Last Updated: April 20th, 2026
This Privacy Policy explains how APKOR d.o.o., a company incorporated under the laws of the Republic of Croatia, with its registered office at Milana Frlana 24A, Matulji, Croatia (“Mondish”, “we”, “us”, or “our”), collects, uses, stores, shares, and otherwise processes personal data when you access or use Mondish’s mobile applications, websites, APIs, and related services (collectively, the “Services”).
Mondish acts as the data controller for the processing of personal data described in this Privacy Policy, unless expressly stated otherwise.
We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), applicable national implementing laws, and, where relevant, rules relating to cookies and similar technologies.
Please read this Privacy Policy carefully. By using the Services, you acknowledge that your personal data will be processed as described in this Privacy Policy.
This Privacy Policy applies to personal data we collect when you create or use a Mondish account; access or interact with our websites, apps, or APIs; purchase or use subscription-based or paid features; contact us or otherwise communicate with us; submit information, preferences, feedback, or other materials through the Services; interact with content, features, gamified experiences, and recommendations made available through the Services.
Certain Mondish features may be subject to additional notices or supplemental privacy terms. Where this is the case, we will make those terms available to you at the relevant time.
Mondish is a digital platform providing curated and original content related to gastronomy, travel, and culture, including interactive features, gameplay, and other gamification mechanisms designed to guide users through destinations and their gastronomic characteristics. While certain limited interaction features may be available, user interaction within the Services does not necessarily mean that content or information you provide is publicly visible. Where specific content or features are visible to other users, we will indicate this through the relevant functionality or settings.
4.1. Data You Provide Directly
Depending on how you use the Services, you may provide us with:
4.2. Data We Collect Automatically
When you use the Services, we may automatically collect certain technical and usage data, including:
4.3. Data From Third Parties
We may receive personal data from third parties where relevant to the operation of the Services, including:
Some information you may choose to provide to Mondish may constitute special categories of personal data under Article 9 GDPR. In particular, this may include information revealing or allowing us to infer:
We process such data only where you voluntarily provide it and only on the basis of your explicit consent, unless another lawful exception under applicable law applies.
You are under no obligation to provide such data. If you choose not to provide it, certain personalization features may be limited.
You may withdraw your explicit consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Upon withdrawal, we will stop the relevant processing and delete or anonymize the affected data unless retention is required by law or necessary for the establishment, exercise, or defense of legal claims.
We process personal data only where we have a lawful basis to do so. Depending on the circumstances, we rely on one or more of the following legal bases:
We may process personal data for the following purposes:
6.1. To Provide and Operate the Services
Legal bases: contract; legitimate interests.
We use personal data to register and manage your account; authenticate users and maintain account security; provide access to content, features, subscriptions, and gamified functionality; remember preferences and settings; enable available interaction features; deliver customer support and respond to requests.
6.2. To Personalize the User Experience
Legal bases: contract; legitimate interests; consent where required.
We may use your activity, preferences, saved choices, and voluntary inputs to personalize content recommendations; destination and gastronomy-related suggestions; user experience and feature presentation; gameplay or gamified progression mechanisms. Where personalization involves special-category data, we rely on your explicit consent.
6.3. To Improve, Develop, and Maintain the Services
Legal basis: legitimate interests; consent where required.
We use personal data to analyze usage trends and engagement; troubleshoot bugs and technical issues; test, improve, and optimize features; maintain system integrity, performance, and reliability; develop new features and content; conduct internal reporting, analytics, and service improvement. Where required by law, analytics technologies are used only with your consent.
6.4. To Process Purchases and Subscriptions
Legal basis: contract; legal obligation.
We process relevant personal data to administer paid subscriptions and premium features; confirm transactions; manage billing records; address refunds, complaints, or payment-related disputes; comply with tax, accounting, and consumer law requirements.
6.5. To Communicate With You
Legal basis: contract; legitimate interests; consent where required.
We may use your contact details to send service-related notifications; account and security alerts; important updates about the Services or legal terms; responses to support inquiries; marketing communications, newsletters, or promotional messages, where permitted by law or where you have consented. You may opt out of non-essential marketing communications at any time. Service and legal notices may still be sent where necessary.
6.6. To Ensure Safety, Prevent Abuse, and Enforce Our Rights
Legal basis: legitimate interests; legal obligation.
We may process personal data to detect, investigate, and prevent fraud, misuse, unauthorized access, and violations of our Terms; protect users, Mondish, service providers, and third parties; investigate reports, complaints, or unlawful conduct; enforce our contractual rights and policies; cooperate with competent authorities where required.
6.7 To Comply With Legal Obligations
Legal basis: legal obligation.
We may process personal data where necessary to comply with legal and regulatory obligations, including obligations relating to accounting and taxation; consumer protection; court orders and lawful requests from authorities; digital services regulation; data protection and security obligations.
