Menuva takes legal compliance seriously. Although Menuva is a free, student-led pilot project, we have assessed and addressed the regulatory frameworks that apply to a UK-based digital service handling personal data and food information. This page summarises our approach.

1.1 Menuva processes limited personal data (primarily analytics event data and online identifiers) and is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.2 We have completed a Data Protection Impact Assessment (DPIA) to evaluate risks, particularly in relation to younger users. A Legitimate Interests Assessment (LIA) is documented for each processing activity that relies on legitimate interests as its lawful basis. We maintain a Record of Processing Activities (ROPA) as required by Article 30 of the UK GDPR.

1.3 A data breach response procedure is in place to meet our notification obligations under UK GDPR Articles 33 and 34 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

1.4 International data transfers (primarily to Google LLC and Apple Inc. in the United States) are protected by the UK Extension to the EU-US Data Privacy Framework and UK Standard Contractual Clauses, in accordance with UK GDPR Articles 44-49.

1.5 Our Privacy Policy sets out in full what data we collect, how we use it, who we share it with, and how you can exercise your rights.

2.1 Menuva uses Google Analytics (GA4) for usage measurement. We have assessed our obligations under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) Regulation 6, as amended by the Data (Use and Access) Act 2025 (DUAA).

2.2 Analytics operates under the statistical analysis exception in PECR Schedule A1, paragraph 5 (inserted by DUAA s.112). Its sole purpose is to collect statistical data about how the Service is used with a view to making improvements. Google data sharing is disabled, IP addresses are anonymised, and no personal identifiers are collected. The lawful basis for processing the resulting analytics data under the UK GDPR is legitimate interests (Article 6(1)(f)), documented in our Legitimate Interests Assessment.

2.3 You can opt out of analytics at any time using the Manage Analytics link in the footer of any page. Once opted out, the analytics script does not load and no usage data is collected.

2.4 Our Cookie Policy provides a full list of cookies, local storage keys, and similar technologies used on the Website.

3.1 We have assessed Menuva against the ICO's Age Appropriate Design Code (AADC), introduced under Section 123 of the Data Protection Act 2018, which sets out 15 standards of age-appropriate design for online services likely to be accessed by children.

3.2 Key measures we have taken:

• Data minimisation: we collect only what is necessary for the Service to function and improve. The Service is accountless and does not require registration.
• No profiling: we do not profile users or make automated decisions based on personal data.
• No advertising: ad storage, ad user data, and ad personalisation are all disabled. We do not collect the advertising identifier (IDFA) or use ATT-based tracking.
• Child-friendly privacy information: our Privacy Policy includes a plain-language summary for younger users and their parents (Section 10.2).
• Default privacy: analytics privacy protections are applied by default, not as an opt-in.

4.1 Menuva is not a food business operator (FBO) under Regulation (EU) No 1169/2011 or the Food Information Regulations 2014. Menuva does not prepare, sell, or supply food. We are a digital platform that displays menu and allergen information provided by participating restaurants.

4.2 Allergen data shown in Menuva is sourced from venue-provided information and is displayed as guidance only. Each menu clearly attributes the source restaurant, and data freshness timestamps indicate when the information was last updated.

4.3 Users are advised to confirm allergen information directly with the venue before ordering, particularly where allergies are severe. This guidance is displayed within the Service.

5.1 In accordance with the Companies Act 2006 and the Electronic Commerce (EC Directive) Regulations 2002, we provide the following:

• Operator: Duke DJ Saputra
• Address: Warwick Business School, University of Warwick, Scarman Rd, Coventry CV4 7AL
• Email: hello@menuva.co.uk

5.2 Menuva is a student-led project and is not a registered company.

6.1 We apply technical safeguards appropriate to the nature and scale of the Service:

• all connections use HTTPS encryption
• Google Analytics is configured with IP anonymisation, no user ID, no advertising features, and all data sharing disabled, with a 14-month data retention period
• the menus page uses Firebase App Check with reCAPTCHA v3 to prevent automated abuse of our backend services
• database access is read-only with no server-side storage of personally identifiable information
• administrative access is restricted and regularly reviewed

6.2 We do not load external dependencies beyond Google Analytics (gtag.js) and, on the menus page, Firebase and reCAPTCHA. The site has no build dependencies, no third-party JavaScript libraries, and no external stylesheets or fonts.

• Privacy Policy: full details on data collection, use, and your rights
• Cookie Policy: cookies, local storage, and similar technologies
• Terms & Conditions: terms of use for the Menuva service
• Complaints Procedure: how to raise a complaint, including escalation to the ICO
• Accessibility Statement: our commitment to accessible design
• Contact: general enquiries and support

8.1 For compliance enquiries or questions about this page: hello@menuva.co.uk

8.2 For complaints about how we handle your data or our compliance practices, please see our Complaints Procedure.

8.3 You also have the right under UK GDPR Article 77 to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk, phone 0303 123 1113.

