GDPR & Data Rights

1. Who this page is for

This page applies to anyone who interacts with Dynnr — whether you are a restaurant owner with an account or a diner who scanned a Dynnr QR menu. It explains your rights under:

• The EU General Data Protection Regulation (GDPR), 2016.
• India's Digital Personal Data Protection Act, 2023 (DPDP Act).
• The UK GDPR and other equivalent laws to the extent they apply.

We chose to grant every user the strongest of these protections, no matter where you live.

2. Who is the data controller

For restaurant account data, Dynnr is the data controller. For diner analytics on a restaurant's menu, the restaurant is the controller and Dynnr is the data processor.

You can reach us about any data matter at hello.dynnr@gmail.com.

3. Your rights — what you can do

Right of access

You can ask for a copy of all the personal data we hold about you. We provide it in a readable, structured format (JSON or PDF, your choice) within 30 days, free of charge for the first request in any 12-month period.

Right to rectification

You can ask us to correct anything inaccurate or incomplete. For data you control directly (account name, email, business details), you can also update it yourself from the dashboard.

Right to erasure ("right to be forgotten")

You can ask us to delete every piece of personal data we hold about you. We will purge it within 30 days. We will tell you about anything we are legally required to keep (typically tax invoices for 8 years under Indian tax law) and exactly when those records will themselves be deleted.

Right to data portability

You can ask for a portable copy of your data in a machine-readable format (JSON or CSV). Your menu, dietary tags, dashboard settings, and analytics history can all be exported.

Right to restrict or object

You can ask us to limit how we process your data or object to specific uses (for example, marketing emails). Once you object, we stop the affected processing within 7 days.

Right to withdraw consent

Wherever we rely on your consent to process data (optional product emails, optional analytics opt-in), you can withdraw that consent at any time. Withdrawal does not affect anything we did before you withdrew.

Right to lodge a complaint

If you believe we have mishandled your data, you can lodge a complaint with:

• The Data Protection Board of India (under the DPDP Act).
• Your local EU supervisory authority (under the GDPR).
• The Information Commissioner's Office (UK GDPR).

We hope you will email us first so we can fix the issue directly.

4. How to exercise any of these rights

Email hello.dynnr@gmail.com with the subject line "Data request" and tell us which right you want to exercise. Include:

• The email address tied to your Dynnr account (if you have one).
• A short description of what you are asking for.
• Any identification needed to confirm it's really you, so a stranger can't request your data.

We acknowledge every request within 48 hours and complete it within 30 days. The service is free for reasonable requests; we may charge a small fee for clearly excessive or repeated requests, as the law allows.

5. Lawful basis we rely on

• Contract: processing necessary to deliver the Dynnr service you signed up for.
• Legitimate interest: securing the platform, preventing fraud, and improving the product (we balance these against your rights and never override the latter for the former).
• Consent: optional analytics and optional product emails.
• Legal obligation: tax records, lawful requests from authorities, breach notifications.

6. International transfers

Your data is stored on AWS Mumbai (India). Some of our vendors (payments, transactional email) may process data outside India. Every cross-border transfer is governed by Standard Contractual Clauses approved by the relevant regulators.

7. Data Protection Officer

Dynnr does not currently meet the threshold that legally requires appointing a Data Protection Officer. Until we do, all data requests and complaints are handled by the founding team. Email hello.dynnr@gmail.com and a founder will respond personally.

8. Changes

If we change anything material in this page, we will email every active account at least 30 days before the change takes effect.