects’ rights.
• Secure the Personal Data we hold.

 

2. What Personal Data do we collect?

2.1.

For purposes of our Privacy Policy, all Personal Data listed in this section is defined as “Personal Data”.

Depending on the services we provide to you, we may collect, with your prior consent, in our capacity as data controller, including but not limited to, the following Personal Data:

If you are a Client who subscribed to our Services or an Establishment using our Solution: name, first name, position, professional email and postal address, telephone number, login and password for your account, copy of your and/or your staff’s ID.

If you are a customer of one of our Clients (i.e. bar, festival, restaurant, food court, stadium or other Establishments) who uses the Application: last name, first name, gender, date of birth, email address, postal address, telephone number, account login and password, unique identification number of your device, location data, a profile photo as well as any comments you post on the Application. We may also collect your food preferences, allergies and intolerances as well as your payment methods.

If you are a candidate for a position with us: last name, first name, email address, telephone number, CV, photograph, LinkedIn profile, IP address, languages spoken and past work experience, diplomas obtained and studies completed, hobbies, as well as any data that is voluntarily communicated via the application forms or in the cover letters

If you are an Internet user of our Site: name, first name, email address, telephone number, postal code, your restaurant and any POS communicated via the contact forms and any other information transmitted via the contact email addresses.

When you browse our Site or use our Application, we may also collect your IP address via our cookies. For more information, see our Cookies Policy.

The information that must be completed is identified by asterisks. If you do not provide this information, we will not be able to carry out our assignment or process your request.

2.2.

You are the one who communicates the Personal Data to us. Their accuracy and updating is your responsibility.

2.3.

When you are a Client operating one or more Establishment(s) or having registered Beneficiary Companies, you have ensured that you have obtained all the appropriate authorizations to communicate the Personal Data of the persons concerned to us.

Moreover, on your side, as a data processor, you are required to ensure that the processing of Personal Data of our teams and/or service providers as well as of the teams of your Establishments and Beneficiary Companies, if any, and those concerning your end customers, are in full compliance with the law and the Regulations. These processing operations are carried out under your sole responsibility. It is also your responsibility to communicate our Privacy Policy to each member of your staff in order to ensure their prior consent.

2.4.

All of the obligations incumbent upon you under this section are essential. You will indemnify us for any and all claims, actions or damages and costs that may arise from any breach by you of this Privacy Policy or any applicable Regulations.

3. Why do we collect Personal Data?

The processing of Personal Data is strictly necessary for the business purpose you have entrusted to us, for the use of our Services, the Solution, the Application, the use of our Site or the processing of your requests. We will notify you of the specific business purpose when we first collect the data. Any Personal Data collection and processing we conduct must also comply with that notice and any other related privacy disclosures. We cannot use Personal Data for new, different, or incompatible purposes unless the data subject consents to the new use after receiving a revised privacy notice.

Therefore, they are only used for:

• The verification of your identity and status,
• The execution and the follow-up of the contract which binds us to you,
• The creation of your account and your accesses,
• The use of the Solution, the Services, the Site or the Application,
• Our marketing and sales prospecting operations, subject to your prior consent,
• The processing of your requests for information and quotes and your job applications,
• The management of unpaid bills, claims and possible litigation,
• The processing of requests to exercise your rights in accordance with section 5 below,
• More generally, the respect of legal and regulatory obligations incumbent upon us.
• Aggregate Information: We may share aggregate and anonymized/pseudonymized Personal Data to third parties in order to promote or describe use of our Services, the Solution or the Application, for research, marketing, advertising, or other commercial purposes.

In order to allow us to constantly improve our Services and our Solution, we may also anonymize Personal Data.

4. How long do we keep Personal Data?

We only keep Personal Data for the time strictly necessary for the legitimate business purposes mentioned above, i.e:

• If you are a Client who subscribed to our Services or an Establishment using our Solution, or a Customer using our our Application: 5 (five) years from the collection of Personal Data, then in intermediate archiving with punctual and restricted access for a maximum period of 10 (ten) years, in accordance with accounting regulations,
• If you have sent us a request for information or a quote via our Site: 3 (three) years from the date of receipt of your request,
• If you have applied for a job with us: 2 (two) years from the date of receipt of your application if it is not accepted,
• If you have sent us a request to exercise your rights: 5 (five) years from receipt of your request.

