Privacy Policy

1. Ro-ràdh

Tha Foodfy ("Companaidh", "sinn", "ar", "sinn") dealasach a thaobh a bhith a' dìon prìobhaideachd agus tèarainteachd an fhiosrachaidh phearsanta agad. Tha am Poileasaidh Dìomhaireachd seo a’ mìneachadh mar a bhios sinn a’ tional, a’ cleachdadh, a’ foillseachadh, a’ stòradh agus a’ dìon an dàta agad nuair a bhios tu ag eadar-obrachadh leis an àrd-ùrlar Foodfy, a’ toirt a-steach an làrach-lìn againn aig foodfy.ai, tagraidhean gluasadach, APIan, deas-bhòrd marsanta, seirbheisean AI, lìonra lìbhrigidh drone, agus a h-uile seirbheis agus feart co-cheangailte (còmhla, an “Àrd-ùrlar”).

This Privacy Policy applies to all users of the Platform worldwide, including Customers, Business Partners, Delivery Partners, Territory Partners, Corporate Account administrators and employees, Investors, Influencers, NutriLife users, and visitors. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Tha Foodfy ag obair thairis air 250+ dùthaich. Faodaidh na laghan dìon dàta sònraichte a tha iomchaidh dhut atharrachadh a rèir d’ àite. Far a bheil lagh ionadail a’ toirt barrachd dìon na am Poileasaidh Dìomhaireachd seo, tha an lagh ionadail ann. Tha ullachaidhean roinneil a bharrachd air am mìneachadh ann an Earrann 16.

2. Rianadair Dàta

Is e Foodfy an rianadair dàta le uallach airson an dàta pearsanta agad air a phròiseasadh tron Àrd-ùrlar, mura h-eilear ag ràdh a chaochladh. Airson Foodfy for Work (Cunntasan Corporra), bidh a’ bhuidheann clàraidh ag obair mar rianadair dàta airson dàta pearsanta luchd-obrach, agus bidh Foodfy ag obair mar phròiseasar dàta às an leth.

Airson ceistean dìon dàta, faodaidh tu fios a chuir chun Oifigear Dìon Dàta againn aig:

Post-d: [email protected]
Postal Address: Foodfy, Oifigear Dìon Dàta, ri fhaighinn le iarrtas tro [email protected]

3. Fiosrachadh a chruinnicheas sinn

We collect different categories of personal data depending on how you interact with the Platform and which services you use.

3.1 A h-uile cleachdaiche

Fiosrachadh cunntais: Ainm slàn, seòladh puist-d, àireamh fòn, ceann-latha breith, dealbh pròifil, agus facal-faire crioptaichte.
Dàta dearbhaidh: Login credentials, two-factor authentication secrets and recovery codes, API tokens, and session identifiers.
Inneal agus Dàta Teicnigeach: Seòrsa inneal, siostam obrachaidh agus dreach, seòrsa brabhsair agus dreach, rùn sgrion, aithnichearan inneal sònraichte, fiosrachadh lìonra gluasadach, seòladh IP, agus comharran fios putaidh (Expo tokens).
Usage Data: Pages visited, features used, search queries, click patterns, navigation paths, session duration, timestamps, referring URLs, and interaction events.
Location Data: Suidheachadh tuairmseach a thàinig bhon t-seòladh IP. Le do chead soilleir, àite GPS mionaideach airson lìbhrigeadh, lorg gnìomhachais faisg air làimh, agus feartan stèidhichte air àite.
Dàta Conaltraidh: Messages sent through the Platform, customer support interactions, feedback, and survey responses.

3.2 Luchd-cleachdaidh

Order Data: Nithean air an òrdachadh, eachdraidh òrduigh, seòlaidhean lìbhrigidh (a’ toirt a-steach ainm an togalaich, sràid, àros, làr, còd inntrigidh, agus stiùireadh lìbhrigidh), roghainnean òrduigh, riatanasan daithead sònraichte, agus stòr òrduigh (lìn, app, bothan, QR, WhatsApp, plana bìdh).
Payment Data: Payment method type, billing address, transaction amounts, and transaction history. Full payment card numbers are processed by our PCI DSS-compliant payment processor (Stripe) and are never stored on Foodfy servers.
Leabhar Seòlaidhean: Saved delivery addresses including structured address components, GPS coordinates, Google Place IDs, and formatted addresses.
Roghainnean: Na gnìomhachasan as fheàrr leat, nithean air an sàbhaladh, roghainnean daithead, suidheachadh cànain is airgead.
Reviews and Ratings: Product reviews, business ratings, delivery ratings, photos, and comments.

