This website is using cookies. By continuing to use the website you agree to our Cookie Policy. More information about Cookies.

Accept
+ Suggest a Restaurant

Privacy policy

Last updated: 2026-04-18
 

This Privacy Policy explains how UAB “Meniu” processes personal data when you use the website www.meniu.lt, submit a table reservation or banquet inquiry, purchase a gift voucher, place a food order, register an account on the website www.meniu.lt, subscribe to the newsletter, or agree to receive notifications, including push notifications.
 

Data controller:
UAB “Meniu”
Company code: 304315434
VAT code: LT100010330513
Address: Ulonų g. 5, LT-08240, Vilnius
Email: info@meniu.lt

If you have any questions regarding the processing of personal data or wish to exercise your rights, please contact us by email at info@meniu.lt.

1. GENERAL INFORMATION

1.1. This Privacy Policy applies when you use the website www.meniu.lt, submit a reservation, food order or banquet inquiry, purchase a gift voucher, register an account, subscribe to the newsletter, or agree to receive notifications, including push notifications.

1.2. The data controller is UAB “Meniu”, legal entity code 304315434, address Ulonų g. 5, LT-08240, Vilnius, email info@meniu.lt.

1.3. If you have questions regarding the processing of personal data or wish to exercise your rights, you may contact us by email at info@meniu.lt.

2. WHAT PERSONAL DATA WE PROCESS
 

2.1. Reservation, order and inquiry data

When you submit a table reservation, food order, banquet or other inquiry, we may process the following data:

- first name and surname;

- phone number;

- email address;

- the date and time of the reservation, order or inquiry;

- number of persons, where applicable;

- your comment or additional notes;

- the status of the order or reservation;

- information about changes, cancellation or no-show, where applicable.

2.2. Account data

When you create an account, we may process:

- first name and surname;

- email address;

- phone number, if you provide it;

- the date and time of account creation;

- information about account activation;

- password stored in encoded form.

When you log in through third-party systems, such as Facebook or Google, we may also receive your first name, surname, email address, phone number and profile photo from these platforms, if you provide such data to that platform and allow it to be shared.


2.3. Newsletter and notification data

When you subscribe to the newsletter, we process:

- email address;

- the choice to receive or not receive newsletters.

Currently, only the email address is used for newsletters. Newsletter personalization, segmentation and automation are not used.

We use OneSignal to send emails and push notifications.

When you agree to receive push notifications, OneSignal may process technical data related to the push subscription and device, such as the push notification channel (web / app), device type, notification permission status, OneSignal ID, language, time zone, the date and time of the first and last session, number of sessions, usage duration, SDK version, app version, and, depending on the device or settings, approximate location data.

This data is used for push subscription administration, message delivery, technical analytics, performance statistics and service quality assurance.

Legal basis: Your consent.


2.4. Payment information

When you make a payment through meniu.lt, payment services are provided by AB NEO Finance.

Currently, payments on meniu.lt are made through a payment initiation service (PIS).

Only limited payment-related information necessary for order administration is available in the meniu.lt administration environment:

- payer’s first name and surname;

- email address;

- phone number;

- amount paid;

- payment time;

- unique order ID;

- payment method (PIS).

AB NEO Finance, when providing payment services through the integration, may receive and process a broader set of payment transaction-related data, including:

- unique payment transaction ID;

- amount;

- currency;

- recipient;

- IBAN;

- payment purpose;

- selected payment institution or bank;

- other data related to the payment transaction.

Meniu.lt does not transfer the payer’s personal code to AB NEO Finance.

Meniu.lt does not receive or store full payment card details.


2.5. Technical and usage data

When you use the website or system, we may process technical data necessary for system operation, security and error diagnostics, for example:

- IP address;

- device and browser information;

- login and activity logs;

- technical error and security records;

- information generated by cookies and similar technologies.

The main technical data related to users’ use of the website consists of web server logs, which may store the IP address and information about which address was accessed. The IP address is visible in technical logs and is accessible only to those persons whose access is necessary for system maintenance, security and error diagnostics.

Backups are provided together with the server maintenance service. The designated website files and database are copied nightly, and backups are stored for 30 days.

3. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS WE PROCESS DATA
 

3.1. For service provision

We process your personal data so that we can:

- receive and forward your reservation, order or inquiry to the restaurant or another partner;

- contact you regarding the reservation, order, their confirmation, change or cancellation;

- create, activate and maintain your account and login functionality;

- carry out the purchase or order process.