We will take all reasonable steps to destroy, or erase from our systems, all Personal Data that we no longer require and follow all applicable records retention schedules and policies.

5. What are your rights?

5.1.

You have rights when it comes to how we handle your Personal Data. These rights vary depending on where you reside but generally you have the right to access, modify and delete your Personal Data. As such, you can:

• Access all of your Personal Data, or only the Personal Data on which we would have based a decision concerning you,
• Obtain a copy of it,
• Request that your Personal Data be, as the case may be, corrected, completed, updated or deleted, subject to the exceptions provided for by the Regulations,
• Define the treatment of your Personal Data after your death (conservation, deletion or transmission to a third party that you have previously designated),
• Prevent our use of your Personal Data for direct marketing purposes.

You also have the right to object to:

• the re-use of your Personal Data for solicitation purposes, notably commercial solicitation; the processing of your Personal Data, for legitimate reasons, except if this processing is because of a legal or regulatory obligation.

Finally, the right to data portability offers you the opportunity to retrieve your Personal Data in a structured, open and machine-readable format.

We commit ourselves to communicate the information requested under the conditions set out above, within a maximum of 1 (one) month from the receipt of the request. This period may be extended by a maximum of 1 (one) month if the request is complex or requires further study. In case of extension of the deadline for processing the request, the applicant has the possibility to ask us to freeze the use of his Personal Data, during the deadline for processing the request.

6. With whom is the Personal Data shared?

6.1.

We may only send the Personal Data we hold to persons intervening within the framework of our activity. That includes our staff and the staff of our parent company, Sunday App Inc., PBC (305 Delmont Dr, NE 30305 Atlanta, United States), and any of its affiliates, notably in the sales, IT, client services, accounting departments, if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions.

6.2.

We may subcontract certain Personal Data processing activities. Beforehand, we have ensured that all of these service providers present the appropriate guarantees, particularly in terms of Personal Data protection.

To date, there are external services responsible for fulfilling our social, accounting and tax obligations as well as our technical service providers (such as Google Analytics). We provide you with a list of our subcontractors. In case of change, we will inform you in advance.

7. Is the Data transferred outside the European Union and the European Economic Area?

In accordance with our obligations, when Personal Data is transferred to a country that is not located in the European Union and the European Economic Area (EEA), or to a country considered not to offer an adequate level of protection according to the European Commission, we undertake to (i) seek your consent, (ii) put in place appropriate procedures in order to comply with the Regulation, in particular in the event that authorization from a competent authority is required, and (iii) to put in place appropriate safeguards with respect to the supervision of such transfer in order to ensure a necessary and adequate level of protection, such as the implementation of binding corporate rules or the conclusion of standard contractual clauses adopted by the European Commission.

In this context, we inform you that we may transfer Personal Data outside the European Union to our parent company, Sunday App Inc., PBC located in the United States, or to one of its affiliates, notably Application Sunday Inc, located in Canada. We have, as such, put in place all the appropriate measures in order to manage this transfer, in accordance with the applicable Regulation.

In the event that we proceed with other transfers, we will seek your prior consent, unless otherwise required by law on important public interest grounds.

8. What privacy and security measures do we have in place?

The protection of Personal Data is an important issue for us.

To this end, we ensure that our team members, partners and subcontractors who, by virtue of their function/role, may have access to Personal Data, are subject to a strict obligation of confidentiality.

We have put in place technical and organizational measures to protect Personal Data against damage, loss, misappropriation, intrusion, disclosure, alteration or destruction.

If, in spite of the measures taken, we should be informed of a violation within Sunday of the Personal Data, likely to generate a risk for the rights and freedoms of the persons concerned, we undertake to notify, under applicable data privacy laws, the violation in question to the competent control authority at the latest 72 (seventy-two) hours after having become aware of it, and to the person concerned as soon as possible.

9. To whom should you address your requests or complaints?

If you have any questions or complaints regarding the processing carried out or the exercise of your rights, you can contact us at any time by email: dataprivacy@sundayapp.com .

You can also contact your national data protection agency.

10. Changes to our Privacy Policy

We reserve the right to modify our Privacy Policy, in particular in order to take into account any changes in the Regulations. Any changes will be subject to your prior approval.