3.3 Com-pàirtichean Gnothachais

Fiosrachadh gnìomhachais: Ainm laghail gnìomhachais, ainm malairt, subdomain, aithnichear stòr poblach, seòrsa gnìomhachais (taigh-bìdh, grosair, bùth-leigheadaireachd, flùraichean, reic, solaraiche, brannd), seòladh corporra, àireamh fòn, post-d, agus URL làrach-lìn.
Dàta laghail is ionmhais: Tax identification name and number, legal entity type, banking details for payouts, and business registration documents.
Operational Data: Menu items, product catalog, pricing, inventory levels, operating hours, preparation times, delivery zones, and service configurations.
Dàta Dàimh Luchd-cleachdaidh: Pròifilean CRM a’ toirt a-steach tricead òrdugh teachdaiche, caitheamh iomlan, sgòran RFM (Recency, Frequency, Money), ìre cuairt-beatha, ìre dìlseachd, inbhe margaidheachd roghnach a-steach, cànan as fheàrr leotha, tagaichean, agus notaichean.
Dàta luchd-obrach: Staff member names, roles, employee codes, departments, designations, employment type, contact information, emergency contacts, banking details, identity documents, and HR records when using the People and HR feature.
Third-Party Integrations: ID Àite Google, rangachadh Google, pròifilean meadhanan sòisealta (WhatsApp, Facebook), agus dàta air a iomlaid le seirbheisean aonaichte (bathar-bog cunntasachd, àrd-ùrlaran lìbhrigidh).
Dàta ceadachd: Comann branda ceadachd, còdan toraidh, rèiteachadh ioma-àite, agus anailisean ìre branda.

3.4 Com-pàirtichean Lìbhrigidh

Dearbhadh Dearbh-aithne: Dearbh-aithne a chuir an riaghaltas a-mach, cead draibhear, clàradh charbadan, agus dearbhadh àrachais.
Real-Time Location: Co-chomharran GPS air an ùrachadh aig àm lìbhrigidh gnìomhach airson lorg òrdughan, optimization slighe, agus adhbharan sàbhailteachd.
Performance Data: Number of completed orders, rejected orders, delivery times, ratings received, and earnings history.
Dàta lìbhrigidh drone: Airson com-pàirtichean lìbhrigidh le comas drone: inbhe comas drone, seòrsa ruitheadair, staitistig lìbhrigidh, sònrachadh DronePort, agus logaichean obrachaidh drone.

3.5 Com-pàirtichean Sgìreil

Managed Territories: Ìre sòn ainmichte (Sgìre, Dùthaich, Stàite, Cathair-bhaile, Sgìre), aithnichearan fearainn, agus farsaingeachd cruinn-eòlasach.
Meudan Coileanaidh: Ìrean bòrd gnìomhachais, teachd-a-steach air a ghineadh, sgòran riarachaidh chom-pàirtichean, agus meatrach fàs fearainn.
Dàta tagraidh: Territory applicant profile information submitted during the application and onboarding process.

3.6 Luchd-cleachdaidh Cunntas Corporra (Foodfy for Work)

Organization Data: Ainm laghail companaidh, seòrsa eintiteas laghail, àireamh cead malairt, àireamh cìse, seòladh clàraichte, fiosrachadh conaltraidh bileachaidh, agus suaicheantas.
Dàta luchd-obrach: Ainm neach-obrach, post-d, dreuchd (rianaire / manaidsear / neach-obrach), roinn, ionad cosgais, àireamh iomraidh neach-obrach, cothromachadh wallet, eachdraidh malairt wallet, agus inbhe cosnaidh.

3.7 Luchd-tasgaidh

Pròifil neach-tasgaidh: Inbhe barrantachaidh, roghainnean tasgaidh, sgrìobhainnean dearbhaidh dearbh-aithne, agus eachdraidh conaltraidh.
Gnìomh Tasgaidh: Ùidhean tasgaidh, com-pàirteachadh cùmhnantan, suimean tasgaidh, agus litrichean co-cheangailte.

3.8 Luchd-cleachdaidh NutriLife

NutriLife collects sensitive health and biometric data. See Section 9 for detailed information.

3.9 Fiosrachadh bho Treas Pàrtaidhean

Social media platforms when you sign in using social login (Google, Facebook, Apple).
Payment processors and financial institutions for transaction verification and fraud prevention.
Public business directories and government registries for business verification and directory building.
Open Food Facts and other nutritional databases for product nutritional data.
Third-party delivery platforms (Uber Eats, Deliveroo, Talabat, Keeta, Careem) for integrated order management.
API Google Maps and Places airson àite, mapadh, agus dàta seòlaidhean.
Com-pàirtichean anailis agus sanasachd airson mion-sgrùdadh trafaic làrach-lìn agus tomhas iomairt.

4. Bunait Laghail airson Giullachd

We process your personal data on the following legal bases, as applicable under the General Data Protection Regulation (GDPR) and similar frameworks:

Performance of Contract: Processing necessary to fulfill our contractual obligations to you, including account creation, order processing, payment handling, delivery coordination, and provision of Platform features you have subscribed to or requested.
Cead: Processing based on your freely given, specific, informed, and unambiguous consent. This applies to: precise GPS location tracking, NutriLife health and biometric data collection (special category data), marketing communications and promotional emails, non-essential cookies and tracking technologies, and AI-powered photo analysis of meals.
Ùidh dligheach: Processing necessary for our legitimate business interests, provided these interests are not overridden by your fundamental rights and freedoms. This includes: Platform security and fraud prevention, analytics and service improvement, personalized search results and recommendations (non-AI profiling), customer support and communication, and enforcement of our Terms of Service.
Dleastanas Laghail: Processing necessary to comply with applicable legal requirements, including tax and accounting regulations, anti-money laundering (AML) and know-your-customer (KYC) requirements, food safety and public health regulations, data retention mandated by law, and responses to lawful government or regulatory requests.
Vital Interest: Ann an suidheachaidhean sònraichte, tha feum air giollachd gus ùidhean deatamach cuideigin a dhìon, leithid suidheachaidhean èiginneach co-cheangailte ri aileardsaidhean bìdh, tachartasan sàbhailteachd, no cùisean èiginn slàinte poblach.

