Privacy Policy

This privacy notice (our “Policy“) describes how Foodly Ltd. (a UK company) (“Foodly” “we”, “our” or “us”) collects and processes your personal data. How we use your personal data will depend on the particular service we are providing and the nature of your relationship with us.

If you are a representative of a company (a “Business Representative“) who accesses our services via the website foodly.co or has a commercial relationship with us (a “Partner“), then we may collect your contact details (and limited other personal data about you). This data may be used by us in order to administer our relationship, provide you with access to our services and systems, and send you our regular newsletter. Any information provided in this Policy that is relevant for our Business Representatives is marked as such.

If you are an individual (a “Consumer“) who accesses our services via our website, foodly.co through any of our Partners’ websites or through our mobile application, “Foodly Shopping List & Recipes” (the “Application“), then we may collect personal data that fall within various categories (see our “Data we collect” section). The purposes for which we may use your data are described in the “How we use your data” section. All information provided in this Policy, unless otherwise specified, is relevant to our Consumers. This Policy applies to all personal data we collect or process about you in the context of your use of our services. Foodly is the data controller for the processing of personal data.

Data we collect

We may collect the following personal data from you:

Personal details
Authentication data
Profile information, if you setup an account with us
Information you voluntarily provide about yourself, such as food, dietary, and nutritional preferences
Data relating to your use of our services
Your device’s geo-location when accessing our services
Contact Information
Grocery data
Advertising data
Third Party Accounts Data

Third-Party Accounts Data: Foodly allows you to sign up and log in to the Foodly Services using accounts that you have created with third-party products and services including Facebook, Google, or Apple (together “Third-Party Accounts”). Where you access the Foodly Services using Third-Party Accounts we will collect information that you have agreed to make available such as your name, email address, profile information and preferences (“Third-Party Accounts Data”). This information is collected by the relevant Third-Party Account provider and is provided to us under their terms and policies. You may be able to control the information that we receive from these sources using the privacy settings in the relevant Third-Party Account.

How we collect your data

We collect some of the personal data described above directly from you for a number of different purposes, as detailed in the “How we use your data” section below.

We collect your personal data indirectly via the websites of our Partners who have integrated our platform (i.e., the shopping list function) in order to provide you with a seamless food shopping experience and from any social media sites through which you access our services. We also collect information about you from other Consumers such as when they like (or equivalent), comment on, review or rate your recipes or where they choose to share their Contact Information to us.

In addition, we collect personal data about you via automated means, such as from cookies and similar tools as you use our services. A cookie is simply a piece of text, which can be placed on the browser of your personal computer or mobile device and subsequently read as you visit a website. Some of the cookies we deploy are strictly necessary to provide the services, whereas others (such as those which relate to targeted advertising) are not. You have a choice about whether or not to accept these non-essential cookies. Further information on the types of cookies we use and the personal data we use them to collect can be found in our Cookie Policy.

How we use your data

We may use the data you provide to us for the following purposes:

Provide you with our services and maintain them
Perform data analytics to understand food trends, build a profile of your preferences and improve our services
To make suggestions about recipes and products that we think will match your preferences
Provide targeted advertising to you or to use your data for targeted advertising purposes
To send you news, special offers and marketing
To send our Business Representatives our newsletter
Assist you in purchasing groceries from selected retailers
Review and improve our services
Provide Business Representatives with access to third party services provided to us
Defend ourselves against legal claims

For example, when you select a recipe from a website belonging to one of our Partners, you will be able to log into your account with us and create a shopping list via our integrated platform. If you decide to buy the items on your list, then we will transfer your selected grocery products for purchase to the third party grocery website of your choice, using Authentication Data to verify your identity and your Location Data to suggest appropriate grocery retailers.

Foodly processes personal data for the purposes described above. Foodly’s legal basis to process personal data includes processing that is: necessary for the performance of the contract between you and Foodly (for example, to provide you with the services and to identify and authenticate you so you may use certain services); necessary to comply with legal requirements (for example, to defend ourselves against legal claims or to make mandatory disclosures to law enforcement); necessary for Foodly’s legitimate interests (for example, perform data analytics to understand food trends, build a profile of your preferences and improve our services); and based on obtaining your separate consent (for example, to communicate with you about our products and services and provide you with marketing information, as well as where we process your personal data as a result of any consent you have provided in connection with any cookies we deploy), which may subsequently be withdrawn at any time by contacting us as specified in the Contact Us section of this Privacy Policy without affecting the lawfulness of processing based on consent before its withdrawal.

