GDPR / Gloria Food

How can Gloria Food be considered GDPR compliant when it is not possible to delete client data if said client requests deletion of all their data?

From the Gloria Knowledge Base:

How can I delete orders or clients?
Some orders were accepted but then we had to cancel them.

Our system allows restaurant to create test orders in several cases:

• from the administration panel >> “Menu setup & receive orders” >> “Menu setup” >> “Preview” button

• from the “Marketing” section >> “Your promotions” >> “Preview” button

• from the order taking app >> “Test order” option

Such test orders do no register in the reports, and except for the test orders made from the order taking app, they are also not pushed to the app, no email confirmations are triggered etc.

However, if the restaurants performs some end-to-end tests from the menu published in a website, Facebook page or app, these are considered as real orders by the system and will behave as an order from a real client.

The system doesn’t allow deletion of any historical records, be it orders or clients - this is a basic principle for any billing/invoicing software.

But we might add in the future something to maybe “mark” an order a test/canceled order and then move it to some “archive” state but a bit later. We have no road-map deadline for it since it is rarely requested today.

You should first read the GDPR law and understand it. Then read the agreements with using GF system. Finally maybe you should request this info from GF since we can not provide you any real answer we can only give opinions.

From what I can tell it’s not as simple as just requesting it removed. You have to meet criteria. GDPR is not a blanket to let people willing give up their data and then change mind and want it deleted. Many companies collect and process data. Most of them will not just delete data on request.

When you use GF you agree to how they use your data.

Transactional data has to be kept for a certain amount of time anyway, GDPR does not undermine this.
In the same way people do not need to consent to you sending them transaction emails like receipt and dispatch messages etc.
Also, my stance would be gloria are holding the data so thats their issue to worry about. They undoubtedly have reams of terms and conditions people ‘accept’ when ordering so customer has agreement with gloria too, not just you.

I don’t profess to having a great deal of knowledge on GDPR law to be honest and it’s not an area I find overly interesting to read about. But I do think its a good idea to allow individuals to request their data to be deleted if the purpose for which it was collected is no longer required.

From The ICO website:

What is the right to erasure?
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

Individuals have the right to have their personal data erased if:

the personal data is no longer necessary for the purpose which you originally collected or processed it for;

Another POS software I use (large American firm) has built in GDPR compliance features to the software. If a client or former staff member wants their data erased then the software will overwrite all personal data such as name with dummy data.

In this way, the transactional data (sales) that you speak of is retained but personally identifiable data is not.

I might bring the issue up with them I just wondered how others dealt with the issue.

If you were to sell/resell this solution en masse within a GDPR regulated state then it would seem prudent in my eyes to have such a feature built in to some extent.

Another POS software I use (large American firm) has built in GDPR compliance features to the software. If a client or former staff member wants their data erased then the software will overwrite all personal data such as name with dummy data.
In this way, the transactional data (sales) that you speak of is retained but personally identifiable data is not.

I really like this idea and its something I would like to see implemented in one of the future releases.

Sure this could be done with automation, its only update entity data…

I mean to update all previous tickets and attached entities in the SQL database. As far as I know, changing the name of the entity doesn’t actually replace the entity name in previous tickets in the database. Or does it?

I never really dug that deep, does it even save entity name in the SQL database at all or does it just refer to the ID number from entity table?

Thats a good point, would seem wasteful to duplicate all that data.
I know ticket user refers to id and not name.
I would doubt it duplicates entity data into ticket.

The quote above clearly states the right is not absolute.
I take GDPR primerally as an anti spamming thing and that it is more about marketing that sales/transaction references.
There was heavy enfasis of need to intentionally opt in rather than opt out etc for marketing.

GF has clear disclaimers with how they use data.

This is from their data use policy.

10. Right to erasure (‘right to be forgotten’)

10.1. The data subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based, where the processing takes place on the basis of the data subject’s consent given for processing personal data for one or more specific purposes and where there is no other legal ground for the processing;

© the data subject objects to the processing, on grounds relating to his or her particular situation, in accordance with the Regulation, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purpose and where there is no other legal ground for the processing;

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;

(f) the personal data have been collected in relation to the offer of information society services to a child, in accordance with the Regulation.

10.2. Where the Controller has made the personal data public and is obliged pursuant to paragraph 10.1 to erase the personal data, the Controller, taking account of available technology and the cost of implementation, takes reasonable measures, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

10.3. Paragraphs 10.1 and 10.2 do not apply to the extent that processing is necessary:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

© for reasons of public interest in the area of public health in accordance with the Regulation;

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the Regulation, in so far as the right referred to in paragraph 10.1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(e) for the establishment, exercise or defence of legal claims.

10.4. In addition, the Controller may offer, within the application or emails that will be sent to you, the possibility to be forgotten and all your personal data to be erased, without the obligation of fulfilling all the above mentioned conditions, by accessing any link regarding the erasure of all personal data, and in this case the EULA will cease with immediate effect in the same time with the erasure of personal data and all your data will be erased.

I think the important thing to understand is that GDPR does not give people the right to just delete data on a whim. Its meant to protect from unwanted spam with nefarious means to collect data against their knowledge.

From what i can tell they actually seem to go out of their way to ensure GDPR is followed legally.

