Privacy Policy

Last updated: January 2025

1. Introduction

Genuine Food Exchange ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Information We Collect

Personal Data You Provide

  • Contact Information: Name, email address, phone number, postal address
  • Account Information: Username, password, profile preferences
  • Transaction Information: Payment details, purchase history, delivery preferences
  • Communication: Messages sent through our platform, customer support interactions

Automatically Collected Information

  • Usage Data: Pages visited, time spent, interactions with features
  • Device Information: IP address, browser type, operating system, device identifiers
  • Location Data: Approximate location based on IP address (for local producer matching)

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Consent: When you have given explicit consent for specific processing activities
  • Contract Performance: To fulfill our contractual obligations and provide services
  • Legitimate Interest: For business operations, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Information

  • Facilitate transactions between buyers and sellers
  • Verify producer credentials and maintain quality standards
  • Process payments and manage accounts
  • Communicate about orders, updates, and customer support
  • Improve our services and user experience
  • Send marketing communications (with your consent)
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

5. Information Sharing and Disclosure

We may share your information with:

  • Food Producers: Contact and delivery information for order fulfillment
  • Payment Processors: Secure payment processing services
  • Service Providers: Third-party vendors who assist with business operations
  • Legal Requirements: When required by law or to protect our rights

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Until account deletion or 7 years after last activity
  • Transaction Records: 7 years for tax and legal compliance
  • Marketing Data: Until you withdraw consent or opt-out
  • Usage Data: 2 years for analytics and service improvement

7. Your Rights Under GDPR

If you are in the EU, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent for specific processing activities

To exercise these rights, contact us using the information provided below.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and employee training
  • Secure payment processing through certified providers
  • Regular backups and disaster recovery procedures

9. International Data Transfers

If we transfer your data outside the EU, we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules or other approved mechanisms

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please see our Cookie Policy.

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you a direct notification.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Data Protection Officer: Available through our contact form
  • Email: Available through our website contact form
  • Mailing Address: Available upon request

For EU residents, you also have the right to lodge a complaint with your local data protection authority.