Deliverect Kiosk - Terms and Conditions
Last updated: January 14th, 2026
These terms and conditions (“Terms”) govern your use of “Deliverect Kiosk” services (“Deliverect Kiosk”). The Terms, along with Deliverect’s General Terms available at www.deliverect.com (“General Terms”), govern your access (“Customer”) to and use of Deliverect Kiosks. Unless otherwise notified in writing by Deliverect, Deliverect Kiosks are provided to Customer by Tabesto SAS, a company incorporated and existing under the laws of France, with registered address at its registered office at 112, avenue de Paris 94 300 Vincennes, France, and with company number 817 490 899, which is a Deliverect affiliate. These Terms are effective as of the date on which they are accepted by you (by checking the acceptance box, signing a Deliverect quote or by any other means of acceptance) (“Effective Date”). If you are accepting these Terms on behalf of a third party, you represent and warrant that: (a) you have full legal authority and capacity to bind such third party under these Terms; (b) you have read and understood these Terms; and (c) you agree, on behalf of such third party, to be bound by these Terms. If you do not have the legal authority to bind such a third party, you must refrain from accepting these Terms on their behalf.
1.Scope. Deliverect Kiosk is software-as-a-service solution developed to power Customer’s in-store ordering using hardware that can include digital terminals configured for such purpose (“Deliverect Kiosk”).
2. Invoicing and Payment Term. Unless otherwise notified by Deliverect, invoices for the applicable subscription hybrid, or transactional fee, will be issued either upon the earlier of: (i) completion of Customer’s onboarding, or, (ii) within thirty (30) upon delivery of the Hardware. Invoices for the Hardware will be issued (i) up front and prior to delivery in case of Direct Purchase; (ii) in case of Installment Purchase the invoice for the initial deposit shall be issued up front and due prior to delivery of the Hardware, whereas the invoices for the remaining installments shall be issued monthly; iii) in case of Financial Lease, invoices shall be issued as agreed upon in the Financial Lease Agreement, and; (iv) in case of Hardware Transactional Fee, invoices shall be issued monthly.
3. Hardware. Deliverect makes available for purchase by Customer, certain self-ordering kiosk hardware units ("Hardware"). Technical information about the Hardware will be provided by Deliverect upon request. The purchased Hardware shall be included in a separate quote issued by Deliverect. The Hardware shall be delivered in accordance with the technical specifications and delivery timelines set forth in these Terms.
4. Purchase Options. Customer shall select one of the following purchase options - the selected method shall govern all terms of payment and ownership transfer related to the Hardware:
a) Direct purchase: Customer shall remit payment in full for the Hardware within 30 days following the issuance of the Deliverect’s invoice and in any events prior to delivery of the Hardware. Payment in full shall be a condition precedent to the shipment of any Hardware. Title to, and risk of loss in, the Hardware shall pass to the Customer upon delivery to the Customer’s designated location, in accordance with the delivery terms stipulated herein.
b) Installment Purchase: Customer shall acquire the Hardware directly from Deliverect, subject to a payment plan whereby the total purchase price shall be paid in equal monthly installments over a period as further detailed in the quote issued by Deliverect. An initial deposit, corresponding to a percentage of the purchase price, as indicated by Deliverect, can be due upon the execution of these Terms. Thereafter, the remaining payments shall be made in accordance with the payment schedule set forth in quote. Title to the Hardware shall pass to Customer only upon Deliverect’s receipt of payment in full of the total purchase price, whereas risk of loss shall pass to Customer upon delivery. In case Customer fails to make timely payment, Deliverect shall have the right to reclaim the Hardware from Customer’s premises, and Customer shall provide full collaboration. Any and all costs connected thereto shall be borne by Customer.
c) Financial Lease: Customer shall enter into a leasing arrangement (“Financial Lease Agreement”) with a third-party financial lessor approved by Deliverect. The term and payment conditions of the lease shall be as agreed upon in the Financial Lease Agreement. During the lease term, title to the Hardware shall remain with the designated lessor. Upon the expiration of the lease term, Customer can have the option as set out in the Financial Lease Agreement, exercisable in writing, to either (i) renew the lease under mutually agreed terms, or (ii) return the Hardware in good working condition, reasonable wear and tear excepted. Customer shall have the option to purchase the Hardware directly from Deliverect upon the expiration of their Financial Lease Agreement insofar they renew their Kiosk subscription with Deliverect. Delivery shall take place as set out in the Financial Lease Agreement. Unless otherwise notified by Deliverect, the financial lease option is exclusively available for Customer that are located in France.