Hi @Posflow as far as I can see the company to which I refer has put that feature in to enable clients to easily comply with requests for data erasure in a reasonable time frame.
If someone was not ‘tech savvy’ or did not have root admin access to the relevant database tables then they may not be able to comply with the request within a reasonable time frame.
With Samba I understand such root access is available to the entire database so I assume it is technically possible to erase personal data as JTRTech alluded.

I have to assume that Gloria would erase data if requested to under GDPR based on the referenced content from Jesse which I had not come across until now.

Am less concerned about that as the client I have installed it to has noticed a number of missing features that he deems important and available on the other delivery platforms he has used. E.g. you have to type the collection time and delivery time every single order for immediate dispatch. Every other platform allows you to preset a fulfilment time so you just hit ‘accept’. I can see the guy’s point. In a place as busy as that if you type in the wrong number it could cause a lot of confusion. Then there is the custom domain - $25 a month and you have to use a domain that they purchase. $59 a month for two extremely basic apps. I have an alternative lined up that will work out cheaper than Gloria and offer the features the client expects.

This exact feature is something they are VERY stubborn about. Many, and I mean MANY, restaurants bring this up and resellers, and they always say the same thing. They feel you should always have to manually enter a time and they dont plan to ever allow auto times.

Although I imagine they will add it at some point and make a big deal about it how they listened…

This is not a big deal, Just dont use their prebuilt website, its crap anyway. You can insert their button into any website and buy your own domain.

Yeah the custom app is a lot of money. Most people find the free share app is fine. The custom app is the same app just programed to go directly to your restaurant and listed in app store.

This is not a big deal, Just dont use their prebuilt website, its crap anyway. You can insert their button into any website and buy your own domain.

I’ve done that. Client was talking about the URL that appears if you order from a smartphone.
According to Gloria, it shows the foodbooking URL on those devices because the widget is not optimised for mobile and they need a separate one. The desktop one pops out of the current page.
That issue was not major for him but he mentioned a few things like remembering card details to make it easy for customers to re-order (and less likely to go back to Just Eat for example). Gloriafood uses cookies to remember this unlike every other app / web app I know which uses a login (which you could leave logged in if desired).
White label. Sounds great but its still someone else’s software. You white label it so much and pretend it is your brand and then what do you do when the customer asks why you can’t change things? You are stuck with Gloria’s stubborn attitude. TBH I think a lot of other companies have the same stance it is just that Gloria tell you straight they are not changing it. I know other companies that will keep telling you the feature you want is ‘a couple of months away’ and then two years later they are telling you the same thing, just to try and keep you as a monthly paying client.

Hi!

Food clients can click on the “forget me” link in any order confirmation email at any time, and we just remove their data.

In the case of restaurants enrolled under partners, an email request is sent by the system to the restaurants enrolled by the partner, like this:

It is important to mention that due to the newly released GDPR regulations (compulsory since the 25th of May, 2018), we are legally obliged to send such notifications, every time a food client requests to be forgotten. More details about this part of the regulation here: https://gdpr-info.eu/?s=forgotten

We’ve designed the GDPR compliance to keep food client data exposure to a minimum “need to know” basis as this law requires.

Hi!

Regarding the collection and delivery time: Many restaurants insert their own custom time, and presenting them with some presets would make the experience more complex. However, we are working on a feature to limit the number of orders a restaurant receives for a certain interval. This should help space out the orders a bit so they don’t receive as many at the same time and potentially lose some.

Regarding the pricing of the apps: If you feel like the price is too high for what the apps offer, sticking to the free features should work out just fine. This is a “hop-on/hop-off” dynamic platform in which you (or the restaurant manager) may decide to pay as you go for certain paid modules, cancel them any month, reactivate if you want, and so on.

Hi!

Indeed, our mobile ordering widget is not as refined as the desktop one when it comes to the URL. Unlike other solutions, we don’t just have one ordering widget that is also mobile responsive.

Instead, we have two different versions: one optimized for PC browsers and UX, which works best with pad clicks and scrolls, and another optimized for mobile browsing which is meant for taps and swipe operations.

This is why the mobile ordering URL of your restaurant clients originates from foodbooking.com. And it’s true, the only way to hide this FoodBooking URL for mobile ordering is to purchase a partner service custom domain.

Regarding remembering card details: For a frictionless checkout experience, we remember the food-clients’ card details. Technically, we don’t store the card details on our servers, instead we store them in a PCI compliant vault. We only have a token to the card stored in that vault, as well as the last 4 digits for displaying purposes.

Regarding not changing things: We usually research and discuss with many restaurants before deciding on a big change. The ultimate choice to change or not change something, or to add a new feature, is made considering the needs of thousands of restaurants that already use our system. We understand that some restaurants may not approve, and in cases where that is possible, our support team recommends workarounds. We prefer to “tell it like it is” and be honest with our clients instead of pretending like we’re going to release a feature sometime in the future and never do.

Thank you. Out of interest, What happens to restaurant sales data?
Is the client’s sales history deleted or is it simply decoupled from their account?

For example, last week I sell £1000 through Gloria. A customer that spent £25 that week has deleted their account today as you describe.
If I now run a report for last week will it still show £1000 sales or will it reduce to £975?
(this is a hypothetical example, not a real one).

Thanks,

Well I think I have found the answer. I deleted myself, having done some test orders, and the sales figures remain the same.
Not that it matters much as I don’t think you can delete any sales, even if you refund the customer.
Just curious.