Legal basis: performance of a contract or steps taken at your request before entering into a contract.
 

3.2. For payment administration and accounting

We may process your data in order to:

- record the payment status;

- match the payment to the order;

- fulfil accounting and tax obligations.

Legal basis: performance of a contract and legal obligation.
 

3.3. For website and system security

We may process your data in order to:

- ensure the security of the website and systems;

- detect and fix technical malfunctions;

- protect the system from abuse;

- analyse errors and incidents.

Legal basis: our legitimate interest in ensuring the security, stability and reliable operation of systems.
 

3.4. For newsletters and selected notifications

If you have given consent, we may use your email address to send newsletters, offers and other marketing information.

If you have given consent to receive push notifications, we may use technical data related to the push subscription to send news, offers and other selected notifications through OneSignal.

Legal basis: your consent.
 

3.5. For compliance with legal requirements

In some cases, we may process your data in order to fulfil legal obligations, respond to lawful requests from public authorities or law enforcement, or assert, exercise or defend legal claims.

Legal basis: legal obligation or our legitimate interest, depending on the situation.

4. TO WHOM WE DISCLOSE YOUR DATA
 

We disclose your data only to the extent necessary for the provision of services, fulfilment of legal obligations or ensuring the operation of the system.

We may disclose data to:

- restaurants, cafés and other partners to whom your reservation, order or inquiry is transferred;

- AB NEO Finance, which provides payment services and acts as an independent data controller within the scope of its responsibility;

- Robolabs, when necessary for accounting or invoice administration purposes;

- OneSignal, when emails or push notifications are sent;

- IT, hosting, server maintenance and technical support service providers, when necessary for system operation, security and maintenance. Currently, the server and hosting service provider is IĮ “Torena”;

- public authorities or law enforcement, when required by law.

When necessary for accounting or invoice administration purposes, the following data may be transferred to Robolabs:

- name (company or individual);

- code;

- VAT code;

- address;

- email address;

- phone number;

- date;

- service description;

- amount excluding VAT;

- VAT amount;

- total amount;

- invoice number;

- payment due date.

4.1. Google reservation integration

If a restaurant uses the meniu.lt integration with the Google reservation system, data related to this integration may be transferred to the extent necessary for the operation of this service.

A restaurant wishing to be removed from the meniu.lt integration with the Google reservation system may submit an opt-out request at the following address: https://www.meniu.lt/content/google-rezervaciju-atsisakymas?locale=en

5. WHETHER DATA IS TRANSFERRED OUTSIDE THE EUROPEAN ECONOMIC AREA
 

AB NEO Finance indicates that data related to payment services is not transferred outside the European Economic Area.

Servers and backups are stored in Lithuania. Currently, data related to server, hosting and backup services is not transferred outside the European Economic Area.

Data related to sending emails and push notifications may be processed by OneSignal. OneSignal states that its main data centres are located in the European Union, but in certain cases data may be transferred or accessed outside the European Economic Area, including in the United States of America. In such cases, OneSignal indicates that it applies the Standard Contractual Clauses approved by the European Commission, the EU–U.S. Data Privacy Framework, or another data transfer mechanism permitted under applicable law.

6. HOW LONG WE RETAIN DATA
 

We retain data no longer than necessary for the purposes for which it was collected or as required by law.

Typically:

- we retain reservation, order and inquiry data for 2 years;

- we retain account data while the account is active and for 2 years after the last use;

- we retain newsletter subscription data while your consent remains valid, and the record of consent / withdrawal for a further 2 years;

- we retain payment and accounting data for as long as required by accounting and tax laws, usually 10 years;

- we retain technical logs, IP and security records for 2 months;

- we retain backups for 30 days.

After the applicable retention period expires, data is deleted, anonymised or retained further only where necessary under law or for the establishment, exercise or defence of legal claims.

7. COOKIES AND SIMILAR TECHNOLOGIES
 

We use cookies and similar technologies on the website to help ensure the operation of the website, remember your choices, analyse website usage and, if you have given consent, use them for marketing purposes.

Cookies are small text files stored on your device. Similar technologies may include browser storage, local storage or other technical solutions necessary for website functionality, analytics or message delivery.

We use the following categories of cookies and similar technologies: https://www.meniu.lt/content/slapuku-lentele?locale=en


7.1. Necessary cookies

These cookies are required for the proper functioning of the website, ensuring login, security, session management and the functions you explicitly choose.