Please see the table below for further detail on each of these purposes.

Purpose	Categories Of Personal Data
Providing you with our services and maintaining them, including: – Setting up an account with us when you download our Application – Verify your identity when you login to use our services – Managing your profile and preferences on the Application (e.g. to publicise your profile and save your favourite recipes) – Facilitating your purchasing of groceries from third party retailers through our services – Providing customer support (e.g. when you have issues logging into or using our services) – Notifying you about changes to our services.	Personal Details Authentication Data Profile Data Food Preference Data Usage Data Location Data Contacts Information
Data analytics, including: – Creating reports to provide our Partners with aggregated and anonymous information about how users interact with their sites (e.g. popularity of certain recipes or food types by region) – Providing you with product suggestions that are sometimes sponsored and sometimes just our recommendations based on your previous purchases, shopping lists and favourite recipes – Providing aggregated and anonymised trend reports to third parties – Improving your experience of our services by using your data to enhance our technologies (e.g. through machine learning algorithms) – Providing customer support (e.g. when you have issues logging into or using our services) – Notifying you about changes to our services.	Contact Details Profile Data Food Preference Data Usage Data Location Data
Providing targeted online advertising, including: – Offering you recipe, product or retailer suggestions that reflect your preferences and suit your location – Make suggestions and recommendations to you about goods and/or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of advertising. – Collect and pass to third parties advertising-specific identifiers unless you have opted out of ad-tracking for your device. If you wish to opt-out of ad tracking, you can reset your unique identifier by following the process set out atGoogle Adsto dis-associate any of your data collected for marketing purposes before you opted-out. – Improving your experience of our services by using your data to enhance our technologies (e.g. through machine learning algorithms) – Providing customer support (e.g. when you have issues logging into or using our services) – Notifying you about changes to our services.	Contact Details Authentication Data Food Preference Data Usage Data Location Data Device information Advertising identifiers (e.g. AAID, IDFA)
Sending you news, special offers and marketing, including: – Providing you with details of special offers and general information about other goods via email	Contact Details Profile Data Food Preference Data Usage Data Location Data
Sending our Business Representatives our newsletter	Contact Details Usage Data
Reviewing and improving our services, including: – Monitoring and tracking the usage of our services – Gathering valuable information so that we can improve our services – Detecting, preventing and addressing technical issues	Contact Details Profile Data Food Preference Data Usage Data Location Data
Defending ourselves against legal claims that we may receive	Contact Details Authentication Data Profile Data Food Preference Data Usage Data Location Data

We sometimes process your personal data using a combination of machine learning and other AI techniques to evaluate information about you that we receive from the sources described under our “How we collect your data” section above. This is known as profiling and it helps us to build our understanding of your preferences in order to provide you with the best service we can. For example, we may analyse information relating to your purchases of a particular product to suggest similar products that you may be interested in buying via targeted advertising.

Depending on the purpose for which we are using your data, we may rely on various legal grounds for processing. In some cases, we will seek your explicit consent, in others we may rely on our legitimate interests or it may be necessary in order to perform our contract with you.

How long we keep your data for

We will retain your personal data for as long as required to fulfil the purpose for which the data were collected, having regard to a range of applicable criteria, including the on-going relationship we have with you, the completion of the purpose for which the data was originally given, our own legal obligations and requirements, the type and size of the data held or our accounting requirements in relation to the data. For example, we will retain the Personal details that you provide when you open an account via our Application until you choose to delete your account. We may then in any event need to retain those Personal details for a period in order to defend ourselves against legal claims.

We use session and long-lived cookies on our websites and Application. Personal data that are collected by session cookies that are strictly necessary for purposes relating to fundamental website or Application functionality will be retained for a matter of minutes. Personal data that are collected by long-lived cookies may be retained for up to two years, depending on the purpose.

We will delete personal data once the relevant retention period expires. After such date, you will not be able to exercise some of your rights over your personal data that are described below. In general, we keep the length of time that we hold your personal data for under review. These reviews take place annually.

