Privacy Policy

The Digital Restaurant Association (“DRA” and sometimes “we” or “us”) has designed our platform and the services we offer you to be a safe, secure experience that meets your expectations. To meet your expectations and keep DRA safe and secure, we sometimes need to collect, use, and share information about you when you use our site, any mobile app we may create, or our other products and services (collectively, the “platform”) or when you otherwise interact with us or receive a communication from us. This Privacy Policy applies to all activity that takes place with the DRA.

What We Collect, How it is Used, and How We Share it

Information you provide

DRA collects content, communications, and other information that you provide directly when you use DRA’s Site and services. This information includes the information in or about information you provide (metadata). We need to collect information to make the platform work well for you and to keep it safe and secure for you and other users. The information we collect includes:

Member information. When you elect to become a member of DRA, we require that you provide create a password. We also ask you to provide (but do not require) additional information, including an email address and your first and last name. We store this information as well as your preferences and settings. This and other information could be subject to special protections under the laws of your country.

Member content. When you post, chat, or submit content to DRA, we collect it and store it. This includes all posts and drafts, all messages, all videos, all links or uploads, all communications you make to DRA’s site, and any other information you contribute. We also collect information about the other members you are connected to and how you interact with them (your groups, communities, and affiliations). We also receive and analyze content, communications and information that other people provide when they use DRA. This can include information about you, such as when others send a message to you.

Information we collect automatically. When you use DRA, we collect information about you automatically. This is necessary for the safety and security of all on the platform, and it includes:

  • Usage data. We collect information about when you access and use the platform, how long and how frequently you use the platform, as well as the activities you engage in while on the platform. We collect information from and about the computers, phones, connected TVs and other web-connected devices you use to access DRA. This data will include IP address, user-agent string, browser type, operating system, referral URLs, device IDs, device settings, pages visited, links clicked, the requested URL, and search terms. Except for the IP address used to create your account, we will delete IP addresses after 90 days.
  • Transactions. If you use our DRA to make donations, purchases, or other financial transactions, we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details.
  • Information from cookies. We may receive information from cookies, which are pieces of data your browser stores and sends back to us when making requests, and similar technologies. We use this information to improve your experience, understand how you use DRA, personalize content and advertisements, and improve the quality of our platform. For example, we store and retrieve information about your preferred language and other settings. You can disable cookies; learn how below at “Your Choices”.
  • Location information. Where allowable by applicable law, we receive and process information about your location. This is necessary for us to ensure that we are complying with applicable law with regard to your personal information. With your consent, we may also collect information about the specific location of your mobile device (for example, by using GPS or Bluetooth). We may also receive location information from you when you choose to share such information on the platform, including by associating your content with a location, or we may derive your approximate location from other information about you, including your IP address.

Linked Services. If you use a third-party service to access DRA’s site (for example using Google to verify your identification), we receive information about your use of that service when it uses that authorization. Linking services may also cause the other service to send us information about your account with that service. For example, if you sign in to DRA’s site with a third-party identity provider, that provider may share an email address with us.

Information collected by Third Parties. You or other users from time to time may choose to embed third-party content. Posts that link to YouTube, for example, may be embedded within DRA’s site so that you don’t need to leave DRA’s site to view them. DRA does not control how third parties collect data when they provide content through embedded services. For more information about how third parties collect your information through their content, we recommend you review the privacy policies of the services from which the content is embedded.

Audience Measurement. We partner with audience measurement companies to learn demographic information about the population that uses DRA. To provide this demographic information, these companies collect cookie information to recognize your device. These third parties do not receive any of your information from DRA.

How We Use Your Information

We use information about you to in accordance with the choices you make on your preferences page. Subject to those choices, we use your information to:

  • Provide, maintain, and improve DRA’s site for your benefit and the benefit of other members, including making suggestions to you about groups, communities, or activities you might find interesting or topics you may want to learn more about. Learn more here;
  • Research and develop new services to add to DRA’s Services, including by conducting surveys and research, and testing and troubleshooting new products and features;
  • Help protect the safety of DRA and our members, which includes verifying memberships and activity, combatting harmful conduct, detecting and preventing spam and other bad experiences, maintaining the integrity of DRA’s site, promoting safety and security, addressing abuse, and enforcing the User Guidelines and our other policies;
  • Send you technical notices, updates, security alerts, invoices, and other support and administrative messages;
  • Provide customer service;
  • Further social good by promoting and supporting research and innovation on topics of general social welfare, technological advancement, public interest, health and well-being;
  • Communicate with you about products, services, offers, promotions, events, and changes to our products and User Guidelines, policies and terms, and provide other news and information we think will be of interest to you, and to help advertisers who wish to do so (subject to your consent) to do the same (for information about how to opt out of these communications, see “Your Choices” below);
  • Monitor and analyze trends, usage, and activities in connection with the Platform; 
  • Measure the effectiveness of any ads shown on DRA’s site; and
  • Personalize DRA, and provide and optimize advertisements, content, and features that match user profiles or interests.

