This Privacy Policy explains how SmartChef Ltd ("SmartChef", "we", "us", "our") collects, uses, stores and protects personal data when you use:

• the SmartChef website at https://smartchef.ie, and
• the SmartChef web application at https://app.smartchef.ie

(together, the "Service").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Data Protection Acts 1988-2018, and applicable Irish law.

1. Who We Are

   SmartChef Ltd
   Irish private company limited by shares (company incorporation pending)
   Registered office: Naas, Co. Kildare, Ireland
   Email: hello@smartchef.ie

2. Data Controller and Data Processor Roles

   SmartChef as Data Processor

   When customers use the SmartChef Service, they act as the Data Controller in respect of personal data relating to their staff, suppliers, or other individuals.

   In this context, SmartChef Ltd acts as a Data Processor, processing personal data solely on behalf of and in accordance with the documented instructions of the customer, as set out in the Data Processing Agreement (Schedule 1) of the SmartChef Terms & Conditions.

   SmartChef as Data Controller

   SmartChef Ltd acts as a Data Controller in respect of personal data processed for its own business purposes, including:

   • Website operation
   • Account administration
   • Billing and payments
   • Customer support
   • Marketing and communications
   • Security and service improvement

3. Personal Data We Process

   Depending on how the Service is used, we may process the following categories of personal data.

   Account and Contact Data

   • Name
   • Email address
   • Business name
   • Job role
   • Login credentials (stored securely)

   Customer Content and Operational Data

   • HACCP and food safety records
   • Training records
   • Delivery logs
   • Uploaded images (e.g. delivery labels)
   • Text extracted from images using automated systems

   Technical and Usage Data

   • IP address
   • Device and browser type
   • Log files
   • Date and time of access

   Billing Data

   • Subscription status
   • Payment references and invoices

   Payment card details are processed by third-party payment providers and are not stored by SmartChef.

4. Special Category Data

   SmartChef does not intentionally collect or process special category personal data (such as health data). Any such data appearing incidentally in uploaded records or images is processed solely at the instruction of the customer.

5. How We Use Personal Data

   Personal data is processed for the following purposes:

   • Providing and operating the Service
   • Creating and managing user accounts
   • Storing and displaying food safety records
   • Extracting and presenting data from uploaded images
   • Providing customer support
   • Managing subscriptions and billing
   • Improving performance, reliability and security
   • Complying with legal obligations

   SmartChef does not sell personal data.

6. Legal Bases for Processing

   Where SmartChef acts as a Data Controller, processing is based on one or more of the following lawful bases:

   • Performance of a contract
   • Legitimate interests, such as operating and improving the Service
   • Legal obligation
   • Consent, where explicitly obtained

   Where SmartChef acts as a Data Processor, processing is carried out on the documented instructions of the customer.

7. AI and Automated Processing

   The Service uses automated systems, including artificial intelligence, to extract text from uploaded images (such as delivery labels).

   • This processing does not involve automated decision-making with legal or similarly significant effects
   • Extracted data is presented for user review and verification
   • Customers remain responsible for confirming accuracy and compliance

8. Sub-Processors

   SmartChef uses trusted third-party service providers ("sub-processors") to operate the Service, including providers of:

   • Cloud hosting and storage
   • Databases
   • Email and communications
   • Payment processing
   • Analytics and error monitoring

   All sub-processors are subject to GDPR-compliant contractual obligations. A current list of sub-processors is available on request.

9. International Transfers

   Personal data is processed within the EU/EEA where possible. Where data is transferred outside the EU/EEA, appropriate safeguards are used, including Standard Contractual Clauses or equivalent mechanisms.

10. Data Retention

    • Active accounts: data retained for the duration of the subscription
    • Cancelled or suspended accounts: data retained for a minimum of three (3) months
    • After this period, data may be permanently deleted

    We make reasonable efforts to notify customers before deletion.

11. Data Subject Rights

    Under GDPR, individuals have the right to:

    • Access personal data
    • Rectify inaccurate data
    • Request erasure
    • Restrict processing
    • Data portability
    • Object to processing
    • Withdraw consent

    Processor Context

    Where SmartChef acts as a Data Processor, data subject requests should be directed to the relevant customer acting as Data Controller. SmartChef will assist customers in fulfilling such requests in accordance with the Data Processing Agreement.

    Requests may be submitted to hello@smartchef.ie.

12. Data Security

    SmartChef implements appropriate technical and organisational measures to protect personal data, including:

    • Encrypted connections (HTTPS)
    • Access controls and authentication
    • Secure cloud infrastructure
    • Ongoing monitoring and updates

    No system can be guaranteed to be completely secure, but we take data protection seriously.

13. Personal Data Breaches

    In the event of a personal data breach affecting customer data, SmartChef will notify the affected customer without undue delay and cooperate in meeting GDPR notification obligations.

14. Cookies

    SmartChef uses cookies and similar technologies on the website and app.

    Essential Cookies

    These are required for the Service to function and cannot be disabled.

    Analytics Cookies

    We may use analytics cookies to understand how the Service is used and to improve performance. Where required, consent will be obtained before placing non-essential cookies. Further information is available in our Cookie Policy (or within cookie settings).

15. Children's Data

    The Service is intended for business use only and is not directed at individuals under 18 years of age.

16. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or Website.

17. Complaints

    If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Data Protection Commission (Ireland):

    https://www.dataprotection.ie

    We encourage you to contact us first so we can address any concerns.

18. Contact Us

    If you have any questions about this Privacy Policy or how personal data is processed:

    SmartChef Ltd
    Email: hello@smartchef.ie
    Website: https://smartchef.ie
    Ireland