Choose your version here.

Privacy Policy

This Privacy Policy explains the method for collection, use, and disclosure of your personal data by Tabsquare Sdn Bhd and its related companies (collectively, “Tabsquare“) when you use the solutions, platforms, applications or services (collectively “Services“) provided by Tabsquare, purpose of use of such personal data, and method for handling of such personal data.

 

Tabsquare recognizes the importance of protecting the personal data collected from you in your usage of the Services, and takes reasonable steps to maintain the security, integrity and privacy of any personal data collected in accordance with this privacy policy.

 

1. Who we are

Tabsquare is a service provider for AI-Powered in-restaurant technology solutions that leverage data and deep learning algorithms in the F&B industry. We provide an engaging dining experience for restaurants’ customers and help restaurants to eliminate the unwanted dilemma of operations. 

 

If you have any questions about data protection at Tabsquare, you can contact our data protection officer at any time by sending an email to dataprotection@tabsquare.com

 

While visiting our website, registering or placing orders via our platform, you agree to this privacy policy. This privacy policy applies to all personal data obtained by us through your use of our website or Services. It does not apply to any websites controlled by third parties not affiliated with us that our website or app may link to (“Third Party Sites”). The relevant privacy policies set out in the respective Third Party Sites shall apply in those cases.

 

2. Privacy is your right and the choice is yours

You have the choice which information you would like to share with us. Please be aware, however, that when signing up to our platform, you are required to accept our terms of use. Legally speaking, this means you will enter into a contract with us under which you are entitled to use the platform, in accordance with the terms of use. Of course, we need some information from you to be able to perform our obligations under this contract. However, it is entirely up to you to choose whether you would like to provide such information or would rather not use our platform.

You can take the following steps to control and manage how much personal data you share with us:

  • Direct marketing: If you do not want to receive newsletters from us, you can unsubscribe at any time. In this case, we will not be able to send you any cool offers.

You may also withdraw your consent for the processing of your personal data for certain purposes (e.g. marketing) by submitting your request via email to dataprotection@tabsquare.com

 

3.Your Legal Rights

(a) Right to access

You have the right to be informed which data we store about you and how we process this data.

We will respond to your access request as soon as practicable, in any case within thirty (30) days upon receiving your access request. We will also inform you within the timeframe if we are unable to adhere to your request (with reasons) or require additional time to effect the request.

 

(b) Right to rectification

If you notice that stored data is incorrect, you can always ask us to correct it.

We will respond to your correction request as soon as practicable, in any case within thirty (30) days upon receiving your correction request. We will also inform you within the timeframe if we are unable to adhere to your request (with reasons) or require additional time to effect the request.

 

(c) Right to withdraw your consent to the processing of your personal data

You can withdraw your consent to our collection, use and disclosure of your personal data at any time for any or all of the Purposes (as defined below). Upon receiving your withdrawal request, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be Processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. Please note that depending on the nature and scope of your request, we may not be in a position to continue providing our Services to you and we shall, in such circumstances, notify you before completing the processing of your request.

We will endeavour to process your request within ten (10) business days upon receipt, and will notify you accordingly if we require additional time.

To exercise your rights, you may send in your request via email to dataprotection@tabsquare.com at any time and we will process such requests in accordance with this privacy policy and our obligations under applicable laws.

We may charge you a reasonable fee for the handling and processing of your requests to access your personal data, and will inform you of the amount charged in advance.

 

4. An overview of the personal data we process

In this section you can find general information about the categories of personal data we process about you. For your understanding, personal data is information that directly identifies you (such as your name) or enables us to indirectly identify you (for example, on the basis of a user ID linked with the personal data in your profile).

You will find more detailed information on our processing activities below, in the next section. But our data processing activities on the platform can be summarized by reference the main categories of personal data:

(a) Profile data (master data)

This includes your email address or telephone number. 

Why do we process this category?

This data is your master data, which we will need for our Services. 

 

(b) Delivery data

This includes your name, delivery address, phone number, order details and order ID. 

Why do we process this category?

In accordance with the principle of data minimization, we only provide the riders and restaurants (as the case may be) with the information that they need from you to prepare and deliver your order and otherwise provide services requested to you.

 

(c) Order history data

This includes your order history, invoices, order ID, comments on orders, information on payment method, delivery address, successful orders and cancelled orders. 

Why do we process this category?

Each time you place an order, this information will be added to your profile. You can view all this information in your profile at any time. We will use this information to improve our Services and optimize the platform for your interests.

 

(d) Location data

This includes your address, postcode, city, country and your device’s longitude and latitude.

