Privacy Policy
NUTO platform by Food Filter OÜ (hereinafter we, us or our) values its clients’ (hereinafter you) privacy. In this privacy notice we explain why and how we collect and use your personal data as well as what we do to protect your data. This privacy notice also helps you to understand what are your rights in relation to your personal data.
Personal data is information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, precise location, device IDs, certain cookie and network identifiers, and “Fitness and Wellness Data.”
This privacy notice is applicable to you if you use our web service application NUTO.ee, if you communicate with us through web or by e-mail, if you visit our website nuto.ee and you like or join our social media sites. We also process your personal data if you apply to work with us.
Who is the controller of your personal data?
The data “controller” means the entity that will make the decisions what data about you is collected and how is it used. NUTO can be a controller or a processor in various data processing operations. To ensure your privacy is protected we abide by confidentiality principles and strictly limits disclosure of personal data.
Food Filter OÜ, Tallinn, Sõpruse pst 169-57, 13413Tallinn, Estonia is the controller of all personal data referred to in this Privacy Notice unless otherwise explicitly stated. The controller can be contacted by e-mail: ernest@food-filter.com.
What type of personal data we process?
Personal data – first and last name;
Contact data – phone number, e-mail address, address;
Company data – if you are a representative of a restaurant we will process your name, job title and your contact data;
Invoice data – data that is on the invoices when you purchase services from us;
Internet data – to enable a better service in our e-shop we use cookies on our website and e-shop;
Fitness and Wellness data – personal wellness data you have shared.
Why do we process your data?
We process your personal data because:
- you have given us your consent, for example to gather customer feedback, send you a newsletter or display cookies;
- in our legitimate business interest; if you are our existing client sending you information about our services;
- we have contract with you, for example you have bought our fitness and wellness service;
- to comply with legal obligations; for example, we are obliged to keep invoices for a number of years according to the accounting regulations.
Processing data based on your consent
When we ask for your consent, we only process what you have consented to. We will be very clear asking consent for specific purposes and you are not obliged to consent but sometimes it means we cannot deliver to you content requested by you. When you give consent, you have a right to withdraw your consent at any time by using unsubscribe in the messages or writing to ernest@food-filter.com. When you withdraw consent, we will delete the data we are processing with your consent.
| Purpose of processing | Personal data categories |
|---|---|
| Newsletter | Contact data |
| Cookies | Internet data |
| Signing up NUTO.ee platform | Personal data, Contact data |
| Signing up your restaurant to NUTO.ee web | Personal data, Company data |
| Gathering customer feedback | Personal data, Contact data |
Data processing required for performance of a contract
Data processing is necessary for performance of a contract concluded with you or for taking measures required prior to signing of the contract.
| Purpose of processing | Personal data categories |
|---|---|
| Buying in-app services | Personal data, Invoice data |
| Fitness and wellness profile | Personal data, Fitness and Wellness data, Invoice data |
Processing to fulfill NUTO.ee legal obligations
Legal obligations of processing include all personal data processing under relevant laws and regulations in all of our locations for example Accounting Act in Estonia.
| Purpose of processing | Personal data categories |
|---|---|
| Invoice data | Personal data, Contact data, Company data, Invoice data |
| Responding to public authorities’ and state institutions’ information requests | Contact data, Company data |
Data processing based on our legitimate interest
A legitimate interest means that data processing is necessary for our business purposes. For data processing based on our legitimate interest we have conducted balance test to measure the impact of the processing on your privacy and data protection rights. You have a right to see these balance test. As well as object to processing based on legitimate interest, if you consider that processing of your data for the following purposes breaches your privacy and data protection rights. On either case we must confirm that we hold and process your data and for this reason you may have to prove your identity or right to request the balance test.
| Purpose of processing | Personal data categories |
|---|---|
| Sending information about our products to existing clients | Contact and internet data |
What do we do with social media?
You can join or like our Facebook or LinkedIn page in which case we will see your name and clicking on that name we would also see your public profile’s information. With the social media you have to keep in mind that:
| Our site is public, that means visible to everybody; |
| Anyone may publish a post on our social media sites and everybody can refer to our social media pages and its public content; |
| Where available, we permit automatic translation of posts to readers in other languages; |
| We apply automatic filtering of the content in social media, meaning publication of posts that contain generally known offensive expressions are automatically prevented; |
| You can contact us privately in social media; |
| We receive the statistical usage data of our social media sites – how many likes, site visitations etc. This data is prepared by social media providers themselves and presented to us in a de-personalised format. |
Do we make any automated decisions?
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. NUTO.ee doesn’t make any automated decisions based on the personal data we collect.
Do we process children’s data?