5. Mar a chleachdas sinn am fiosrachadh agad

We use the personal data we collect for the following purposes:

5.1 Gnìomhan Prìomh Àrd-ùrlar

Provide, maintain, operate, and improve the Platform and all its features and services.
Process and fulfill orders, payments, refunds, and deliveries.
Cruthaich, dearbhaich, agus stiùirich cunntasan cleachdaiche thar gach seòrsa cleachdaiche.
Dèan comas air lorg òrdugh fìor-ùine, co-òrdanachadh lìbhrigidh, agus cur air falbh draibhear / drone.
Process Business Partner payouts and financial reconciliation.
Manage Foodfy Gold subscriptions, benefits, and billing.
Operate Foodfy for Work corporate wallets, allocations, and expense tracking.

5.2 Conaltradh

Send transactional communications including order confirmations, delivery updates, payment receipts, and account notifications.
Provide customer support and respond to inquiries through all channels (email, in-app, WhatsApp, SMS).
With your consent, send promotional communications, marketing offers, and personalized recommendations.

5.3 Pearsanachadh agus AI

Personalize your experience through AI-powered search results, business recommendations, and product suggestions.
Provide Business Partners with AI-powered tools including menu optimization, demand forecasting, automated marketing content generation, and customer analytics.
Power NutriLife features including AI meal photo analysis, nutritional calculation, and personalized dietary guidance.
Dèan comas air chatbots AI agus taic teachdaiche fèin-ghluasadach.

5.4 Sàbhailteachd, Tèarainteachd, agus Gèilleadh

Lorg, sgrùdadh, agus casg foill, droch dhìol, ruigsinneachd gun chead, agus gnìomhan mì-laghail no cronail eile.
Verify the identity of Business Partners, Delivery Partners, Territory Partners, and Investors.
Cumail ri dleastanasan laghail iomchaidh, riatanasan cìse, agus òrdughan riaghlaidh.
Cuir an gnìomh ar Cumhachan Seirbheis agus aontaidhean eile.

5.5 Mion-sgrùdadh agus Leasachadh

Dèan anailis iomlan agus gun urra gus pàtrain cleachdaidh a thuigsinn agus feartan Àrd-ùrlar adhartachadh.
Perform A/B testing and user experience research.
Train and improve AI and machine learning models using anonymized and aggregated data.
Cruthaich aithisgean fiosrachaidh gnìomhachais agus seallaidhean margaidh.

6. Mar a bhios sinn a' roinn d' fhiosrachadh

We share your personal data only as necessary to operate the Platform and provide our services. We do not sell your personal data to third parties.

6.1 Le luchd-cleachdaidh àrd-ùrlair eile

Com-pàirtichean Gnìomhachais: When you place an order, we share your name, delivery address, phone number, and order details with the relevant Business Partner to fulfill your order. Business Partners on Foodfy retain full ownership of their customer data and can export it at any time.
Com-pàirtichean Lìbhrigidh: We share your delivery address, order pickup location, and necessary contact information with Delivery Partners to complete deliveries. Delivery Partner access to your data is limited to what is necessary for the current delivery.
Luchd-cleachdaidh: Tha fiosrachadh Com-pàirtiche Gnìomhachais (ainm, seòladh, rangachadh, clàr-taice, uairean obrach) air a thaisbeanadh gu poblach air an Àrd-ùrlar gus leigeil le lorg agus òrdachadh.

6.2 Le Solaraichean Seirbheis

We engage trusted third-party service providers who process data on our behalf under strict data processing agreements:

Stripe: Payment processing, subscription billing, and fraud detection.
Sgòthan geala: Lìbhrigeadh susbaint, dìon DDoS, agus balla-teine tagradh lìn.
Antropic agus OpenAI: Co-dhùnadh modal AI agus ionnsachadh inneal airson feartan Platform AI. Tha dàta a thèid a chuir gu solaraichean AI air a phròiseasadh fo na cumhachan giullachd dàta iomairt aca agus chan eilear ga chleachdadh gus na modalan coitcheann aca a thrèanadh.
Deepgram: Speech-to-text processing for voice-enabled features.
Twilio: SMS delivery and voice communication services.
Google: Maps, Places API, analytics, and advertising services.
Meta: Riaghladh iomairt sanasachd agus tracadh tionndaidh.
Solaraichean Bun-structair Cloud: Server hosting, data storage, and computing services.

