Kebijakan Privasi

Dianyari pungkasan: March 16, 2026

1. Pambuka

Foodfy ("Perusahaan", "kita", "kita", "kita") komitmen kanggo nglindhungi privasi lan keamanan informasi pribadhi. Kabijakan Privasi iki nerangake carane kita ngumpulake, nggunakake, mbukak, nyimpen, lan nglindhungi data nalika sampeyan sesambungan karo platform Foodfy, kalebu situs web kita ing foodfy.ai, aplikasi seluler, API, dashboard pedagang, layanan AI, jaringan pangiriman drone, lan kabeh layanan lan fitur sing gegandhengan (secara kolektif, "Platform").

This Privacy Policy applies to all users of the Platform worldwide, including Customers, Business Partners, Delivery Partners, Territory Partners, Corporate Account administrators and employees, Investors, Influencers, NutriLife users, and visitors. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Foodfy beroperasi ing 250+ negara. Undhang-undhang pangayoman data tartamtu sing ditrapake kanggo sampeyan bisa beda-beda gumantung ing lokasi sampeyan. Yen hukum lokal menehi pangayoman sing luwih gedhe tinimbang Kebijakan Privasi iki, hukum lokal sing ditrapake. Ketentuan regional tambahan dirinci ing Bagian 16.

2. Pengontrol Data

Foodfy minangka pengontrol data sing tanggung jawab kanggo data pribadhi sing diproses liwat Platform kasebut, kajaba nyatakake. Kanggo Foodfy for Work (Akun Perusahaan), organisasi ndhaptar tumindak minangka pengontrol data kanggo data pribadi karyawan, lan Foodfy tumindak minangka prosesor data kanggo jenenge.

Kanggo pitakon babagan perlindungan data, sampeyan bisa ngubungi Petugas Perlindungan Data ing:

3. Informasi Kita Nglumpukake

We collect different categories of personal data depending on how you interact with the Platform and which services you use.

3.1 Kabeh Pangguna

  • Informasi akun: Jeneng lengkap, alamat email, nomer telpon, tanggal lahir, foto profil, lan sandhi sing dienkripsi.
  • Data Otentikasi: Kredensial mlebu, rahasia otentikasi rong faktor lan kode pemulihan, token API, lan pengenal sesi.
  • Piranti lan Data Teknis: Jinis piranti, sistem operasi lan versi, jinis lan versi browser, resolusi layar, pengenal piranti unik, informasi jaringan seluler, alamat IP, lan token kabar push (token Expo).
  • Usage Data: Kaca sing dibukak, fitur sing digunakake, pitakon telusuran, pola klik, jalur navigasi, durasi sesi, cap wektu, URL referensi, lan acara interaksi.
  • Data Lokasi: Kira-kira lokasi asalé saka alamat IP. Kanthi idin sing jelas, lokasi GPS sing tepat kanggo pangiriman, panemuan bisnis sing cedhak, lan fitur adhedhasar lokasi.
  • Data Komunikasi: Pesen sing dikirim liwat Platform, interaksi dhukungan pelanggan, umpan balik, lan tanggapan survey.

3.2 Pelanggan

  • Data Pesanan: Item sing dipesen, riwayat pesenan, alamat pangiriman (kalebu jeneng bangunan, dalan, apartemen, lantai, kode entri, lan instruksi pangiriman), preferensi pesenan, syarat diet khusus, lan sumber pesenan (web, app, kios, QR, WhatsApp, rencana dhaharan).
  • Data Pembayaran: Jinis metode pembayaran, alamat tagihan, jumlah transaksi, lan riwayat transaksi. Nomer kertu pembayaran lengkap diproses dening prosesor pembayaran sing cocog karo PCI DSS (Stripe) lan ora disimpen ing server Foodfy.
  • Buku Alamat: Saved delivery addresses including structured address components, GPS coordinates, Google Place IDs, and formatted addresses.
  • Preferensi: Bisnis favorit, item sing disimpen, preferensi diet, setelan basa lan mata uang.
  • Reviews and Ratings: Ulasan produk, peringkat bisnis, peringkat pangiriman, foto, lan komentar.

3.3 Mitra Bisnis

  • Informasi Bisnis: Jeneng legal bisnis, jeneng dagang, subdomain, pengenal toko umum, jinis bisnis (restoran, grosir, apotek, kembang, eceran, supplier, merek), alamat fisik, nomer telpon, email, lan URL situs web.
  • Data Hukum lan Keuangan: Tax identification name and number, legal entity type, banking details for payouts, and business registration documents.
  • Data Operasional: Item menu, katalog produk, rega, tingkat persediaan, jam operasi, wektu nyiapake, zona pangiriman, lan konfigurasi layanan.
  • Data Hubungan Pelanggan: Profil CRM kalebu frekuensi pesenan pelanggan, total belanja, skor RFM (Recency, Frequency, Monetary), tahap siklus urip, tingkat kesetiaan, status opt-in marketing, basa sing disenengi, tag, lan cathetan.
  • Data Karyawan: Staff member names, roles, employee codes, departments, designations, employment type, contact information, emergency contacts, banking details, identity documents, and HR records when using the People and HR feature.
  • Third-Party Integrations: Google Place ID, rating Google, profil media sosial (WhatsApp, Facebook), lan data sing diijolke karo layanan terpadu (software akuntansi, platform pangiriman).
  • Data Waralaba: Asosiasi merek waralaba, kode outlet, konfigurasi multi-lokasi, lan analitik tingkat merek.