Menuva 重视法律合规。尽管 Menuva 是一个免费的学生主导试点项目，我们已经评估并解决了适用于处理个人数据和食品信息的英国数字服务的监管框架。本页面概述了我们的合规方法。

1.1 Menuva 处理有限的个人数据（主要是分析事件数据和在线标识符），受英国通用数据保护条例（UK GDPR）和《2018 年数据保护法》约束。

1.2 我们已完成数据保护影响评估 (DPIA)，以评估风险，特别是与年轻用户相关的风险。对于依赖合法利益作为法律依据的每项处理活动，我们都记录了合法利益评估 (LIA)。我们按照 UK GDPR 第 30 条的要求维护处理活动记录 (ROPA)。

1.3 我们已制定数据泄露响应程序，以履行 UK GDPR 第 33 条和第 34 条以及《2003 年隐私与电子通信（欧盟指令）条例》(PECR) 规定的通知义务。

1.4 国际数据传输（主要传输至美国的 Google LLC 和 Apple Inc.）受到 EU-US 数据隐私框架英国扩展协议和英国标准合同条款的保护，符合 UK GDPR 第 44-49 条的规定。

1.5 我们的隐私政策详细说明了我们收集哪些数据、如何使用、与谁共享，以及您如何行使自己的权利。

2.1 Menuva 使用 Google Analytics (GA4) 进行使用情况测量。我们已评估了根据经《2025 年数据（使用与访问）法案》(DUAA) 修订的《2003 年隐私与电子通信（欧盟指令）条例》(PECR) 第 6 条所承担的义务。

2.2 分析功能在 PECR 附表 A1 第 5 段规定的统计分析例外条款（由 DUAA 第 112 条插入）下运行。其唯一目的是收集有关服务使用情况的统计数据，以便进行改进。Google 数据共享已禁用，IP 地址已匿名化，且不收集个人标识符。根据 UK GDPR 处理所得分析数据的法律依据是合法利益（第 6(1)(f) 条），已记录在合法利益评估中。

2.3 您可以随时通过任何页面页脚的管理分析链接选择退出分析。选择退出后，分析脚本不会加载，也不会收集使用数据。

2.4 我们的 Cookie 政策提供了网站上使用的 Cookie、本地存储键和类似技术的完整列表。

3.1 我们已根据 ICO 的《适龄设计准则》(AADC) 对 Menuva 进行了评估。该准则根据《2018 年数据保护法》第 123 条制定，为可能被儿童访问的在线服务制定了 15 项适龄设计标准。

3.2 我们采取的关键措施：

• 数据最小化： 我们仅收集服务运行和改进所必需的数据。服务无需账户，不需要注册。
• 不进行画像分析： 我们不对用户进行画像分析或基于个人数据做出自动化决策。
• 无广告： 广告存储、广告用户数据和广告个性化均已禁用。我们不收集广告标识符 (IDFA)，也不使用基于 ATT 的跟踪。
• 儿童友好的隐私信息： 我们的隐私政策包含面向年轻用户及其家长的通俗易懂的摘要（第 10.2 条）。
• 默认隐私： 分析隐私保护默认启用，而非选择性启用。

4.1 Menuva 不是《欧盟法规 (EU) No 1169/2011》或《2014 年食品信息条例》所定义的食品经营者 (FBO)。Menuva 不制作、销售或供应食品。我们是一个展示参与餐厅提供的菜单和过敏原信息的数字平台。

4.2 Menuva 中显示的过敏原数据来源于餐厅提供的信息，仅作为参考指南显示。每个菜单清楚标注来源餐厅，数据新鲜度时间戳显示信息的最后更新时间。

4.3 建议用户在点餐前直接向餐厅确认过敏原信息，尤其是在过敏情况严重时。此指南在服务中显示。

5.1 根据《2006 年公司法》和《2002 年电子商务（欧盟指令）条例》，我们提供以下信息：

• 经营者： Duke DJ Saputra
• 地址： Warwick Business School, University of Warwick, Scarman Rd, Coventry CV4 7AL
• 电子邮件： hello@menuva.co.uk

5.2 Menuva 是一个学生主导的项目，不是注册公司。

6.1 我们根据服务的性质和规模采取适当的技术保障措施：

• 所有连接使用 HTTPS 加密
• Google Analytics 配置了 IP 匿名化、无用户 ID、无广告功能，所有数据共享已禁用，数据保留期为 14 个月
• 菜单页面使用 Firebase App Check 和 reCAPTCHA v3 防止对后端服务的自动化滥用
• 数据库访问为只读模式，服务器端不存储个人身份信息
• 管理员访问权限受到限制并定期审查

6.2 除 Google Analytics (gtag.js) 以及菜单页面上的 Firebase 和 reCAPTCHA 外，我们不加载外部依赖项。网站没有构建依赖项、没有第三方 JavaScript 库、没有外部样式表或字体。

• 隐私政策：数据收集、使用及您的权利的详细信息
• Cookie 政策：Cookie、本地存储和类似技术
• 条款与细则：Menuva 服务的使用条款
• 投诉程序：如何提出投诉，包括向 ICO 申诉
• 无障碍声明：我们对无障碍设计的承诺
• 联系方式：一般咨询和支持

8.1 如有合规咨询或关于本页面的问题：hello@menuva.co.uk

8.2 如需对我们的数据处理方式或合规实践进行投诉，请参阅我们的投诉程序。

8.3 您也有权根据 UK GDPR 第 77 条向信息专员办公室 (ICO) 提出投诉：ico.org.uk，电话 0303 123 1113。

Email: hello@menuva.co.uk

More: Visit Contact page

邮箱: hello@menuva.co.uk

更多: 前往联系页面