Why do we process this category?

We need these data to be able to deliver your orders (or enable the restaurant you have ordered from to deliver it to you). We create the longitude and latitude automatically in order to be able to process your delivery address in our other linked systems, such as our Rider app, and to display your address to our riders or riders of restaurants.

 

(e) Device information and access data

This includes your device ID, device identification, operating system and corresponding version, time of access, configuration settings, and your IP address.

Why do we process this category?

Each time you access our platform, this information is stored by us for technical reasons. We also use parts of this information to detect suspicious behaviour at an early stage and to protect our platform.

 

(f) Customer care data

This includes your name, address, telephone number, email address, and your ID from any social media (if applicable).

Why do we process this category?

If you contact us, we collect this data because we need to know who we are talking to and what we have been talking about so that we can help you with your reason for contacting us. This also applies if you leave comments on social media on our fan pages. We do not combine this data with your profile data on our platform, but we can still identify you by your social media ID.

 

(g) Marketing contact and communications data

This includes your name, email address, telephone number, and device ID.

Why do we process this category?

If you would like to receive an email newsletter, or an SMS from us, we need certain information to send you the messages. Instead of addressing you with “Hey You”, we find it more customer friendly to address you with your name. This category of personal data is also used by us to contact you, for example, if a product cannot be delivered and we want to offer you an alternative instead.

 

5. Our detailed processing activities and processing purposes

We process your personal data only in accordance with relevant data protection laws. We pay particular attention to the fact that all principles for the processing of personal data are taken into account. Therefore, we only process your data if this is lawful and you can reasonably expect it to be processed.

In order to be able to offer you our Services, the processing of your personal data is essential. You do provide us with some of this data proactively by entering them on your device. Other data we collect automatically when you are using our platforms.

We process your personal data for the following purposes (“Purposes”):

 

I. Creating and operating your account; delivering or serving your orders

(a) Account Creation

When creating an account, you will be asked to enter your master data. Your email address or telephone number are particularly important, as we can use this information to identify you in our system the next time you want to log in again. 

Categories of personal data:

    • Profile data (master data)
    • Device information and access data

 

(b) Single Sign-on with Facebook

If you have a Facebook profile, you can register for an account on our platforms using the social plugin “Facebook Connect” of the social network Facebook, which is operated by Meta Platforms, Inc., using Single Sign-on technology. You can recognize the social plugins of “Facebook Connect” on our platforms by the blue button with the Facebook logo and the inscription “Continue with Facebook”.

By using this “Facebook Connect” button on our platforms, you can also log in or register on our platforms using your Facebook user data. Only if you give your express consent prior to the registration process on the basis of a corresponding note on the exchange of data with Facebook, will we receive the general and publicly accessible information stored in your profile when using the Facebook “Facebook Connect” button on Facebook, depending on your personal data protection settings on Facebook. This information includes user ID, name, profile picture, age and gender.

Further information on the Facebook Login can be found at: https://www.facebook.com/privacy/explanation

Categories of personal data:

    • Profile data (master data)
    • Facebook profile information

 

(c) Single Sign-on with Google

If you have an account with Google, you can use this account to log in to our service. Google accounts for European users are provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”).

 

By using the “Continue with Google” button on our website, you can log in or register on our website using your Google user data. Only if you give your express consent prior to the registration process on the basis of a corresponding note on the exchange of data with Google, will we receive your Google user ID, user name and email address. We will never receive your Google password and cannot log in to your Google account. You can learn more about data sharing with Google when logging in to our service with Google by reviewing Google’s explanations here: https://support.google.com/accounts/answer/112802

 

The data transmitted by Google is stored and processed by us solely for the creation of a user account with the necessary data.

Categories of personal data:

    • Profile data (master data)
    • Contact Information
    • Google ID and associated account data

 

(d) Order Processing

Once you have successfully registered and decided to place your order, we will store this information in your profile and process it in further processes so that you can submit your order to us. When you submit your order, your personal data is transferred to our backend where it is transferred to other systems for further processing.

Categories of personal data:

    • Profile data (master data)
    • Order data
    • Delivery data
    • Location data (if applicable)
    • Device information and access data

 

(e) Delivering or serving your order

Once you have successfully placed your order, a number of processes are running in the background to ensure that your order is delivered or served quickly. This includes sharing your order data with the restaurant preparing your meal and/or with the rider delivering your order.