3.4 Mitra Pangiriman

  • Verifikasi Identitas: Identifikasi sing diterbitake pemerintah, SIM, registrasi kendaraan, lan bukti asuransi.
  • Real-Time Location: Koordinat GPS dianyari sajrone pangiriman aktif kanggo pelacakan pesenan, optimasi rute, lan tujuan safety.
  • Data Kinerja: Jumlah pesenan sing wis rampung, pesenan sing ditolak, wektu pangiriman, rating sing ditampa, lan riwayat penghasilan.
  • Data Pangiriman Drone: Kanggo mitra pangiriman sing duwe kemampuan drone: status kemampuan drone, jinis pelari, statistik pangiriman, tugas DronePort, lan log operasional drone.

3.5 Mitra Wilayah

  • Wilayah Ngatur: Tingkat wilayah sing ditugasake (Wilayah, Negara, Negara, Kutha, Wilayah), pengenal wilayah, lan ruang lingkup geografis.
  • Metrik Kinerja: Tarif onboarding bisnis, revenue sing diasilake, skor kepuasan mitra, lan metrik pertumbuhan wilayah.
  • Data Aplikasi: Territory applicant profile information submitted during the application and onboarding process.

3.6 Pangguna Akun Perusahaan (Foodfy for Work)

  • Data Organisasi: Jeneng legal perusahaan, jinis badan hukum, nomer lisensi dagang, nomer pajak, alamat kadhaptar, informasi kontak tagihan, lan logo.
  • Data Karyawan: Jeneng karyawan, email, peran (admin / manajer / karyawan), departemen, pusat biaya, nomer referensi karyawan, saldo dompet, riwayat transaksi dompet, lan status kerja.

3.7 Investor

  • Profil Investor: Status akreditasi, preferensi investasi, dokumen verifikasi identitas, lan riwayat komunikasi.
  • Kegiatan Investasi: Kapentingan investasi, partisipasi kesepakatan, jumlah investasi, lan korespondensi sing gegandhengan.

3.8 Pangguna NutriLife

NutriLife ngumpulake data kesehatan lan biometrik sing sensitif. Waca Bagean 9 kanggo informasi rinci.

3.9 Informasi saka Pihak Katelu

  • Social media platforms when you sign in using social login (Google, Facebook, Apple).
  • Pemroses pembayaran lan lembaga keuangan kanggo verifikasi transaksi lan pencegahan penipuan.
  • Direktori bisnis umum lan registri pemerintah kanggo verifikasi bisnis lan bangunan direktori.
  • Bukak Fakta Pangan lan database nutrisi liyane kanggo data nutrisi produk.
  • Third-party delivery platforms (Uber Eats, Deliveroo, Talabat, Keeta, Careem) for integrated order management.
  • Google Maps and Places API kanggo lokasi, pemetaan, lan data alamat.
  • Analytics lan mitra pariwara kanggo analisis lalu lintas situs web lan pangukuran kampanye.

4. Basis Hukum kanggo Pangolahan

We process your personal data on the following legal bases, as applicable under the General Data Protection Regulation (GDPR) and similar frameworks:

  • Kinerja Kontrak: Pangolahan sing perlu kanggo nepaki kewajiban kontrak kanggo sampeyan, kalebu nggawe akun, pangolahan pesenan, penanganan pembayaran, koordinasi pangiriman, lan panyedhiya fitur Platform sing wis langganan utawa dijaluk.
  • idin: Pangolahan adhedhasar idin sing diwenehake kanthi bebas, spesifik, informed, lan ora ambigu. Iki ditrapake kanggo: pelacakan lokasi GPS sing tepat, pangumpulan data kesehatan lan biometrik NutriLife (data kategori khusus), komunikasi pemasaran lan email promosi, cookie lan teknologi pelacakan sing ora penting, lan analisis foto panganan sing didhukung AI.
  • Kapentingan sing sah: Pangolahan sing perlu kanggo kepentingan bisnis kita sing sah, yen kapentingan kasebut ora ditindhes dening hak lan kabebasan dhasar sampeyan. Iki kalebu: Keamanan platform lan pencegahan penipuan, analisis lan perbaikan layanan, asil panelusuran lan rekomendasi pribadi (profil non-AI), dhukungan lan komunikasi pelanggan, lan penegakan Ketentuan Layanan.
  • Kewajiban Legal: Pangolahan sing perlu kanggo tundhuk karo syarat hukum sing ditrapake, kalebu peraturan pajak lan akuntansi, anti pencucian dhuwit (AML) lan syarat ngerti pelanggan (KYC), peraturan keamanan pangan lan kesehatan masyarakat, penylametan data sing diwajibake dening hukum, lan respon marang panjalukan pemerintah utawa peraturan sing sah.
  • Vital Interest: Ing kahanan sing luar biasa, proses perlu kanggo nglindhungi kepentingan penting wong, kayata kahanan darurat sing nglibatake alergi pangan, kedadeyan safety, utawa darurat kesehatan masyarakat.