Who we share your data with

We may share your personal data with third parties under the following circumstances:

Service providers: we may share your personal data with service providers who perform services on our behalf, including assisting us with data analytics, IT management, hosting and improving our services. For a full and maintained list of our service providers, please click here. You can find more detail on the types of services these third parties provide to us by clicking “Further Information” at the end of this section.
Partner companies: this includes grocery retailers, recipe publishers, digital health applications, social media sites, providers of ‘internet of things’ technologies and third party advertising networks who advertise on our website.
Third-Party Accounts: we enable you to share your personal data with the relevant Third-Party Account(s) that integrate with the Foodly Services. Information collected by Third-Party Accounts is subject to their terms and policies. Foodly is not responsible for the terms or policies of any Third-Party Account.
Information you voluntarily provide about yourself, such as food, dietary, and nutritional preferences
Restructuring: we may share your personal data during the course of business negotiations and transactions (for example, an acquisition, merger or financing) to the extent necessary to facilitate the restructuring.
Where required by law: we may share your personal data with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

Where we might send your data

Your personal data may be transferred to and processed in a country that is not regarded as providing the same level of protection for personal data as the laws of your home country, including, for example and without limitation to the United Kingdom and the United States. Where possible, we have sought to put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for your personal data. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us at the contact information set out below.

How we keep your data secure

We engage Google Cloud to store your personal data within the European Economic Area (“EEA“). We have also implemented appropriate technical and organisational controls to ensure that your personal data are processed securely, such as encryption and authentication during transfer. However, no method of transmission over the internet or of electronic storage is fully secure, and as such, we cannot guarantee its absolute security.

Further information on how we keep your personal data secure can be found in our security policy.

Your rights over your personal data

You can withdraw any consent you have given us at any time and we will stop using your data for the purpose that consent was granted. You can also contact us at any time to request:

Access to any personal data we hold about you.
That personal data we hold about you can be updated, rectified or blocked.
That we delete personal data we hold about you.
That we restrict our processing of your personal data.
That we provide you or a third party with a copy of certain personal data about you (referred to as the right of “data portability”).
That you object to the processing of personal data we hold about you.

There may be situations where it is not possible for us to grant you these rights or we are not required by law to do so. For example, where restricting the processing of your personal data would impede a criminal investigation. As such, the rights described in the bullet points above are not absolute.

Contact Us

If you have questions or concerns regarding the way in which your personal data has been used, please contact our data protection officer, Dheeraj Thankachan, athello@foodly.co. You can also contact us by post at:

Foodly Ltd. (company number: 14390400)

Attn: Dheeraj Thankachan – Data Protection Officer

8 Fairwater Avenue, Cardiff, CF5 3AR

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection regulator of your country of residence.

Changes to the Policy

We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your personal data, we will notify you of these changes by email.

Links to other websites

This policy only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We do not control unconnected third party websites and are not responsible for any use of your personal data that is made by unconnected third party websites.

ADDITIONAL CALIFORNIA CONSUMER PRIVACY DISCLOSURES

Effective: January 1, 2020

This California Consumer Privacy Statement (the “Statement”) supplements the Foodly Privacy Policy. It applies solely to California consumers and addresses personal information we collect online and offline.

This Statement uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”).

Notice to California Residents

Notice of Collection and Use of Personal Information

We may collect the following categories of personal information about you:

Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, and other similar identifiers
Protected Classifications: such as characteristics of protected classifications under California or federal law, such as age and sex
Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
Biometric Information: such as such as keystroke patterns or rhythms, voice recordings, an individual’s behavioral characteristics, or other data used to establish individual identity
Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements
Geolocation Data: such as precise physical location or movements and travel patterns
Sensory Information: audio, electronic, visual, and similar information
Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

How we use your data is described in this policy. We may also use the categories of personal information listed above for certain business or commercial purposes, as described in this list:

performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, providing advertising or marketing services, providing analytics services, or providing similar services;
auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
debugging to identify and repair errors that impair existing intended functionality;
undertaking internal research for technological development and demonstration;
undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

Prior Collection, Use and Disclosure of Personal Information

We may have collected and used your personal information, as described in Section 1 above, during the 12-month period prior to the effective date of this Statement. For the personal information collected during that timeframe, we describe below: (a) the categories of sources from which we may have obtained the personal information, (b) the categories of personal information we may have sold, and (c) the categories of personal information we may have disclosed for a business purpose.

