HelpCenter
Explore
Is Spoonfed GDPR Compliant?
  1. 365 Retail Markets
  2. 365 Catering (Spoonfed)
  3. FAQs
Is Spoonfed GDPR Compliant?
Updated
Print
Scroll to Top
Table of Contents

What is GDPR?

The General Data Protection Regulation (GDPR) was introduced in 2018 for companies working in the EU/UK or who hold data on citizens of the EU/UK. GDPR allows for greater accountability and transparency from organizations in the way that they collect, process and store personal information.

 

Is Spoonfed GDPR compliant?

Spoonfed is fully compliant with GDPR. As the ‘Data Processor', Spoonfed is responsible for processing data on behalf of the caterer, the ‘Data Controller’. While the caterer decides from who and from what to collect information, Spoonfed securely stores and digitizes that information for the caterer.

 

As a Data Processor, Spoonfed guarantees the caterer that we will implement appropriate technical and organizational measures in such a way that processing meets the requirements of GDPR and ensures the protection of rights of the data subject.

 

To find out more about our obligations and rights as a Data Processor, read our Terms & Conditions. You can also read more about our Privacy Policy. There, you'll find information about our role as a Data Controller.

 

How Can a Customer View what Data Spoonfed Stores?

If your Customer would like a copy of the information Spoonfed holds about them, this can be found in their Online Ordering Account. Even if you don't enable customers to order online, they can create an account with the email address that you have stored on their profile (link to your Online Ordering Site is in Setup > Online Ordering > Link for Site and Integration). When a Customer logs in they can view and print all information Spoonfed has about them, per GDPR compliance.

 

What if a Customer Wants their Personal Data Deleted?

If your customer wants their information removed from Spoonfed, you can do this in the Back Office. You need to delete the Customer or Contact. Currently this is a 'soft delete', meaning that the data would still be retrievable by our developers. This is so that we can help recover data in case any information is deleted on accident.

Requests for information or for the removal of personal data must be complied with within one month, per GDPR compliance.