d) Hardware Transactional Fee. Deliverect shall provide the Hardware to Customer without an upfront fee. This option is only made available to Customers that sign up for thirty-six (36) months subscription term during which Deliverect retains full legal title to the Hardware. Customer acknowledges that shipping, setup, VAT and other taxes linked to shipping the Hardware and installation costs are excluded from the financing and invoiced separately. Customer agrees to pay the fixed fee per order processed through the Hardware as set forth in the quote (the "Hardware Transactional Fee"). The Hardware Transactional Fee covers the purchase price of the Hardware which is fixed at the price mentioned in the quote provided by Deliverect, and the prefinancing risk and other related costs of Deliverect which will amount to the Hardware Transactional Fee paid by Customer that exceeds the Hardware purchase price mentioned in the quote. The Hardware Transactional Fee shall be invoiced monthly. If the average monthly order volume per Hardware digital terminal falls below the "Minimum Order Threshold" defined in the quote after the first six (6) months of the subscription, Deliverect reserves the right to adjust the Hardware Transactional Fee or reclaim the Hardware. In the event of termination within the first twelve (12) months, Customer shall be liable for a shortfall penalty equal to the difference between the Hardware Transactional Fees actually paid and fe Fees payable had the Minimum Order Threshold been met.
5. Delivery and Installation. Deliverect shall deliver the Hardware to the location(s) designated by Customer following confirmation of payment or execution of these Terms, depending on the selected financing option. Unless otherwise agreed in writing, delivery shall be FOB (Incoterms 2020). If installation services are included, Deliverect shall perform installation of the Hardware through qualified personnel or a third party appointed by Deliverect. Customer shall ensure that the installation site meets all infrastructure requirements, including but not limited to power, connectivity, and physical access, as outlined in any site requirements that may be communicated by Deliverect from time to time.
6. Hardware Warranty. Deliverect warrants that the Hardware shall be free from defects in materials and workmanship under normal use for a period of 12 months from the date of delivery. During the warranty period, Deliverect shall, at its sole expense and discretion, repair or replace any Hardware component that proves to be defective, provided that such defect is not attributable to misuse, abuse, unauthorized modification, neglect, accident, or external causes beyond Deliverect’s control. Any replacement components may be new or refurbished, subject to the Deliverect’s discretion. Any shipment or transportation costs associated will be the responsibility of the Customer. Customer shall promptly notify Deliverect of any defects that would constitute a claim under warranty. Such notice shall include the description of the defect, the serial number and location of the affected Hardware.
7. Maintenance and Support. During the warranty period, Deliverect shall provide standard support and maintenance services relating to the Hardware to Customer.
8. Title and Risk of Loss. Risk of loss in the Hardware shall pass to the Customer upon delivery, irrespective of the selected purchase option. Title shall pass to the Customer upon (i) completion of payment in the case of direct purchase, (ii) completion of the final installment payment in the case of the installment purchase option, (iii) as set out in the Financial Lease Agreement, or (iv) in case of Hardware Transactional Fee, at the end of the thirty-six (36) months and upon full payment of the invoiced Hardware Transactional Fee.
9. Payment Processing. By default, payment processing services that are accessed by Customer in connection with Deliverect Kiosk, are provided by third party payment processors integrated with Deliverect (“Payment Processor”). Notwithstanding, Deliverect may offer a functionality - subject to additional fees - that allows the Customer to use its current payment processor (instead of using the Payment Processor) to process payments of orders placed in connection with Deliverect Kiosk. Deliverect may charge fees to Customer for providing the underlying technology that enables payment processing services in connection with Deliverect Kiosk.
10. Relationship with the Payment Processor. Customer is required to enter into a contract with the Payment Processor and disclose certain information (including Know Your Customer - KYC information) prior to being able to access payment processing services. Failure to provide accurate, up-to-date, and complete KYC information will prevent Customer from accessing Deliverect Kiosk and the payment processing services of the Payment Processor.