5. Carane Kita Gunakake Informasi Panjenengan

We use the personal data we collect for the following purposes:

5.1 Operasi Platform Inti

  • Nyedhiyakake, njaga, ngoperasikake, lan nambah Platform lan kabeh fitur lan layanan.
  • Proses lan nepaki pesenan, pembayaran, mbalekaken, lan pangiriman.
  • Gawe, otentikasi, lan atur akun pangguna ing kabeh jinis pangguna.
  • Aktifake pelacakan pesenan wektu nyata, koordinasi pangiriman, lan kiriman driver / drone.
  • Pembayaran Mitra Bisnis Proses lan rekonsiliasi finansial.
  • Ngatur langganan Foodfy Gold, keuntungan, lan tagihan.
  • Ngoperasikake dompet, alokasi, lan pelacakan biaya perusahaan Foodfy for Work.

5.2 Komunikasi

  • Send transactional communications including order confirmations, delivery updates, payment receipts, and account notifications.
  • Nyedhiyani dhukungan pelanggan lan nanggapi pitakon liwat kabeh saluran (email, ing-app, WhatsApp, SMS).
  • With your consent, send promotional communications, marketing offers, and personalized recommendations.

5.3 Personalisasi lan AI

  • Pribadhi pengalaman sampeyan liwat asil panelusuran sing didhukung AI, rekomendasi bisnis, lan saran produk.
  • Nyedhiyani Mitra Bisnis karo alat sing didhukung AI kalebu optimasi menu, prakiraan permintaan, produksi konten pemasaran otomatis, lan analitik pelanggan.
  • Fitur Power NutriLife kalebu analisis foto panganan AI, pitungan nutrisi, lan pandhuan diet khusus.
  • Aktifake AI chatbots lan dhukungan pelanggan otomatis.

5.4 Keamanan, Keamanan, lan Kepatuhan

  • Ndeteksi, neliti, lan nyegah penipuan, penyalahgunaan, akses ora sah, lan aktivitas ilegal utawa mbebayani liyane.
  • Verify the identity of Business Partners, Delivery Partners, Territory Partners, and Investors.
  • Patuhi kewajiban hukum, syarat pajak, lan mandat peraturan sing ditrapake.
  • Laksanakake Katentuan Layanan lan perjanjian liyane.

5.5 Analytics lan dandan

  • Nindakake analytics sing dikumpulake lan anonim kanggo mangerteni pola panggunaan lan nambah fitur Platform.
  • Nindakake tes A/B lan riset pengalaman pangguna.
  • Train and improve AI and machine learning models using anonymized and aggregated data.
  • Gawe laporan intelijen bisnis lan wawasan pasar.

6. Carane Kita Nuduhake Informasi Panjenengan

We share your personal data only as necessary to operate the Platform and provide our services. We do not sell your personal data to third parties.

6.1 Kanthi Pangguna Platform Liyane

  • Mitra Bisnis: When you place an order, we share your name, delivery address, phone number, and order details with the relevant Business Partner to fulfill your order. Business Partners on Foodfy retain full ownership of their customer data and can export it at any time.
  • Mitra Pangiriman: We share your delivery address, order pickup location, and necessary contact information with Delivery Partners to complete deliveries. Delivery Partner access to your data is limited to what is necessary for the current delivery.
  • Pelanggan: Informasi Mitra Bisnis (jeneng, alamat, rating, menu, jam operasi) ditampilake sacara umum ing Platform kanggo ngaktifake panemuan lan pesenan.

6.2 Kanthi Panyedhiya Layanan

We engage trusted third-party service providers who process data on our behalf under strict data processing agreements:

  • Stripe: Pangolahan pembayaran, tagihan langganan, lan deteksi penipuan.
  • Cloudflare: Pangiriman konten, proteksi DDoS, lan firewall aplikasi web.
  • Anthropic lan OpenAI: Inferensi model AI lan machine learning kanggo fitur Platform AI. Data sing dikirim menyang panyedhiya AI diproses miturut syarat pangolahan data perusahaan lan ora digunakake kanggo nglatih model umume.
  • Deepgram: Speech-to-text processing for voice-enabled features.
  • Twilio: SMS delivery and voice communication services.
  • Google: Maps, Places API, analytics, lan layanan iklan.
  • Meta: Manajemen kampanye iklan lan pelacakan konversi.
  • Panyedhiya Infrastruktur Cloud: Server hosting, data storage, and computing services.

