Privacy Policy

1. Introduction

Big Food ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web-based application for food production management and traceability ("Service").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Data Controller

Big Food, with registered address at [REGISTERED_ADDRESS, ITALY], is the data controller responsible for your personal information under the General Data Protection Regulation (GDPR).

Company Details:

• Legal Name: [COMPANY_NAME]
• Registered Address: [REGISTERED_ADDRESS]
• VAT Number: [VAT_NUMBER]
• Company Registration Number: [REGISTRATION_NUMBER]
• Email: privacy@bigfood.com

2. Information We Collect

We collect information that you provide directly to us when you:

• Register for an account
• Fill in forms on our Service
• Subscribe to our Service
• Request customer support
• Communicate with us by email, phone, or otherwise

The types of information we may collect include:

• Personal Information: Name, email address, phone number, billing address, and payment information.
• Company Information: Company name, address, and other business details.
• User Content: Information about suppliers, raw materials, products, and other data you input into the Service.
• Usage Data: Information about how you use our Service, including log data, device information, and analytics data.

Legal Basis for Processing

We process your personal information based on the following legal grounds under the GDPR:

• Contractual Necessity: To provide the Service you have subscribed to and fulfill our contractual obligations to you.
• Legitimate Interests: To improve our Service, prevent fraud, ensure security, and conduct business analytics, where these interests are not overridden by your data protection rights.
• Legal Obligations: To comply with tax, accounting, regulatory requirements, and other legal obligations under Italian and EU law.
• Consent: Where explicitly provided, such as for marketing communications, which you may withdraw at any time.

3. How We Use Your Information

We use the information we collect for various purposes, including to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send administrative information, such as updates, security alerts, and support messages
• Respond to your comments, questions, and requests
• Communicate with you about products, services, offers, and events
• Monitor and analyze trends, usage, and activities in connection with our Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Personalize and improve the Service and provide content or features that match user profiles or interests

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.

Your data is stored in PostgreSQL databases with appropriate security measures, including:

• Encryption of sensitive data
• Regular security audits
• Access controls and authentication
• Tenant isolation to ensure data segregation
• Regular backups

5. Data Retention

We retain your personal information for specific periods based on the purpose for which it was collected and legal requirements:

• Account Data: For the duration of your account activity plus 3 years after account closure, to comply with legal obligations and resolve potential disputes.
• Transaction Records: 10 years from the date of the transaction, as required by Italian tax and accounting regulations.
• Marketing Communications Consent: Until you withdraw consent or after 2 years of inactivity (no interaction with our communications).
• Support Communications: 3 years after the support case is closed, for quality assurance and dispute resolution purposes.
• Usage and Analytics Data: Up to 2 years for service improvement and security purposes.

After these retention periods expire, we will securely delete or anonymize your information so that it can no longer identify you.

If you wish to request earlier deletion of your data, please contact us at privacy@bigfood.com. Please note that we may need to retain certain information where we have a legal obligation or legitimate interest to do so.

6. Sharing Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: We may share your information with third-party vendors, consultants, and other service providers who need access to such information to carry out work on our behalf.
• Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
• With Your Consent: We may share your information with third parties when we have your consent to do so.

International Data Transfer Safeguards

When we share your information with service providers or other third parties that may be located outside the European Union, we ensure appropriate safeguards are in place to protect your data, including:

• Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the European Commission to ensure adequate protection when transferring data internationally.
• Adequacy Decisions: We transfer data to countries that have been recognized by the European Commission as providing an adequate level of data protection.
• Data Processing Agreements: All service providers who process personal data on our behalf are bound by Data Processing Agreements compliant with GDPR Article 28, requiring them to implement appropriate technical and organizational measures.

Payment Processing

Payment processing for the Service is handled by Stripe, Inc., a third-party payment processor. When you provide payment information, it is transmitted directly to Stripe and is subject to Stripe's Privacy Policy.

We do not store complete credit card information on our servers. We only retain limited payment information (such as the last four digits of your card and expiration date) necessary for billing administration and customer support purposes.

Stripe is certified under the Payment Card Industry Data Security Standard (PCI DSS) and uses industry-standard security measures to protect your payment information.

7. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal information:

• Right to Access: You have the right to access the personal information we hold about you and receive a copy of it.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.
• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal information in certain circumstances.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format (such as CSV or JSON) and to transmit it to another data controller.
• Right to Object: You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. In Italy, this is the Garante per la Protezione dei Dati Personali (www.gpdp.it).
• Right to Information about Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

Exercising Your Rights: To exercise any of these rights, please contact us at privacy@bigfood.com. We will respond to your request within one month of receipt. In complex cases, we may extend this period by an additional two months, and we will inform you of such extension within the first month.

We may need to verify your identity before processing your request to ensure the security of your personal information.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Children's Privacy

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.

10. International Data Transfers

Big Food is based in Italy, and your information is processed and stored within the European Union in compliance with GDPR requirements. Your data is maintained on servers located in Europe with appropriate technical and organizational security measures.

For customers located outside the European Union: If you are located outside the EU and choose to provide information to us, please note that your data may be transferred to and processed in the European Union, where data protection laws may differ from those of your jurisdiction. By using our Service, you consent to this transfer and processing.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email (Privacy Inquiries): privacy@bigfood.com
• General Contact: Contact Form
• Postal Address: [REGISTERED_ADDRESS, ITALY]

Data Controller: [COMPANY_NAME], [REGISTERED_ADDRESS], VAT: [VAT_NUMBER]

We are committed to resolving any privacy concerns you may have and will respond to your inquiries as promptly as possible, and in any case within the timeframes required by applicable law.