Foodchute Data Policy

This policy describes and sets out the essential details relating to your personal data relationship with FoodChute, with official address at 23, Danny Cremona Street, Hamrun, Malta (“the Organisation/We/Us”). This policy highlights the types of personal data collected when you use our site and how your personal data is used, shared and protected.
It also explains the choices you have relating to your personally identifiable information and how you can contact us regarding your personal data.
The Organisation is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy policy and for the
purpose you specifically requested. From time to time we may offer new services, which we will update in this policy accordingly and we will notify you prior to these changes.

Who Is Responsible For The Processing Of Your Personal Data?

The data is processed by Foodchute, with official address at 23, Danny Cremona Street, Hamrun, Malta. The Data Protection Officer (“DPO”) of the Organisation is Samuel Zammit. You can contact us by email on [email protected] or by telephone on +356 21246920. Our
correspondence address is 23, Danny Cremona Street, Hamrun, Malta.

What Personal Data Do We Collect And When?

We ask you for certain personal data to provide you with the services you request. For example, when you request to receive communications, become a member, or interact with our sites. We will never share your information with a third party without your explicit permission to provide you with access to that service.

We may also collect sensitive personal data but we’ll never do this without your explicit consent. We may receive or ask you for multiple categories of data for which, in some cases, we require your consent. Should you be under the age of 16 years, a parent or a guardian must give consent on your behalf.

Data collected

Contact Details: including email, telephone number and physical address
● Personal Details: including name, surname, gender, date of birth and ID number
● Medical Data: Specific medical history, general health conditions and allergies
● Emergency Contact Details: including name and surname, email, telephone number of an emergency contact.

Categories of personal data used by the Organisation for the processing purpose	Actual Personal Data collected	Legal basis for processing?	Intended Purpose
Contact Details	including name and surname, email, telephone number and physical address	Your explicit consent to the processing of Your Contact Details for the specified Intended Purpose (Article 6(1)(a))	To be able to contact you regarding your current affairs at the Organisation
Personal Details	including gender, date of birth and ID number	By paying your fees you have entered into a contractual relationship with Us as set out in our membership terms and conditions. Article 6(1)(b))	For the administrative records of the Organisation
Medical Data	Information about Health Condition/Allergies	Your explicit consent to the processing of Your Medical Data for the specified Intended Purpose (Article 6(1)(a))	To ensure that the Organisation is duly aware of any possible underlying health conditions which may affect the Data Subject’s participation in activities organised by the Organisation and any such other related activities
Emergency Contact Details	Details including name and surname, email, telephone number of an emergency contact.	Your explicit consent to the processing of Your Emergency Contact Details for the specified Intended Purpose (Article 6(1)(a))	To contact a preferred person in the case of any emergency – medical or otherwise.

We may also ask you to complete surveys for quality purposes.

Identification and ContactInformation

When you request services or make enquiries from us through this website’s online messaging function or other forms of communication, we ask you for identification and contact details such as your name, contact telephone number, email address, depending on the nature of your enquiry and the type of response required.

Sensitive (e.g. Medical) Information

When we provide our services to you at one of our premises, or in preparation for providing you with a medical service, we would require from you other information, such as personal medical information and next-of-kin personal medical information. We do not collect such information through our website, therefore at the supply occasion of such data, further detailed privacy information depending on the instance will be supplied.

Medical information provided to the Organisation will be processed for the reason it would have been collected, as well as to comply with all relevant laws and regulations that the Organisation would be subject to. More information is available at the point of collection due to specific needs and obligations related to medical services.

Why And How We Use Your Personally Identifiable Information?

We process the personal data we collect from you in the following ways:

1. To provide the services ofthe Organisation
When you are our data subject, we will use your data to provide the service you have selected. For example, if you request more information, we will use the contact details you give us to communicate with you.

2. To protect our or others’ rights, property or safety
We may also use data about how you use our sites to prevent or detect fraud, abuse, illegal uses and violations of our regulations and to comply with court orders, governmental requests or applicable law.

3. For general research and analysis purposes
We use data about how our members use services to understand customer behaviour or preferences.

4. Other purposes
We may also use your personal data in other ways and will provide specific notice prior to the time of collection and obtain your consent where necessary.

Data Minimisation
We aim to never collect or store any information that is not required for the delivery of the services to which you subscribe. Any information that we do collect is and will always be explicitly accounted for in this Privacy Policy.
We will take reasonable steps to destroy personal information we hold if it is no longer needed for the purposes set out above or required for us to maintain a high level of care, in accordance with EU General Data Protection Regulation (GDPR).