11. Appointment of Payment Processor. By using Deliverect Kiosk in connection with the Payment Processor, Customer appoints the Payment Processor as Customer’s limited payment collection agent solely for the purpose of: (i) accepting payment of the price defined by Customer for its products (excluding any discounts or promotions) (“Retail Price”) and the applicable taxes and other fees and; (b) Transferring the Retail Price (plus VAT and any other fees collected on Customer’s behalf) less the retained charges and/or the applicable Fees (“Final Revenue”). Deliverect or the Payment Processor may, from time to time, request information from Customer to confirm Customer’s identity as may be necessary under any applicable compliance obligations before any payments are transferred to Customer. The Payment Processor may refuse to process payments to Customer if there are legal or regulatory risk or potential breach of law or regulation associated with such transfer to Customer. The Payment Processor can reject Customer’s request for the provision of payment processing services. Deliverect does not endorse the Payment Processor, and disclaims any and all liability associated with the services provided by the Payment Processor in connection with Deliverect Kiosk.
12. Account Configuration. Customer grants Deliverect the right to configure Customer’s account profile and fraud scoring rules on Customer’s account with the Payment Processor. Customer acknowledges and agrees that Deliverect may set restrictions on the amount of payments that can be processed by Customer in connection with the payment process services access in connection with Deliverect Kiosk.
13. Chargebacks and Refunds. Customer shall immediately reimburse Deliverect any Chargebacks and/or Refunds that are collected from Deliverect by the Payment Processor due to the lack of sufficient funds from the Final Revenue, to charge those Chargebacks or Refunds directly from Customer. Customer acknowledges that Deliverect may instruct the Payment Processor to deduct the amounts of the Chargebacks and/or Refunds from the Final Revenue. “Chargeback” means a transaction which is successfully charged back on request of the account holder or the issuer of the payment method pursuant to the relevant rules of the owner of the payment method resulting in a cancellation of the transaction in respect of which Customer has been paid or was due to be paid. “Refund” means a (partial) reversal of a particular transaction, whereby the funds are reimbursed to the account holder on the initiative or request of the Customer. Customer hereby acknowledges and agrees that Customer shall be fully liable and responsible for any fines imposed on Deliverect by the Payment Processor and/or the party offering and/or regulating the relevant payment method used by Customer’s client, as a result of the acts or omissions incurred in by Customer in the use of the payment processing services provided by the Payment Processor or the payment method offered by the party that offers and/or regulates such payment method.
14. Commitment. Customer represents and warrants that it will not use Deliverect Kiosk or the payment processing services provided by the Payment Processor to sell any Restricted Products, or any products prohibited by the Payment Processor as listed on its website, which Customer acknowledges having reviewed and understood.
15. Revenue Transfer. Unless otherwise notified by Deliverect, the Payment Processor will transfer the Final Revenue to the Customer on a weekly basis. The Customer may choose a shorter frequency, or to receive additional disbursements, which is subject to additional fees.
16. Promotions, Discounts, and Loyalty. Customer represents and warrants that any promotions, discounts, or loyalty programs offered in connection with Deliverect Kiosk shall comply with all applicable laws and regulations, including but not limited to privacy and consumer protection laws. Customer is responsible for creating, and displaying the terms and conditions that apply to the promotions, discounts, and loyalty programs. Customer acknowledges and agrees that Deliverect bears no responsibility or liability whatsoever for the discounts, promotions, or loyalty plans offered by the Customer to its end users. For the sake of clarity, the concept of Retail Price, will only be used for the purpose of calculating the applicable fees that Customer has to pay to Deliverect. Accordingly, if Customer provides discounts or promotions to its clients, such discounts and promotions may be deducted from the payment that Customer receives, and they will not be taken into consideration for the purpose of calculating the applicable fees.
17. End User Support. Customer shall be responsible for providing support to Customer’s end users for any issues that may arise and/or are related to the products sold in connection with Deliverect Kiosk, or the delivery of the same.
18. Availability of Products. Customer will make products available for purchase through Deliverect Kiosk. Customer will prepare, handle, and store all products in accordance and in compliance with all applicable laws and regulations, including but not limited to food safety and hygiene requirements and regulations.
