1. INTRODUCTION
At Axelle Tech LTD ("we," "us," "our," or "Company"), we are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal data in compliance with:
- UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
- EU General Data Protection Regulation (EU GDPR) 2016/679 (for EU users and future EU market entry)
- Turkish Personal Data Protection Law (KVKK) Law No. 6698
- Law on Regulation of Electronic Commerce Services (ETK) No. 6563
- ePrivacy Directive 2002/58/EC
1.1 SERVICE LAYERS AND DATA COLLECTION
Lokalia services operate in two separate layers:
a) Anonymous Menu Browsing (No Account Required): When you scan a restaurant's digital menu via QR code, you do not need to create an account. In this case, only functional cookies (Unique Guest ID, menu preferences, language preference) and technical data (IP address, device and browser information) are processed. No personally identifying data (name, email, phone) is collected.
b) Registered User Account (Optional): When you choose to create an account, your name, email address, and other identity information are collected. Only at this stage are you asked whether you consent to receiving commercial electronic messages (email/SMS) from restaurants.
c) Variable Features: Some features (AI Chat Assistant, email/SMS marketing, CRM module) are not available at all restaurants. Available features vary based on the restaurant's selected service package.
This policy describes our privacy practices and your rights regarding your personal data. If you have any questions, please contact us using the information provided in Section 16.
Last Updated: 13.03.2026
2. DATA CONTROLLER
Company Name: Axelle Tech LTD
Registered in: England and Wales, Company Number: 16311724
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: info@axelletech.com
EU Representative (Art. 27 GDPR): [To be appointed before EU market entry]
We are the data controller responsible for your personal data unless otherwise specified. When we act as a data processor on behalf of a restaurant partner, that restaurant is the controller, and this policy applies to explain how we process data on their behalf.
3. PERSONAL DATA WE COLLECT
We collect various types of personal data to provide and improve our services. Below is a detailed breakdown:
3.1 Data You Provide Directly
When you interact with our platform, you may provide:
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email, phone number, password | Account creation and authentication |
| Profile Information | Dietary preferences, allergen information, favorite restaurants | Service personalization |
| Contact Information | Email, phone, mailing address | Communication and order delivery |
| Payment Information | Payment method details (processed by third-party providers) | Processing transactions |
| Chat/Feedback | Messages, reviews, ratings, support inquiries | Service improvement and customer support |
Note: Account information is only collected when you create an account. It is not processed during anonymous menu use.
3.2 Data Collected Automatically
Our platform automatically collects certain data:
| Data Type | Collection Method | Purpose |
|---|---|---|
| Device Information | Browser type, OS, IP address, device identifiers | Security, analytics, service provision |
| Usage Data | Pages visited, clicks, time spent, features used | Service improvement, analytics |
| Location Data | GPS or IP-based location (if permitted) | Restaurant recommendations, delivery |
| Cookie Data | Tracking and functional cookies | Authentication, preferences, analytics |
| Analytics Data | Third-party analytics, page views, user behavior | Understanding user engagement |
Important Note about Menu Personalization: Menu personalization cookies used on our platform are first-party functional cookies, not third-party tracking cookies. These cookies:
- Remember your menu preferences and selections within the platform
- Are used solely to provide a personalized experience for your convenience
- Enable us to show restaurants anonymous, aggregate data about menu preferences (without identifying individual users)
- Do not track you across other websites or share individual preference data with restaurants
3.3 Data from Restaurant Partners
When you use our platform through a restaurant:
| Data Type | Source | Purpose |
|---|---|---|
| Order History | Restaurant systems | Order processing, fulfillment |
| Payment Records | Restaurant payment systems | Transaction tracking |
| Preference Data | Restaurant saved preferences | Service personalization |
3.4 Data from Third-Party Services
We may receive data from:
- Authentication providers
- Payment processors
- Restaurant management systems
- Social media platforms (if you link accounts)
3.5 Communications Data
| Data Type | Collection Method | Purpose |
|---|---|---|
| Email Communications | Inbox scanning (with consent) | Email-based authentication, order updates |
| Marketing Emails | Email list signup | Promotional communications |
| SMS Messages | Phone number collection | Order notifications, important updates |
| Support Chats | Chat interface | Customer support, issue resolution |
Note: Marketing preferences are collected only during account creation. Marketing information is not requested from anonymous menu users. Email/SMS marketing services are not available at all restaurants.