Some information on DRA is public and accessible to everyone, even without a membership. By using DRA’s site, you are directing us to share this information publicly and freely.

When you submit content (including a post, comment, chat message, or otherwise) to DRA, you choose who that content is public to. If you submit content publicly, your content will be available to any visitors to and users of DRA, as will the username associated with the content, and the date and time you originally submitted the content. You, other people using DRA, and we can provide access to or send public information to anyone on or off DRA in search results. We allow other sites to embed public DRA content via our embed tools. Although many parts of DRA are private or quarantined, they may become public and you should take that into consideration before posting on DRA.

Your DRA membership has a profile page that is private. Your profile contains information about your activities on DRA, such as your username, prior posts and comments, activities, awards received, trophies, moderator status, and how long you have been a member of DRA. You can also choose for your profile to include additional content as listed on the profile page.

You should consider who you choose to share with, because people who can see your activity can choose to share it with others, including people and businesses outside the audience you shared with. Sharing your information for commercial purposes is a violation of our User Guidelines, but unless you complain, we may not be aware of the actions of other users. Other users can download, screenshot, or reshare your content.

We only share nonpublic information about you in the following ways. We do not sell your nonpublic information and we never will.

  • With your consent. We may share information about you with your consent or at your direction.
  • With linked services. If you link your DRA membership with a third-party service, we will share the information you authorize with that third-party service. You can control this sharing as described in “Your Choices” below.
  • With our service providers. We may share information with vendors, consultants, and other service providers who need access to such information to carry out work for us. We will hold these vendors accountable, and their use of personal data will be subject to appropriate confidentiality and security measures. We also impose strict restrictions on how our partners can use and disclose the data we provide.
  • To comply with the law. We will share information with law enforcement in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request, including, but not limited to, meeting national security or law enforcement requirements.
  • In an emergency. We may share information if we believe it’s necessary to prevent imminent and serious bodily harm to a person.
  • To enforce our policies and rights. We will share information if we believe your actions are inconsistent with our User Guidelines or group or community rules or policies, or to protect the rights, property, and safety of ourselves and others. For example, if a group or community moderator receives a complaint about your conduct, we may share information about your activities on DRA to help adjudicate this complaint.
  • Aggregated or de-identified information. We may share information about you that has been aggregated or anonymized such that it cannot reasonably be used to identify you.

How We Protect Your Information

We take measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. We also enforce technical and administrative access controls to limit which of our employees have access to nonpublic personal information.

You can help maintain the security of your account by configuring two factor identification.
We store the information we collect for as long as it is necessary for the purpose(s) for which we originally collected it. We may retain certain information for legitimate business purposes or as required by law.

Your Choices

You have choices about how to access, correct, protect, limit, and restrict the collection, use, and sharing of information about you when you use the Services. We urge you to take these choices seriously and address our use of your information in the manner that reflects your beliefs.

We store data until it is no longer necessary to provide services on DRA, or until your membership is deleted – whichever comes first. This is a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.

How to Access and Change Your Information. You can access and, if inaccurate, correct certain personal information through your preferences page. We also allow you to request a copy of the personal information DRA retains about you on your preferences page.

Deleting your Membership. You can also delete your membership information at any time from your preferences page. When you delete your membership information, others can no longer see your information, and you will not be able to be part of a group or community. Your previous posts will not be deleted. You may also request to delete personal information that DRA retains about you on your preferences page. However, we may retain some personal information as necessary to comply with applicable law or for a legitimate business purpose.

Third-Party Access to Your Membership. You can review the services that you have permitted to access your account. These are available on your preferences page.

Use of Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject first- and third-party cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of certain DRA services. In particular, certain DRA services (including retaining your password) require cookies to run effectively.

Advertising and Analytics. Some of our partners may provide specific opt-out mechanisms and we may provide, as needed and as available, additional tools and third-party services that allow you to better understand cookies and how you can opt out. For these service providers, we will include opt-out information where available on those pages where we describe information collected about you.

We also offer you choices about receiving personalized advertisements. You can adjust how we personalize advertisements for you by visiting your ads settings found in your preferences. You may also generally opt out of receiving personalized advertisements from certain third-party advertisers and ad networks.

Do Not Track. Most modern web browsers give you the option to send a Do Not Track signal to the sites you visit, indicating that you do not wish to be tracked. We will work to respect Do Not Track signals when you have selected them.

Controlling Promotions. We will always ask for your consent before sending promotional materials. Even if you consent to receiving promotional materials, you may opt out of receiving some or all categories of promotional communications by following the instructions in your account preferences. If you opt out of promotional communications, we may still send you non-promotional communications, such as information about your account.

Controlling Notifications. If you consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

Controlling Location Information. You can control how we use location information inferred from your IP address for content recommendation purposes by using information found on your preferences page. If you initially consent to our collection of more precise location information from your device, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device.