19. Refunds for Defective Products. Customer is responsible for all costs related to reimbursement to end users in the event any such end users request reimbursement for defective products or otherwise unsatisfactory products (including, without limitation, any costs associated with retrieving any such defective products or otherwise unsatisfactory products, if applicable).
20. Alcohol. Customer represents and warrants that it holds, and will maintain in good standing, all licenses and permits required to sell and, if applicable, deliver alcohol. Customer further warrants that it will comply with all applicable laws and regulations in connection therewith, including, without limitation, legal age requirements and time-based restrictions. Upon request, Customer shall provide copies of such licenses and permits to Deliverect.
21. Retail Price. Customer is the "retailer" or "seller" of all products (including delivery services related to such products) offered through Deliverect Kiosk. Customer is responsible for determining and setting Retail Price for each product to be made available for sale via Deliverect Kiosk. Customer is solely responsible for the correct application and remittance of all applicable VAT, seller's use, transaction privilege, privilege, general excise, gross receipts, meals tax and similar transaction taxes in connection with the sale of products.
22. Privacy Considerations. Customer is the controller (as defined by the GDPR) of personal data of Customer’s clients that is shared with Deliverect in connection with Deliverect Kiosk (“Customer Personal Data”) and Deliverect is the processor (as defined by GDPR). Customer is required to incorporate a link to its cookie policy and privacy notice on each one of the Hardware associated with Deliverect Kiosk, and to comply with all the obligations of the GDPR or the applicable data protection laws. Customer Personal Data will be processed under the Data Processing Terms available at www.deliverect.com/en/dpaeu. Customer represents and warrants that Customer has appropriate legal basis, as required by GDPR or the applicable data protection laws, to send communications to its clients (through the channels made available by Deliverect Kiosk), and to use their personal data for marketing, sales, and loyalty purposes. The communications that are sent in this context by Customer, and the content of the same, shall comply with any applicable laws at all times.
23. Data Access Agreement. Customer and Deliverect acknowledge that certain data generated through the use of the Hardware and Deliverect Kiosk, may fall within the scope of Regulation (EU) 2023/2854 (“EU Data Act”). The conditions under which such data may be accessed, used, shared, or requested by Customer are governed by the Data Access Agreement attached to these Terms as an exhibit (“Data Access Agreement”). The Data Access Agreement forms an integral and binding part of these Terms. In the event of any conflict between the provisions of the Terms and the Data Access Agreement, the terms of the Data Access Agreement shall prevail with respect to any matter relating to data access, sharing, or use. By entering into a contract with Deliverect, Customer confirms that it has received, read, and accepted the Data Access Agreement prior to contract conclusion.
Data Access Agreement - User to Data Holder
EU Data Act
This Data Access Agreement (“DAA”) is executed between Deliverect NV and its Affiliate Tabesto SAS (“Data Holder”) and Customer (“User”) referred collectively as the “Parties”, and independently as a “Party”, to meet the requirements of Regulation (EU) 2023/2854 (“Data Act”). Capitalized terms that are not defined in this DAA shall have the meaning provided to them in the framework services agreement (if User signed a standalone contract), Terms (if User only signed a quote), or the Data Act (as the case may be).
1.Product / Related Services. This DAA is made with regard to:
1.1. The following connected product (the “Product”): Kiosk Terminal (Hardware);
1.2. The following related services (the “Related Services”): Kiosk Software as a service solution that enables Kiosk Terminal (Hardware) to receive and process orders placed by end users;
The User declares that they are either the owner of the Product or contractually entitled to use the Product under a rent, lease or similar contract and/or to receive the Related Service(s) under the framework service agreement or the Terms.
2. Data Covered by the DAA.
The data covered by this contract consist of any readily available Product Data or Related Service(s) Data within the meaning of the Data Act (the “Data”). The Data consist of the Data listed in Appendix 1, with a description of the type or nature, estimated volume, collection frequency, storage location and duration of retention of the Data. If, during this DAA, new data are made available to the User, Appendix 1 will be amended accordingly.