6.3 Kanthi Platform Pangiriman Pihak Katelu

When Business Partners use delivery platform integrations (Uber Eats, Deliveroo, Talabat, Keeta, Careem, and others), order data and necessary operational information is exchanged between the Platform and these third-party services to enable cross-platform order management. This sharing is initiated by the Business Partner and governed by the terms of each delivery platform.

6.4 Kanthi Integrasi Akuntansi

When Business Partners connect accounting software (Xero, QuickBooks), financial transaction data, invoices, and business records are synchronized as configured by the Business Partner.

6.5 Kanggo Tujuan Hukum lan Regulasi

  • When required by applicable law, regulation, legal process, subpoena, court order, or enforceable governmental request.
  • To enforce our Terms of Service and other agreements.
  • To protect the rights, property, safety, or security of Foodfy, our Users, or the public.
  • To detect, prevent, or address fraud, security, or technical issues.

6.6 Transfer Bisnis

Gegayutan karo penggabungan, akuisisi, reorganisasi, bangkrut, adol aset, utawa transaksi perusahaan sing padha, data pribadhi sampeyan bisa ditransfer menyang entitas sing entuk. Kita bakal menehi kabar sadurunge data pribadhi tundhuk karo kabijakan privasi sing beda.

6.7 Kanthi Idin Panjenengan

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

7. Penylametan data

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, provide our services, and comply with legal obligations. Specific retention periods include:

  • Data Akun Aktif: Retained for the duration of your account plus 30 days after account deletion request to allow for recovery.
  • Pesenan lan Cathetan Transaksi: Retained for a minimum of 7 years to comply with tax, accounting, and financial regulations in applicable jurisdictions.
  • Cathetan Pembayaran: Retained as required by PCI DSS standards and financial regulations, typically 7 years.
  • Data Mitra Usaha: Retained for the duration of the business relationship plus the legally required retention period for business records.
  • Data Kesehatan NutriLife: Retained while your NutriLife profile is active. Upon deletion request, health data is permanently deleted within 30 days, except where retention is required by law.
  • Data Langganan Foodfy Gold: Retained for the duration of the subscription plus 3 years for billing dispute resolution.
  • Akun Perusahaan Data Karyawan: Retained for the duration of the employee enrollment plus 1 year after removal from the Corporate Account.
  • Log Komunikasi: Interaksi dhukungan pelanggan ditahan suwene 3 taun kanggo jaminan kualitas lan resolusi regejegan.
  • Data Analitik: Data analitik sing dikumpulake lan anonim bisa disimpen tanpa wates amarga ora ngenali individu.

When personal data is no longer needed and no legal obligation requires its retention, we securely delete or irreversibly anonymize it using industry-standard methods.

8. AI lan Pengambilan Keputusan Otomatis

Foodfy nggunakake intelijen buatan lan pangolahan otomatis ing pirang-pirang fitur Platform. Kita setya marang transparansi babagan cara teknologi iki ngolah data sampeyan.

8.1 Cara AI Ngolah Data Sampeyan

  • Rekomendasi Pribadi: Model AI nganalisa riwayat pesenan, prilaku browsing, lokasi, lan pilihan kanggo menehi rekomendasi bisnis, produk, lan tawaran. Proses iki adhedhasar kapentingan sing sah.
  • Search Ranking: Search results are ranked using algorithms that consider relevance, distance, popularity, ratings, and personalization signals.
  • Prakiraan Panjaluk: Kanggo Mitra Bisnis, AI nganalisa data urutan historis, pola musiman, acara lokal, lan data cuaca kanggo prédhiksi panjaluk. Iki nggunakake data bisnis sing dikumpulake.
  • Optimization menu: AI nyaranake pangaturan rega lan modifikasi menu adhedhasar data dodolan, analisis pesaing, lan preferensi pelanggan. Keputusan pungkasan mesthi ditindakake dening Mitra Bisnis.
  • Deteksi penipuan: Sistem otomatis nganalisa pola transaksi, informasi piranti, lan sinyal tindak tanduk kanggo ngenali kegiatan sing duweni potensi penipuan. Transaksi sing ditandhani bisa dideleng dening analis manungsa.
  • NutriLife AI: AI nganalisa foto dhaharan kanggo ngira-ngira isi nutrisi lan nggawe rekomendasi diet khusus adhedhasar profil kesehatan sampeyan. Waca Bagean 9 kanggo rincian.
  • Pemasaran otomatis: AI ngasilake konten pemasaran, kampanye email, lan tawaran promosi kanggo Mitra Bisnis adhedhasar segmentasi pelanggan lan data prilaku.