When we send commercial messages (marketing communications), we comply with applicable regulations. For more details, see our Commercial Messages Disclosure.
3.6 AI Chat Data
When you use our AI Chat feature powered by third-party AI technology:
- Your chat messages and interaction data are processed by a third-party AI service provider
- Data is retained for up to 90 days for service improvement and support
- Data transfers are protected under Data Processing Agreements and Standard Contractual Clauses
Note: The AI Chat feature is not available at all restaurants. At restaurants where this feature is available, your chat messages may be processed without requiring account creation.
3.7 Special Categories of Data
We do not intentionally collect special categories of personal data (such as health, biometric, or racial data). However, if you voluntarily provide dietary restrictions or allergen information, we process it as necessary for service provision with appropriate safeguards.
4. HOW WE USE YOUR DATA
We use your personal data for the following purposes:
| Purpose | Legal Basis | Retention |
|---|---|---|
| Account Management | Contract performance, legitimate interest | Duration of account |
| Service Delivery | Contract performance | As needed for service |
| Order Processing & Fulfillment | Contract performance, legal obligation | 2 years |
| Payment Processing | Contract performance, legal obligation | 7 years |
| Personalization | Legitimate interest, consent | During account activity |
| Analytics & Improvement | Legitimate interest | 24 months |
| Security & Fraud Prevention | Legitimate interest, legal obligation | 2 years |
| Customer Support | Contract performance, legitimate interest | 2 years |
| Marketing Communications | Consent (where required) | Until withdrawal |
| Compliance & Audit | Legal obligation | Per legal requirements |
Commercial Messages: When we send marketing communications or promotional content, we comply with applicable regulations. See our Commercial Messages Disclosure for more information.
5. PROCESSING WITHOUT CONSENT
Under specific circumstances, we process your data without explicit consent:
5.1 KVKK Article 5 Exceptions
Under KVKK Law No. 6698, Article 5, we may process personal data without consent when:
- Processing is necessary for the execution of a contract
- Required by law or public authority
- Necessary to protect vital interests
- Processing is for legitimate interests of the data controller
- Data is already publicly available
5.2 KVKK Article 8 Exceptions
Under Article 8 of KVKK, we may process special categories of data when:
- Processing is necessary for health or safety reasons
- Required for legal obligations in employment law
- Processing is conducted by authorized persons under confidentiality
- Data has been made public by the data subject
6. AI CHAT DATA PROCESSING
6.1 AI Provider
Our AI Chat feature is not available at all restaurants. Where available, it uses a third-party AI service provider to deliver intelligent, responsive support and recommendations. Your chat messages may be processed without requiring account creation.
6.2 Data Processing
- Provider: Third-party AI service provider
- Data Transferred: Chat messages, user context, interaction history
- Retention: Up to 90 days for service improvement
- Legal Basis: Contract performance, legitimate interest
- Safeguards: Data Processing Agreements, Standard Contractual Clauses (SCCs) per GDPR Article 46
6.3 Your Rights
You have the right to:
- Request deletion of chat data
- Opt-out of AI-assisted features
- Access your chat history
- Request export of your data
7. DATA SHARING AND RECIPIENTS
We share your personal data with the following categories of recipients:
| Recipient Category | Purpose | Location | Legal Basis |
|---|---|---|---|
| Restaurant Partners | Order processing, fulfillment | Varies | Contract |
| Payment Processors | Transaction processing | Various | Contract, Legal Obligation |
| AI service provider | AI chat processing | US/EU | Contract, Legitimate Interest |
| Third-party analytics provider | Usage analytics | US/EU | Legitimate Interest |
| Hosting provider | Platform hosting | US/EU | Contract, Legitimate Interest |
| Email delivery provider | Email delivery | US | Contract |
| SMS provider | SMS delivery | Turkey | Contract |
| Authentication provider | Authentication | US/EU | Contract |
| Law Enforcement | Legal compliance | Various | Legal Obligation |
7.1 Data Sharing Restrictions
- We do not sell your personal data
- We do not share data with third parties for their own marketing purposes without consent
- All data sharing is limited to what is necessary for the stated purpose
- We maintain data processing agreements with all recipients
8. CROSS-BORDER DATA TRANSFERS
8.1 Transfer Mechanisms
We transfer personal data across borders using:
| Transfer Type | Countries | Legal Mechanism |
|---|---|---|
| UK Transfers | Turkey, EU, US | International Data Transfer Agreement (IDTA) |
| EU Transfers | Turkey, US | Standard Contractual Clauses (SCCs) per GDPR Article 46 |
| KVKK Transfers | Turkey → abroad | KVKK approval + SCCs or equivalent |
8.2 Adequacy Decisions
- EU → US: The EU-US Data Privacy Framework (DPF) for certified recipients
- UK → US: UK adequacy framework and contractual safeguards
- Turkey: KVKK approved Standard Contractual Clauses
8.3 Recipient Certifications
Key recipients maintain appropriate certifications:
- Third-party AI service provider: DPF, SCCs
- Hosting provider: Standard contractual safeguards
- Email delivery provider: Standard contractual safeguards
- SMS provider: KVKK compliance
9. DATA RETENTION
We retain personal data only for as long as necessary:
| Data Type | Retention Period | Rationale |
|---|---|---|
| Account Data | Duration of account + 2 years | Legal/tax compliance |
| Transaction Records | 7 years | Tax law requirements |
| Chat/Communication History | 2 years | Customer support, dispute resolution |
| Analytics Data | 24 months | Service improvement |
| Marketing Consent | Until withdrawal | Compliance with preferences |
| AI Chat Data | 90 days | Service improvement |
| Security Logs | 2 years | Security and fraud prevention |
| Deleted Account Data | Permanent deletion after 90 days | Legal compliance |
After the retention period expires, we securely delete or anonymize your data.
10. YOUR RIGHTS
You have the following rights regarding your personal data:
10.1 KVKK Rights (Turkish Users)
Under KVKK Law No. 6698, Article 11, you have the right to:
| Right | Details |
|---|---|
| Access | Request what personal data we hold about you |
| Correction | Request correction of inaccurate data |
| Deletion | Request deletion of your data (subject to exceptions) |
| Restrict Processing | Request limitation of how we use your data |
| Obtain Copy | Receive your data in a portable format |
| Object | Object to certain types of processing |
| Remedies | Seek compensation for damages |
To exercise KVKK rights: Send an email to info@axelletech.com. For details on what to include in your request, see our Data Subject Request page.
10.2 UK GDPR Rights
Under UK GDPR, you have the right to:
| Right | GDPR Article |
|---|---|
| Access | Article 15 - Right of access by the data subject |
| Rectification | Article 16 - Right to rectification |
| Erasure | Article 17 - Right to erasure ("right to be forgotten") |
| Restrict Processing | Article 18 - Right to restrict processing |
| Data Portability | Article 20 - Right to data portability |
| Object | Article 21 - Right to object |
| Automated Decision-Making | Article 22 - Rights related to automated decision making |
| Withdraw Consent | Article 7(3) - Right to withdraw consent |
10.3 EU GDPR Rights
Under EU GDPR 2016/679, you have the same rights as listed above, with identical article references.
10.4 Exercising Your Rights
To exercise any of these rights:
- Send an email to: info@axelletech.com (see Data Subject Request for what to include)
- Email us: info@axelletech.com
- We will respond within: 30 days (may be extended by 60 days for complex requests)
11. YOUR OBLIGATIONS
As a user of our platform, you agree to:
- Provide accurate and truthful information
- Keep your account credentials secure and confidential
- Notify us immediately of any unauthorized access
- Comply with all applicable laws and regulations
- Respect the privacy of other users
- Not misuse personal data of others
- Inform us of any inaccuracies in your data
- Comply with our Terms of Service and other policies
12. COOKIES AND TRACKING TECHNOLOGIES
12.1 Cookies We Use
We use the following types of cookies:
| Cookie Type | Purpose | Legal Basis |
|---|---|---|
| Essential/Functional | Authentication, session management, preferences | Contract performance |
| Analytics | Usage patterns, user behavior | Legitimate interest |
| Menu Personalization | Remember menu selections and preferences | Legitimate interest |
| Marketing | Tracking for advertising purposes | Consent (where required) |
12.2 Third-Party Analytics
We use a third-party analytics provider to understand how you use our platform:
- Collects anonymous usage data
- Helps us improve service and user experience
- Data is processed by the analytics provider
- Transfers protected under DPF/SCCs
12.3 Menu Personalization Cookies
Our menu personalization cookies are:
- First-party cookies (not third-party tracking)
- Used to remember your food preferences and selections
- Enable a personalized experience
- Allow us to show restaurants anonymous, aggregate preference data
- Do not track you across other websites
12.4 Cookie Preferences
For more information about cookie management, consent, and preferences, please visit our Cookie Policy.