Categories of personal data:

    • Delivery data

 

(f) Enabling calls from riders, restaurants to check on your order

If a product of your choice is not available for delivery or our riders cannot reach you at the delivery address you provided, they have received instructions from us to call you so that the problem can be solved easily. Both the restaurants as well as the riders have no claim whatsoever to your personal data and under no circumstances may they use it for their own purposes. If you should nevertheless be contacted by a restaurant or rider without your prior consent, we ask you to report this to us by e-mail to dataprotection@tabsquare.com.

Categories of personal data:

    • Delivery data

 

II. Fraud detection, prevention and security of our platform

In order to protect our customers and our platform from possible attacks, we continuously monitor the activities on our websites and mobile applications. To keep the platform secure and guarantee you a safe ordering experience, we use various technical measures to ensure that suspicious behavior patterns are detected at an early stage and prevented as early as possible. To achieve this goal, several software-based monitoring mechanisms run in parallel and prevent potential attackers from damaging our platform.

 

The decision-making process is automated and could potentially have an impact on the use of your registered account on our platform. If any such decision leads to a negative result for you and you do not agree with the outcome, you can contact us at dataprotection@tabsquare.com .

 

In this case, we will individually assess the circumstances of your case. All of our fraud detection and prevention algorithms are always open to human review. If you think that a mistake has been made we are happy to look into it and make corrections, if necessary.

 

Categories of personal data:

    • Profile data (master data)
    • Device information and access data
    • Order data

 

III. Direct Marketing

a. Newsletters and user surveys by email and/or text message

If you have consented to receiving marketing materials from us when signing up for our platform, we may occasionally send you by email, SMS or other text message regular offers of goods or services similar to those offered on our platform. We are constantly striving to improve our Services. Your constructive feedback is very important to us. Therefore, our direct marketing newsletters might also include surveys where we ask for your honest feedback. So we will occasionally also send you customer surveys and ask you to give us your opinion.

 

If you did not consent to receiving marketing materials from us when registering your account, you will not receive any direct marketing emails.

 

You are of course always free to opt out of such emails. In this case, we will store your contact details in a list of customers who have objected to receiving direct marketing, to make sure we can continuously comply with your objection.

 

You may withdraw your consent for us to send you all marketing materials by submitting your request via email to dataprotection@tabsquare.com at any time, and we will endeavour to effect your request within 10 business days. Your withdrawal of consent for marketing purposes will not affect your ability to use our Services provided on our website and App.

 

You may also unsubscribe to our marketing newsletter sent via emails by clicking on the “unsubscribe” button at the end of our emails.

 

Not only do the contents of our newsletters and surveys vary, but so do the technologies and criteria we use to design our newsletters and segment customer groups. For example, a group of customers may receive a special newsletter promoting special deals from restaurants where customers have ordered. Other newsletters may refer to specific products that relate to a particular flavour, such as sushi, Indian cuisine or pizza. We use different information from your order history and delivery addresses to create these tailor-made offerings for you. Please be also aware that we are recording, in a pseudonymous manner, key performance indicators to assess the effectiveness of our direct marketing campaigns. This includes aggregated information about the opening and click-through rate for our direct marketing messages.

 

This is a profiling process in which we automatically process your data. The specific customer segmentation will not have a legal effect on you, nor will it similarly significantly affect you. The only effect you will notice are interesting offers on our platforms, bespoke to your interests and meal preferences.

Nonetheless, if this automated decision-making leads to a negative result for you and you do not agree with this, you can contact us at dataprotection@tabsquare.com. In this case, we will opt you out of customized newsletter communications and you will no longer receive any such messages going forward.

Categories of personal data:

    • Profile data (master data)
    • Location data
    • Order data
    • Device information and access data

ATTENTION: As already mentioned, you are entitled to object to the use of your email address for the aforementioned advertising purposes at any time, and free of charge, with effect for the future by changing your message preferences, using the “unsubscribe” button at the end of a newsletter, or by contacting us at dataprotection@tabsquare.com.

 

IV. Mergers & acquisitions, change of ownership

In the event of a merger with or acquisition by another company, we will disclose certain limited information to that company. Prior to disclosure, we will ensure that the recipient company undertakes to protect your personal data to a comparable standard to that under the Malaysia Personal Data Protection Act 2010 (“PDPA”) and this privacy policy, and also that the company complies with applicable data protection laws and regulations. We will endeavour to keep the extent of the data shared with the other company to the absolute minimum required in order to conclude the transaction.

 

Categories of personal data:

    • Contact information
    • Delivery data
    • Location data
    • Profile data (master data)
    • Device information and access data
    • Order data
    • Customer care data
    • Marketing contact and communications data
    • Voucher information

 

6. Who we share your personal data with

We never give your data to unauthorized third parties. However, in order to run our business efficiently, we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data, in order to fulfil the Purposes. Before we forward personal data to these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and undertake to protect your personal data to a comparable standard as required under the PDPA and other relevant data protection laws.