6.3 Le àrd-ùrlaran lìbhrigidh treas-phàrtaidh

When Business Partners use delivery platform integrations (Uber Eats, Deliveroo, Talabat, Keeta, Careem, and others), order data and necessary operational information is exchanged between the Platform and these third-party services to enable cross-platform order management. This sharing is initiated by the Business Partner and governed by the terms of each delivery platform.

6.4 Le Amalachadh Cunntasachd

When Business Partners connect accounting software (Xero, QuickBooks), financial transaction data, invoices, and business records are synchronized as configured by the Business Partner.

6.5 Airson adhbharan laghail agus riaghlaidh

When required by applicable law, regulation, legal process, subpoena, court order, or enforceable governmental request.
To enforce our Terms of Service and other agreements.
To protect the rights, property, safety, or security of Foodfy, our Users, or the public.
To detect, prevent, or address fraud, security, or technical issues.

6.6 Gluasadan gnìomhachais

Co-cheangailte ri aonadh, togail, ath-eagrachadh, briseadh-creideis, reic maoin, no malairt corporra coltach ris, faodar an dàta pearsanta agad a ghluasad chun bhuidheann togail. Bheir sinn fios seachad mus tig an dàta pearsanta agad fo smachd poileasaidh prìobhaideachd eile.

6.7 Le do chead

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

7. Glèidheadh dàta

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, provide our services, and comply with legal obligations. Specific retention periods include:

Dàta Cunntas Gnìomhach: Retained for the duration of your account plus 30 days after account deletion request to allow for recovery.
Order and Transaction Records: Retained for a minimum of 7 years to comply with tax, accounting, and financial regulations in applicable jurisdictions.
Payment Records: Retained as required by PCI DSS standards and financial regulations, typically 7 years.
Dàta Com-pàirtiche Gnìomhachais: Retained for the duration of the business relationship plus the legally required retention period for business records.
NutriLife Health Data: Retained while your NutriLife profile is active. Upon deletion request, health data is permanently deleted within 30 days, except where retention is required by law.
Dàta ballrachd Foodfy Gold: Retained for the duration of the subscription plus 3 years for billing dispute resolution.
Dàta Luchd-obrach Cunntas Corporra: Retained for the duration of the employee enrollment plus 1 year after removal from the Corporate Account.
Logaichean conaltraidh: Eadar-obrachaidhean taic teachdaiche air an cumail airson 3 bliadhna airson gealltanas càileachd agus fuasgladh connspaid.
Dàta Analytics: Faodar dàta anailis iomlan agus gun urra a chumail gun chrìoch leis nach eil e ag aithneachadh dhaoine fa-leth.

When personal data is no longer needed and no legal obligation requires its retention, we securely delete or irreversibly anonymize it using industry-standard methods.

8. AI agus Co-dhùnaidhean fèin-ghluasadach

Bidh Foodfy a’ cleachdadh inntleachd fuadain agus giullachd fèin-ghluasadach thairis air grunn fheartan Àrd-ùrlar. Tha sinn dealasach a thaobh follaiseachd a thaobh mar a bhios na teicneòlasan sin a’ làimhseachadh an dàta agad.

8.1 Mar a bhios AI a’ làimhseachadh an dàta agad

Personalized Recommendations: Bidh modalan AI a’ sgrùdadh eachdraidh an òrduigh agad, giùlan brobhsaidh, àite, agus roghainnean gus gnìomhachasan, toraidhean agus tairgsean a mholadh. Tha am pròiseas seo stèidhichte air ùidh dhligheach.
Search Ranking: Search results are ranked using algorithms that consider relevance, distance, popularity, ratings, and personalization signals.
Ro-shealladh air iarrtas: Airson Com-pàirtichean Gnìomhachais, bidh AI a’ sgrùdadh dàta òrdugh eachdraidheil, pàtrain ràitheil, tachartasan ionadail, agus dàta sìde gus iarrtas a ro-innse. Bidh seo a’ cleachdadh dàta gnìomhachais cruinnichte.
Menu Optimization: Tha AI a’ moladh atharrachaidhean prìsean agus atharrachaidhean clàr stèidhichte air dàta reic, mion-sgrùdadh farpaiseach, agus roghainnean teachdaiche. Bidh co-dhùnaidhean deireannach an-còmhnaidh air an dèanamh leis a’ Chom-pàirtiche Gnìomhachais.
Dearbhadh Foill: Bidh siostaman fèin-ghluasadach a’ sgrùdadh pàtrain malairt, fiosrachadh inneal, agus comharran giùlain gus gnìomhachd a dh’ fhaodadh a bhith meallta a chomharrachadh. Faodaidh luchd-anailis daonna ath-sgrùdadh air gnothaichean comharraichte.
NutriLife AI: Bidh AI a’ dèanamh anailis air dealbhan bìdh gus tuairmse a dhèanamh air susbaint beathachaidh agus a’ gineadh molaidhean daithead pearsanaichte stèidhichte air do phròifil slàinte. Faic Roinn 9 airson mion-fhiosrachadh.
Margaidheachd fèin-ghluasadach: Bidh AI a’ gineadh susbaint margaidheachd, iomairtean post-d, agus tairgsean adhartachaidh airson Com-pàirtichean Gnìomhachais stèidhichte air sgaradh teachdaiche agus dàta giùlain.

