Privacy Policy

Introduction

LabelFood ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our food labelling device, cloud software, and related services (the "Service").

Data Controller: LabelFood, a company registered in England and Wales (Company Number: 12013087), registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

This policy applies to:

• Food business owners and administrators who use LabelFood to manage labelling and compliance
• Staff members who use the LabelFood device in commercial kitchens
• Visitors to our website and users of our cloud dashboard via browser or iOS app

We are a UK-based company and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. For details on the legal basis for each type of processing, please refer to Section 3 below.

1. Information We Collect

1.1 Information from Business Accounts

When you create a LabelFood business account, we collect:

• Account Information: Name, email address, phone number, business name, business address
• Business Details: Business type, industry, description, and branding information
• Payment Information: Billing address, payment method details (processed securely; we do not store full credit card numbers)
• Subscription Information: Plan type, subscription status, billing history
• Configuration Data: Branch locations, devices, staff accounts, product catalogue, allergen settings
• Staff Information: Names, PIN codes, and roles of staff members you add to your account

1.2 Product and Labelling Data

When you use LabelFood to manage your food labelling:

• Product Information: Product names, ingredients, allergen declarations, storage instructions, barcodes, use-by periods
• Label History: Records of labels printed, including timestamps, quantities, and associated products
• Waste Records: Wastage data recorded through the device, including product, quantity, reason, and optional photo
• Compliance Reports: Data generated for regulatory compliance and EHO reporting

1.3 Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, labels printed, time spent, actions taken
• Device Information: Device type, operating system, browser type, IP address, unique device identifiers
• Location Data: General location information (branch location) based on device configuration
• Log Data: Access times, error logs, performance data
• Cookies and Tracking Technologies: See our Cookies section below

1.4 Information from Device

When you use the LabelFood device, we collect device usage data, print history, sync logs, and device status information to provide the service and for troubleshooting purposes.

1.5 iOS Application

When you use the LabelFood iOS app to access the cloud dashboard, we may collect:

• App Usage Data: Screens visited, features used, actions taken
• Device Information: Device model, iOS version, app version, push notification tokens
• Notifications: If you enable push notifications, we may send alerts about label expiry, sync status, and other service-related updates

2. How We Use Your Information

2.1 Service Provision

• Create and manage your account and devices
• Generate and print food labels with allergen and product information
• Store and manage your product catalogue and allergen data
• Track waste records and generate compliance reports
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries

2.2 Service Improvement

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Fix bugs and technical issues
• Conduct research and analytics

2.3 Communication

• Send important service updates and announcements
• Respond to your support requests
• Send marketing communications (with your consent, which you can opt-out of at any time)
• Notify you about changes to our Terms or Privacy Policy

2.4 Legal and Security

• Comply with legal obligations and respond to legal requests
• Protect our rights, property, and safety
• Prevent fraud, abuse, and illegal activities
• Enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you have requested and fulfil our contractual obligations
• Legitimate Interests: To improve our Service, prevent fraud, ensure security, and communicate important updates
• Consent: For marketing communications and optional features (you can withdraw consent at any time)
• Legal Obligation: To comply with applicable laws, regulations, and legal processes

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

• Payment Processors: For processing subscription payments; they handle payment data according to their privacy policy
• Cloud Hosting: For hosting our Service and data storage
• Analytics: Google Analytics (anonymized data) to understand usage patterns
• Support Tools: Customer support platforms to assist with inquiries

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government requests or regulatory requirements (e.g., Environmental Health Officer requests)
• Enforcement of our Terms of Service
• Protection of rights, property, or safety

5. Data Security

We implement robust technical and organisational measures to protect your data:

• Encryption: SSL/TLS encryption for data in transit; encryption at rest for sensitive data
• Access Controls: Role-based access controls, authentication, and authorisation mechanisms
• Secure Infrastructure: Hosting in secure data centres with physical and digital security measures
• Regular Updates: Security patches and updates applied regularly
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Backups: Regular automated backups with secure storage

While we implement strong security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials and should notify us immediately of any unauthorised access.

International Data Transfers

Our Service is hosted on servers located within the European Economic Area (EEA). Transfers of personal data from the UK to EEA countries are permitted under UK GDPR, as the UK has recognised EEA countries as providing an adequate level of data protection. We will update this section if our hosting arrangements change, including any future migration to UK-based servers.

6. Your Rights (GDPR)

Under UK GDPR and applicable data protection laws, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO) in the UK

To exercise these rights, please contact us at [email protected]. We will respond to your request within one month.

7. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage patterns. You can control cookies through your browser settings.

• Essential Cookies: Required for the Service to function (cannot be disabled)
• Analytics Cookies: Help us understand how users interact with our Service
• Functional Cookies: Remember your preferences and enhance your experience
• Push Notifications: If enabled on iOS, you may receive notifications about label expiry, sync status, and service updates. You can manage notification preferences in your device settings at any time.

8. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations (e.g., tax and payment records)
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

• Active Accounts: Account data is retained while your account is active
• Label and Waste History: Activity records (labels printed, waste logs) are accessible within the dashboard for up to 90 days as an operational aid. LabelFood is a labelling tool and does not provide official food safety records. You are responsible for maintaining any records required by applicable food safety law
• Deleted Accounts: Data is retained for 30 days after account deletion to allow for recovery requests, then permanently deleted
• Payment Records: Billing and payment data may be retained for up to 6 years to comply with HMRC requirements

9. Children's Privacy

LabelFood is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email notification or notice on our website. The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority: If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK: