Last Revised and Effective: 03.24.23| PDF Version available upon request
This Privacy Policy (the “Policy”) describes how we collect, use, and share your personal data, as well as your choices and rights with respect to that personal data.
This is the Privacy Policy of Jamix, Inc. (“Jamix,” “us,” “our,” or “we”). You can contact us and our Data Protection Coordinator, using the information in the “Contact” section below.
This Policy applies to the Jamix software platform, pages, and services (collectively, the “Service”), including:
This Policy is incorporated into the Terms of Use governing your use of our Service. The Terms of Use that are applicable to a given Client Site (including Client Sites presented in a Mobile App) are generally presented along with this Privacy Policy for acknowledgment when you first visit the site, and are available via a link in the Client’ Site’s page footer. Any capitalized term not defined in this Policy will have the definition (if any) provided in our Terms of Use.
Please read this Privacy Policy carefully to understand how we handle your Personal Data. Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Privacy Policy.
provides our Service to and processes information on behalf of organizations (typically foodservice providers) that have entered into an agreement with us (our “Client(s)”) to do so. When our Service is provided on behalf of a Client, we may process Personal Data (defined below) relating to the Client’s internal users of the Service as well as registered or public users of the Service (“User(s)”). A Client will typically have direct access to Personal Data that is collected through the contracted Client Site(s) that they administer.
This Policy reflects only how we process Personal Data through our Service. This Policy does not apply to ’s Clients’ own processing of information outside of the Service, which they may collect from the Service or independently. For more information on a Client’s privacy policies and practices, please contact the Client directly and/or request their privacy policy. A Client’s contact information can typically be found in the “Contact” section (or equivalent) of the Client Site. Similarly, this Policy does not apply to information received or processed by other third party website or services that you may visit outside of the Service, including any links to third party websites or content that a Client may include or embed in a Client Site. Please review any third parties’ privacy policies for information on their privacy practices.
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):
Personal Data about you and your identity, such as your name, ID number, username, and other Personal Data you may provide on registration, as part of an account profile.
Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications service usernames/handles, as well as a name or other salutation.
Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.
Personal Data relating to your preferences and interests, such as the types of food you may like or commonly order, dietary preferences or food selection criteria, or favorite locations/menus.
Data collected from form fields that are customizable by our Client, which may include any category of Personal Data (and non-personal data) that Client otherwise configures the Service to collect from Users in order to fulfill an order or communicate with You regarding their services and products.
Unstructured/free-form data that may include any category of Personal Data (and non-personal data), e.g. data that you give us in free text fields such as survey responses, feedback forms, or emails/comments to us or the Client.
We collect Personal Data in various ways, which vary depending on the context in which we process that Personal Data, as described below.
You may provide us or our Clients with Personal Data directly. We may collect any of the above categories of Personal Data when you submit it through our Service, for example, as part of account registration or when you place an order.
We may receive certain Personal Data—including Identity Data, Contact Data, or Financial Data—from our Clients or from other third-party systems that we or a Client uses, integrates with, or imports data from in conjunction with the Jamix Service, for example, payment processing systems, point-of-sale systems, and accounting systems.
We (or third parties operating on our behalf) create and infer Personal Data, i.e. Inference Data or Aggregate Data, based on our observations or analysis of other Personal Data processed under this Privacy Policy, and we may correlate this data with other data we process about you.
We, our Clients, or third parties with whom we’ve contracted to provide specific systems or functions may collect certain Personal Data automatically, for example, Device/Network Data is typically collected automatically in server logs and through the use of cookies and similar technologies.
We typically collect Personal Data and other data from you, and use that information in the following ways, and for the general business and commercial purposes described below, or as otherwise communicated to you from time to time.
If you are only viewing menus or other information on the Service, you are not required to create an account.
During account registration, the Service typically collects Personal Data including Identity Data, Contact Data, and Order/Transaction Data and any other information included on the registration form.
If enabled, the Service may allow you to register, log in, and/or otherwise authenticate your identity using pre-existing account credentials for a third-party website or service. This optional service (may not be available on all Client Sites) is referred to as “single sign-on” or “SSO”. When you register or authenticate using SSO, we may collect Identity Data, Contact Data, and any other relevant information provided to us via the SSO partner. (We will not collect your password for that third-party service, so if you forget your password, please coordinate with the appropriate third party.)