 

a. Tabsquare’s affiliates 

We are part of an international group of companies with legal entities in many parts of the world. We may share your personal data with Tabsquare’s affiliates as required to fulfil the Purposes outlined above, including for an efficient use of resources, ensuring that our business processes are functioning properly, to assist with customer support requests, conduct legal assessments or implement IT and platform security measures.

All Tabsquare’s affiliates are bound by strict intra-group data transfer agreements which comply with applicable data processing laws and principles and which apply whenever personal data is shared with affiliated companies.

 

b. Service Providers and data processors

We use different service providers and data processors for our daily processing activities. These service providers and data processors process your personal data in accordance with the applicable local data protection laws and requirements and are permitted to process personal data only according to our instructions. Our services providers and data processors have no claims whatsoever to process your personal data for their own, independent purposes. We also monitor our processors and include only those who meet our data protection standards.

You have already learned about some of the parties we use as service providers above. Our user platforms and databases run on cloud resources provided by the EU subsidiaries of Google and Amazon Web Services (AWS). Because we use different data processors and change them from time to time, it is not possible for us to identify all individual recipients of personal data in this privacy policy. However, if you are interested, we will be happy to disclose the name of the processor(s) in use at that time upon request.

 

c. Third parties

In addition to data processors, we also work with third parties, to whom we also transmit your personal data, but who are not bound by our instructions. These are, for example, our consultants, lawyers or tax consultants who receive your data from us on the basis of a contract and process your personal data for legal reasons or to protect our own interests. We do not sell or rent your personal data to third parties under any circumstances. This will never take place without your explicit, informed consent.

 

d. Third parties in partnership or contractual relationship with Tabsquare

Tabsquare has partnered and concluded contracts with third parties for attaining the purposes described in this Privacy Policy. There may be cases where personal information acquired through the Platform is shared with such third parties. For example, we will share your personal information with Tabsquare’s partner (TADA) when you provide your consent to receive promotional/marketing information from TADA. 

 

e. Prosecuting authorities, courts and other public bodies

Unfortunately, it can happen that a few of our customers and service providers do not behave fairly and want to harm us. In these cases, we are not only obliged to hand over personal data to public authorities due to legal obligations, it is also in our interest to prevent damage and to enforce our claims and to reject unjustified claims.

We may also share your personal data with law enforcement agencies, government and regulatory bodies to meet applicable legal or regulatory obligations.

 

7. How long we store your data

We generally delete your data after the Purposes have been fulfilled. The exact deletion rules are defined in our global policies and supporting local retention schedules. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned regular maximum retention and deletion periods to them. When the retention period has expired, the stored data will be deleted accordingly. If you have not used your user account on our platform for a period of more than three years, we will delete your account to make sure to comply with the principle of storage limitation. Before this happens, you will receive a separate notification from us to the email address registered for your user account.

In addition to the deletion rules we have defined ourselves, there are other legal retention periods which we must also observe. For various legal documents, such as invoices or business letters, applicable laws define minimum retention periods. For example, tax data must be kept for a period of between six and ten years or even longer in some cases. These special retention periods vary according to local legal requirements.

Furthermore, we will continue to store your data if we have a right to do so in accordance with applicable local laws. This applies in particular if we need your personal data for the establishment, exercise or defence of legal claims.

 

8. International data transfers 

Your personal data may be disclosed or transferred to relevant third parties outside of your country as required under law, pursuant to relevant contractual relationship (for example, where Tabsquare appoints third party service providers) or for the purposes stated in Section 4 and Section 5 above (or directly related to those purposes). We will ensure that your personal data transferred outside your country is adequately protected with appropriate safeguards. By using the Services, and providing Tabsquare with any personal data, you consent to the transfer of your personal data in accordance with this privacy policy. 

 

9. Personal data of other individuals

If you provide us with personal data of other individuals through your use of our platform (e.g. providing us with your friend’s name, contact details and residential address when placing a food delivery order for your friend), you hereby undertake that you are authorised by these individuals to disclose their personal data to us and that these individuals have consented for their personal data to be collected, used and disclosed by us for such Purposes.

 

10. Right of modification

We reserve the right to change this privacy notice to ensure compliance with relevant legal and statutory provisions, including the PDPA. We will inform you of any significant changes, such as changes of purpose or new purposes of processing.

Our Client

Open chat
Got any questions? I'm happy to help :)