8.2 Do chòraichean a thaobh co-dhùnaidhean fèin-ghluasadach

Under applicable law (including GDPR Article 22), you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where such automated decisions are made:

You have the right to obtain human intervention and review of the decision.
You have the right to express your point of view and contest the decision.
You may request an explanation of the logic involved in the automated decision.

To exercise these rights, contact us at [email protected].

8.3 Dìon Dàta AI

Tha dàta a thèid a chuir gu solaraichean AI treas-phàrtaidh (Anthropic, OpenAI) air a phròiseasadh fo aontaidhean giollachd dàta iomairt. Chan eil an dàta agad air a chleachdadh gus na modalan AI coitcheann aca a thrèanadh.
Bidh trèanadh modail AI le Foodfy a’ cleachdadh dàta gun urra agus cruinnichte nach eil a’ comharrachadh luchd-cleachdaidh fa-leth.
Tha toraidhean AI dualtach agus air an taisbeanadh mar mholaidhean no tuairmsean, chan e co-dhùnaidhean deimhinnte.

9. Dàta Slàinte is Biometric (NutriLife)

NutriLife processes sensitive health-related and biometric data that requires special protection under applicable privacy laws. This section provides detailed information about how we handle this data.

9.1 Roinnean de dhàta slàinte air a chruinneachadh

With your explicit consent, NutriLife may collect and process the following categories of health data:

Physical Measurements: Cuideam bodhaig, àirde, ceudad geir bodhaig, cearcall-thomhas sliasaid, cearcall-thomhas hip, agus clàr-amais cuirp (BMI).
Vital Signs: Ìrean glùcois fala, leughaidhean bruthadh-fala, agus ìre cridhe.
Comharran Dòigh-beatha: Sleep duration, hydration levels, daily step count, energy levels, stress levels, mood, and digestive health indicators.
Fiosrachadh mu bhiadh: Clàran leabhar-latha bìdh, dealbhan bìdh, in-ghabhail calorie agus macronutrient (pròtain, gualaisg, geir, snàithleach, siùcar, sodium), in-ghabhail micronutrient (vitamain A tro B12, calcium, iarann, potasium, agus feadhainn eile), seòrsa daithead, agus alergidhean bìdh.
Pròifil Slàinte: Ceann-latha breith, gnè, ìre gnìomhachd, amasan slàinte (call cuideim, buannachd, cumail suas), cuideam targaid, suidheachaidhean meidigeach, cleachdadh leasachail, torrachas no inbhe beathachaidh-cìche.
Dàta Mion-sgrùdadh AI: Meal photographs analyzed by AI, confidence scores, and AI-generated nutritional estimates.

9.2 Bunait laghail agus cead

Tha dàta slàinte agus biometric air a sheòrsachadh mar dàta roinn sònraichte fo GDPR (Artaigil 9) agus laghan co-ionann air feadh an t-saoghail. Bidh sinn a’ giullachd an dàta seo a-mhàin a rèir do chead soilleir, a bheir thu seachad aig àm NutriLife air bòrd. Faodaidh tu do chead a tharraing air ais aig àm sam bith le bhith a’ cuir à comas NutriLife ann an roghainnean a’ chunntais agad, agus mar thoradh air an sin cuir às do dhàta slàinte taobh a-staigh 30 latha.

9.3 Cuingealachadh Adhbhar

Your NutriLife health data is used strictly for the following purposes:

Obraich a-mach an ìre meatabileach basal agad (BMR), caiteachas lùtha làitheil iomlan (TDEE), agus targaidean pearsanaichte calorie agus macronutrient.
Tracking your food diary entries and nutritional intake over time.
Providing AI-powered dietary suggestions and meal plan recommendations.
A’ taisbeanadh gluasadan slàinte agus adhartas a dh’ionnsaigh na h-amasan ainmichte agad.

9.4 Dìon Dàta teann

NutriLife health data is encrypted at rest and in transit using AES-256 and TLS 1.3 encryption.
Tha dàta slàinte air a stòradh air leth bho dhàta coitcheann Àrd-ùrlar le smachdan ruigsinneachd a bharrachd.
NutriLife health data is NEVER shared with insurance companies, employers, advertisers, or any third party for purposes unrelated to providing the NutriLife service.
CHAN EIL dàta slàinte air a chleachdadh airson cuimseachadh sanasachd no reic ri treas phàrtaidhean.
Tha ruigsinneachd air dàta slàinte taobh a-staigh Foodfy air a chuingealachadh ri luchd-obrach agus siostaman riatanach a rèir feum teann air eòlas.

10. Dàta Fo-sgrìobhaidh Òir Foodfy

When you subscribe to Foodfy Gold, we process additional data related to your membership:

Subscription Data: Plan type, subscription status (active, trial, paused, cancelled, expired), start and end dates, trial period dates, and renewal dates.
Payment Data: Stripe customer ID, Stripe subscription ID, payment method (last four digits and card type only), and billing history. Full card details are stored exclusively by Stripe.
Cleachdadh Sochair: Total orders placed with Gold benefits, delivery savings, discount savings, total calculated savings, and benefit redemption logs.

