Privacy policy

Effective Date: 24/10/2025

Last Updated: 27/10/2025


1. Introduction

Welcome to CommonDish (we, our, us).
CommonDish is a community-driven food and local market platform that connects restaurants, local food shops, delivery partners, and customers across Portugal and Europe.

We respect your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (EU 2016/679) (GDPR) and applicable Portuguese data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, mobile applications, or related services (collectively, the Platform).

2. Data Controller

CommonDish Technovation (registration in progress).
Operating base: Lisbon, Portugal
Email: support@commondish.com
Phone: +351920629676

For all matters relating to this Privacy Policy or your personal data, please contact our Data Protection Officer (DPO) at: privacy@commondish.com

Legal Entity Notice:

CommonDish is currently operating under the trading name CommonDish Technovation pending formal incorporation and registration in Portugal. The company registration process is underway and expected to be completed within the first two quarters following product launch. All legal rights, responsibilities, and obligations outlined herein are binding under interim business operation standards until full registration details are available. This document will be updated accordingly once registration is finalized.

3. Data We Collect

We collect only the data necessary for the functioning of our services.

a) Information You Provide Directly

  • Account details: Name, email, phone number, password, and user role (customer, restaurant/shop, or delivery partner).

  • Profile information: Delivery address, payment preferences, profile photo (optional).

  • Vendor/Partner data: Business name, address, tax identification (NIF/VAT), contact details, and payment information.

  • Communications: Feedback, support requests, or chat messages.

b) Information Collected Automatically

  • Device data: Device type, operating system, unique identifiers, and IP address.

  • Usage data: Pages visited, app actions, search history, order frequency.

  • Location data: Precise or approximate geolocation (for delivery tracking or finding nearby vendors), only with your consent.

c) Payment Information

All payments are processed through trusted third-party providers (namely: Stripe or PayPal).
 CommonDish does not store or process your full credit/debit card information.

4. Legal Basis for Processing

We process your personal data under the following lawful bases (Article 6 GDPR):

  • Contractual necessity: To provide our services and fulfill orders.

  • Consent: For marketing communications or optional data sharing.

  • Legal obligation: To comply with tax, accounting, and anti-fraud regulations.

  • Legitimate interest: To improve platform security, prevent misuse, and enhance user experience.

5. How We Use Your Data

We use your personal data to:

  1. Create and manage your account.

  2. Facilitate food orders and deliveries.

  3. Communicate order updates, confirmations, and support messages.

  4. Personalize your app experience and recommendations.

  5. Process payments and maintain transaction records.

  6. Improve platform functionality and prevent fraud.

  7. Comply with legal and regulatory obligations.

  8. Send marketing or promotional materials (only with your consent).

6. Data Sharing and Disclosure

We may share limited personal data with:

  • Vendors/Restaurants/Shops: To fulfill your orders.

  • Delivery Partners: For coordination of pickup and delivery.

  • Payment Processors: For secure payment handling.

  • Service Providers: For hosting, analytics, and technical infrastructure (under strict data processing agreements).

  • Regulatory or Legal Authorities: When required by law or to protect legitimate interests (e.g., fraud prevention).

We do not sell personal data under any circumstances.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law.

  • User accounts: Active data is retained while the account is active.

  • Transactional data: Retained for up to 10 years for accounting and legal compliance.

  • Marketing data: Retained until you withdraw consent.

When data is no longer needed, it is securely deleted or anonymized.

8. Data Security

We use advanced encryption (TLS/SSL), secure hosting, and role-based access controls to protect your personal data.
All staff and partners with access to personal information are bound by confidentiality agreements and undergo regular data protection training.

9. International Data Transfers

All data is stored within the European Economic Area (EEA).
If any transfer occurs outside the EEA (for example, to a cloud provider or payment processor), it will be based on:

  • The European Commission’s adequacy decision, or

  • Standard Contractual Clauses (SCCs) ensure equivalent protection.

10. Your Rights Under GDPR

You have the following rights

  • Access: Obtain a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure (“Right to be Forgotten”): Request deletion of your data when no longer necessary.

  • Restriction: Limit processing of your data under specific conditions.

  • Portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing for direct marketing or legitimate interests.

  • Withdraw Consent: Withdraw previously granted consent at any time.

To exercise any of these rights, contact support@commondish.com.
We will respond within 30 days, as required by GDPR.

11. Cookies and Tracking Technologies

Our website and mobile apps use cookies and similar technologies to:

  • Enable core functionality (login, shopping cart, etc.)

  • Analyze site usage and performance

  • Personalize content and offers

You can manage your cookie preferences or withdraw consent through our Cookie Settings or your browser options.
For details, see our Cookie Policy.

12. Marketing Communications

We may send you occasional emails or notifications about new features, promotions, or community updates - only with your explicit consent.
You can unsubscribe at any time by clicking the unsubscribe link in our emails or via your app settings.

13. Children’s Privacy

CommonDish services are not directed to children under 16 years old.
We do not knowingly collect or process data from minors without verified parental consent.

14. Automated Decision-Making

CommonDish does not use personal data for automated decision-making or profiling that produces legal or significant effects on individuals.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal or operational requirements.
All updates will be posted on our Platform with the revised effective date.
Users will be notified of significant changes through email or in-app notice.

16. Contact Information

If you have any questions or complaints about this Privacy Policy or your personal data rights, please contact:

Data Protection Officer (DPO):
privacy@commondish.com
CommonDish Technovation, Lisbon, Portugal

If you believe your rights have been violated, you may complain to: Comissão Nacional de Proteção de Dados (CNPD).
Website: www.cnpd.pt

17. Governing Law

This Privacy Policy is governed by the laws of Portugal and the European Union’s General Data Protection Regulation (GDPR).

18. Summary

At CommonDish, we are committed to fairness not only in food, but also in how we handle your data.
Your trust fuels our mission to make food access, delivery, and community sharing fair, secure, and transparent for everyone.

É proprietário de um restaurante ou de uma loja local?

Junte-se a nós e conquiste novos clientes.

Apenas alguns passos para se juntar à nossa família.
Juntar
Inscreva-se
Company
Service
Categories