3. Data use and sharing by the Data Holder.
3.1. Agreed use of non-personal Data by the Data Holder.
3.1.1. The Data Holder undertakes to use the Data that are non-personal Data only for the purposes agreed with the User as follows: (a) performing any agreement with the User or activities related to such agreement (e.g. enabling placement of orders through the Kiosk Terminal, initiating payment with integrated payment partners, generating receipts (printed or digital), enabling loyalty features, syncing menu items and prices, providing sales/performance analytics); (b) providing support, warranty, guarantee or similar services or to assess User’s, Data Holder’s or third party’s claims (e.g. regarding malfunctions of the Product) related to the Product or Related Service; (c) monitoring and maintaining the functioning, safety and security of the Product or Related Service and ensuring quality control; (d) improving the functioning of any product or related service offered by the Data Holder; (e) developing new products or services, including artificial intelligence (AI) solutions, by the Data Holder, by third parties acting on behalf of the Data Holder (i.e. where the Data Holder decides which tasks will be entrusted to such parties and benefits therefrom), in collaboration with other parties or through special purpose companies (such as joint ventures); (f) aggregating these Data with other data or creating derived data, for any lawful purpose, including with the aim of selling or otherwise making available such aggregated or derived data to third parties, provided such data do not allow specific data transmitted to the Data Holder from the connected product to be identified or allow a third party to derive those data from the dataset.
3.1.2. The Data Holder undertakes not to use the Data to derive insights about the economic situation, assets and production methods of the User, or about the use of the Product or Related Service by the User in any other manner that could undermine the commercial position of the User on the markets in which the User is active. None of the Data uses agreed to under clause 3.1.1 may be interpreted as including such Data use, and the Data Holder undertakes to ensure, by appropriate organisational and technical means, that no third party, within or outside the Data Holder’s organisation, engages in such Data use.
3.2. Sharing of non-personal data with third parties and use of processing services.
3.2.1. The Data Holder may share with third parties the Data which is non-personal data, if: (a) the Data is used by the third party exclusively for the following purposes: i) assisting the Data Holder in achieving the purposes permitted under clause 3.1.1; ii) achieving, in collaboration with the Data Holder or through special purpose companies, the purposes permitted under clause 3.1.1; and (b) the Data Holder contractually binds the third party: i) not to use the Data for any purposes or in any way going beyond the use that is permissible in accordance with previous clause 3.2.1 (a); ii) to comply with clause 3.1.2; iii) to apply the protective measures required under clause 3.4.1; and iv) not to share these Data further unless the User grants general or specific agreement for such further transfer, or unless such Data sharing is required, in the interest of the User, to fulfil this Contract or any contract between the third party and the User. If the User agrees to the further transfer, the Data Holder should oblige the third party with whom they share Data to include the clauses corresponding to points (i) to (iv) in their contracts with recipients.
3.2.2 The Data Holder may always use processing services, e.g. cloud computing services (including infrastructure as a service, platform as a service and software as a service), hosting services, or similar services to achieve the agreed purposes under clause 3.1. The third parties may also use such services to achieve the agreed purposes under clause 3.2.1 (a).
3.3. Use and Sharing of Personal Data by the Data Holder.
The Data Holder may use, share with third parties or otherwise process any Data that is personal data, under a legal basis provided for and under the conditions permitted under Regulation (EU) 2016/679 (GDPR) and, where relevant, Directive 2002/58/EC (Directive on privacy and electronic communications).
3.4. Protection Measures.
3.4.1. The Data Holder undertakes to apply the protective measures for the Data that are reasonable in the circumstances, considering the state of science and technology, potential harm suffered by the User as a result of Data loss or disclosure of Data to unauthorised third parties and the costs associated with the protective measures.
3.4.2. The Data Holder may also apply other appropriate technical protection measures to prevent unauthorised access to Data and to ensure compliance with this contract.
3.4.3. The User agrees not to alter or remove such technical protection measures unless agreed by the Data Holder in advance and in writing.
4. Data access by the User upon request.
4.1. Obligation to make Data available. The provisions set forth in this section shall apply if Data cannot be directly accessed from the Product or the Related Service.
4.1.1. The Data, together with the relevant metadata necessary to interpret and use those Data must be made accessible to the User by the Data Holder, at the request of the User or a party acting on their behalf. The request can be made using the form specified in Appendix 2, sent to the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/ .
