Right Menu Enterprise

Privacy Policy

Last updated: April 14, 2026

Open Europe s.r.o., IČO: 24667722, DIČ: CZ24667722, registered in the Czech Republic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how personal information is collected, used, and disclosed when you use the Right Menu Microsoft Excel Add-in ("Service").

Scope: This policy applies to the Enterprise (B2B) edition of the Service, intended for organizations and business users. For individual personal use, see our Personal (B2C) Privacy Policy.

1. Spreadsheet Data — Zero Collection

Right Menu does NOT collect, transmit, or store any of your Excel spreadsheet data. All worksheet operations — including navigation, cross-sheet references, and data validation reports — are performed entirely within the local Excel application. No cell values, formulas, sheet names, or workbook metadata leave your device.

2. Information We Collect

We collect only the minimum information required to operate the licensing system:

  • Organization administrator email address — provided during subscription setup via the Microsoft Commercial Marketplace. Used exclusively for contract fulfillment communications and technical support.
  • License key — issued upon subscription activation. Used to manage your organization's subscription status.
  • Session data — a secure, server-managed session used solely for license verification. Does not contain any spreadsheet data.

We do not collect: individual employee names, personal email addresses, physical addresses, Microsoft account credentials, Microsoft 365 identity, organizational directory information, or any payment card data. Billing is handled entirely by Microsoft Commercial Marketplace. We have no access to payment details.

3. How We Use Your Information

We use collected information exclusively to:

  • Verify your organization's license status when the add-in starts.
  • Send transactional emails to the administrator (subscription confirmation, renewal notices).
  • Respond to support requests from the organization's administrator.

We do not use your data for advertising, profiling, behavioural analytics, third-party sharing, or any purpose other than operating the Service.

4. Data Storage and Sub-Processors

Your data is stored on servers located in the European Union. We use the following sub-processors:

  • Microsoft Azure (EU — hosting, data storage) — Microsoft Privacy Statement
  • Microsoft Commercial Marketplace (billing and subscription management) — Microsoft Privacy Statement
  • Microsoft Azure Communication Services (transactional email delivery) — part of Microsoft Azure infrastructure

5. Cookies

The Service uses a single, strictly necessary session cookie for license verification. This cookie does not contain any spreadsheet data and is not used for tracking, advertising, or analytics. No third-party cookies are set.

Our marketing website (open-europe.cz) does not use tracking cookies, analytics scripts, or third-party advertising pixels.

6. Add-in Permissions

Right Menu requires the ReadWriteDocument permission as defined by the Office Add-in platform. This permission is used for: reading worksheet names and navigation metadata, activating worksheets, inserting cross-sheet formula references, and running the local Data Validation Report. All data accessed through this permission is processed locally and is never transmitted to our servers.

7. Your Rights Under GDPR

As our company is registered in the European Union (Czech Republic), your data is protected under the General Data Protection Regulation (EU) 2016/679 ("GDPR"). You have the right to:

  • Access (Art. 15) — obtain a copy of all personal data we hold about you.
  • Rectification (Art. 16) — correct inaccurate personal data.
  • Erasure (Art. 17) — request deletion of your personal data, subject to legal retention requirements.
  • Restriction of processing (Art. 18) — request that we restrict processing of your data.
  • Data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Objection (Art. 21) — object to processing of your personal data.
  • Complaint — you may lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, www.uoou.cz) or any other EU supervisory authority.

To exercise your rights, contact us at privacy@open-europe.cz. We will respond within 30 days as required by law.

8. Legal Basis for Processing (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)) — processing the administrator's email and license key is necessary to fulfil the subscription agreement.
  • Legitimate interest (Art. 6(1)(f)) — session verification to prevent unauthorized use.
  • Legal obligation (Art. 6(1)(c)) — retention of transaction records as required by Czech law.

9. Data Retention

The administrator's email address, license key, and transaction records are retained as required by Czech accounting legislation (Act No. 563/1991 Coll., on Accounting) for a minimum of 5 years after the end of the accounting period. This legal obligation takes precedence over deletion requests for the mandated retention period.

Session data is automatically purged upon expiry.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted communications (TLS 1.2+), server-side session management, and industry-standard infrastructure security controls. We do not store client-side secrets or sensitive data in browser storage.

11. International Transfers

Your data is processed and stored within the European Union. In the event data is transferred outside the EU (e.g., Microsoft's global infrastructure), such transfers are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on our website before taking effect. The "Last updated" date at the top of this page indicates the most recent revision.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your GDPR rights:

Open Europe s.r.o.
IČO: 24667722, DIČ: CZ24667722
Chržín 44, 273 24, Czech Republic
privacy@open-europe.cz