This data is processed to manage your subscription, apply benefits to eligible orders, calculate your savings, and provide you with subscription management features. Legal basis: performance of contract.

11. Cunntas Corporra agus Dàta Luchd-obrach

Airson Foodfy for Work (Cunntasan Corporra), tha dleastanasan giollachd dàta air an co-roinn:

11.1 Dàimh Rianadair Dàta

The enrolling organization (employer) acts as the data controller for employee personal data provided through the Corporate Account. Foodfy acts as a data processor, processing employee data solely as instructed by the employer and in accordance with the Foodfy for Work Data Processing Agreement.

11.2 Dàta air a chruinneachadh

Ainm neach-obrach, seòladh puist-d, agus dreuchd taobh a-staigh a’ Chunntais Chorporra (rianaire, manaidsear, neach-obrach).
Roinn, ionad cosgais, agus àireamh iomraidh neach-obrach mar a thug am fastaiche seachad.
Wallet balance, credit history, spending history, and refund records.
Order history made using the corporate wallet, including items ordered and amounts.

11.3 Dleastanasan Luchd-fastaidh

Tha uallach air fastaichean airson: (a) bunait laghail a bhith aca airson dàta luchd-obrach a cho-roinn le Foodfy; (b) fiosrachadh a thoirt do luchd-obrach mu ghiullachd dàta tron Àrd-ùrlar; (c) freagairt ri iarrtasan còraichean dàta luchd-obrach co-cheangailte ri dàta fo smachd fastaiche; agus (d) dèanamh cinnteach gu bheilear a' cumail ri laghan cosnaidh agus dìon dàta iomchaidh.

12. Dàta Gnìomh Lìbhrigeadh Drone

When drone delivery services are used, the following additional data is processed:

Route and GPS Data: Slighean itealaich drone, puingean sealaidheachd tro àiteachan DronePort, lìbhrigeadh co-chomharran GPS, agus amannan ruighinn tuairmseach.
Dàta com-pàirtiche lìbhrigidh: Airson com-pàirtichean lìbhrigidh le comas drone: àite fìor-ùine aig àm lìbhrigidh gnìomhach, staitistig lìbhrigidh, agus logaichean obrachaidh.
Dàta DronePort: Meatairean cleachdaidh DronePort, clàran cumail suas, agus inbhe obrachaidh.
Dàta Lìbhrigeadh Luchd-ceannach: Precise delivery coordinates required for safe and accurate drone landing, which may be more precise than standard address-based delivery.

Tha dàta lìbhrigidh drone air a phròiseasadh air bunait laghail coileanadh cùmhnant agus, far a bheil sin iomchaidh, ùidh dhligheach ann a bhith a’ cumail suas gnìomhachd lìbhrigidh sàbhailte agus èifeachdach. Chan eil dàta àite fìor-ùine de chom-pàirtichean lìbhrigidh air a phròiseasadh ach aig àm lìbhrigidh gnìomhach.

13. Tèarainteachd Dàta

Bidh Foodfy a’ cur an gnìomh ceumannan teicnigeach agus eagrachaidh coileanta, air thoiseach air gnìomhachas gus an dàta pearsanta agad a dhìon:

13.1 Dìon Teicnigeach

Crioptachadh a h-uile dàta ann an gluasad a’ cleachdadh TLS 1.2+ (HTTPS air a chuir an gnìomh thar gach puing crìochnachaidh Àrd-ùrlar).
Crioptachadh dàta mothachail aig fois a’ cleachdadh crioptachadh AES-256.
Web application firewall (WAF) and DDoS protection powered by Cloudflare.
Lìonra lìbhrigidh susbaint (CDN) le caching iomall airson coileanadh agus tèarainteachd.
PCI DSS-compliant payment processing through Stripe, with no storage of full card numbers on Foodfy servers.
Two-factor authentication (2FA) available for all accounts and mandatory for privileged accounts.
Dearbhadh API a’ cleachdadh comharran tèarainte le cuingealachadh reataichean agus lorg droch dhìol.
Regular automated vulnerability scanning and penetration testing.

13.2 Dìon Eagrachail

Role-based access controls ensuring employees can only access data necessary for their function.
Multi-tenant data architecture with country-specific database sharding, ensuring data from different jurisdictions is logically separated.
Aontaidhean giollachd dàta leis a h-uile solaraiche seirbheis treas-phàrtaidh.
Regular security awareness training for all personnel with access to personal data.
Modhan freagairt tachartas agus sgioba tèarainteachd sònraichte.
Cleachdaidhean lughdachadh dàta: cha chruinnich sinn ach an dàta a tha riatanach airson an adhbhair ainmichte.

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage all users to take steps to protect their own accounts, including using strong, unique passwords and enabling two-factor authentication.