Sources of Personal Information

Where we may have obtained your data is described in the Foodly Privacy Policy. We may have also obtained personal information about you from various other sources, including:

from you or your devices, for example, through your use of our services both via our website and applications and via the websites of our Partners who have integrated our platform;
our affiliates and subsidiaries;
internet service providers;
data analytics providers;
government entities and other public sources;
operating systems and platforms;
data brokers and other data providers;
credit agencies or bureaus;
vendors who provide services on our behalf;
social media networks; and
online advertising companies.

Sale of Personal Information

We may allow certain third parties (such as advertising partners) to collect your personal information. You have the right to opt out of this disclosure of your information, as detailed below.

Under the CCPA, a “sale” means providing personal information to a third party for valuable consideration, which may include several forms of common sharing practices. It does not necessarily mean money was exchanged for the transfer of such personal information. The following table lists the categories of personal information we may have “sold” during the 12-month period prior to the effective date of this Statement and the categories recipients:

from you or your devices, for example, through your use of our services both via our website and applications and via the websites of our Partners who have integrated our platform;
our affiliates and subsidiaries;
internet service providers;
data analytics providers;
government entities and other public sources;
operating systems and platforms;
data brokers and other data providers;
credit agencies or bureaus;
vendors who provide services on our behalf;
social media networks; and
online advertising companies.

Category of Personal Information Sold	Categories of Recipients
Identifiers Customer Records Internet Usage Information Inferences derived from Personal Information	our affiliates and subsidiaries; vendors who provide services on our behalf; professional services organizations, such as auditors and law firms; our joint marketing partners; our business partners; advertising networks; internet service providers; data analytics providers; government entities; social networks and consumer data resellers.

Disclosure of Personal Information for a Business Purpose

The following table lists the categories of personal information we may have disclosed for a business purpose in the past 12 months and the categories of recipients:

Category of Personal Information Disclosed for a Business Purpose	Categories of Recipients
Identifiers Customer Records Personal Characteristics or Traits Customer Account Details / Commercial Information Internet Usage Information Geolocation Data Inferences derived from Personal Information	our affiliates and subsidiaries; vendors who provide services on our behalf; professional services organizations, such as auditors and law firms; our joint marketing partners; our business partners; advertising networks; internet service providers; data analytics providers; government entities; social networks and consumer data resellers.

California Consumer Privacy Rights

Effective as of January 1, 2020, California consumers have certain choices regarding our use and disclosure of personal information, as described below.

Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months.

Deletion: You have the right to request that we delete certain personal information we have collected from you. Note that we are not required to delete personal information that is needed for a number of purposes.

Opt-Out of Sale: You have the right to opt-out of the sale of your personal information.

Non-discrimination: You have the right to non-discrimination based on the exercise of your privacy rights.

Shine the Light Request: You also may have the right to request that we provide you with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties. Foodly does not share personal information with third parties for their own direct marketing purposes without your consent or without giving you an opportunity to opt out of such sharing.

How to Submit a Request: To submit an access or deletion request, a Shine the Light request, or to opt-out of the sale of your personal information, email us at hello@foodly.com. In your email please let us know if you have a Foodly account as well as any email accounts that may be associated with your personal information.

Verifying Requests: To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have a Foodly account, we may verify your identity by requiring you to sign in to your account. If you do not have a Foodly account, or an email address or phone number on file with us, or if the information you provide does not match what is in our records, then we may not be able to process your request, as there is no reasonable method by which we can verify your

identity to the level of certainty required by the CCPA. Accordingly, if you do not have an account with us, or an email address on file, and you request access to or deletion of your personal information, we may not be able to process your request at this time. If you are an authorized agent or parent/guardian making a request on behalf of a consumer or your child, we may require and request additional information to verify that you are authorized to make that request.

Additional Information: To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. We reserve the right to deny your request if we cannot verify your identity or an exemption applies. In addition, depending on the nature of your request and the risk of fraud, we may not be able to fulfill it. Where we deny your request in whole or in part, we will inform you of the denial, provide an explanation of our actions, and the reason(s) for the denial. In the event your request is incomplete or deficient, we will endeavor to inform you how it may be corrected.

Do Not Track: California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Do Not Track (“DNT”) features that allow you to tell a website not to track you. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.