Qoro
FunzionalitàBlogChi siamoPrezzi
AccediInizia la prova gratuita

Contenuto non disponibile nella tua lingua

Questo documento è attualmente pubblicato solo in turco e inglese. La versione vincolante per i clienti con sede in Turchia è il turco; per tutte le altre giurisdizioni è l'inglese.

Suggerimento: utilizza la funzione di traduzione integrata del tuo browser per leggere questo documento nella tua lingua.

Visualizza in ingleseVincolanteTürkçe görüntüle

Accordo sul Trattamento dei Dati

v1.0In vigore dal: 23 aprile 2026Aggiornato il: 23 aprile 2026

Riepilogo

Termini relativi a responsabile e titolare del trattamento ai sensi dell'Articolo 28 del GDPR, inclusi i sub-responsabili e la sicurezza.

1. Summary

This Data Processing Agreement (“DPA”) governs the relationship between Flexton LLC (the “Processor”) and the Tenant (the “Controller”) whenever Flexton processes personal data on the Tenant's behalf under the Terms of Service, and is intended to comply with GDPR Article 28 and KVKK. The DPA is an integral part of the Terms (Terms §9/9.2 — “Exhibit A”).

2. Definitions

Terms not defined here (“Personal Data”, “Controller”, “Processor”, “Sub-processor”, “Data Subject”, “Breach”, “Transfer”) have the meanings given to them under GDPR and KVKK.

  • Controller: The Tenant using Qoro — regarding End Customer data.
  • Processor: Flexton LLC.
  • Sub-processor: Third-party infrastructure / processing providers used by Flexton to deliver the Qoro platform (Exhibit A).

3. Processing Details

  • Subject matter: Provision of the Qoro platform — orders, menu, customer interaction, payments, reporting.
  • Duration: The term of the subscription under the Terms of Service.
  • Nature and purpose: Data processing activities required for the Tenant's operational use of the Qoro platform.
  • Categories of data: See Privacy Policy §3 — Tenant account data, Tenant data, End Customer order data, technical/usage data.
  • Data subjects: Tenant staff; End Customers (Tenant's guests).

4. Processor Obligations

  • Process personal data only on the Controller's documented instructions, unless required otherwise by law.
  • Ensure that personnel authorised to access the data are bound by confidentiality.
  • Implement appropriate technical and organisational measures under GDPR Art. 32 / KVKK Art. 12 (see Exhibit B).
  • Engage sub-processors only under §5, binding them to obligations equivalent to those in this DPA.
  • Reasonably assist the Controller in fulfilling its own obligations (data subject rights, breach notification, impact assessments).
  • On termination, return personal data to the Controller or — unless otherwise instructed or legally required to retain — delete it.

5. Sub-processors

The Controller grants general authorisation for the Processor to use the sub-processors listed in Exhibit A. The Processor gives the Controller at least 30 days' notice before adding or changing sub-processors. The Controller may object on reasonable grounds; if not resolved, the Controller may terminate the subscription for the affected service.

6. Assistance with Rights Requests

The Processor provides reasonable technical and organisational measures — e.g. access/correction/deletion/export interfaces and APIs — to help the Controller respond to data subject requests (GDPR Art. 15–22 / KVKK Art. 11). An in-platform Privacy Centre for self-service tools arrives in Blok G-II.

7. Security Measures

The Processor implements the security measures listed in Exhibit B and reviews them in line with evolving risks and technology.

8. Breach Notification

Upon becoming aware of a personal data breach, the Processor notifies the Controller without undue delay and at the latest within 72 hours. The notice includes the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed.

9. Audit Rights

The Controller may audit the Processor's compliance with this DPA once per year (or more frequently on reasonable grounds), subject to prior written notice. To avoid operational security risks on a multi-tenant platform, audits are reasonably structured through third-party reports (ISO 27001, SOC 2, etc.). A reasonable fee may apply to direct on-site audit requests.

10. International Transfers

Some sub-processors listed in Exhibit A are established outside the EU (United States). For such transfers, the EU Commission's Standard Contractual Clauses (SCC) 2021/914 (Module 2 — Controller-to-Processor; Module 3 — Processor-to-Sub-processor) apply. For transfers originating in Turkey, safeguards under KVKK Art. 9 (commitment / explicit consent) apply.

