GDPR Compliance

How we comply with the General Data Protection Regulation

Our Commitment to GDPR

Trace Food is fully compliant with the General Data Protection Regulation (GDPR). We respect your privacy rights and have implemented comprehensive measures to protect your personal data.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our services

  • • Account management
  • • Service delivery
  • • Payment processing
  • • Customer support

Legitimate Interest

Processing for our legitimate business interests

  • • Service improvement
  • • Security monitoring
  • • Analytics and reporting
  • • Business communications

Consent

Processing based on your explicit consent

  • • Marketing communications
  • • Optional analytics
  • • Newsletter subscriptions
  • • Beta feature testing

Legal Obligation

Processing required by law

  • • Tax and accounting records
  • • Regulatory compliance
  • • Legal proceedings
  • • Data breach notifications

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Information

Be informed about how your data is processed

How to exercise: Review our Privacy Policy or contact our privacy team

Right of Access

Request a copy of your personal data we hold

How to exercise: Email privacy@tracefood.app with your request

Right to Rectification

Correct inaccurate or incomplete personal data

How to exercise: Update via your account settings or contact support

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

How to exercise: Delete your account or email privacy@tracefood.app

Right to Restrict Processing

Limit how we process your data in certain circumstances

How to exercise: Contact privacy@tracefood.app with your specific request

Right to Data Portability

Receive your data in a structured, machine-readable format

How to exercise: Use the data export feature in your account settings

Right to Object

Object to processing based on legitimate interests or for marketing

How to exercise: Update preferences in your account or email privacy@tracefood.app

Data Protection Measures

Technical Safeguards

  • End-to-end encryption in transit
  • Encryption at rest for sensitive data
  • Multi-factor authentication
  • Regular security audits
  • Automated backup systems

Organizational Measures

  • Staff privacy training
  • Access controls and monitoring
  • Data minimization practices
  • Incident response procedures
  • Regular compliance reviews

Data Processing Activities

ActivityData CategoriesLegal BasisRetention
Account ManagementEmail, company name, preferencesContractAccount lifetime + 30 days
Service ProvisionProduct data, batch info, facilitiesContractAs needed for traceability
AnalyticsUsage patterns, performance dataLegitimate Interest2 years
MarketingEmail, preferences, engagementConsentUntil consent withdrawn

International Transfers

Data Location & Transfers

Primary Storage: EU-based servers (Frankfurt, Germany)

Backup Storage: EU-based servers with encryption

Third-party Services: Some services may process data outside the EU

Safeguards: Standard Contractual Clauses (SCCs) and adequacy decisions

Data Breach Procedures

Detection & Response

  • • Automated monitoring systems
  • • 24/7 security alerting
  • • Immediate containment procedures
  • • Forensic analysis and documentation

Notification Timeline

  • • Supervisory authority: Within 72 hours
  • • Affected individuals: Without undue delay
  • • High-risk breaches: Immediate notification
  • • Public disclosure: As required by law

Contact Our Data Protection Officer

Data Protection Enquiries

  • Email: dpo@tracefood.app
  • Response Time: Within 30 days
  • Languages: English
  • Escalation: Available upon request

Supervisory Authority

If you're not satisfied with our response, you can lodge a complaint with:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

Exercise Your GDPR Rights

Need to access, correct, or delete your personal data?