Sharing Of Personally Identifiable Information
We will only pass your data to third parties in the following circumstances:
● you have provided your explicit consent for us to pass data to a named third party – should the need arise you will be informed of such accordingly;
● we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
● We are required by law to share your data.

Technical & Organisational Measures to Safeguard your Personal Data
The confidentiality of your personal information is of paramount concern to us and we comply with EU data protection law and all the applicable medical confidentiality guidelines issued by professional bodies such as the Malta Medical Council.
Your confidential medical information will be disclosed to the healthcare professionals, as justified by providing you the treatment or care. Additionally, such information might be disclosed to other entities, such as courts or medical professional bodies, only in the circumstance and following the communication modalities required under the Maltese law.
We invest appropriate resources to protect your personal information from loss, misuse, unauthorised access, modification or disclosure.

Security Measures

The Organisation shall keep your personal data secure and shall commit to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data may be stored in paper files or electronically on the Organisation’s technology systems or on technology systems of the Organisation’s IT service providers.

Appropriate, industry-standard, security measures are in place to protect your data (details are available upon request). This includes the encryption of all data held within our electronic records and a secure physical firewall for the server.

Where is the data stored?
The personal data we collect or generate (process) is stored in Malta. Your data is stored on site with a select amount being backed up in a secure data centre. We will never sell your data, but we may share your data with data recipients for processing purposes only.
Some of the data recipients with whom the Organisation shares your personal data may be located in countries other than the country in which your personal data originally was collected. Nevertheless, when we transfer your personal data to recipients in other countries, we will ensure your data is protected as described in this Policy and in compliance with the EU General Data Protection Regulation (GDPR).

Retention of your data

The Organisation retains your personal data for as long as it holds legitimate interests to fulfil the purposes for which it collects it, unless otherwise required by law. The Organisation will retain personal data related to general communications or enquiries received for up to ninety
(90) days after the communication’s intended purpose is exhausted to safeguard our legitimate interests for tracking enquiries. Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.
Any personal data which the Organisation may hold on the basis of your consent shall be retained exclusively until such consent is withdrawn.

Your rights related to your personal data

The General Data Protection Regulation (GDPR) gives certain rights to data subjects regarding
their personal data. Data subjects of the Organisation can take advantage their rights via:

● Right of access – the right to be informed of, and to request access to the data we process about you. The Organisation will at latest provide all documentation within 1 month and will not charge a fee unless deemed manifestly unfounded or excessive.
● Right to rectification – the right to request that we update / rectify your personal data if inaccurate.
● Right to restriction – the right to request that we temporarily / permanently stop processing your personal data.
● Rightto erasure – the right to request that we delete your personal data.
● Right to object – The right, at any time, to object to us processing your personal data given your situation
● Right to data portability – the right to request a copy of all personal data, in electronic format, we hold about you and the right to transmit this data to another party’s service.
● Right to not be subjected to automated processing – the right to not be profiled where the decision would have a legal effect upon you.
● Right to withdraw consent – you have the right to withdraw your consent at anytime by contacting our DPO either Note that the Organisation may contact you about newsletters, updates and events on the basis of the Organisation’s legitimate interests to keep you informed of such matters if you are a member of the Organisation. In this respect, you have a right to opt-out and to object to receiving any further such communication from the Organisation.

The Organisation may also contact you about updates and events from third-parties. In such a case your data will not be shared, and the Organisation handles all communications with you.
Note that if the Organisation contacts you about newsletters, updates and events on the basis of your consent, you have a right to withdraw your consent and no longer be contacted for such purposes at any time.
If you are a European resident and you have a concern about our use of your information, you can contact your local data protection regulator. A list of European data protection regulators can be found here. You can contact us to exercise your rights by calling the DPO of the Organisation on +356 21246920 or by sending an email to [email protected].

Compliance With Regulators
We will obey a valid court order or subpoena if these require us to provide the information that we store to law enforcement authorities or a court of law. We will only do so upon legal scrutiny and confirmation of the validity of such requirements in Malta.
Changes To Our Privacy Policy Applicable law and our practices change over time. If we decide to update our Policy, we will post the changes on our site. We strongly encourage you to read our Policy and regularly check for any changes.

This policy is effective from 19th July 2021

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.