Flipdish has made some changes to its Privacy Policy and its Terms of Service to more accurately reflect how Flipdish processes personal data and to adequately capture its relationship with you in line with recent regulatory guidance.

1. What changes is Flipdish making to its Privacy Policy and why?

Flipdish has updated its Privacy Policy to reflect the data processing arrangements that apply when we partner with your customers to enable end-to-end online ordering and fulfilment. In legal jargon, Flipdish is a “joint controller” with you of personal data where we jointly collect and use the personal data of customers for the purpose of taking orders and recording customer details while Flipdish also acts as a “processor” of personal data in other cases, for example, when we arrange to undertake data analytics or an outbound marketing campaign on your behalf. Flipdish has made these changes to ensure that information on this data processing is communicated in a clear and transparent manner to data subjects.

2. What about your Privacy Policy?

If you are our Flipdish hosted website customer, the new Privacy Policy will be published on your website and you won't need to take additional action. We might only ask you to provide us with some business-specific details (e.g. your company registered name or address that will need to appear within the Privacy Policy text).

If you embedded our Flipdish Online Ordering on your own website, Flipdish provides you with a template privacy policy for your website to implement. This sets out the ways you commonly process personal data where you can use the default settings we have suggested. However, because you are primarily responsible for your own branded website, it is important that you check and confirm that the information contained in the privacy policy for your website is correct (or amend it as appropriate) as Flipdish is not responsible for this.

The template can be found here.

3. What changes is Flipdish making to its Cookie Policy and why?

Flipdish has updated its Cookie Policy in light of recent legal and regulatory changes governing cookies. The Flipdish Cookie Policy sets out the cookies used on its site, the purpose of those cookies and the duration of those cookies.

4. What about your Cookie Policy?

If you are our Flipdish hosted website customer, the new Cookie Policy will be published on your website and you won't need to take additional action.

If you embedded our Flipdish Online Ordering on your own website, Flipdish provides you with a template Cookie Policy for your website. This sets out the

cookies used on your site or app (as applicable), the purpose of those cookies and the duration of those cookies based on the standard website configuration we suggest.

If you use cookies otherwise than as described in the Cookie Policy there is a risk that you may not comply with data protection and e-privacy law. Therefore you should confirm that the default information contained in the Cookie Policy for your website is correct and you should amend it as required as Flipdish cannot be responsible for this.

5. What changes were made to the Terms of Service and why?

The Terms of Service have been updated to ensure that the data protection arrangements in place between Flipdish and you comply with the law and that these arrangements are clearly set out.

The updates relate to terms that govern where Flipdish and you act as joint controllers (see question 6 for more information) and where Flipdish acts as a data processor on your behalf (see question 11 for more information).

6. What is a joint controller?

Joint controllers exist where they jointly determine how and why personal data is processed. Under data protection law, joint controllers are required to have an “arrangement” in place between them to determine how responsibility is shared.

As Flipdish and you determine what personal data to gather from end-users in respect of your orders, Flipdish and you are considered to be joint controllers under data protection law in respect of food orders. The Terms of Service set out these responsibilities between you and Flipdish.

7. Who is responsible for responding to data subjects’ requests where Flipdish and you act as joint controllers?

For personal data collected by Flipdish on the Flipdish Platform, Flipdish will be responsible for responding to data subject requests, including any data subject access requests.

For personal data received by you through the Flipdish Platform or provided to you directly by end-users, you are responsible for responding to data subject requests, including data subject access requests.

8. What about potential data protection enquiries or complaints where Flipdish and you act as joint controllers?

For personal data collected by Flipdish through the Flipdish Platform, Flipdish will be responsible for dealing with data protection enquiries or complaints from end-users or from regulators, including complaints made to a data protection supervisory authority.

You will be responsible for dealing with complaints and enquiries in relation to the personal data received by you through the Flipdish Platform or provided to you directly by end-users.

9. Who is responsible for notifying a potential personal data breach when Flipdish and you act as joint controllers?

Flipdish will be responsible for notifying a personal data breach in relation to personal data collected by Flipdish through the Flipdish Platform if such notification is required.

You will be responsible for notifying a personal data breach in relation to personal data received by you through the Flipdish Portal and directly from the end-users themselves if such notification is required.

10. What if I am unsure?

Data protection laws can be complex. If you are dealing with a customer complaint or regulatory enquiry relating to your use of personal data and you are unsure as to the respective obligations of yourself and Flipdish, please let us know. In most cases, we should be able to work together to ensure that the relevant issue is addressed efficiently and in accordance with the law. We have a shared interest in ensuring that issues are identified and resolved quickly.

11. When does Flipdish act as a data processor?

Flipdish acts as a data processor of any associated data processing in relation to marketing and customer analytics conducted on your behalf as a data controller. For example, if you give us your customer list and ask us to undertake an outbound marketing campaign for you, we are a processor and you are the controller.

12. What terms govern the relationship between you as a data controller and Flipdish as data processor?

Data protection law requires that certain terms are in place between a data controller and a data processor. These terms help to ensure that responsibilities for data processing are divided correctly. The terms are included in the Terms of Service.

To learn more about Flipdish’s products or how to grow your online business enrol for FREE in the Flipdish Academy here: http://academy.flipdish.com/