01
Introduction
Nazare Beach ("we", "us", "our") operates the NZR mobile application (the "App"), available on the Apple App Store. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable law.
By using the App you agree to the practices described in this policy. If you do not agree, please do not use the App.
02
Data Controller
The data controller responsible for your personal information is:
Buljarica, 84300, Montenegro
Website: nazarebeach.me
Privacy contact: nazarebeachesapp@gmail.com
03
Data We Collect
Account data
| Data | Why we collect it |
|---|---|
| Email address | Account creation, sign-in, and password reset |
| Password | Authentication — stored securely and never visible to us |
Device & notification data
| Data | Why we collect it |
|---|---|
| Device identifier | A unique ID stored on your device to deliver push notifications to you |
| Notification token | Enables push notifications for order status, events, and live music |
| Crash & error reports | Helps us identify and fix technical issues to improve stability |
| App usage data | General information about how the app is used, to help us improve it |
Order & activity data
| Data | Why we collect it |
|---|---|
| Orders placed | To process your order, show order history, and send status updates |
| Menu interactions | To improve the menu experience and highlight popular items |
| QR code scans | The QR identifies your table only — no image or photo is stored |
Data we do not collect
Orders are paid at the venue — no financial data passes through the App.
04
Legal Basis for Processing
| Processing activity | Legal basis (GDPR Art. 6) |
|---|---|
| Account creation & sign-in | Contract — necessary to provide the service |
| Order processing & history | Contract — necessary to fulfil your order |
| Order status notifications | Contract — necessary to fulfil your order |
| Event & music notifications | Legitimate interest / Consent — withdraw anytime in iOS Settings |
| App stability & analytics | Legitimate interest — to maintain and improve the App |
05
Third-Party Services
To provide the App, we use services from Google LLC (Firebase platform) for authentication, push notifications, stability monitoring, and usage analytics. Data processed by these services is governed by Google's Privacy Policy.
06
Data Retention
We retain your personal data only for as long as necessary to provide the service and fulfil the purposes described in this policy. When data is no longer needed, we delete or anonymise it. You may request deletion of your account and associated data at any time by contacting us.
07
Your Rights (GDPR)
As a data subject in the EU/EEA you have the right to:
- Access Request a copy of the personal data we hold about you.
- Rectification Ask us to correct inaccurate or incomplete data.
- Erasure Ask us to delete your data where there is no overriding reason to keep it.
- Restriction Ask us to limit how we process your data in certain circumstances.
- Portability Receive your data in a structured, machine-readable format.
- Object Object to processing based on legitimate interests.
- Withdraw consent Where processing is based on consent, withdraw it at any time without affecting past processing.
To exercise any right, email nazarebeachesapp@gmail.com. We will respond within 30 days.
Agency for Personal Data Protection and Free Access to Information — azlp.me
08
Push Notifications
The App requests permission to send push notifications for order status updates, event announcements, and live music schedules. You can enable or disable notifications at any time in iOS Settings → NZR → Notifications.
09
Camera Access
The App requests camera access solely to scan the QR code at your table. No photos or video are captured, stored, or transmitted. Camera access is activated only when you explicitly start a QR scan.
10
Children's Privacy
The App is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11
Security
All data transmitted between the App and our servers is encrypted. We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse.
12
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via an in-app message or push notification. The "Last updated" date at the top will always reflect the current version.
13