GDPR Compliance
How we comply with the General Data Protection Regulation
Our Commitment to GDPR
Trace Food is fully compliant with the General Data Protection Regulation (GDPR). We respect your privacy rights and have implemented comprehensive measures to protect your personal data.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
Contract Performance
Processing necessary to provide our services
- • Account management
- • Service delivery
- • Payment processing
- • Customer support
Legitimate Interest
Processing for our legitimate business interests
- • Service improvement
- • Security monitoring
- • Analytics and reporting
- • Business communications
Consent
Processing based on your explicit consent
- • Marketing communications
- • Optional analytics
- • Newsletter subscriptions
- • Beta feature testing
Legal Obligation
Processing required by law
- • Tax and accounting records
- • Regulatory compliance
- • Legal proceedings
- • Data breach notifications
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Information
Be informed about how your data is processed
Right of Access
Request a copy of your personal data we hold
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing
Limit how we process your data in certain circumstances
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests or for marketing
Data Protection Measures
Technical Safeguards
- ✓End-to-end encryption in transit
- ✓Encryption at rest for sensitive data
- ✓Multi-factor authentication
- ✓Regular security audits
- ✓Automated backup systems
Organizational Measures
- ✓Staff privacy training
- ✓Access controls and monitoring
- ✓Data minimization practices
- ✓Incident response procedures
- ✓Regular compliance reviews
Data Processing Activities
Activity | Data Categories | Legal Basis | Retention |
---|---|---|---|
Account Management | Email, company name, preferences | Contract | Account lifetime + 30 days |
Service Provision | Product data, batch info, facilities | Contract | As needed for traceability |
Analytics | Usage patterns, performance data | Legitimate Interest | 2 years |
Marketing | Email, preferences, engagement | Consent | Until consent withdrawn |
International Transfers
Data Location & Transfers
Primary Storage: EU-based servers (Frankfurt, Germany)
Backup Storage: EU-based servers with encryption
Third-party Services: Some services may process data outside the EU
Safeguards: Standard Contractual Clauses (SCCs) and adequacy decisions
Data Breach Procedures
Detection & Response
- • Automated monitoring systems
- • 24/7 security alerting
- • Immediate containment procedures
- • Forensic analysis and documentation
Notification Timeline
- • Supervisory authority: Within 72 hours
- • Affected individuals: Without undue delay
- • High-risk breaches: Immediate notification
- • Public disclosure: As required by law
Contact Our Data Protection Officer
Data Protection Enquiries
- Email: dpo@tracefood.app
- Response Time: Within 30 days
- Languages: English
- Escalation: Available upon request
Supervisory Authority
If you're not satisfied with our response, you can lodge a complaint with:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Exercise Your GDPR Rights
Need to access, correct, or delete your personal data?