8.2 Hak Sampeyan Babagan Keputusan Otomatis

Under applicable law (including GDPR Article 22), you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where such automated decisions are made:

  • You have the right to obtain human intervention and review of the decision.
  • You have the right to express your point of view and contest the decision.
  • You may request an explanation of the logic involved in the automated decision.

To exercise these rights, contact us at [email protected].

8.3 Pangreksan Data AI

  • Data sing dikirim menyang panyedhiya AI pihak katelu (Anthropic, OpenAI) diproses miturut perjanjian pangolahan data perusahaan. Data sampeyan ora digunakake kanggo nglatih model AI tujuan umum.
  • Latihan model AI dening Foodfy nggunakake data anonim lan dikumpulake sing ora ngenali pangguna individu.
  • Output AI probabilistik lan ditampilake minangka saran utawa prakiraan, dudu tekad definitif.

9. Data Kesehatan lan Biometrik (NutriLife)

NutriLife ngolah data sensitif lan biometrik sing gegandhengan karo kesehatan sing mbutuhake perlindungan khusus miturut hukum privasi sing ditrapake. Bagean iki nyedhiyakake informasi rinci babagan cara nangani data iki.

9.1 Kategori Data Kesehatan sing Dikumpulake

With your explicit consent, NutriLife may collect and process the following categories of health data:

  • Pangukuran Fisik: Bobot awak, dhuwur, persentase lemak awak, lingkar pinggang, lingkar pinggul, lan indeks massa awak (BMI).
  • Vital Signs: Tingkat glukosa getih, maca tekanan getih, lan detak jantung.
  • Indikator Gaya Urip: Sleep duration, hydration levels, daily step count, energy levels, stress levels, mood, and digestive health indicators.
  • Informasi diet: Entri buku harian panganan, foto dhaharan, asupan kalori lan makronutrien (protein, karbohidrat, lemak, serat, gula, sodium), asupan mikronutrien (vitamin A nganti B12, kalsium, wesi, kalium, lan liya-liyane), jinis diet, lan alergi panganan.
  • Profil Kesehatan: Tanggal lair, jender, tingkat kegiatan, tujuan kesehatan (mundhut bobot, gain, pangopènan), bobot target, kondisi medis, panggunaan suplemen, status meteng utawa nyusoni.
  • Data Analisis AI: Foto panganan sing dianalisis dening AI, skor kapercayan, lan perkiraan nutrisi sing digawe AI.

9.2 Basis Hukum lan Persetujuan

Data kesehatan lan biometrik diklasifikasikake minangka data kategori khusus miturut GDPR (Pasal 9) lan hukum sing padha ing saindenging jagad. Kita ngolah data iki sacara eksklusif adhedhasar idin sing jelas, sing diwenehake nalika NutriLife onboarding. Sampeyan bisa mbatalake idin sawayah-wayah kanthi mateni NutriLife ing setelan akun, sing bakal nyebabake pambusakan data kesehatan sampeyan sajrone 30 dina.

9.3 Watesan Tujuan

Your NutriLife health data is used strictly for the following purposes:

  • Ngitung tingkat metabolisme basal (BMR), total pengeluaran energi saben dina (TDEE), lan target kalori lan makronutrien sing dipersonalisasi.
  • Tracking your food diary entries and nutritional intake over time.
  • Nyedhiyakake saran diet sing didhukung AI lan rekomendasi rencana meal.
  • Nampilake tren kesehatan lan kemajuan menyang target sing wis ditemtokake.

9.4 Pangreksan Data Ketat

  • Data kesehatan NutriLife dienkripsi nalika istirahat lan transit nggunakake enkripsi AES-256 lan TLS 1.3.
  • Data kesehatan disimpen kanthi kapisah saka data Platform umum kanthi kontrol akses tambahan.
  • Data kesehatan NutriLife ora tau dienggo bareng karo perusahaan asuransi, majikan, pengiklan, utawa pihak katelu kanggo tujuan sing ora ana hubungane karo nyedhiyakake layanan NutriLife.
  • Data kesehatan ora tau digunakake kanggo nargetake iklan utawa didol menyang pihak katelu.
  • Akses menyang data kesehatan ing Foodfy diwatesi kanggo personel lan sistem penting kanthi basis sing kudu dingerteni.

10. Data Langganan Foodfy Gold

When you subscribe to Foodfy Gold, we process additional data related to your membership:

  • Subscription Data: Jinis rencana, status langganan (aktif, nyoba, ngaso, dibatalake, kadaluwarsa), tanggal wiwitan lan pungkasan, tanggal periode nyoba, lan tanggal nganyari maneh.
  • Data Pembayaran: Stripe customer ID, Stripe subscription ID, payment method (last four digits and card type only), and billing history. Full card details are stored exclusively by Stripe.
  • Panggunaan Manfaat: Total orders placed with Gold benefits, delivery savings, discount savings, total calculated savings, and benefit redemption logs.

