Oracle Restaurants eStore Privacy Policy

1. INTRODUCTION

This Oracle Restaurants eStore Privacy Policy (also referred to as the ‘Privacy Policy’) informs you about the collection, use, and sharing (collectively referred to as ‘processing’ or ‘process’) of your personal information in connection with Oracle’s provision of the Oracle Restaurants eStore Products and Services. It also explains the privacy rights you have in relation to these processing activities.

Oracle (“Oracle”, “we”, or “us”) provides a set of restaurant online ordering services that enables restaurants to provide an online ordering and marketing system (the “Oracle Restaurants eStore Online Ordering Platform” or “Platform”) and offers a mobile app via which you can order food from restaurants that use the Platform (“FoodBooking”). Jointly, we refer to the Oracle Restaurants eStore Online Ordering Platform and FoodBooking as the “Restaurant Services.” A restaurant that uses the Platform is referred to as “Restaurant.”

This Privacy Policy was last updated on October 1, 2024. However, the Privacy Policy can change over time, for example to meet changing business or legal requirements. The most up-to-date version can be found on this website. In case there is an important change that we want to highlight to you, we will also inform you in another appropriate way (for example, via a pop-up notice or statement of changes on our website).

As used in this Privacy Policy, “personal information” or “personal data” means information that relates to an identified or identifiable individual. For example, this could include among other things your name, address, email address, or information about past orders. Personal information about you that Oracle may process is also referred to as “information about you.” For more detail about the types of information about you that Oracle may process in the context of Restaurant Services, please refer to Section 4 below.

2. SCOPE

This Privacy Policy applies to Oracle’s use of personal information in relation to the following activities:

  • Restaurant Clients: When you provide your personal information to submit an order through FoodBooking or a Restaurant’s website or app created using the Platform, Oracle will process contact and transactional information about you (“Restaurant Clients”);
  • Restaurants and Partners: Oracle will process personal information on individuals who own, operate, or manage a Restaurant (the “Restaurant Holder”) and on individuals or organizations who introduce new Restaurants to the Platform and/or who manage the Restaurant on the Platform on the Restaurant’s behalf (“Partners”);
  • Individuals: Restaurant Clients, Restaurant Holders, and Partners as defined above are collectively referred to as “individuals”.

The Privacy Policy does not apply to the following activities:

This Privacy Policy does not apply to Oracle’s processing as a processor of personal information at the instruction, and on behalf, of Restaurants that use the Platform, such as, the personal information that is processed in the context of your order with the Restaurant, your order via the point of sale services, or your order by any Partners engaged and authorized by the Restaurants. Restaurants and Partners are independent third parties that maintain their own business practices and policies. When you order food with a Restaurant that uses the Platform, or receive marketing or transactional messages from such Restaurant, the Restaurant controls such direct interactions with you. The Restaurant is contractually obligated, per the Oracle Restaurants eStore Master Agreement, to inform you directly of how it collects and uses your personal information and to obtain your consent where appropriate. If you have any questions about the processing of your personal information in this regard, please review the privacy policy of the Restaurant who collected your information from you or contact that Restaurant directly.

3. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL INFORMATION?

Oracle America Inc., having its registered address at 2300 Oracle Way, Austin, TX 78741, USA, and Oracle Romania SRL, having its registered address at Floreasca Park, 43 Soseaua Pipera, corp B., Sector 2, Bucharest, 014254, Romania, are responsible for the processing of personal information described in this Privacy Policy.