We do not knowingly collect personal data from children under 13 (note that the minimum age may vary based on location, and on local law). If you become aware that a child has provided us with Personal Data without parental consent, please contact us by e-mail ernest@food-filter.com
If we become aware that a child under 13 has provided us with their personal data without parental consent, we will take steps to remove the data and delete the child’s account.
What are your rights with regards to your personal data?
To exercise any of the rights below please note that we have a legal obligation to make sure that a person requesting information about themselves is indeed the person who has the right to receive the data. For this reason, you may have to prove your identity or right to request the data.
Right of access
You have the right to receive information what data we process about you. To receive a copy of what personal data we hold about you contact us on the e-mail ernest@food-filter.com.
Right to erasure
You have the right to request deletion of your personal data. Please keep in mind that we cannot delete any data that we process to fulfil contractual or legal obligation.
Right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. This could also include the right to ask us to complete information you think is incomplete.
In some circumstances and subject to certain exceptions, you may have the right to ask us to erase your personal information. We cannot erase any data that we have a legal obligation to process.
Right to restrict processing
In certain circumstances, you have the right to ask us to restrict the processing of your information.
Right to object to the processing of your personal information
You have the right to object to the processing of your information. The right to object to the processing of personal information is most commonly used by individuals when asking a business to cease direct marketing.
Right to data portability
You have the right to data portability which means that if technologically possible we can forward your data in a digital format to other similar service.
To exercise the any of the aforementioned rights via e-mail to: ernest@food-filter.com.
Right to complain to Data Protection Inspectorate
In case you consider your privacy and data protection rights breached you have the right to lodge a complaint to Estonian Data Protection Inspectorate or your local data protection supervisory authority.
Who else processes Your data in addition to us?
Your personal data is accessible only to those NUTO.ee employees who need the data to perform their work duties, on so-called need-to-know basis. Outside NUTO.ee, and strictly limited by necessity and pursuant to the purposes of processing, NUTO.ee forwards data to following categories of data processors:
| Service providers such as (not a complete list and subject to change): IT maintenance service provider, server housing, e-mail server provider, website administrator, auditor, lawyers; |
| If legally obliged, your data to public authorities and institutions (e.g. police, courts, alarm centre, Data Protection Inspectorate). |
| We have concluded a data protection agreement with our partners to ensure secure and lawful processing of personal data. These contracts oblige the other parties to: |
| Take appropriate measures to ensure confidentiality and security of the personal data and |
| Process personal data in compliance with legal requirements and the agreement. |
We do not store or transfer your data outside the European Economic Area or to countries without European Commission’s adequacy decision.
How long do we retain Your personal data?
We will retain your personal data for as long as you maintain an account or as otherwise necessary to provide you the services. We will also retain your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer need to process your personal data for the purposes set out in this privacy notice, we will delete your personal data from our systems.
Your personal data is retained for as long as required by legal requirements or until the purpose of processing is fulfilled. Below are some examples of data retention periods:
| Retention period | Examples |
|---|---|
| Until withdrawal of consent for processing | We delete the data that we process based on your consent immediately after you withdraw the consent. |
| 30 days after you delete your account or 12 months after your last communication with us. | We delete the data of the account you created |
| 7 years | Accounting documents such as invoices and bills. |
Security of your personal data
Food Filter employs necessary legal, organisational, physical and technical security measures to protect your personal data. Some examples of the measures we use:
Physical measures – the offices are locked and paper-based documents containing personal data are stored in locked cabinets.
Technical measures – computers are password protected and encrypted as necessary; firewalls and antivirus programmes are in use; backups are done regularly; all IT system users are assigned roles and profiles.
We may anonymise data your personal data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you and applying measures such as obfuscation, noise or masking. Use of anonymized is not subject to the General Data Protection Regulation EU 2016/679 and this privacy notice.
Organisational means – data protection, information security and access management policy; regular employee training, confidentiality requirements for employees and partners.
Cookies
The NUTO.ee uses cookies on the website Nuto.ee to improve website users’ experience on and to enable the functioning of the e-shop.
A cookie is a small text file that is automatically saved by the web browser on the device used by you. We use following cookies:
- Necessary cookies are used for essential functions during your visit to the website. These include identifying the country and language used, processing the transaction, identifying the version of the website being used (whether mobile or desktop), fraud detection and prevention and ensuring compliance and website stability. These cookies are classified according to the needs of keeping the website up and running.
- Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. It stores information about the choices you make. With this, we can show you more relevant and personal information.
- Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
- Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
- Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
You can set your browser to refuse any cookie or to alert you to when a cookie is being received. Web browsers allow you to control cookies stored on your hard drive through the web browser settings If you choose not to accept our cookies, some of the features of our site may not work as well as we intend. More detailed information about cookies and removal thereof can be read here: https://www.allaboutcookies.org/
Changes to privacy notice
We update this privacy notice regularly. The version published on our website is always the latest version.