GDPR Compliance
SmartMenu GDPR Compliance
We are fully compliant with the General Data Protection Regulation (GDPR) and committed to protecting your privacy rights.
Data Controller Information
Data Controller: SmartMenu SAS
Owner: Tarek Oudjit
CEO & Data Protection Officer: Gueya Oudjit
SIRET: 81857161400036
VAT: FR 81857161400036
RCS: Paris B 818 571 614
Address: Paris, France
DPO Contact: gaiaoudjit@gmail.com
Phone: +213 795 897 067
GDPR Compliance Status
Compliant
Fully GDPR compliant since May 2018
Certified
ISO 27001 & SOC 2 certified
Monitored
Regular compliance audits
1Your Rights Under GDPR
Under GDPR, you have the following rights regarding your personal data:
Right to Information
Understand how your data is processed and for what purposes.
Right to Access
Request access to your personal data and receive a copy.
Right to Rectification
Correct inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restriction
Limit the processing of your personal data.
Right to Portability
Transfer your data to another service provider.
2Legal Basis for Processing
We process your personal data based on the following legal grounds:
Contract (Article 6(1)(b))
Processing necessary for the performance of a contract or to take steps at your request.
- Account creation and management
- Service delivery and support
- Payment processing
Legitimate Interest (Article 6(1)(f))
Processing necessary for legitimate interests pursued by us or a third party.
- Service improvement and analytics
- Fraud prevention and security
- Marketing to existing customers
Consent (Article 6(1)(a))
Processing based on your freely given, specific, informed consent.
- Marketing communications
- Optional cookies
- Special category data
Legal Obligation (Article 6(1)(c))
Processing necessary to comply with a legal obligation.
- Tax and accounting requirements
- Regulatory compliance
- Court orders and legal requests
3Data Protection Measures
We implement comprehensive technical and organizational measures:
Technical Measures
- End-to-end encryption (AES-256)
- Secure data centers (ISO 27001)
- Regular security audits
- Multi-factor authentication
- Access controls and monitoring
- Regular backups and recovery
Organizational Measures
- Privacy by design principles
- Data protection impact assessments
- Staff training and awareness
- Data processing agreements
- Incident response procedures
- Regular compliance reviews
4Data Processing Records
We maintain detailed records of our data processing activities:
| Processing Purpose | Legal Basis | Data Categories | Retention Period |
|---|---|---|---|
| Account Management | Contract | Identity, Contact | Account lifetime + 30 days |
| Service Delivery | Contract | Usage, Technical | Service period + 1 year |
| Payment Processing | Contract | Financial | 7 years (tax law) |
| Marketing | Consent | Contact, Preferences | Until consent withdrawal |
| Analytics | Legitimate Interest | Usage, Technical | 26 months |
5International Data Transfers
When we transfer data outside the EEA, we ensure appropriate safeguards:
Adequacy Decisions
We transfer data to countries recognized by the European Commission as providing adequate protection.
Standard Contractual Clauses
We use EU-approved Standard Contractual Clauses (SCCs) with service providers in third countries.
Binding Corporate Rules
We work with partners that have approved Binding Corporate Rules for international transfers.
6Data Breach Procedures
We have established procedures for handling data breaches:
72-Hour Notification
We notify the supervisory authority within 72 hours of becoming aware of a breach, as required by GDPR Article 33.
Individual Notification
We notify affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms.
Incident Response
We have a dedicated incident response team and procedures to contain, assess, and remediate breaches.
7How to Exercise Your Rights
To exercise your GDPR rights, you can:
Self-Service Portal
- Access your account settings
- Download your data
- Update your information
- Delete your account
Contact Us Directly
- Email: gaiaoudjit@gmail.com
- Phone: +213 795 897 067
- Subject: "GDPR Rights Request"
- Response time: 30 days
What to Include in Your Request
- Your full name and email address
- Specific right you want to exercise
- Proof of identity (if required)
- Any additional relevant information
GDPR Questions or Complaints?
If you have questions about our GDPR compliance or want to file a complaint:
Data Protection Officer: Gueya Oudjit
Email: gaiaoudjit@gmail.com
Phone: +213 795 897 067
Address: SmartMenu SAS, Paris, France
SIRET: 81857161400036
Supervisory Authority: You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) or your local data protection authority.
© 2025 SmartMenu SAS. All rights reserved.