Eat 'n Drink
Request to registerLog in

Privacy policy

Last updated: 11 May 2026

This policy describes how personal data is processed when you use the Eat 'n Drink website and services at https://www.eatndrink.eu (the “Platform”). The Platform is operated by Manifesto Businesson behalf of the Eat 'n Drink product. It applies to restaurant and venue operators (“Venues”), their staff, and guests who use digital menus or related features offered by a Venue through the Platform.

Manifesto Business

Rruga Mbreti Gent, Shkodër, Albania

Eat 'n Drink (privacy & product): info@eatndrink.eu

Company contact: info@manifesto.al · +355 698 362 068

1. Who is responsible?

For personal data processed through the Platform (including accounts, venue configuration, and product analytics as described below), the data controller is Manifesto Business, Rruga Mbreti Gent, Shkodër, Albania. For privacy questions about Eat 'n Drink, contact info@eatndrink.eu. You may also reach Manifesto Business at info@manifesto.al or +355 698 362 068.

Venues remain responsible under applicable law for their own processing of guest data in the physical business (for example at tables or with their payment terminal), in addition to our role as described here and in any separate agreement with the Venue.

2. What data we process

Depending on how you use the Platform, we may process the following categories of data:

  • Venue and account data: business name, address, city, contact details, branding assets you upload (for example logos), opening hours, menu content, and similar information you or your Venue provide.
  • Owner and staff accounts: name, email address, phone number where provided, role, and credentials (we store passwords only as secure hashes, never in plain text).
  • Registration and support: information you submit when requesting access, contacting support, or corresponding with us (including email content and metadata).
  • Guest and table-side use (when enabled by the Venue): for example table or QR context, items viewed or added to a basket, orders placed for fulfilment at the Venue, waiter-call requests, optional visit registration, and reviews you choose to submit (such as rating, comment, and name if you provide one).
  • Technical and usage data: IP address, device and browser type, approximate timestamps, and events such as menu views or QR scans used to operate and improve the service and to provide analytics to the Venue.
  • Cookies and similar technologies: session cookies for signed-in users (for example to keep you logged in securely) and, where applicable, preferences such as theme choice stored in your browser.

Venues decide which guest-facing features are enabled. If a feature is off, we do not collect the related guest data through that feature. Payment for orders is handled at the Venue unless we explicitly offer another flow; we do not intend to store payment card numbers for guest orders on the Platform as part of the default product.

3. Why we use your data (purposes)

We use personal data to:

  • provide, host, and secure the Platform (including authentication, fraud prevention, and abuse detection);
  • create and manage Venue accounts, menus, and staff access in line with the Venue’s instructions;
  • relay guest orders and service requests to the Venue and generate operational and analytics reporting for the Venue;
  • communicate with you about the service, security, and policy changes, and send transactional messages (such as password reset or approval emails);
  • comply with law, respond to lawful requests, and enforce our terms;
  • improve reliability and performance of the Platform (including diagnostics and aggregated statistics).

Where the GDPR applies, we rely on appropriate legal bases such as performance of a contract, legitimate interests (for example security and service improvement, balanced against your rights), compliance with legal obligations, and consent where we ask for it (for example for optional marketing communications, if offered).

4. Sharing and processors

We share personal data only as needed to run the Platform: with infrastructure and service providers (such as hosting, database, email delivery, and error monitoring) under written agreements that require them to protect data and process it only on our instructions. We may disclose information if required by law or to protect rights, safety, and integrity of users and the public.

Venues are independent controllers for how they use guest data in their own business (for example in the dining room or POS). Our processing on their behalf is governed by our agreement with the Venue and their instructions, within the limits of the product.

5. International transfers

Your data may be processed in the European Economic Area and in other countries where our subprocessors operate. Where we transfer personal data outside the EEA, we use appropriate safeguards recognised under applicable law (such as standard contractual clauses) where required.

6. Retention

We retain personal data only as long as necessary for the purposes above, including to satisfy legal, accounting, or reporting requirements. Account data is kept for the life of the contract and a reasonable period afterwards. Guest-side events and orders may be retained for periods the Venue configures or that we define in the product to support operations and disputes. When data is no longer needed, we delete or anonymise it in line with our retention practices.

7. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords and protect your account credentials.

8. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing of your personal data, and to data portability where applicable. You may also have the right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal. To exercise these rights, contact us at info@eatndrink.eu. You may also lodge a complaint with a supervisory authority in your country of residence or workplace.

Guests should note that some requests may need to be handled together with the Venue if the Venue is the primary holder of the operational record (for example a specific order at a table).

9. Children

The Platform is intended for businesses and adults. We do not knowingly collect personal data from children under 16 (or the age required in your jurisdiction) for consumer-style accounts. If you believe we have collected such data, please contact us and we will take steps to delete it.

10. Changes

We may update this policy from time to time. We will post the revised version on this page and adjust the “Last updated” date. Where changes are material, we will provide additional notice as required by law (for example by email or in-product notice).

This policy is provided for transparency and operational use. It is not legal advice. Venues with specific regulatory obligations (for example sector rules or franchise systems) should obtain advice from qualified counsel and may need additional disclosures or data processing agreements.