This data is processed to manage your subscription, apply benefits to eligible orders, calculate your savings, and provide you with subscription management features. Legal basis: performance of contract.

11. Akun Perusahaan lan Data Karyawan

Kanggo Foodfy for Work (Akun Perusahaan), tanggung jawab pangolahan data dituduhake:

11.1 Hubungan Controller Data

The enrolling organization (employer) acts as the data controller for employee personal data provided through the Corporate Account. Foodfy acts as a data processor, processing employee data solely as instructed by the employer and in accordance with the Foodfy for Work Data Processing Agreement.

11.2 Data Dikumpulake

  • Jeneng karyawan, alamat email, lan peran ing Akun Perusahaan (admin, manajer, karyawan).
  • Departemen, pusat biaya, lan nomer referensi karyawan sing diwenehake dening majikan.
  • Wallet balance, credit history, spending history, and refund records.
  • Riwayat pesenan digawe nggunakake dompet perusahaan, kalebu barang sing dipesen lan jumlah.

11.3 Tanggung Jawab Majikan

Juragan tanggung jawab kanggo: (a) duwe basis sing sah kanggo nuduhake data karyawan karo Foodfy; (b) ngandhani karyawan babagan pangolahan data liwat Platform; (c) nanggapi panjalukan hak data karyawan sing ana gandhengane karo data sing dikontrol majikan; lan (d) mesthekake tundhuk karo hukum ketenagakerjaan lan perlindungan data sing ditrapake.

12. Data Operasional Pengiriman Drone

When drone delivery services are used, the following additional data is processed:

  • Route and GPS Data: Jalur penerbangan drone, titik relay liwat lokasi DronePort, koordinat GPS pangiriman, lan perkiraan wektu tekan.
  • Data Mitra Pangiriman: Kanggo mitra pangiriman sing nduweni kemampuan drone: lokasi wektu nyata sajrone pangiriman aktif, statistik pangiriman, lan log operasional.
  • Data DronePort: Metrik panggunaan DronePort, jadwal pangopènan, lan status operasional.
  • Data Pangiriman Pelanggan: Koordinat pangiriman sing tepat dibutuhake kanggo kebangkrutan drone sing aman lan akurat, sing bisa uga luwih akurat tinimbang pangiriman adhedhasar alamat standar.

Data pangiriman drone diproses kanthi basis legal kinerja kontrak lan, yen ditrapake, kapentingan sing sah kanggo njaga operasi pangiriman sing aman lan efisien. Data lokasi nyata-wektu saka Delivery Partners mung diproses sajrone pangiriman aktif.

13. Keamanan Data

Foodfy ngetrapake langkah-langkah teknis lan organisasi sing komprehensif, anjog ing industri kanggo nglindhungi data pribadhi:

13.1 Pengamanan Teknis

  • Enkripsi kabeh data ing transit nggunakake TLS 1.2+ (HTTPS dileksanakake ing kabeh titik pungkasan Platform).
  • Enkripsi data sensitif ing liyane nggunakake enkripsi AES-256.
  • Web application firewall (WAF) and DDoS protection powered by Cloudflare.
  • Jaringan pangiriman konten (CDN) kanthi caching pinggiran kanggo kinerja lan keamanan.
  • Processing pembayaran PCI DSS-cecek liwat Stripe, tanpa panyimpenan nomer kertu lengkap ing server Foodfy.
  • Two-factor authentication (2FA) available for all accounts and mandatory for privileged accounts.
  • Otentikasi API nggunakake token aman kanthi watesan tingkat lan deteksi penyalahgunaan.
  • Regular automated vulnerability scanning and penetration testing.

13.2 Pengamanan Organisasi

  • Role-based access controls ensuring employees can only access data necessary for their function.
  • Arsitèktur data multi-tenant kanthi sharding basis data khusus negara, njamin data saka yurisdiksi sing beda-beda dipisahake kanthi logis.
  • Perjanjian pangolahan data karo kabeh panyedhiya layanan pihak katelu.
  • Regular security awareness training for all personnel with access to personal data.
  • Prosedur respon insiden lan tim keamanan khusus.
  • Praktek minimalake data: kita mung ngumpulake data sing dibutuhake kanggo tujuan sing ditemtokake.

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage all users to take steps to protect their own accounts, including using strong, unique passwords and enabling two-factor authentication.