4.1.2. The Data Holder shall make the Data which is personal data available to the User, when the User is not the data subject, only when there is a valid legal basis for making personal data available under Article 6 of Regulation (EU) 2016/679 (GDPR) and only, where relevant, the conditions set out in Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC (Directive on privacy and electronic communications) are met. In that respect, when the User is not the data subject, the User must indicate to the Data Holder, in each request presented under the previous clause, the legal basis for processing under Article 6 of Regulation (EU) 2016/679 (and, where relevant, the applicable derogation under Article 9 of that Regulation and Article 5(3) of Directive (EU)2002/58) upon which the making available of personal data is requested.
4.2. Data characteristics and access arrangements.
4.2.1. The Data Holder must make the Data available to the User, free of charge for the User, with at least the same quality as it becomes available to the Data Holder, and in any case in a comprehensive, structured, commonly used and machine-readable format as well as the relevant metadata necessary to interpret and use those Data. The Data Holder must specify the Data characteristics and inform the User of these specifications in Appendix 1.
4.2.2. The Data Holder and User may use the services of a third party (including a third-party providing Data Intermediation Services as defined by Article 2 of Regulation (EU) 2022/868) to allow the exercise of the User’s rights under clause 4.1 of this contract. Such third party will not be considered a Data Recipient under the Data Act, unless they process the Data for its own business purposes. The party requiring the use of such a third party must notify the other party in advance.
4.2.3. The User must receive access to the Data: (a) easily and securely by the Data being transmitted, or by access to the Data where it is stored (as the case may be); (b) without undue delay after the Data becomes available to the Data Holder; and (c) Continuously and in real-time, or with appropriate frequency (as applicable). The Data Holder must specify these access arrangements and inform the User of these specifications in Appendix 1.
4.2.4. The Data Holder must provide to the User, at no additional cost, the means and information strictly necessary for accessing the Data in accordance with article 4 of the Data Act. This includes, in particular, the provision of information readily available to the Data Holder regarding the origin of the Data and any rights which third parties might have with regard to the Data, such as rights of data subjects arising under Regulation (EU) 2016/679 (GDPR), or facts that may give rise to such rights. In order to meet these requirements, the Parties agree on the specifications set out in Appendix 1, which forms an integral part of this Contract.
4.3. Feedback Loops.
If the User identifies an incident related to clause 2 on the Data covered by the Contract, to the requirements of clauses 4.2.1 or 4.2.3 or of Appendix 1 on the Data quality and access arrangements and if the User notifies the Data Holder with a detailed description of the incident, the Data Holder and the User must cooperate in good faith to identify the reason of the incident. If the incident was caused by a failure of the Data Holder to comply with their obligations, they must remedy the breach within a reasonable period of time. If the Data Holder does not do so, it is considered as a fundamental breach and the User may invoke clause 12 of this DAA (remedies for non-performance). If the User considers their access right under Article 4 (1) of the Data Act to be infringed, the User is also entitled to lodge a complaint with the competent authority, designated in accordance with Article 37(5), point (b) of the Data Act
4.4. Unilateral changes by the Data Holder.
The Data Holder may, in good faith, unilaterally change the specifications of the Data or the access arrangements stated in Appendix 1, if this is objectively justified by the general conduct of business of the Data Holder– for example by a technical modification due to an immediate security vulnerability in the line of the products or related services or a change in the Data Holder’s infrastructure. The Data Holder must in this case give notice of the change to the User without undue delay after deciding on the change. Where the change may negatively affect Data access and use by the User more than just to a small extent, the Data Holder must give notice to the User at least 30 days before the change takes effect. A shorter notice period may only suffice where such notice would be impossible or unreasonable in the circumstances, such as where immediate changes are required because of a security vulnerability that has just been detected.
4.5. Information on the User’s access.
The Data Holder undertakes not to keep any information on the User’s access to the requested data beyond what is necessary for: (a) the sound execution of (i) the User’s access request and (ii) this contract; (b) the security and maintenance of the data infrastructure; and (iii) compliance with legal obligations on the Data Holder to keep such information.
5. Data Use by the User.
5.1. Permissible use and sharing of Data.
The User may use the Data made available by the Data Holder upon their request for any lawful purpose and/or share the Data freely subject to the limitations below.