11. Termination & Return/Deletion

Upon termination of the Terms, Tenant Data is retained in a 30-day read-only export window, then deleted. Upon Controller's request, data is returned instead. Records subject to statutory retention (e.g. invoices) are archived in anonymised form.

Exhibit A — Sub-processors

Sub-processors used to provide Qoro and their roles. Each sub-processor is bound by a GDPR Art. 28 data processing agreement. The current list is published on this page; changes follow the notice process in §5.

  • Application hosting / edge: US + EU-West (global edge). Purpose: application server, SSR render, edge middleware. Transfer: US and EU-West.
  • Database & authentication: EU-West (Frankfurt/Ireland). Purpose: storage of Tenant and End Customer data, auth session management.
  • Payment processor: US/Ireland. Purpose: subscription fee collection, invoice PDF generation. Transfer: US (SCC Module 3).
  • Email delivery: EU-West. Purpose: transactional emails (order confirmations, invoices, password resets) and — with explicit consent — marketing emails.
  • Error monitoring: EU-West. Purpose: platform error and performance monitoring. Active only with user's analytics cookie consent.
  • Bot defence: Global edge (Cloudflare). Purpose: form/bot protection (Turnstile), DDoS mitigation.

Exhibit B — Security Measures

  • Encryption: TLS 1.2+ in transit; AES-256 at rest.
  • Row-Level Security (RLS): tenant isolation at the database layer.
  • Authentication: bcrypt/argon2 password hashing, optional WebAuthn/passkey, two-factor authentication.
  • Access control: least-privilege, role-based access (RBAC), platform audit log, mandatory 2FA for staff accounts.
  • Backups: daily automated backups; tested disaster recovery plan.
  • Network & infrastructure security: WAF, rate limiting, Turnstile bot defence, security monitoring and alerting.
  • Logging & monitoring: auth audit log, system security log, configuration change tracking.
  • Security processes: incident response runbook; third-party security review (annual); GDPR/KVKK DPIA process.
  • Data minimisation: End Customer name / phone / email are not collected by default — only when optionally enabled by the Tenant.

Contact

Data-protection contact: hello@qoro.cc
Flexton LLC, 7901 4th St N, Suite 300, St. Petersburg, FL 33702, United States.

Contatti

hello@qoro.cc

Rispondiamo alle richieste legali entro 30 giorni, in conformità con la legge applicabile.

Entità legale

Flexton LLC
7901 4th St N, Suite 300
St. Petersburg, FL 33702
United States

Lingua e Versione Vincolante

Questi documenti sono pubblicati in turco e inglese. Per le aziende e gli utenti finali residenti in Turchia, il testo vincolante è il turco; per tutte le altre giurisdizioni, il testo vincolante è l'inglese. Le traduzioni in altre lingue sono fornite solo per comodità e non sono vincolanti. Questa clausola non pregiudica i diritti obbligatori di protezione dei consumatori disponibili per i singoli utenti ai sensi della loro legge locale.

Una cronologia delle versioni per ogni documento verrà pubblicata insieme alla prossima revisione sostanziale.

Pronto a digitalizzare il tuo locale?

Nessuna carta di credito richiesta · Annulla in qualsiasi momento

Inizia la prova gratuita di 14 giorni
Qoro

I clienti scansionano un QR, sfogliano il menu, ordinano e pagano al tavolo o per l'asporto.

Prodotto

  • Funzionalità
  • Soluzioni
  • Blog
  • Registro Modifiche
  • Guida al menu QR
  • Confronto menu QR
  • Prezzi

Azienda

  • Chi siamo
  • Contatti
  • Accedi

Legale

  • Privacy
  • KVKK
  • Termini
  • Cookie
  • Responsabile del Trattamento
  • Tutti i documenti legali
© 2026 Qoro ·Flexton LLC

Flexton LLC · 7901 4th St N, Suite 300, St. Petersburg, FL 33702, USA

hello@qoro.cc·
  • English
  • Türkçe
  • Español
  • Français
  • Deutsch
  • العربية
  • Русский
  • 中文
  • 日本語
  • Italiano
  • Português (BR)
  • Nederlands
  • Bahasa Indonesia
  • हिन्दी
  • 한국어
  • Polski
  • Ελληνικά