We and our partners may use cookies, SDKs, pixels, local storage, device identifiers, and similar technologies (“Tracking Technologies”) within the Services.
These technologies may be used to enable and maintain core functionality; keep users logged in; remember preferences and settings; measure performance and analyze usage; personalize content and recommendations; detect fraud, abuse, and technical issues; deliver advertising or sponsored content, where applicable. Where required by applicable law, we will obtain your consent before placing or using non-essential Tracking Technologies.
You can manage your preferences through in-app or website privacy settings; cookie banners or consent management tools, where available; device or browser settings. Please note that disabling certain technologies may affect the availability or functionality of parts of the Services.
Mondish may use analytics tools and, where applicable, advertising technologies to understand how users engage with the Services and to improve performance, features, and user experience. Where legally permitted and technically implemented, Mondish and its partners may also use certain data for personalized advertising or advertising measurement. Where consent is required for such processing, we will request it in advance and you may withdraw it at any time.
* We do not sell personal data to third-party data brokers.
Where we use third-party analytics, advertising, hosting, customer support, moderation, or payment tools, those providers may process personal data on our behalf under contractual safeguards and only for authorized purposes.
You may provide content, information, preferences, feedback, and other materials through the Services (“User Inputs”).
As a rule, Mondish treats User Inputs in accordance with the functionality through which they are submitted. User Inputs are not automatically public by default unless the relevant feature clearly indicates otherwise. Where a feature allows you to share content with other users or display certain information more broadly, the scope of visibility will depend on the relevant functionality and available settings.
We may use User Inputs to operate, maintain, personalize, and improve the Services, in accordance with our Terms of Service and this Privacy Policy.
10.1. Service Providers and Processors
We may share personal data with trusted third-party service providers that support the operation of the Services, including providers of hosting and cloud infrastructure; data storage; analytics and diagnostics; customer support; payment processing; email and communications; security and fraud prevention; content moderation; app performance and infrastructure tools. These providers process personal data on our behalf under appropriate contractual arrangements.
10.2. Other Users
Where a feature is designed to display content, activity, or profile elements to other users, the relevant personal data may be visible to those users in accordance with the feature design and your settings.
10.3. Authorities and Legal Requirements
We may disclose personal data to courts, regulators, law enforcement authorities, supervisory authorities, or other third parties where necessary to comply with applicable law; respond to lawful requests or legal process; protect rights, property, or safety; investigate unlawful activity or misuse.
10.4. Business Transfers
If Mondish is involved in a merger, acquisition, financing, reorganization, asset sale, or similar corporate transaction, personal data may be disclosed as part of that process, subject to confidentiality measures and applicable law.
Mondish is established in the European Union and all processing by Mondish occurs within the territory of the European Union. However, some of our service providers or partners may process personal data outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we will ensure that an appropriate transfer mechanism is in place, such as an adequacy decision issued by the European Commission; the Standard Contractual Clauses (SCCs) approved by the European Commission; another lawful safeguard or derogation recognized under applicable data protection law.
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and protect our legal interests. Retention periods depend on the category of data and the purpose of processing. In general:
Where personal data is no longer required, we will delete it or anonymize it, unless continued retention is permitted or required by law.
Subject to applicable law, you may have the right to:
The Croatian Data Protection Authority - Agencija za zaštitu osobnih podataka is located in Ulica Metela Ožegovića 16, HR-10000 Zagreb, Croatia and may be contacted via e-mail: azop@azop.hr, tel. 00385 (0)1 4609-000 and web: www.azop.hr.
If you wish to exercise any of these rights, please contact us using the details in Section 18 below.
Please note that these rights are not absolute. In certain cases, we may refuse or limit a request where permitted by law, for example where we cannot verify your identity, where the request affects the rights of others, or where retention is required by law.
Mondish may use automated processes to support personalization, recommendations, security monitoring, fraud prevention, and the operation of gamified features. Mondish does not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you, unless expressly stated otherwise and only where permitted by applicable law.
We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures may include, where appropriate encryption or pseudonymization; access controls and role-based permissions; secure infrastructure and backups; monitoring, logging, and security testing; internal policies and confidentiality obligations.
The Services are intended for users who are at least 16 years of age, as stated in our Terms of Service. We do not knowingly permit users under the applicable minimum age to create or use an account in violation of our Terms or applicable law. Where we become aware that we have collected personal data from a child in breach of applicable law, we will take appropriate steps to delete that data or otherwise bring processing into compliance.
We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or the functionality of the Services. Where required by law, we will provide appropriate notice of material changes, for example through the Services, by email, or by other suitable means. The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised and is effective 2 days thereafter.
If you have any questions about this Privacy Policy, our processing of your personal data, or if you would like to exercise your rights, you may contact us at:
Email: hello@mondish.com
If you are located in the European Union, you also have the right to lodge a complaint with the supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.
