PRIVACY POLICY

At Black & White Burger, we're serious about trust. Whether it's our recipes or your data, transparency is our secret ingredient. This policy explains how we protect your personal information, with as much care as our black & white buns. It applies to all your interactions with our Website and our mobile Application, whether you place an order, create an Account, consult our menu or join the adventure. It supplements the General Terms and Conditions of Sale and Use, to which it is inextricably linked.

WHO IS RESPONSIBLE FOR YOUR DATA?

The party responsible for processing your personal data is BLACK CHEDDAR (hereinafter the "Company"), a simplified joint stock company with a capital of €1,000, having its registered office at 10 rue Greneta, 75003 Paris, registered in the Paris Trade and Companies Register under number 847 794 278. If you have any questions regarding the management of your data, please contact us at the following address: serviceclient@bnwburger.com

To ensure the proper operation of the Site, the Application and the processing of Orders, the Company uses technical service providers (hosting, maintenance, payment, management of marketing campaigns, customer service, etc.) acting as subcontractors. These service providers only act on instructions from the Company and are contractually committed to guaranteeing a level of security that complies with regulations.

As part of the operation of the network, BLACKANDWHITE BURGER franchisees (hereinafter the "Vendor(s)") may have access to certain personal data of Customers when placing an Order or for local commercial prospecting purposes. They may receive data from your Customer Account (surname, first name, e-mail address, telephone number, date of birth, Order history, marketing preferences) in order to send you personalised communications.

In this context, the Sellers act as joint data controllers with the Company. For processing carried out for their own purposes (customer management, Orders, commercial relations), each Seller acts as an independent data controller.

For any request relating to the processing carried out by a Vendor, you can contact them via their contact details in the "Our restaurants" section of the Site.

WHAT DATA IS COLLECTED?

The personal data collected may include:

• your first and last name,
• your contact details (e-mail address, telephone number, delivery address),
• your order, payment and browsing information (via cookies),
• your marketing preferences,
• your application details.

Some of these are essential to the processing of your Orders. Others, such as cookies, improve your experience (see Cookie Policy).

HOW AND WHY IS YOUR DATA USED?

Your data may be collected:

• when creating an Account,
• at the time of an Order,
• when you browse the Site or the Application,
• when applying for a job,
• or when a contact form is used.

All data originate exclusively from the Site and Application developed by Belorder.

The uses are based on :

• performance of the contract (processing of Orders),
• your consent (commercial prospecting, non-essential cookies),
• legitimate interest (continuous improvement),
• compliance with legal obligations (accounting, etc.).

WHAT ARE YOUR PERSONAL DETAILS USED FOR?

They are processed for :

• processing and tracking Orders,
• management of the Customer Account,
• requests for information, support or complaints,
• application management,
• statistical analysis and improvement of the Site and the Application,
• sending commercial communications (with consent where required).

IS THE DATA USED FOR AUTOMATED DECISIONS?

Some actions may be automated (promotional campaigns, marketing targeting), but no automated decision with legal or significant effects is taken without human intervention.

WITH WHOM DO WE SHARE YOUR DATA?

We share certain data only with trusted service providers, where necessary:

• delivery, preparation of Orders,
• bank payments,
• cash register systems (e.g. Zelty),
• loyalty programmes (HeyPongo, Zero Six).

Depending on your marketing preferences, certain data may be sent to Sellers for personalised communications.

HOW IS THE SECURITY OF YOUR DATA ENSURED?

BLACK CHEDDAR implements strict measures: encryption, server protection, access control, technical audits. Data is hosted in Germany (EU). No transfer outside the EU without adequate guarantees.

HOW LONG ARE YOUR DETAILS KEPT?

Data is kept for 2 years after your last interaction with the Platform, or the transmission of an application, unless otherwise required by law.

It may be deleted, anonymised or securely archived at the end of the period. Some data may be kept for longer periods to meet legal obligations (accounting, tax).

WHAT RIGHTS DO YOU HAVE TO YOUR DATA?

You have the following rights:

• Right of access
• Right of rectification
• Right to erasure ("right to be forgotten")
• Right to object
• Right to portability
• Right to limitation
• Right not to be the subject of an automated decision
• Right to lodge a complaint with the CNIL

To exercise your rights:

📧 serviceclient@bnwburger.com
📬 BLACK CHEDDAR - 10 rue Greneta, 75003 Paris

You will receive a reply within one (1) month.

HOW TO MANAGE PROMOTIONAL COMMUNICATION OPTIONS?

You may receive personalised communications with your consent. Certain data may be transmitted to Sellers to send you offers related to their restaurant.

You can unsubscribe at any time via :

• the link in each e-mail,
• your preferences in your Customer Account.

CHANGES TO THE PRIVACY POLICY

The Policy may change. The date of the update will be modified and, in certain cases, direct information may be sent. If you do not accept the new conditions, you may delete your Account.

EFFECTIVE DATE OF THE POLICY

This version came into force on 2 December 2025.