PRIVACY POLICY

LAST UPDATED: January 28, 2026

OREXI Tech Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and protect your personal data when you visit our website (orexiordering.gr) or use our services, including OREXI Menu, OREXI Pro, and OREXI Website.

For the purposes of the General Data Protection Regulation (EU GDPR) and the UK Data Protection Act 2018 (UK GDPR), the Data Controller is:

OREXI TECH LIMITED 3rd Floor, 86-90 Paul Street
London, England, EC2A 4NE
United Kingdom
Email: privacy@orexiordering.gr

1. DEFINITIONS

  • “Personal Data”: Any information relating to an identified or identifiable natural person (e.g., name, email, IP address).
  • “Processing”: Any operation performed on personal data, such as collection, storage, use, or deletion.
  • “Client”: The business entity subscribing to our Services (e.g., the Restaurant).
  • “End-User”: The customer of our Client (e.g., the person ordering food).

2. DATA WE COLLECT

We collect data to provide our SaaS platform and ensure smooth business operations.

A. Information You Give Us (The Client)

When you register for an account, subscribe to our services, or contact support, we collect:

  • Identity Data: Business owner name, username.
  • Contact Data: Business address, email address, telephone numbers.
  • Financial Data: Bank account details and payment card details (processed securely by third-party payment gateways; we do not store full card numbers).
  • Tax Data: VAT number (AFM) and tax office details for invoicing purposes.

B. Information We Collect Automatically

When you visit orexiordering.gr, we may automatically collect:

  • Technical Data: IP address, browser type and version, time zone setting, operating system.
  • Usage Data: How you use our website and platform (e.g., button clicks, page views).

C. POS Transaction & End-User Data (Acting as Data Processor)

As a provider of Point of Sale (POS) and ordering systems, we process data generated by your business operations. This includes:

  • Transaction Data: Receipts, daily sales records, payment methods, and timestamps.
  • Order Details: Items sold, table numbers, and special instructions.
  • End-Customer Details: Name, delivery address, and phone number.

Important Disclaimer: We store this data solely for operational purposes (e.g., printing kitchen tickets, viewing sales reports). Our system does not currently automate tax reporting or connect directly to fiscal authorities (such as AADE myDATA). You are solely responsible for ensuring that all transactions processed through OREXI are correctly declared to the relevant tax authorities using your own fiscal devices or accounting processes.

In this capacity, You (the Client) are the Data Controller and We are the Data Processor.

3. HOW WE USE YOUR DATA

We process your personal data under the following legal bases:

  1. Contractual Necessity: To register you as a new client, process your subscription, and provide the software services you requested.
  2. Legal Obligation: To comply with UK tax laws (HMRC), keep accounting records, and prevent fraud.
  3. Legitimate Interest: To improve our software, secure our network, and grow our business (marketing), provided these interests do not override your rights.

4. DATA SHARING & DISCLOSURE

We do not sell your data. We may share your data with:

  • Service Providers: Third-party companies that help us run our business, such as cloud hosting providers (e.g., AWS, Google Cloud) and payment processors (e.g., Stripe, Everypay).
  • Professional Advisers: Lawyers, bankers, auditors, and insurers based in the UK.
  • Tax Authorities: HM Revenue & Customs (HMRC) in the UK, and if strictly required by law or cross-border VAT regulations, relevant Greek authorities.

5. INTERNATIONAL DATA TRANSFERS (UK & EU)

We are based in the United Kingdom.

  • Data Flow: If you are based in Greece (EU), your data will be transferred to and stored in the UK.
  • Adequacy Decision: The European Union has formally recognized the UK as providing an “adequate” level of data protection. This means data can flow freely from Greece to our UK servers without the need for additional complex legal safeguards.
  • We will ensure that your data is treated securely and in accordance with this policy, regardless of where it is processed.

6. DATA RETENTION

We will retain data only as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • POS & Sales History (Your Data): We retain the transaction history and fiscal data generated by your POS system for the duration of your active subscription. This ensures you can access past sales reports and tax records required for your own audits.
  • Data Deletion: If you cancel your subscription, we may delete your operational POS data after 90 days (to allow for a grace period if you change your mind), unless you request immediate deletion. It is your responsibility to export your fiscal data for tax authorities before cancelling.
  • OREXI’s Corporate Records (Our Data): By UK law (HMRC), we are required to keep basic information about our relationship with you (Subscription Invoices, payments you made to us, and your business contact details) for six (6) years for our own tax purposes.

7. YOUR LEGAL RIGHTS

Under data protection laws (GDPR/UK GDPR), you have the right to:

  • Request access to your personal data.
  • Request correction of inaccurate data.
  • Request erasure of your data (“Right to be forgotten”), subject to our legal obligations to retain certain data (e.g., for tax).
  • Object to processing of your personal data.
  • Request the transfer of your data to you or a third party.

To exercise any of these rights, please contact us at privacy@orexiordering.gr.

8. COOKIES

Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience and allows us to improve our site. You can set your browser to refuse all or some browser cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

9. SUPERVISORY AUTHORITY

Since we are a UK company, our lead supervisory authority is the Information Commissioner’s Office (ICO).

However, as an EU citizen/business, you also have the right to lodge a complaint with your local data protection authority, such as the Hellenic Data Protection Authority (HDPA) in Greece. We would, however, appreciate the chance to deal with your concerns before you approach the authorities, so please contact us in the first instance.

10. CHANGES TO THIS POLICY

We may update this privacy policy from time to time. The latest version will always be posted on this page with the “Last Updated” date.

Η εμπειρία σου μετράει! Χρησιμοποιούμε cookies για να κάνουμε την περιήγησή σου καλύτερη.