Your Rights

Data Subject and Consumer Information Requests

Requests for a copy of the information DRA has about your membership—including EU General Data Protection Regulation (GDPR) data subject access requests and California Consumer Privacy Act (CCPA) consumer information requests—can be submitted following the following.

First, fill out a data request form by following these steps:

  • Visit digitalrestaurants.org on your computer’s web browser
  • Log in to your DRA membership you’d like to request data from. 
  • Follow the instructions and click Submit. 

After submitting your request, it may take up to 30 days to prepare your data. Once your data is ready, we’ll send a private message with a link to download your data to your DRA membership. Or, in some circumstances, we may send your data to the email address associated with your account if you have verified that address. 

If you don’t want to wait, you can also access some of your data and information (including your posts, comments, votes, recent IP addresses, account preferences, and any applications you’ve authorized) through your DRA Membership at any time.  This information is found in your preferences in your User membership.

To learn more about your data and privacy on DRA, please also review our User Guidelines.

All other data subject and consumer requests under data protection laws should be sent via email to privacy@digitalrestaurants.org from the email address that you have verified with your DRA membership.

Before we process a request from you about your personal information, we need to verify the request via your access to your DRA Membership or to a verified email address associated with your DRA membership. You may also designate an authorized agent to exercise these rights on your behalf. We do not discriminate against users for exercising their rights under data protection laws to make requests regarding their personal information, and we hope you will take these rights seriously.

International Data Transfers

We are based in the United States and we process and store information on servers located in the United States. We may store information on servers and equipment in other countries depending on a variety of factors, including the locations of our users and service providers. By accessing or using DRA or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the U.S. and other countries, where you may not have the same rights as you do under local law.

Additional Information for European Users

Users in the European Economic Area have the right to request access to, rectification of, or erasure of their personal data; to data portability in certain circumstances; to request restriction of processing; to object to processing; and to withdraw consent for processing where they have previously provided consent. These rights can be exercised using the information provided under “Your Choices” above or as described in the “Your Rights” above. European users also have the right to lodge a complaint with their local supervisory authority.

As required by applicable law, we collect and process information about individuals in the EEA only as permitted by applicable law. What we are permitted to collect and process depends on how you use DRA’s site. We process your information on the following legal bases:

  • You have consented for us to do so for a specific purpose;
  • We need to process the information to allow you to use the services DRA offers, including to operate DRA’s site, provide customer support and personalized features and to protect the safety and security of the DRA platform;
  • Our collection and processing satisfies a legitimate interest (which is not overridden by your data protection interests), such as preventing unlawful activity, preventing fraud, ensuring network and information security, enforcing our rules and policies, protecting our legal rights and interests, research and development, personalizing or improving DRA’s site, and marketing and promoting DRA; or
  • We need to process your information to comply with our legal obligations.

Additional Information for California Users

The California Consumer Privacy Act (“CCPA”) requires DRA to provide California residents with additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it. 

Over the last 12 months, we have collected the following categories of personal information from California residents:

  • Identifiers, like your username, email address, IP address, and cookie information.
  • Commercial information, including information about transactions you undertake on DRA.
  • Internet or other electronic network activity information, such as information about your activity on DRA.
  • Geolocation information based on your IP address, or more specific location information if you authorize your device to provide it to us.
  • Audiovisual information in pictures, audio, or video content submitted to DRA, whether or not this information was permitted for posting on DRA.
  • Only if explicitly provided to DRA, professional or employment-related information or demographic information.
  • Inferences we make based on other collected data, for purposes such as recommending content, advertising, and analytics

You can find more information about (a) what we collect and sources of that information, (b) the business and commercial purposes for collecting that information, and (c) the categories of third parties with whom we share that information in the “What We Collect, How it is Used, and How it is Shared” section above.

If you are a California resident, you have additional rights under the CCPA, including the right to request access to or deletion of your personal information, and information about our data practices, as well as the right not to be discriminated against for exercising your privacy rights. These rights can be exercised as described in the Consumer Information Requests section above.

Children

Children under the age of 16 are not allowed to create an account or otherwise use DRA. Additionally, if you are in Europe or in any other market whose applicable law requires higher protection for youth ages 16 and above, you must be over the age required by the laws of your country to create an account or otherwise use DRA, or we need to have obtained verifiable consent from your parent or legal guardian.

Changes to This Policy

DRA may change this Privacy Policy from time to time. If we do, we will let you know by revising the date at the top of the policy. If the changes, in our sole discretion, are material, we may also notify you by sending an email to the address associated with your account (if you have chosen to provide an email address) or by otherwise providing notice on DRA. We encourage you to review the Privacy Policy whenever you use DRA or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. By continuing to use DRA after any change to our Privacy Policy goes into effect, you agree to be bound by the revised policy.

Contact Us

To send a GDPR data subject request or CCPA consumer request, please contact us here.