We, and certain third party service provider partners that we have engaged to provide or enable functionalities of the Service, may process data about you and your device (such as IP address, operating system information, web browser and version number, ISP or wireless internet provider, and other information about your connection to the internet or the device you are using) when you interact with cookies and similar technologies. Please note that the privacy policies of such third parties may apply to these technologies and information collected. We generally use this information as follows:
Note: Some of these technologies can be used by us and/or our third-party service provider partners to identify you across devices, sites, and services.
If we process Personal Data in connection with our Service in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it. Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest.
We process Personal Data for common business and commercial purposes, as described below:
We process any Personal Data as is necessary to provide our Service, authenticate users and their rights to access the Service, or various data, features, or functionality, and as otherwise necessary to fulfill our contractual obligations to you and to our Client(s), and provide you and our Clients with requested information, features, and services.
We may use Personal Data we process through our Service as necessary in connection with our business interests in improving the design of our Service, for customer service purposes, in connection with logs and metadata relating to Service use, and for ensuring the security and stability of the Service. Additionally, we may use this data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Service, how our Service performs, etc., or we may analyze use of the Service to determine if there are specific activities that might indicate an information security risk to the Service, our Users or our Clients. We may also use this information in connection with the provision of new features, products, and analytics tools to be used by other Clients. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
We use Personal Data processed through our Service to create aggregate analytics relating to Service Use. For example, we use Guest Users’ Personal Data to create aggregate analytics relating to trends in how Guests interact with our Clients, such as food and drink orders, product choices, common preferences, and other similar information. Service Analytics will not contain information from which an individual may be individually identified. These analytics may be made available to our Clients. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests and commercial uses of Personal Data.
We process Personal Data in connection with our legitimate business interest in personalizing the Service. For example, the Service may be customized to you so that it displays your name, reflects service preferences, to suggest orders, or to display items that you have ordered or interacted with in the past, etc. This processing may involve the creation and use of Inference Data relating to your preferences. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data for purposes determined to be in the public interest, required by law, or as necessary in connection with the establishment or defense of our legal rights. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, to establish claims for violations of applicable contracts, for authorized medical or public health purposes, or as otherwise in the public interest or required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
If we process Personal Data in connection with our Service in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to Users’ rights and choices) unless otherwise stated when you provide it.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
Jamix provides the Service, which processes data on behalf of our Clients, and any Personal Data you provide through the Service may inherently be shared with our Client who has engaged Jamix to host a given Client Site.
In connection with hosting the Service, our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests or other business purposes, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf or our Client’s behalf. As examples: we may use cloud-based hosting providers to host our Service; we may integrate analytics tools to provide business insights to our team or our Clients; we may integrate with a third party transactional system such as a payments processor to enable transaction processing or with a point-of-sale provider to enable a Client’s fulfillment operations.
In order to streamline certain business operations and develop products and services that better meet the interests and needs of our Clients and Users, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Any Personal Data may be shared in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime (including in connection with law enforcement or national security investigations), to investigate violations of our Terms of Use, or when in the vital interests of us or any person. Note that where applicable, these disclosures may be made to governments with jurisdiction over the Service or data, that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or other matters in the public interest.
Subject to our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.
Note: we are unable to directly fulfill rights requests regarding Personal Data controlled by Clients. Please contact the Client directly for data rights requests that relate to Client-controlled information, and we will assist the Client to the extent necessary in the fulfillment of your request.
You may exercise your rights by contacting our Data Protection Coordinator at [email protected].
You may receive a list of your Personal Data that we possess/process to the extent required and permitted by law.
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu, or may contact using the contact information in the “Contact” section below.
To the extent required by applicable law, you may request that we delete your Personal Data from our systems.
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
You have the right to contact or file a complaint with regulators about our processing of Personal Data. In the U.S., you can contact the Federal Trade Commission. In the EU and elsewhere, please contact your local data protection or consumer protection authority.
Additional information about individual’s rights and choices under California are described in the “Your California Privacy Rights” section below.
Subject to our right to continue to process your Personal Data to the extent allowed under applicable law, you have the following choices regarding the Personal Data we process:
If you consent to processing, you may withdraw your consent at any time, to the extent required by law. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of the Service.