5.2. Unauthorized use and sharing of Data.
5.2.1. The User undertakes not to engage in the following: (a) use the Data to develop a connected product or related service that competes with the Product or Related Service, nor share the Data with a third party with that intent; (b) use such Data to derive insights about the economic situation, assets and production methods of the manufacturer or, where applicable the Data Holder; (c) use coercive means to obtain access to Data or, for that purpose, abuse gaps in the Data Holder’s technical infrastructure which is designed to protect the Data; (d) share the Data with a third-party considered as a gatekeeper under article 3 of Regulation (EU) 2022/1925; (e) use the Data they receive for any purposes that infringe EU law or applicable national law.
6. Data sharing upon the User’s request with a Data Recipient.
6.1. Making Data available to a Data Recipient.
6.1.1. The Data, together with the relevant metadata necessary to interpret and use those Data, must be made available to a Data Recipient by the Data Holder, free of charge for the User, upon request presented by the User or a party acting on its behalf. The request can be made using the form specified in Appendix 3, sent to the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/.
6.1.2. The Data Holder shall make the Data which is personal data available to a third party following a request of the User, when the User is not the data subject, only when there is a valid legal basis for making personal data available under Article 6 of Regulation (EU) 2016/679 (GDPR) and only, where relevant, the conditions set out in Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC (Directive on privacy and electronic communications) are met. In that respect, when the User is not the data subject, the User must indicate to the Data Holder, in each request presented under the previous clause, the legal basis for processing under Article 6 of Regulation (EU) 2016/679 (and, where relevant, the applicable derogation under Article 9 of that Regulation and Article 5(3) of Directive (EU)2002/58) upon which the making available of personal data is requested.
6.1.3. The Data Holder must make the Data available to a Data Recipient with at least the same quality as they become available to the Data Holder, and in any case in a comprehensive, structured, commonly used and machine-readable format, easily and securely.
6.1.4. Where the User submits such a request, the Data Holder will agree with the Data Recipient the arrangements for making the Data available under fair, reasonable and non-discriminatory terms and in a transparent manner in accordance with Chapter III and Chapter IV of the Data Act.
6.1.5. The User acknowledges that a request under clause 7.1 cannot benefit a third party considered as a gatekeeper under Article 3 of Regulation (EU) 2022/1925 and cannot be made in the context of the testing of new connected products, substances or processes that are not yet placed on the market.
7. Transfer of use.
7.1. Transfer of use.
7.1.1. Where the User contractually transfers (i) ownership of the Product, or (ii) their temporary rights to use the Product, and/or (ii) their rights to receive Related Services to a subsequent natural or legal person (‘Subsequent User’) and loses the status of a user after the transfer to a Subsequent User, the Parties undertake to comply with the requirements set out in this clause.
7.1.2. The User must: (a) ensure that the Subsequent User cannot use the initial User’s account; (b) notify the Data Holder of the transfer.
7.1.3. The rights of the Data Holder to use Product Data or Related Services Data generated prior to the transfer will not be affected by a transfer i.e. the rights and obligations relating to the Data transferred under the DAA before the transfer will continue after the transfer.
8. Date of application and duration of the DAA and termination.
8.1. Date of application and duration. This DAA is effective as of the Effective Date, and will remain in place until the FSA/Terms are terminated, or if terminated pursuant to the following clause.
8.2. Termination. Irrespective of the contract period agreed under the previous clause, this DAA terminates: (a) upon the destruction of the Product or permanent discontinuation of the Related Service, or when the Product or Related Service is otherwise put out of service or loses its capacity to generate the Data in an irreversible manner; or (b) upon the User losing ownership of the Product or when the User’s rights with regard to the Product under a rental, lease or similar agreement or the user’s rights with regard to the Related Service come to an end; or (c) when both Parties so agree, with or without replacing this DAA by a new contract. Points (b) and (c) shall be without prejudice to the DAA remaining in force between the Data Holder and any Subsequent or Additional User.
8.3. Effect of expiry or termination.
8.3.1. Expiry of the contract period or termination of this DAA releases both Parties from their obligation to effect and to receive future performance but does not affect the rights and liabilities that have accrued up to the time of termination. Expiry or termination does not affect any provision in this contract which is to operate even after the contract has come to an end.
