Right Menu B2C

Privacy Policy

Last updated: April 14, 2026

Open Europe s.r.o., IČO: 24667722, DIČ: CZ24667722, registered in the Czech Republic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how personal information is collected, used, and disclosed when you use the Right Menu Microsoft Excel Add-in ("Service").

Scope: This policy applies to individual consumers (B2C) who purchase and use the Service for personal or internal use. The Service is not offered as a B2B product. We do not enter into separate data processing agreements (DPAs), vendor assessment processes, or enterprise-specific contractual arrangements. For enterprise use, see our Enterprise (B2B) edition.

1. Spreadsheet Data — Zero Collection

Right Menu does NOT collect, transmit, or store any of your Excel spreadsheet data. All worksheet operations — including navigation, cross-sheet references, and data validation reports — are performed entirely within the local Excel application. No cell values, formulas, sheet names, or workbook metadata leave your device.

2. Information We Collect

We collect only the minimum information required to operate the licensing and trial system:

  • Email address — provided by you during license purchase. Used for license key delivery, transactional communications, and support. Not collected from trial users.
  • License key — entered by you during activation. Used to manage your subscription status.
  • Anonymous session identifier — assigned to trial users. Contains no personal information and cannot be used to identify you.
  • Session data — a secure, server-managed session used solely for license verification. Does not contain any spreadsheet data.

We do not collect: your name, company name, physical address, Microsoft account credentials, Microsoft 365 identity, organizational directory information, or any payment card data. Payment processing is handled entirely by Stripe, Inc. We have no access to your card details.

3. How We Use Your Information

We use collected information exclusively to:

  • Verify your license or trial status when the add-in starts.
  • Deliver your license key and send transactional emails (purchase confirmation, expiration notices).
  • Respond to support requests from licensed users.

We do not use your data for advertising, profiling, behavioural analytics, third-party sharing, or any purpose other than operating the Service.

4. Data Storage and Sub-Processors

Your data is stored on servers located in the European Union. We use the following sub-processors:

  • Microsoft Azure (EU — hosting, data storage) — Microsoft Privacy Statement
  • Stripe, Inc. (payment processing) — Stripe Privacy Policy
  • Microsoft Azure Communication Services (transactional email delivery) — part of Microsoft Azure infrastructure

5. Cookies

The Service uses a single, strictly necessary session cookie for license verification. This cookie does not contain any spreadsheet data and is not used for tracking, advertising, or analytics. No third-party cookies are set.

Our marketing website (open-europe.cz) does not use tracking cookies, analytics scripts, or third-party advertising pixels.

6. Add-in Permissions

Right Menu requires the ReadWriteDocument permission as defined by the Office Add-in platform. This permission is used for: reading worksheet names and navigation metadata, activating worksheets, inserting cross-sheet formula references, and running the local Data Validation Report. All data accessed through this permission is processed locally and is never transmitted to our servers.

7. Your Rights Under GDPR

As our company is registered in the European Union (Czech Republic), your data is protected under the General Data Protection Regulation (EU) 2016/679 ("GDPR"). You have the right to:

  • Access (Art. 15) — obtain a copy of all personal data we hold about you.
  • Rectification (Art. 16) — correct inaccurate personal data.
  • Erasure (Art. 17) — request deletion of your personal data, subject to legal retention requirements.
  • Restriction of processing (Art. 18) — request that we restrict processing of your data.
  • Data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Objection (Art. 21) — object to processing of your personal data.
  • Complaint — you may lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, www.uoou.cz) or any other EU supervisory authority.

To exercise your rights, contact us at privacy@open-europe.cz. We will respond within 30 days as required by law.

8. Legal Basis for Processing (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)) — processing your email and license key is necessary to fulfil the license agreement.
  • Legitimate interest (Art. 6(1)(f)) — session verification to prevent unauthorized use.
  • Legal obligation (Art. 6(1)(c)) — retention of transaction records as required by Czech law.

9. Data Retention

Trial users: Anonymous session data is stored for the duration of the trial period. No personal data is collected or retained.

Licensed users: Your email address, license key, and transaction records are retained as required by Czech accounting legislation (Act No. 563/1991 Coll., on Accounting) for a minimum of 5 years after the end of the accounting period. This legal obligation takes precedence over deletion requests for the mandated retention period.

Session data is automatically purged upon expiry.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted communications (TLS 1.2+), server-side session management, and industry-standard infrastructure security controls. We do not store client-side secrets or sensitive data in browser storage.

11. International Transfers

Your data is processed and stored within the European Union. In the event data is transferred outside the EU (e.g., Stripe's global infrastructure), such transfers are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on our website before taking effect. The "Last updated" date at the top of this page indicates the most recent revision.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your GDPR rights:

Open Europe s.r.o.
IČO: 24667722, DIČ: CZ24667722
Chržín 44, 273 24, Czech Republic
privacy@open-europe.cz