4. WHICH CATEGORIES AND SPECIFIC PIECES OF PERSONAL INFORMATION DO WE PROCESS?

Depending on how you use the Restaurant Services and whether you are a Restaurant Client, Partner, or Restaurant Holder when interacting with the Platform or FoodBooking, the personal information Oracle processes may include:

  • Contact information: name, email address, phone number, address;
  • Order information: transactional details based on your orders, financial details, and payment methods, delivery address(es), and your favorite Restaurants in your geographic location;
  • Restaurant Holder and Partner information: information provided when Restaurant Holders and Partners create a Restaurant or Partner account with the Restaurant Services, username and password;
  • Support information: support chat transcripts and emails requesting support, personal information included in the support chat functionality or via email;
  • Unique IDs: unique IDs such as IP address or a cookie IDs on the browser;
  • Device information: information about the device used by an individual to interact with the Restaurant Services, such as browser, device type, operating system, the presence or use of “apps,” screen resolution, or the preferred language; and
  • Geolocation information: if you use the FoodBooking app, you can enable geolocation sharing to locate nearby Restaurants. You can adjust your settings at the device level.

We collect your personal information directly from you when you use the FoodBooking app or order from a Restaurant using the Platform. Please note that we can provide certain Restaurant Services only if you provide your personal information. If you do not provide the requested information, you may not be able to use the Restaurant Services. For example, if you do not provide your name and contact details, you will not be able to order food via the FoodBooking app.

5. WHY AND HOW DO WE USE YOUR PERSONAL INFORMATION?

We may use your personal information for the following business purposes:

  • to centrally store and manage Restaurant Clients’ personal information in connection with the Restaurant Services;
  • to provide the functionality of the FoodBooking mobile app to Restaurant Clients;
  • to generate aggregated analytics for marketing messages sent and websites created by Restaurants via the Platform;
  • to provide, deliver, and manage the requested functionality of the Restaurant Services and the Restaurant Order-Taking App;
  • to communicate and respond to requests and inquiries to Oracle, including to provide support via the support chat functionality or email;
  • to administer the Oracle Restaurants eStore Partner Program;
  • to analyze, develop, improve and optimize the use, function and performance of the Restaurant Services;
  • to manage the security and operation of our sites, facilities, and networks and systems; and
  • to comply with applicable laws and regulations and to operate our business.

To centrally store and manage Restaurant Clients’ personal information in connection with the Restaurant Services.

When Restaurant Clients order food via the FoodBooking app or the Restaurant’s website or app, their personal information is stored and managed centrally on the Oracle Restaurants eStore Online Ordering system. The information provided by a Restaurant Client when submitting an order is collected specifically for a Restaurant and held by Oracle in order to provide the Restaurant Services.

To provide the functionality of the FoodBooking mobile app to Restaurant Clients.

When Restaurant Clients download and use the FoodBooking mobile app, Restaurant Clients can locate Restaurants that use the Platform, view the menus of these Restaurants, and place orders with them.

To generate aggregated analytics for marketing messages sent and websites created by Restaurants via the Platform.

Restaurant Holders can use the Platform to generate aggregated analytics about the marketing messages they sent, and the websites they created, via the Platform. Oracle uses personal information to generate aggregated analytics on behalf of, and at the direction of, a Restaurant or Restaurant Holder. For example, aggregated information may include the percentage of recipients that open a marketing message without identifying the specific Restaurant Client or the number of new or repeat Restaurant Clients who visit the Restaurant website.

To provide, deliver, and manage the requested functionality of the Restaurant Services and the Restaurant Order-Taking App.

When Restaurant Holders and Partners choose to register with us, we process personal information provided by them so that we can create an Oracle Restaurants eStore Online Ordering account for them. In addition, Restaurant Holders can download and use the Restaurant Order-Taking App to receive orders that are placed with their Restaurant via the Platform. Oracle processes contact and device information to provide this functionality.

To communicate and respond to requests and inquiries to Oracle, including to provide support via the support chat functionality or email.

Oracle may process personal information when individuals have questions about the Restaurant Services or other support questions and reach out to us via the support chat functionality or via email. The support chat functionality is intended only for Restaurant Holders and Partners; Restaurant Clients that have questions about their orders should contact the relevant Restaurant directly.

To administer the Oracle Restaurants eStore Partner Program.

We process Partners’ and Restaurant Holders’ personal information when a Partner enrolls a Restaurant Holder with us, and when we sign up this Restaurant Holder to the Platform.

To analyze, develop, improve, and optimize the use, function and performance of the Restaurant Services.

