1.1 By submitting personal data, the user confirms they are familiar with the terms of personal data protection, agree with them, and fully accept them.
1.2 The Provider is the controller of the users’ personal data in accordance with Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, especially the GDPR.
1.3 Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
1.4 When placing an order, personal data necessary for successful order fulfillment (name, address, contact) is required. The purpose of processing personal data is to fulfill the user’s order and to exercise rights and obligations arising from the contractual relationship between the Provider and the User. The purpose also includes sending commercial communications and conducting marketing activities. The legal basis for processing is the performance of a contract under Article 6(1)(b) GDPR, fulfillment of a legal obligation under Article 6(1)(c) GDPR, and the legitimate interest of the Provider under Article 6(1)(f) GDPR. The Provider’s legitimate interest is the processing of personal data for direct marketing purposes.
1.5 To fulfill the license agreement, the Provider uses subcontractors, especially mailing service providers (data may be stored in third countries) and hosting providers. Subcontractors are vetted for safe data handling. A data processing agreement exists between the Provider and hosting subcontractor, making the subcontractor directly responsible to the user for any data breach or leak.
1.6 The Provider stores users’ personal data for the time necessary to exercise rights and obligations from the contractual relationship and to assert claims from it (for 15 years after contract termination). After this period, data will be deleted.
1.7 The user has the right to request access to their personal data under Article 15 GDPR, correction under Article 16, or restriction of processing under Article 18. The user has the right to erasure under Article 17(1)(a), (c)-(f), to object under Article 21, and to data portability under Article 20.
1.8 If a user believes their personal data protection rights have been violated, they have the right to file a complaint with the Office for Personal Data Protection.
1.9 Providing personal data is not mandatory. However, it is required for entering and fulfilling a contract. Without providing it, the contract cannot be concluded or fulfilled by the Provider.
1.10 The Provider does not use automated individual decision-making as per Article 22 GDPR.
1.11 By filling in the contact form, the user:
agrees to the use of their personal data for the purpose of receiving commercial communication, advertising materials, direct sales, market research, and product offers from the Provider and third parties, no more than once per week, and
declares that receiving such communications does not constitute unsolicited advertising under Act No. 40/1995 Coll., as amended, as they have expressly consented to it under §7 of Act No. 480/2004 Coll.
This consent may be revoked by the user at any time in writing at martin@foodish.eu.
1.12 To improve services, personalize offers, collect anonymous data, and for analytics, the Provider uses cookies. By using the website, the user agrees to this technology.
2.1 The Provider is a processor of client data on behalf of the User under Article 28 GDPR. The User is the controller of such data.
2.2 These terms govern the mutual rights and obligations regarding personal data processed by the Provider under the license agreement established via agreement to the terms and conditions at www.foodish.eu on the date of account creation.
2.3 The Provider agrees to process personal data for the User to the extent and purpose outlined in sections 2.4 – 2.7. Data will be processed by automated means. The Provider will collect, store, retain, block, and delete the data, and may not process data beyond these terms.
2.4 The Provider agrees to process the following for the User:
regular personal data,
special categories of data under Article 9 GDPR obtained by the User during their business activity.
2.5 The Provider will process personal data for the purpose of handling client inquiries and requests received via the contact form.
2.6 Personal data will be processed only at the Provider’s or subcontractor’s locations within the EU.
2.7 The Provider agrees to process client data for as long as necessary to fulfill contractual obligations and claims (up to 15 years after contract termination).
2.8 The User authorizes the involvement of subcontractors as additional processors under Article 28(2) GDPR, including hosting providers. The Provider must inform the User of any intended changes regarding subprocessors, allowing for objections. Subprocessors must be bound by the same data protection obligations as stated in these terms.
2.9 The Provider guarantees personal data protection as follows:
Data will be processed in compliance with legal regulations and User instructions for operating the web platform.
The Provider ensures technical and organizational security measures against unauthorized or accidental access, alteration, destruction, loss, unauthorized transmission, or misuse.
Measures reflect the level of risk and ensure ongoing confidentiality, integrity, availability, and resilience of processing systems, and restore availability in case of incidents.
Data protection is subject to the Provider’s internal security policies.
Only authorized personnel of the Provider or subcontractors (as per 2.8) with clear roles and access controls will have access to data.
Authorized personnel must maintain confidentiality and the Provider ensures they are contractually bound to this duty even after employment ends.
The Provider will assist the User in fulfilling obligations related to data subjects’ rights and GDPR compliance (Articles 32–36), as far as possible.
After services end, the Provider must delete or return all personal data unless legally required to retain it.
The Provider shall provide all necessary information to prove compliance with these terms and GDPR, and allow audits by the User or their appointed auditor.
2.10 The User agrees to promptly report any known issues affecting the fulfillment of these terms and to cooperate fully with the Provider.
3.1 These terms expire at the end of the periods specified in Articles 1.6 and 2.7.
3.2 The User agrees to these terms by ticking the checkbox in the online form. By doing so, they declare they have read, understood, and fully accept these terms.
3.3 The Provider may amend these terms. Any changes will be published without undue delay on the Provider’s website or sent to the User’s email address.
3.4 Contact details of the Provider regarding these terms: +420 731 533 710, martin@foodish.eu.
3.5 Any matters not expressly covered by these terms are governed by GDPR and Czech law, particularly Act No. 89/2012 Coll., Civil Code, as amended.
These terms become effective on July 13, 2021.