14. Gluasad dàta eadar-nàiseanta

Bidh Foodfy ag obair thar 250+ dùthaich tro bhun-structar cruinneil agus lìonra Com-pàirtiche Tìre. Faodar an dàta pearsanta agad a ghluasad gu agus a phròiseasadh ann an dùthchannan a bharrachd air an dùthaich còmhnaidh agad. Nuair a ghluaiseas sinn dàta pearsanta gu h-eadar-nàiseanta, bidh sinn a’ cur an gnìomh dìonan iomchaidh gus dèanamh cinnteach gu bheil an dàta agad air a dhìon:

Standard Contractual Clauses (SCCs): Airson gluasadan bhon EEA/RA gu dùthchannan gun cho-dhùnadh iomchaidheachd, bidh sinn a’ cleachdadh Clàsan Cùmhnant Coitcheann a chaidh aontachadh leis a’ Choimisean Eòrpach.
Cùmhnantan giollachd dàta: Tha gach solaraiche seirbheis treas-phàrtaidh a bhios a’ giullachd dàta pearsanta às ar leth ceangailte ri aontaidhean giollachd dàta coileanta a tha a’ toirt a-steach dleastanasan dìon dàta, riatanasan tèarainteachd, agus dìonan gluasaid thar-chrìochan.
Roinn dàta a tha sònraichte don dùthaich: Our multi-tenant architecture uses country-specific database shards, which means operational data is stored and processed within or near the geographic region of the relevant Territory, minimizing cross-border transfers for day-to-day operations.
Co-dhùnaidhean iomchaidheachd: Where available, we rely on adequacy decisions issued by relevant regulatory authorities.
Transfer Impact Assessments: We conduct transfer impact assessments for data transfers to countries without adequate data protection frameworks.

15. Do Chòirichean Dìomhaireachd

A rèir d’ àite, tha diofar chòraichean agad a thaobh an dàta pearsanta agad. Tha Foodfy dealasach a thaobh urram a thoirt dha na còraichean sin airson a h-uile neach-cleachdaidh air feadh an t-saoghail:

15.1 Còraichean Coitcheann

Regardless of your location, all Foodfy users may:

Ruigsinneachd: Request a copy of the personal data we hold about you in a structured, commonly used, machine-readable format.
Ceartachadh: Request correction of inaccurate, incomplete, or outdated personal data. You can update most information directly through your account settings.
Sguab às: Request deletion of your personal data, subject to legitimate retention requirements (legal obligations, dispute resolution, fraud prevention).
Restriction: Request that we restrict the processing of your personal data in certain circumstances.
Objection: Object to the processing of your personal data for direct marketing purposes. We will comply with all opt-out requests promptly.
Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
Cur às do Chunntas: Request complete deletion of your account and associated personal data. Account deletion requests are processed within 30 days.

15.2 Mar a chleachdas tu do chòraichean

You may exercise your rights by:

A’ faighinn cothrom air na roghainnean cunntais agad airson riaghladh dàta fèin-sheirbheis, atharrachaidhean roghainn, agus cuir às do chunntais.
Cuir post-d chun Oifigear Dìon Dàta againn aig [email protected] leis an iarrtas agad.
A’ cur post-d gu [email protected] airson ceistean prìobhaideachd coitcheann.

We will verify your identity before processing requests and respond within the timeframe required by applicable law (typically 30 days, extendable by an additional 60 days for complex requests with prior notification to you).

16. Còraichean Dìomhaireachd Roinneil

The following supplemental provisions apply based on your location and the applicable data protection law:

16.1 Sgìre Eaconamach na h-Eòrpa agus an Rìoghachd Aonaichte (GDPR / UK GDPR)

Ma tha thu suidhichte san EEA no RA, tha na còraichean a bharrachd agad fon Riaghailt Dìon Dàta Coitcheann:

Gluasad dàta: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Co-dhùnaidhean fèin-ghluasadach: Right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (GDPR Article 22). See Section 8.2.
Oifigear Dìon Dàta: Our DPO can be reached at [email protected] for any GDPR-related inquiries.

16.2 California, Na Stàitean Aonaichte (CCPA / CPRA)

Ma tha thu nad neach-còmhnaidh ann an California, tha na còraichean a leanas agad fo Achd Dìomhaireachd Luchd-cleachdaidh California (mar a chaidh atharrachadh le Achd Còraichean Dìomhaireachd California):

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purpose for collecting, and the categories of third parties with whom we share it.
Right to Delete: Request deletion of your personal information, subject to statutory exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing: Cha bhith Foodfy a’ reic d’ fhiosrachadh pearsanta. Cha bhith sinn a’ roinn fiosrachadh pearsanta airson sanasachd giùlan tar-cho-theacsa às aonais do chead.
Right to Limit Use of Sensitive Personal Information: Request limitation of the use and disclosure of sensitive personal information to what is necessary for the purposes specified.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Anns na 12 mìosan roimhe sin, chan eil sinn air fiosrachadh pearsanta a reic mar a tha air a mhìneachadh leis an CCPA/CPRA.

16.3 Braisil (LGPD)

Ma tha thu suidhichte ann am Brasil, tha còraichean agad fon Lei Geral de Protecao de Dados (LGPD), a’ toirt a-steach còir air: dearbhadh giullachd, ruigsinneachd, ceartachadh, gun urra, so-ghiùlain, cuir às do dhàta air a phròiseasadh le cead, fiosrachadh mu roinneadh, agus a’ chòir athchuinge a chuir chun Autoridade Nacional de Protecao de Dados (ANPD).