We may process aggregated personal information in order to analyze, develop, improve, and optimize the use, function and performance of our sites and products and services, including for quality assurance and training purposes.

To manage the security and operation of our sites, facilities, and networks and systems.

We collect and use personal information for our own security and operations management to help keep the Restaurant Services, and related data and systems of Restaurant Clients, Restaurant Holders, Partners, and Oracle under our control, secure. We may also collect usage and systems operations data from Oracle websites or mobile apps to investigate and prevent cyber-attacks, malicious activity, or potential fraud, and to detect bots.

To comply with applicable laws and regulations and to operate our business.

In some cases, we may collect and use personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend against legal claims. We may also process personal information in the operation of our business. For example, to conduct audits and investigations, for finance and accounting, archiving and insurance purposes.

6. WHAT IS OUR BASIS FOR PROCESSING INFORMATION ABOUT YOU?

For personal information collected about you in the EU/EEA, the UK and other relevant jurisdictions, our legal basis for processing is the following:

  • The legal basis for processing individuals’ personal information to administer and manage personal information to provide the requested Restaurant Services or related support services is contractual necessity.
  • The legal basis for processing Restaurant Clients’ personal information to compile aggregated statistics on marketing campaign or website performance is Oracle’s legitimate interest to better understand and improve the services it provides to its customers. The Restaurant is responsible for collecting any required consent from Restaurant Clients prior to sending marketing messages per the Oracle Restaurants eStore Master Agreement.
  • The legal basis for administrating the Oracle Restaurants eStore Partner Program is our legitimate interest in acquiring new Restaurant Holders for the Platform via the Partner Program and the necessity of this processing to take (pre)contractual measures to sign up the new Restaurant Holders.
  • The legal basis for analyzing, developing, improving, and optimizing our sites, facilities, products, and services, and to maintain the security of our sites, networks and systems is our legitimate interest to provide functional and secure services.
  • In some cases, processing may be necessary for compliance with a legal obligation to which Oracle is subject, such as to process an opt-out request.

7. FOR WHAT PERIOD DO WE RETAIN PERSONAL INFORMATION?

Oracle maintains personal information for the following retention periods:

We retain your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include:

  • For as long as necessary for Oracle to provide the Restaurant Services;
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

8. WHEN AND HOW CAN WE DISCLOSE YOUR PERSONAL INFORMATION?

Sharing within Oracle

As a global organization, information about you may be shared globally throughout Oracle’s worldwide organization. See the list of Oracle entities. Please select a region and country to view the registered address and contact details of the Oracle entity or entities located in each country.

Oracle employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.

Disclosing personal information to third parties

We may disclose personal information with the following third parties for a business purpose:

  • Third-party service providers (for example, credit card and payment processing services, order fulfilment, analytics, event/campaign management, meeting scheduling, website management, information technology and related infrastructure provision, customer service and support, e-mail delivery, auditing, and other similar service providers) in order for those service providers to perform business functions on behalf of Oracle;
  • Relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings);
  • As required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.

When third parties are given access to personal information, we will take appropriate contractual, technical and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.

9. HOW IS PERSONAL INFORMATION HANDLED GLOBALLY?

Oracle is a global corporation with operations in over 80 countries and personal information is processed globally. If personal information is transferred to an Oracle recipient in a country that does not provide an adequate level of protection for personal information, Oracle will take measures designed to adequately protect information about you.

Additional information regarding the EEA, Switzerland and the UK: For transfers from the EEA, Switzerland or the UK to countries not considered adequate under applicable data protection laws, we have put in place adequate data transfer measures, such as standard contractual clauses to protect your personal information. You may obtain a copy of these measures by contacting us using the contact details set out in Section 12 below.

10. HOW IS YOUR PERSONAL INFORMATION SECURED?

Oracle has implemented appropriate technical, physical, and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure, or access as well as all other forms of unlawful processing.