Necessary cookies may include:

- PHPSESSID – session identifier;

- secured_user_area_deauth_profile_token – session security marker;

- meniu_cookie_consent – for saving your cookie choices;

- mobile_app – for ensuring website and app functionality, including layout display and app-related functions;

- open-login-modal-on-load – for displaying the login window when necessary for your selected action;

- load_url_after_login – for redirecting or opening a specific window after login;

- redirect_url_after_login – for redirecting after login;

- table_booking_booked_{institutionId} – for displaying the confirmation window of a successfully submitted reservation;

- table_booking_review – to allow you to submit a review after a reservation about a specific visit.

In certain cases, technical solutions necessary for login through third-party accounts, for example Facebook Login or Google login functions, may also be used when the user explicitly chooses such a login method.


7.2. Functional cookies

These cookies are not necessary for the basic operation of the website itself, but they improve the user experience, remember your choices and allow certain additional functions to work.

Functional cookies may include:

- gift_coupon_promo_modal – for displaying or hiding the gift voucher promotional popup;

- download_app_banner – for displaying / hiding the app download notice or banner;

- sb-closed – for saving the choice to close the app download bar;

- location – location information if you agree to location detection;

- exit_popup_{id} – for saving the state of a closed popup;

- tpic – for saving a choice related to a contest or an additional popup;

- Google Maps API – when the user chooses to view the map;

- OneSignal – for push notification functionality and, where applicable, technologies related to marketing communication.

Functional cookies and similar technologies help adapt the website’s operation to your preferences, but their use may require your consent where required by law.


7.3. Analytics cookies

Analytics cookies help understand how visitors use the website, which pages are visited, how certain features work and how website performance can be improved.

For this purpose, we may use:

- Google Analytics.

Analytics cookies are used only after obtaining your consent.


7.4. Marketing cookies

Marketing cookies are used for advertising measurement, remarketing and evaluation of the effectiveness of marketing campaigns.

For this purpose, we may use:

- Facebook Pixel.

Marketing cookies are used only after obtaining your consent.


7.5. Push notifications and similar technologies

We use OneSignal to send emails and push notifications. When you agree to receive push notifications, OneSignal may use technologies related to the subscription and device and may process technical data such as the notification channel, device type, permission status, OneSignal ID, language, time zone, the date and time of the first and last session, number of sessions, usage duration, SDK version, app version and, depending on the device or settings, approximate location data.

This data is used for push subscription administration, message delivery, technical analytics, performance statistics and service quality assurance. If push notifications are used for news, offers or other marketing communication, your consent applies.


7.6. Your choices

Where required by law, we use non-essential cookies and similar technologies only after obtaining your consent. You can review and change your choices at any time by clicking the “Cookie settings” button located in the bottom right corner of the website.


7.7. Additional information

Some of the technologies used may not be traditional browser cookies, but other browser storage or technical solutions used for functionality, analytics or message delivery.

Detailed information about cookies and similar technologies used, including their names, categories, providers and retention periods, is available here: https://www.meniu.lt/turinys/slapuku-lentele

8. HOW WE PROTECT YOUR DATA
 

We apply administrative, technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration or disclosure.

Access to personal data is granted only to those employees and service providers for whom it is necessary to perform their functions. The meniu.lt administrative staff sees only limited customer and payment information necessary for order administration, customer service and resolution of related matters. Technical data, such as IP addresses and log records, is accessible only to those persons whose access is necessary for system maintenance, security and error diagnostics.

Backups are provided together with the server maintenance service. Backups of website files and the database are created nightly and stored for 30 days.

9. YOUR RIGHTS
 

You have the right to:

- obtain information about what data we process about you;

- request access to your data;

- request correction of inaccurate or incomplete data;

- request deletion of data where there is a legal basis for doing so;

- request restriction of processing;

- object to processing where it is based on legitimate interest;

- withdraw consent where data is processed on the basis of consent;

- request data portability where applicable;

- lodge a complaint with the State Data Protection Inspectorate.

You may contact us at any time regarding the exercise of your rights by email at info@meniu.lt.

10. CHANGES TO THE PRIVACY POLICY
 

We may periodically update this Privacy Policy if our services, data processing processes or legal requirements change. The updated version of the Privacy Policy is published on the website www.meniu.lt.