Privacy Policy

This Privacy Policy informs you how personal data of users of the MeHungry mobile application and website (hereinafter the "Application") is collected, processed, and protected.

The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Czech Act No. 110/2019 Coll., on the Processing of Personal Data.

1. Identity and Contact Details of the Controller

The personal data controller is: Melikset Zanikov ID (IČO): 22112774 Registered in the Trade Register maintained by the Municipal Office of Černošice. E-mail: info@mehungry.cz (hereinafter the "Controller")

The Controller has not appointed a Data Protection Officer (DPO).

The Application is intended for users aged 16 and over. The Controller does not knowingly collect personal data from persons under the age of 16.

2. Scope and Categories of Processed Data

The Controller processes only the data necessary for the proper functioning of the Application and the provision of services:

  • Identification and Contact Data: E-mail address (obtained via Supabase Auth).
  • Geolocation Data: Current location of the device (only with the explicit consent of the user in the device settings) for the purpose of displaying nearby restaurants.
  • Technical Data: IP address, device type, operating system, device identifiers, application usage data (analytics).
  • User Preferences: Favorite restaurants, filter settings (diet, allergens, cuisine).

3. Purpose of Personal Data Processing

Personal data is processed for the following purposes:

  • Provision of Application Services: User registration, account management, location-based restaurant search, and saving favorites (performance of a contract).
  • Analysis and Service Improvement: Monitoring traffic and user behavior in the Application to optimize features (legitimate interest).
  • Security: Protection against unauthorized access and misuse of services (legitimate interest).

4. Legal Basis for Processing

  • Performance of a Contract: Necessary for using the Application and providing its functions (Art. 6(1)(b) GDPR).
  • Legitimate Interest: Improving services through analytics and ensuring IT infrastructure security (Art. 6(1)(f) GDPR).
  • Consent: Granted by the user for access to device location services or for storing cookies/local storage (Art. 6(1)(a) GDPR).

5. Recipients of Personal Data (Processors)

The Controller uses verified subcontractors to operate the Application, who process data only within the Controller's instructions:

  • Supabase: Database and authentication service provider (data storage and login management).
  • PostHog: Analytics service provider (anonymized usage data, EU endpoint).
  • Mapbox: Map service provider (map rendering and geolocation data).
  • Hosting Services: Cloud infrastructure providers.

Personal data may be transferred to third countries (outside the EU) if these providers meet data protection standards (e.g., based on Standard Contractual Clauses).

6. Data Retention Period

Personal data is stored for:

  • The period necessary to exercise the rights and obligations arising from the contractual relationship (for the duration of the user account).
  • Until the consent is withdrawn (for data processed based on consent).
  • The period stipulated by relevant legal regulations (e.g., accounting and tax regulations).

After the retention period, the Controller deletes or anonymizes the data.

7. Cookies and Local Storage

The Application uses local storage technology and cookies to ensure functionality (e.g., staying logged in, saving preferences). Analytical cookies are used only to monitor aggregated traffic. The user can restrict the storage of this data in their browser or device settings, which may, however, affect the functionality of the Application.

8. Mobile Application Permissions

For full functionality, the Application may require access to:

  • Location Services: To display nearby restaurants and navigation on the map. These permissions can be changed at any time in the mobile device's operating system settings.

9. Rights of the Data Subject

In connection with the protection of personal data, you have the following rights:

  • Right of Access: You have the right to know what data we process about you.
  • Right to Rectification: The right to request the correction of inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): The right to request the deletion of data if it is no longer needed or the processing is unlawful.
  • Right to Restriction of Processing: The right to request a temporary restriction of processing in certain cases.
  • Right to Data Portability: The right to receive your data in a structured format.
  • Right to Object: Against processing based on the legitimate interest of the Controller.
  • Right to Lodge a Complaint: With the Office for Personal Data Protection (www.uoou.cz) if you believe that the processing violates legal regulations.

To exercise any of the above rights, please contact us at: info@mehungry.cz. We will respond to your request within 30 days.

10. Data Security

The Controller declares that they have taken all appropriate technical and organizational measures to secure personal data, in particular encryption of communication, database security, and restricting data access to authorized persons only.

11. Final Provisions

The Controller reserves the right to change this policy. The current version is always available in the Application and on the website at: https://mehungry.cz/en/privacy.

This policy becomes effective on May 5, 2026.