11. WHAT COOKIES AND SIMILAR TECHNOLOGIES DO WE USE ON OUR SITES?

Cookies and similar technologies (e.g., pixels tags and device identifiers) are used by Oracle and Restaurant Holders to recognize you and/or your device(s) on, off and across different services and devices for the purposes specified in Section 5 above. For specific information about the cookies that Oracle places on websites created on the Platform, please view the cookie information that is provided on this website.

Oracle places the following required and functional cookies via Restaurants’ websites using the Platform:

Required Cookies. Required cookies are required to enable core site functionality such as allowing you to checkout and displaying content in the correct language. Without these required cookies, the website will not perform as intended and we may not be able to provide the website or certain services or features.

Cookie name Cookie purpose Cookie expires Cookie placed by
gf.functionality.consent Used to store cookie consent preferences After 2 years Oracle, Privacy Policy
website_default_language Used to display content in the correct language After 1 month Oracle, Privacy Policy
website_language Used to display content in the correct language After 1 month Oracle, Privacy Policy
Authorization Used to store the token for GF API calls After 1 year Oracle, Privacy Policy
__stripe_sid Used by Stripe to provide fraud prevention After 30 minutes Stripe, see their Privacy Policy
__stripe_mid Used by Stripe to provide fraud prevention After 1 year Stripe, see their Privacy Policy
_ab Cookie set by Stripe to allow online transactions When the session closes Stripe, see their Privacy Policy
_mf Cookie set by Stripe to allow online transactions When the session closes Stripe, see their Privacy Policy
Id Cookie set by Stripe to allow online transactions When the session closes Stripe, see their Privacy Policy
RT The roundtrip (RT) Boomerang cookie is used by Akamai to measure page load time and/or other timers associated with the page After 1 week Akamai, see their Privacy Policy
bm_sv Cookie used by Akamai Bot Manager to help differentiate between web requests generated by humans and web requests generated by bots or other automated processes After 2 hours Akamai, see their Privacy Policy
ak_bmsc Cookie used by Akamai to differentiate between traffic from humans and bots After 2 hours Akamai, see their Privacy Policy
__cflb Used by hCaptcha to distinguish between humans and bots After 30 minutes hCaptcha, see their Privacy Policy
hmt_id Used by hCaptcha to distinguish between humans and bots After 30 days hCaptcha, see their Privacy Policy

Functional Cookies. Functional cookies enable additional functionality such as saving preferences, prefilling order information, analyzing user traffic, and analyzing usage for site optimization.

Cookie name Cookie purpose Cookie expires Cookie placed by
_sp_id* Used to store user information that is created when a user first visits a site and is updated on subsequent visits. It is used to identify users and track the user’s activity across the Restaurant’s domain. After 2 years Oracle, Privacy Policy
_sp_ses* Used to store user information that is created when a user first visits a site and is updated on subsequent visits. It is used to identify users and track the user’s activity across the Restaurant’s domain. After 30 minutes Oracle, Privacy Policy
intercom-session-* Set by Intercom to allow users to access their conversations and have data communicated on logged out pages for 1 week. After 1 week Intercom, see their Privacy Policy

Local Storage. In addition to the cookies described above, we store the following information in the local storage of your device.

File name File purpose File expires
cart:tracker: + ruid Used by Oracle to identify the current order, from creation until the moment it is placed. Files that are stored in local storage do not expire automatically. This information is deleted each time you clear your browser information.
cd:uid Used by Oracle to identify the guest user and prefill the user data.
glf:favorite The cookie is passed to the FoodBooking app when you click on the 'Try the app' button in the web mobile version.
glf:sow:ftu_seen Used by Oracle to identify whether the restaurant owner is a first-time-user of the SOW editor.
glf:language:admin Used by Oracle to store the language selected by the user.
ADM:LS Used by Oracle to store the token type for authorization of API calls.
_boomr_akamaiXhrRetry Persists a flag that instructs the Akamai plugin when to perform requests. Doesn’t contain personal information.
intercom.intercom-state Remembers whether the user has minimized or closed the Intercom chat-box or pop-up messages on the website.
_paypal_storage__ Used by Paypal to store account details.