16.4 Àisia-Pacific (PDPA agus laghan co-ionann)

Ma tha thu suidhichte ann an uachdranasan le Achdan Dìon Dàta Pearsanta no reachdas co-ionann (a’ toirt a-steach Singapore, Thailand, agus dùthchannan Àisia-Pacific eile), tha còir agad faighinn a-steach, ceartachadh, cuir às, cuingealachadh agus so-ghiùlain den dàta pearsanta agad mar a tha air a sholarachadh leis an lagh ionadail iomchaidh. Bidh sinn a’ pròiseasadh an dàta agad a rèir riatanasan PDPA iomchaidh, a’ gabhail a-steach a bhith a’ faighinn cead far a bheil sin a dhìth agus a’ toirt seachad fios follaiseach mu ghnìomhachd giollachd dàta.

16.5 an Ear Mheadhanach agus Afraga a Tuath

Do luchd-cleachdaidh ann an UAE, Saudi Arabia, agus uachdranasan MENA eile, bidh sinn a’ cumail ri riaghailtean dìon dàta iomchaidh a’ toirt a-steach Òrdugh Feadarail UAE air Dìon Dàta Pearsanta, Lagh Dìon Dàta Pearsanta Saudi Arabia, agus frèaman roinneil co-ionann. Tha seo a’ gabhail a-steach riatanasan sgìreachadh dàta far a bheil sin iomchaidh.

16.6 Uachdranas Eile

Tha Foodfy dealasach a thaobh cumail ri laghan dìon dàta anns gach uachdranas far a bheil sinn ag obair. Ma tha riatanasan dìon dàta sònraichte aig an uachdranas agad nach eil air an ainmeachadh gu h-àrd, cuir fios gu [email protected] airson fiosrachadh mu mar a dhìonas sinn do chòraichean fon lagh ionadail agad.

17. Fios Briseadh Dàta

Ma thachras briseadh dàta pearsanta a tha na chunnart do chòraichean agus do shaorsa, nì Foodfy:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and equivalent provisions in other jurisdictions.
Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34 and equivalent provisions.
Provide details of the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.
Sgrìobhainn a h-uile briseadh dàta pearsanta, a’ gabhail a-steach na fìrinnean, buaidhean, agus gnìomhan leigheas a chaidh a ghabhail, a rèir ar clàr brisidh a-staigh.

Ma tha thu den bheachd gun deach an dàta agad a mhilleadh, cuir fios sa bhad gu [email protected].

18. Clann agus Mion-aoiseach

The Platform is not intended for use by individuals under the age of 18, or the age of digital consent in their jurisdiction (which may be lower, such as 16 in most EEA countries or 13 in the United States under COPPA). We do not knowingly collect personal information from children below the applicable age threshold.

Ma gheibh sinn mothachail gu bheil sinn gun fhiosta air dàta pearsanta a chruinneachadh bho leanabh fo na h-ìre aois iomchaidh gun chead pàrant no neach-gleidhidh, gabhaidh sinn ceumannan sa bhad gus am fiosrachadh sin a dhubhadh às na siostaman againn. Ma tha thu a’ creidsinn gu bheil sinn air fiosrachadh a chruinneachadh bho leanabh, nach cuir thu fios thugainn sa bhad aig [email protected].

19. Ceanglaichean agus Seirbheisean Treas Pàrtaidh

The Platform may contain links to third-party websites, applications, and services. This Privacy Policy does not apply to any third-party services, and Foodfy is not responsible for the privacy practices, content, or security of any third party. This includes Business Partner websites built using the Foodfy Website Builder, which may contain additional third-party integrations selected by the Business Partner.

We encourage you to review the privacy policy of every third-party service you interact with.

20. Atharraichean air a' Phoileasaidh Dìomhaireachd seo

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:

We will update the "Last updated" date at the top of this page.
We will provide prominent notice on the Platform.
Airson atharrachaidhean susbainteach a bheir buaidh mhòr air mar a làimhsicheas sinn an dàta agad, cuiridh sinn fios thugad air post-d co-dhiù 30 latha mus tig na h-atharrachaidhean gu buil.
Where required by law, we will obtain your consent to material changes in data processing practices.

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

21. Cuir fios thugainn

Ma tha ceistean, draghan no iarrtasan sam bith agad a thaobh a’ Phoileasaidh Dìomhaireachd seo, an dàta pearsanta agad, no na cleachdaidhean dìon dàta againn, cuir fios thugainn tro na seanailean a leanas:

Oifigear Dìon Dàta: [email protected]
Privacy Inquiries: [email protected]
Security Issues: [email protected]
Taic Coitcheann: [email protected]
Làrach-lìn: foodfy.ai

We are committed to resolving any complaints about our collection or use of your personal data. If you have a complaint, please contact us first. If we are unable to resolve your concern, you have the right to lodge a complaint with your local data protection supervisory authority.