14. Transfer Data Internasional

Foodfy beroperasi ing 250+ negara liwat infrastruktur global lan jaringan Mitra Wilayah. Data pribadhi sampeyan bisa ditransfer menyang lan diproses ing negara liyane saka negara panggonan sampeyan. Nalika kita nransfer data pribadhi sacara internasional, kita ngetrapake pangayoman sing cocog kanggo mesthekake yen data sampeyan tetep dilindhungi:

  • Standard Contractual Clauses (SCCs): Kanggo transfer saka EEA/Inggris menyang negara tanpa keputusan sing cukup, kita nggunakake Klausul Kontrak Standar sing disetujoni Komisi Eropa.
  • Perjanjian Pangolahan Data: Kabeh panyedhiya layanan pihak katelu sing ngolah data pribadhi atas jenenge kita kaiket karo perjanjian pangolahan data sing komprehensif sing nyakup kewajiban proteksi data, syarat keamanan, lan pengamanan transfer lintas wates.
  • Sharding Data Khusus Negara: Arsitektur multi-tenant kita nggunakake pecahan basis data khusus negara, sing tegese data operasional disimpen lan diproses ing utawa cedhak wilayah geografis ing Wilayah sing cocog, nyilikake transfer lintas wates kanggo operasi saben dina.
  • Kaputusan Kecukupan: Where available, we rely on adequacy decisions issued by relevant regulatory authorities.
  • Transfer Impact Assessments: We conduct transfer impact assessments for data transfers to countries without adequate data protection frameworks.

15. Hak Privasi Panjenengan

Gumantung ing lokasi sampeyan, sampeyan duwe macem-macem hak babagan data pribadhi. Foodfy setya ngurmati hak kasebut kanggo kabeh pangguna ing saindenging jagad:

15.1 Hak-hak Universal

Regardless of your location, all Foodfy users may:

  • Akses: Request a copy of the personal data we hold about you in a structured, commonly used, machine-readable format.
  • koreksi: Request correction of inaccurate, incomplete, or outdated personal data. You can update most information directly through your account settings.
  • Pambusakan: Request deletion of your personal data, subject to legitimate retention requirements (legal obligations, dispute resolution, fraud prevention).
  • Restriction: Request that we restrict the processing of your personal data in certain circumstances.
  • Bantahan: Nolak pangolahan data pribadhi kanggo tujuan marketing langsung. Kita bakal nuruti kabeh panjaluk milih metu kanthi cepet.
  • Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Pambusakan Akun: Request complete deletion of your account and associated personal data. Account deletion requests are processed within 30 days.

15.2 Cara Ngleksanani Hak Panjenengan

You may exercise your rights by:

  • Ngakses setelan akun kanggo manajemen data layanan mandiri, owah-owahan preferensi, lan pambusakan akun.
  • Kirim email marang Petugas Perlindungan Data ing [email protected] kanthi panjaluk sampeyan.
  • Email [email protected] kanggo pitakonan privasi umum.

We will verify your identity before processing requests and respond within the timeframe required by applicable law (typically 30 days, extendable by an additional 60 days for complex requests with prior notification to you).

16. Hak Privasi Regional

The following supplemental provisions apply based on your location and the applicable data protection law:

16.1 Wilayah Ekonomi Eropa lan Inggris Raya (GDPR / UK GDPR)

Yen sampeyan ana ing EEA utawa Inggris, sampeyan duwe hak tambahan ing ngisor iki miturut Peraturan Pangreksan Data Umum:

  • Portabilitas data: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
  • Pengambilan keputusan otomatis: Right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (GDPR Article 22). See Section 8.2.
  • Petugas Perlindungan Data: DPO kita bisa dihubungi ing [email protected] kanggo pitakon sing gegandhengan karo GDPR.

16.2 California, Amerika Serikat (CCPA / CPRA)

Yen sampeyan warga California, sampeyan duwe hak ing ngisor iki miturut Undhang-undhang Privasi Konsumen California (kaya sing diowahi dening Undhang-undhang Hak Privasi California):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purpose for collecting, and the categories of third parties with whom we share it.
  • Right to Delete: Request deletion of your personal information, subject to statutory exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: Foodfy ora ngedol informasi pribadhi. Kita ora nuduhake informasi pribadhi kanggo iklan prilaku lintas konteks tanpa idin saka sampeyan.
  • Right to Limit Use of Sensitive Personal Information: Request limitation of the use and disclosure of sensitive personal information to what is necessary for the purposes specified.
  • Non-Diskriminasi: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Ing 12 sasi sadurunge, kita durung adol informasi pribadhi kaya sing ditegesake dening CCPA/CPRA.

16.3 Brazil (LGPD)

Yen sampeyan ana ing Brazil, sampeyan duwe hak miturut Lei Geral de Protecao de Dados (LGPD), kalebu hak kanggo: konfirmasi pangolahan, akses, koreksi, anonimisasi, portabilitas, pambusakan data sing diproses kanthi idin, informasi babagan enggo bareng, lan hak kanggo petisi Autoridade Nacional de Protecao de Dados (ANPD).

