RADEUX – Privacy Policy
Last updated: 8 July 2025
1. Who We Are
RADEUX (Pty) Ltd. (“RADEUX,” “we,” “us,” “our”) is a South-African company that supplies restaurants and other venues (our Clients) with QR-code content, guest-engagement flows, and social-media automation services (the “Services”).
- Registered Office: South Africa
- Data-Protection Contact: CJ Rademeyer, Director – cjrademeyer@ymail.com
2. Scope & Roles
| Data Subject | Typical Relationship | RADEUX’s Role |
|---|---|---|
| Clients (restaurant owners/managers who contract with us) | Business-to-business service users | Data Controller |
| Customers/Guests (diners who scan a Client’s QR code or otherwise engage with the Service) | End-users of the engagement flow | Data Processor acting on the Client’s instructions |
When we act as a processor, Clients remain the ultimate data controllers and must have their own lawful basis (e.g., consent or legitimate interest) for collecting Customer data. This Policy explains how we process that data on their behalf.
3. The Information We Collect
| Category | Examples (illustrative) | Source |
|---|---|---|
| Client Business Info | Contact name, business email, phone, billing address | Direct B2B contact |
| Customer Info (processed for Clients) | Name, email or phone number, region/postcode, birthday (optional), user-generated photos, survey answers | QR flows, forms, WhatsApp chats |
| Technical Data | IP address (truncated), device/browser type, time-stamps, cookie IDs | Website / portal analytics |
| Marketing Preferences | Opt-in records for email/SMS/WhatsApp marketing | Check-boxes within flows |
Sensitive data: We do not intentionally solicit or store special-category data (e.g., health, ethnicity, card details) via the Service.
4. How We Collect It
- Directly – When Clients sign a contract or Customers fill in forms / upload photos.
- Automatically – Via essential / analytics cookies and similar technologies (see §13).
- From third parties – Payment providers may confirm a transaction; messaging platforms deliver opted-in content.
5. Why & On What Basis We Use Data
| Purpose | Data Subject | Legal Basis (GDPR & POPIA) |
|---|---|---|
| Create/manage Client account, billing | Client | Contract performance |
| Deliver the QR flow, verify treat/ reward | Customer | Legitimate interest of Client; Contract with Customer (treat fulfilment) |
| Send opted-in marketing or prize-draw notifications | Customer | Consent (obtained by Client within flow) |
| Customer support & service optimisation | Both | Legitimate interests |
| Security, fraud prevention, legal compliance | Both | Legal obligation; Legitimate interests |
| RADEUX B2B marketing to prospective Clients | Client | Consent or Legitimate interests |
6. Sharing & Disclosure
We never sell or rent personal information. We may share limited data with:
- Cloud & database hosts (secure SA/EU/US servers)
- Email/SMS/WhatsApp platforms (for communications you requested)
- Payment processors (for Client subscription fees)
- Professional advisers/regulators where required by law
Every third-party processor is bound by written data-processing terms consistent with this Policy.
7. International Transfers
Whenever data leaves its country of origin (e.g., EEA → South Africa / US), we rely on Standard Contractual Clauses or equivalent safeguards.
8. Security Measures
- TLS/HTTPS encryption in transit
- AES-256 encryption at rest for key databases
- Role-based access & multi-factor authentication
- Regular vulnerability scanning and staff training
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Client contract & billing records | Minimum 5 years (tax & audit) |
| Customer engagement data | Until the Client deletes it or requests erasure, or until the Customer exercises a right to be forgotten |
| Analytics logs | Typically 12 months, then aggregated or deleted |
10. Your Rights
| If you are a… | You may request… |
|---|---|
| Client | Access, rectification, deletion, portability, objection, restriction |
| Customer | Same rights, routed via (or jointly with) the relevant Client controller |
To exercise any right, email cjrademeyer@ymail.com with “Privacy Request” in the subject. We respond within the timelines required under GDPR (EU/UK) or POPIA (South Africa).
11. Cookies & Similar Tech
We use:
- Essential cookies – keep the portals working.
- Analytics cookies – help us measure traffic. (Consent banners shown where required.)
Customers can disable cookies in browser settings; core Service elements may be affected.
12. Children
RADEUX does not knowingly collect data from anyone under 18. If you suspect a minor’s data has been provided, contact us for prompt removal.
13. Automated Decisions & Profiling
Prize-draw winners are selected randomly. No automated decisions with legal or similarly significant effects are made about Clients or Customers.
14. Changes to This Policy
We may modify this Privacy Policy periodically. Material updates will be emailed to affected Clients and highlighted on our website with a new “Last updated” date.
15. Contact & Complaints
- Data-Protection Contact: CJ Rademeyer – cjrademeyer@ymail.com
- EU/UK: You may complain to your local supervisory authority.
- South Africa: Contact the Information Regulator (inforegulator.org.za).
We invite you to contact us first so we can resolve any concern directly.
Thank you for trusting RADEUX. Whether you are a Client powering your restaurant’s growth or a Customer sharing your dining moment, we work hard to keep your information safe and your experience delightful.