8.3.2. The termination or expiry of the DAA will have the following effects: (a) the Data Holder shall immediately cease to retrieve the Data generated or recorded as of the date of termination or expiry; (b) the Data Holder remains entitled to use and share the Data generated or recorded before the date of termination or expiry as specified in this DAA.
Appendix 1
Details of the data covered by this DAA and access arrangements
1. Product/Service Covered
Kiosk Terminal (e.g., FOX/Oslo/Rio models) (the Connected Product) and the Kiosk SaaS Solution refers to the Software as a service solution that enables Kiosk Terminal (Hardware) to receive and process orders placed by end users (the Related Service).
2. Data categories generated by the product / related services
Connected Product: Hardware diagnostics, operational metadata, network connection logs, terminal event logs (e.g., touch screen input, payment terminal connection status), and device usage statistics.
Related Services: Specific order details (e.g., items selected, modifiers, transaction values, payment status, sign in to loyalty feature, cancellation, receipt request), menu configuration data (e.g., dynamic pricing rules, stock-out status), and aggregated performance metrics (e.g. time between screen interactions)
Data formats/standards: json; csv; mysql
3. Estimated volume and frequency
Volume varies significantly based on usage frequency but is generated as continuous usage logs. The Kiosk terminal is designed to generate operational data, event logs, and status updates continuously and in real-time.
4. Storage locations and retention
On‑device: For 30 days limited, transient, encrypted operational logs may be stored temporarily on-device to ensure continuity before transmission.
Deliverect/Tabesto servers: Product data is stored for 30 days; related services data is stored indefinitely or for any period of time later communicated by Deliverect/Tabesto.
Retention: The retention period of the collected data depends on the type of data and the purpose of the use case. Data is anonymised and kept indefinitely.
5. How Users access, retrieve,and erase data
Direct Access (where technically feasible): access to relevant data via Kiosk Saas Software exportable through the Front-end account of User.
On Request: Deliverect/Tabesto will make readily available data accessible to the User without undue delay, free of charge and in a commonly used, structured, machine‑readable format, upon User request via the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/.
Erasure: Users may request deletion via the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/. Deleted data is not recoverable.
6. Deliverect/Tabesto’s use of readily available data
Deliverect/Tabesto uses the data to provide the contracted services, (e.g.) enabling consumers to place orders through the self-ordering kiosks, initiating payment with integrated payment partners, generating receipts (printed or digital), enabling loyalty features, syncing menu items/prices, providing sales/performance analytics), maintenance and diagnostics (e.g. monitoring system performance, identifying faults and troubleshooting, applying updates, patches, and security enhancements) improving the functioning of the connected product/service, developing new products or services, including artificial intelligence (AI) solutions and fulfilling legal obligations (e.g., warranty, compliance, and statutory retention). This use of non-personal data is based on the contract with the User
7. Sharing with third parties at the User’s request
In line with the EU Data Act, Deliverect/Tabesto enables Users to request that readily available data be shared with a third party of their choice at no cost for the User.
Sharing will be provided in a structured, commonly used, machine-readable format, using secure transfer methods. Sharing will be done in an automated way where technically feasible.
Users can initiate and revoke sharing via a request to the Deliverect Support team through the Help Center and the chat function on https://help.deliverect.com/en/ Sharing is subject to technical feasibility and security requirements.
Deliverect/Tabesto are not responsible for the third party’s use of the data; Users should review the third party’s terms & conditions and privacy policies.
8. Security and trade secrets
Deliverect/Tabesto reserves the right to identify specific data (e.g., complex algorithms or underlying proprietary software data) as trade secrets. Disclosure of any identified trade secret data will only occur if the User (or the requested Third Party) agrees to and implements all necessary proportionate technical and organizational safeguards to preserve confidentiality as determined by Deliverect/Tabesto. Deliverect/Tabesto reserves the right to not make certain data available if they are considered to be trade secrets and no appropriate security measures have been agreed upon and implemented.
9. Right to lodge a complaint
The User has the right to lodge a complaint with the national competent authority or the data coordinator in the member state of establishment/residence regarding alleged infringements of the Data Act.
10. Updates to this Appendix
This Appendix may be updated to reflect changes in the law, modifications to Delivrerect/Tabesto’s products or related services, or technical updates affecting data processing.