16.4 Asia-Pasifik (PDPA lan Hukum sing Setara)

Yen sampeyan ana ing yurisdiksi karo Personal Data Protection Acts utawa undang-undang sing padha (kalebu Singapura, Thailand, lan negara-negara Asia-Pasifik liyane), sampeyan duwe hak kanggo ngakses, koreksi, mbusak, watesan, lan portabilitas data pribadhi kaya sing diwenehake dening hukum lokal sing ditrapake. Kita ngolah data sampeyan tundhuk karo syarat PDPA sing ditrapake, kalebu entuk idin yen dibutuhake lan menehi kabar transparan babagan aktivitas pangolahan data.

16.5 Timur Tengah lan Afrika Lor

Kanggo pangguna ing UAE, Arab Saudi, lan yurisdiksi MENA liyane, kita tundhuk karo peraturan proteksi data sing ditrapake kalebu Undhang-undhang Federal UAE babagan Proteksi Data Pribadi, Undang-undang Perlindungan Data Pribadi Arab Saudi, lan kerangka kerja regional sing padha. Iki kalebu syarat lokalisasi data yen ana.

16.6 Yurisdiksi liyane

Foodfy setya netepi hukum perlindungan data ing kabeh yuridiksi ing ngendi kita beroperasi. Yen yurisdiksi sampeyan duwe syarat perlindungan data khusus sing ora kadhaptar ing ndhuwur, hubungi [email protected] kanggo informasi babagan cara nglindhungi hak sampeyan miturut hukum lokal sampeyan.

17. Notifikasi Pelanggaran Data

Yen ana pelanggaran data pribadhi sing nyebabake risiko hak lan kabebasan sampeyan, Foodfy bakal:

  • Takon wewenang pengawas sing relevan sajrone 72 jam sawise ngerti babagan pelanggaran kasebut, kaya sing diwajibake dening GDPR Artikel 33 lan pranata sing padha ing yurisdiksi liyane.
  • Ngabari individu sing kena pengaruh tanpa wektu tundha yen pelanggaran kasebut bisa nyebabake risiko dhuwur kanggo hak lan kabebasan, kaya sing diwajibake dening GDPR Artikel 34 lan pranata sing padha.
  • Nyedhiyakake rincian babagan sifat pelanggaran, kategori lan jumlah subyek data lan cathetan sing kena pengaruh, akibat sing bisa ditindakake, lan langkah-langkah sing ditindakake utawa diusulake kanggo ngatasi pelanggaran kasebut lan nyuda efek kasebut.
  • Dokumentasi kabeh pelanggaran data pribadhi, kalebu fakta, efek, lan tindakan remedial sing ditindakake, sesuai karo daftar pelanggaran internal kita.

Yen sampeyan yakin data sampeyan wis dikompromi, hubungi langsung [email protected].

18. Bocah-bocah lan bocah cilik

The Platform is not intended for use by individuals under the age of 18, or the age of digital consent in their jurisdiction (which may be lower, such as 16 in most EEA countries or 13 in the United States under COPPA). We do not knowingly collect personal information from children below the applicable age threshold.

Yen kita ngerti yen kita ora sengaja nglumpukake data pribadhi saka bocah ing ngisor ambang umur sing ditrapake tanpa idin wong tuwa utawa wali, kita bakal njupuk langkah langsung kanggo mbusak informasi kasebut saka sistem kita. Yen sampeyan yakin wis ngumpulake informasi saka bocah, hubungi kita langsung ing [email protected].

19. Link lan Layanan Pihak Katelu

The Platform may contain links to third-party websites, applications, and services. This Privacy Policy does not apply to any third-party services, and Foodfy is not responsible for the privacy practices, content, or security of any third party. This includes Business Partner websites built using the Foodfy Website Builder, which may contain additional third-party integrations selected by the Business Partner.

We encourage you to review the privacy policy of every third-party service you interact with.

20. Owah-owahan ing Kebijakan Privasi iki

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:

  • We will update the "Last updated" date at the top of this page.
  • We will provide prominent notice on the Platform.
  • Kanggo owah-owahan materi sing mengaruhi cara kita ngolah data sampeyan, kita bakal menehi kabar liwat email paling ora 30 dina sadurunge owah-owahan ditrapake.
  • Where required by law, we will obtain your consent to material changes in data processing practices.

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

21. Hubungi Kita

Yen sampeyan duwe pitakon, keprihatinan, utawa panjaluk babagan Kebijakan Privasi iki, data pribadhi, utawa praktik perlindungan data, hubungi kita liwat saluran ing ngisor iki:

We are committed to resolving any complaints about our collection or use of your personal data. If you have a complaint, please contact us first. If we are unable to resolve your concern, you have the right to lodge a complaint with your local data protection supervisory authority.