If you do not want to receive functional cookies, you can change your browser settings on your computer or other device you are using to access our services. Most browsers also provide functionality that lets you review and delete cookies, including the above listed cookies.

12. WHAT ARE YOUR PRIVACY RIGHTS?

If you have questions about your account, please contact Oracle Restaurants eStore Support via contact@globalfoodsoft.com.

If you have questions about the processing of your personal information, or if you would like to exercise your privacy rights to access, correct, update, suppress, restrict, or delete personal information, object to or opt out of the processing of personal information, or if you would like to request to receive a copy of your personal information, for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), please use our Privacy Choices page, email contact@foodbooking.com, or fill out our inquiry form.

If you are authorized to make an access or deletion request on behalf of a data subject, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a data subject.

13. DO YOU PROCESS SENSITIVE INFORMATION OR INFORMATION FROM CHILDREN?

We ask that you not send us, and you not disclose, any other sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Restaurant Services or otherwise to us.

As a company focused on serving the needs of businesses, Oracle's sites are not directed to persons who are not of the age of majority, and we ask that no information in relation to such persons be submitted to us. If you believe that we have mistakenly or unintentionally collected personal information of a minor through our sites without appropriate consent, please notify us through our inquiry form so that we may immediately delete the information and make any other necessary corrections.

14. WHAT ARE MY RIGHTS AS A CALIFORNIA RESIDENT?

Under the California Consumer Privacy Act (CCPA), as amended, California residents may request that we:

  • 1. disclose to you the following information:

    • the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see Section 4);
    • the categories of sources from which we collected such personal information (see Section 4);
    • the business or commercial purpose for collecting or selling personal information about you (see Section 5); and
    • the categories of third parties to whom we sold or otherwise disclosed personal information (see Section 8).
  • 2. delete personal information we collected from you or correct inaccurate personal information about you (see Section 12); or
  • 3. opt-out of any future sale of personal information about you, if applicable (see Section 12).

We will respond to your request consistent with applicable law. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.

If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-800-633-0748. For information on the CCPA requests Oracle received, complied with, or denied for the previous calendar year, please visit Oracle’s Annual Consumer Privacy Reporting page, available here.

15. LINKS TO OTHER SITES

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which we include a link. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates. We encourage you to read the privacy policies of these third-party websites and services to understand how such third parties collect, use and share information.

16. DATA PROTECTION OFFICER

Oracle has appointed a Global Data Protection Officer. If you believe your personal information has been used in a way that is not consistent with the Privacy Policy or your choices, or if you have further questions, comments or suggestions related to this Privacy Policy, please contact the Global Data Protection Officer by filling out an inquiry form.

Written inquiries to the Global Data Protection Officer may be addressed to:

Oracle Corporation
Global Data Protection Officer
Willis Tower
233 South Wacker Drive
45th Floor
Chicago, IL 60606
U.S.A.

For personal information collected about you in the EU/EEA or other relevant regions, the EU Data Protection Officer can be contacted by filling out an inquiry form and selecting “Contact Oracle’s external EU DPO” in the dropdown menu. Written inquiries may be addressed to:

Robert Niedermeier
Hauptstraße 4
D-85579 Neubiberg / München
Germany

For personal information collected from individuals in Brazil, written inquiries to the Brazilian Data Protection Officer may be addressed to:

Alexandre Sarte
Rua Dr. Jose Aureo Bustamante, 455
Vila São Francisco
São Paulo, BR

17. FILING A COMPLAINT

If you have any complaints regarding our compliance with this Privacy Policy, please contact us via our inquiry form. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy and in accordance with applicable law. You also have the right to file a complaint with a competent data protection authority.

18. ORACLE CORPORATE HEADQUARTERS

Oracle’s corporate headquarters are located at:

2300 Oracle Way
Austin, TX 78741
USA

Tel: +1.737.867.1000

Get started


Privacy Inquiries

Contact Oracle's Privacy Team regarding a marketing privacy-related question, comment, or issue.