13. CHILDREN'S PRIVACY
13.1 Minimum Age
Our platform is intended for users 18 years of age and older. We do not knowingly collect personal data from children under 18.
13.2 Parental Consent
If a parent or guardian believes their child has provided personal data to us, they should contact us immediately at info@axelletech.com. We will take appropriate steps to remove such information.
14. SECURITY MEASURES
We implement comprehensive security measures to protect your personal data:
- Encryption: HTTPS/TLS encryption for data in transit
- Access Controls: Role-based access restrictions
- Data Minimization: Collection only of necessary data
- Employee Training: Privacy and security training for staff
- Incident Response: Procedures for data breach response and notification
- Network Security: Firewalls and intrusion detection systems
- Secure Hosting: Hosting provider infrastructure with enterprise security
- Regular Audits: Security assessments and penetration testing
- Data Backups: Secure backup and recovery procedures
- Vendor Management: Security requirements for all data processors
Note: While we use industry-standard security measures, no system is completely secure. We cannot guarantee absolute security.
15. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically to reflect:
- Changes in our practices
- New legal requirements
- Technological developments
- Other relevant factors
When we make material changes, we will:
- Notify you via email (to the address on file)
- Display a prominent notice on our website
- Obtain renewed consent if required by law
Your continued use of our platform after changes constitutes your acceptance of the updated policy.
16. CONTACT AND COMPLAINTS
16.1 Contact Information
For privacy questions, requests, or concerns, please contact:
Axelle Tech LTD
- Email: info@axelletech.com
- Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
- Response Time: We aim to respond within 5-7 business days
16.2 Data Protection Authority Complaints
You also have the right to lodge a complaint with the appropriate data protection authority:
Turkey
- Authority: Turkish Personal Data Protection Authority (KVKK Kişisel Verileri Koruma Kurumu)
- Website: kvkk.gov.tr
- Contact: You can submit complaints through their official website
United Kingdom
- Authority: Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Contact: +44 (0)303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
European Union
- Authority: Your Local Data Protection Authority (depending on your country of residence)
- Find Your Authority: edpb.europa.eu
16.3 EU Representative
For users in the European Union, our designated EU Representative (Article 27 GDPR) is:
[To be appointed before EU market entry]
Once appointed, their contact information will be provided here and communicated to all EU users.
17. ADDITIONAL PROVISIONS
17.1 Legal Basis for Processing
All our processing activities are based on one or more of the following legal bases:
- Contract: Processing necessary to perform a contract with you
- Consent: You have given clear consent for the processing
- Legal Obligation: Processing required by applicable law
- Vital Interests: Protection of vital interests of data subjects
- Public Task: Processing necessary for performance of a public task
- Legitimate Interest: Processing necessary for our legitimate interests
17.2 Data Processing Agreements
We maintain Data Processing Agreements with all processors as required by GDPR, KVKK, and other regulations. Upon request, we can provide information about our processing practices.
17.3 Marketing Preferences
You may opt out of marketing communications at any time by:
- Clicking the "Unsubscribe" link in our emails
- Updating your preferences in your account settings
- Contacting us directly at info@axelletech.com
Your opt-out request will be processed within 10 business days.
17.4 Third-Party Links
Our platform may contain links to third-party websites. We are not responsible for the privacy practices of third parties. We recommend reviewing their privacy policies independently.
18. SUMMARY TABLE: RIGHTS AND REMEDIES
| Jurisdiction | Primary Law | Key Article | Complaint Authority | Right to Remedy |
|---|---|---|---|---|
| Turkey | KVKK 6698 | Art. 11 | KVKK Authority | Court action, compensation |
| UK | UK GDPR, DPA 2018 | Art. 15-22 | Information Commissioner's Office (ICO) | Court action, compensation |
| EU | GDPR 2016/679 | Art. 15-22 | Local Data Protection Authority | Court action, compensation |
19. EFFECTIVE DATE AND VERSION
Policy Version: 2.0 (Updated)
Effective Date: 13.03.2026
Last Updated: 13.03.2026
This Privacy Policy is provided in English. If there are discrepancies between this English version and any translated versions, the English version shall prevail.
End of Privacy Policy
For questions or clarifications, please contact us at info@axelletech.com. To exercise your data rights, see our Data Subject Request page.