We will remove or anonymize Personal Data after a reasonable time if it is not associated with an active Customer account or (i) when we believe it is no longer necessary to retain the Personal Data for the purpose it was originally collected, (ii) at the request of the user or our Client, or (iii) in accordance with any terms and conditions to which we are bound, except where the burden or expense of deleting information based on an individual’s request would be disproportionate to the risks to the privacy of the individual in the case in question or where rights of persons other than the individual would be violated. To the extent permitted by law, we reserve the right to securely retain encrypted backup copies of our database(s) for up to one year, which may contain Personal Data that has been removed from the Service until the backup(s) are automatically deleted.
This policy may change from time to time. We will post the most current version of this policy on our website with the effective date. Your continued use of the Service means you consent to the terms of any new Policy.
Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request (see below for verification requirements):
Right to Know
You may request any of the following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.
Right to Delete
You have the right to delete or require us to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.
Right to Non-Discrimination
You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.
Direct Marketing
You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes (if any) during the preceding calendar year. Please note that at this time, we do not provide any of your Personal Data collected via the Service to third parties for direct marketing purposes (other than to the Client who has engaged to host a Client Site on their behalf) and have no expectations of doing so.
Opt-Out of Sale
If we engage in sales of data (as defined by applicable law), you may direct us to stop selling your Personal Data to third parties. Please note that at this time, we do not sell Personal Data and have no plans to do so in the future.
You may submit requests for any of the following actions or disclosures by emailing us at [email protected]
(see below for summary of required verification information):
Right to Know
Please provide your email address, phone number and address we have on file for you along with your desire to know what Information we have on you.
Right to Delete
Please provide your email address, phone number and address we have on file for you along with a statement of your request to have Personal Data deleted.
Direct Marketing
You may request a list of any relevant direct marketing disclosures (if we have made any)
To reduce fraud and to ensure the security of Personal Data, all requests to which a user is entitled must be pre-verified to ensure that the individual making the request is authorized to make that request. We may require that you provide the email address we have on file for you and verify that you can access that email account and/or to provide an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data as defined above: Identity Data; Order/Transaction Data; Contact Data; Financial Data; Device/Network Data; Inference Data; User Content.
Data Sale
For purposes of the CCPA, we do not “sell” your Personal Data.
Right to Know
Category of Data | Category of Sources | Business and Commercial Purposes | Categories of Recipients |
Identity Data | Data you provide to us; Data provided by third parties | Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest | Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other |
Order/Transaction Data | Data you provide to us; Data provided by third parties; Data we create or infer | Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest | Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other |
Contact Data | Data you provide to us; Data provided by third parties; | Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest | Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other |
Financial Data | Data you provide to us; Data provided by third parties; Data we create or infer | Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest | Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other |
Device/Network Data | Data you provide to us; Data provided by third parties; Data collected automatically | Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest | Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other |
Inference Data | Data you provide to us; Data we create or infer | Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest | Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other |
Client-Specific Data, Freeform Data | Data you provide to us; Data provided by third parties; Data we create or infer; Data collected automatically | Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest | Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other |
If you are located outside the US, your Personal Data may be transferred to and/or processed in a location outside of the European Economic Area (EEA).
Your Personal Data may also be processed by staff operating in the United States or outside the EEA working for us or third-party data processors. Such staff may be engaged in, among other things, the provision of our Services to you, the processing of transactions and/or the provision of support services.
Some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we do transfer your Personal Data to other territories, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with this Privacy Policy. We may transfer Personal Data from the EEA to the US using the EU standard contractual clauses, the EU-U.S. Privacy Shield Program, under Binding Corporate Rules, or other lawful mechanisms. You can obtain more information about the safeguards we put in place by contacting us.
Under the GDPR and analogous legislation, you may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request. You may exercise any of these rights by sending an email to [email protected]
Access | You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law. |
Rectification | You may correct any Personal Data that we hold about you to the extent required and permitted by law. |
Delete | To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. Contact us as part of your request to determine how your Personal Data will be erased in connection with your request. |
Data Export | To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice. |
Objection | You may have the right under applicable law to object to our processing of your Personal Data that we undertake without your consent in connection with our legitimate business interests (including any processing specified as such, or processed under this Policy for a Business Purpose). Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing where our interests in processing are balanced against individuals’ privacy interests. |
Regulator Contact | You may have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority. |