Privacy Policy

Last updated: 2026-07-17

Wenorr ("we", "us", "our") respects your privacy. This Policy explains how we collect, use, share and protect personal information when you use our platform. It is written to align with the South African Protection of Personal Information Act (POPIA) and the EU/UK General Data Protection Regulation (GDPR) where applicable.

1. Who We Are

Wenorr operates a workplace canteen platform. For employees ordering food, your employer is the "responsible party" / "controller" of your data and Wenorr acts as an "operator" / "processor". For company admins signing up directly, Wenorr is the controller.

2. Information We Collect

3. How We Use Your Information

4. Legal Bases

We process personal data under one or more of: performance of a contract, your consent (which you may withdraw at any time), our legitimate interests in operating the Service, and compliance with legal obligations.

5. Sharing

We share personal data only with: (a) your Canteen Operator to fulfil orders; (b) payment processors to charge cards; (c) cloud, email and SMS providers who host the infrastructure; (d) authorities where legally required. We never sell your personal information.

6. International Transfers

Some of our providers are based outside South Africa. Where data is transferred internationally, we rely on adequacy decisions or standard contractual clauses to ensure equivalent protection.

7. Retention

We retain personal data for as long as your account is active plus a reasonable period thereafter to satisfy tax, accounting and legal requirements. Order records are typically kept for 5 years for tax purposes.

8. Your Rights

You have the right to access, correct, delete, restrict, port or object to processing of your personal data. You may also lodge a complaint with the Information Regulator (South Africa) or your local data-protection authority. To exercise rights, email [email protected].

9. Security

We use TLS in transit, encryption at rest, role-based access control, row-level security and audited logs. No system is 100% secure, so we encourage you to use strong unique passwords and enable multi-factor authentication when available.

10. Cookies

We use only strictly necessary cookies for authentication and session management. We do not run advertising trackers.

11. Children

The Service is not directed to children under 18. We do not knowingly collect data from children.

12. Changes

We may update this Policy. Material changes will be notified in-app or by email.

13. Contact

Information Officer: [email protected]