Persónuverndarstefna
Síðast uppfært: júlí 2026
This Privacy Policy describes how Elite Digital Services, LLC ('we', 'us', 'the Provider') collects, uses, stores, and protects personal data in connection with the FoxiFood platform ('the Service'). We are committed to protecting your privacy and processing your data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.
1. Ábyrgðaraðili
Elite Digital Services, LLC
1111B S Governors Ave #21653
Dover, DE 19904, USA
Netfang: support@foxi.food
For the purposes of the FoxiFood platform, Elite Digital Services, LLC acts in the following data protection roles:
- Ábyrgðaraðili — for personal data of restaurant partners (Users), and for FOXI ID account data (login credentials and authentication data) of end customers who create a FOXI ID account;
- Vinnsluaðili — for personal data of end customers processed on behalf of the restaurant partner in connection with orders placed through the restaurant's ordering website (see our Data Processing Agreement for details).
Elite Digital Services, LLC er bandarískt fyrirtæki og rekur FoxiFood-vettvanginn um allan heim, eingöngu á lénunum foxifood.com og foxi.food. Fyrirtækið getur falið viðurkenndum aðilum í ýmsum lögsögum að sinna tilteknum tæknilegum verkefnum fyrir sína hönd. Önnur lén eða staðbundnar/þjóðlegar útgáfur af vettvanginum geta verið reknar af sjálfstæðum lögaðilum samkvæmt sérstökum leyfissamningi um notkun FOXIFOOD-vörumerkisins; slíkir aðilar starfa í eigin nafni og á eigin ábyrgð og halda úti eigin persónuverndarskjölum.
Apart from operating the FOXI ID shared identity infrastructure (see Section 2.3), FoxiFood does not establish a direct commercial relationship with end customers. The platform provides the technical infrastructure required to operate restaurant ordering websites.
Fulltrúi í ESB (27. grein GDPR)
In accordance with Article 27 of the GDPR, the following entity has been appointed as the EU representative of Elite Digital Services, LLC:
Euro business company Kft.
Rómer Flóris utca 8/B. 3. em., Budapest 1024, Hungary
Skattnúmer: HU28959364
For full details on the EU representative and its role, see our GDPR page.
Innbyggð persónuvernd og vinnsluskrár
We implement data protection by design and by default in accordance with Article 25 of GDPR. We maintain Records of Processing Activities as required by Article 30 of GDPR, documenting all categories of processing activities carried out on behalf of or as part of the FoxiFood platform. Where required by Article 35 of GDPR, we conduct Data Protection Impact Assessments before undertaking processing operations that are likely to result in a high risk to the rights and freedoms of natural persons.
2. Hvaða gögn söfnum við
2.1. Gögn veitingastaðarfélaga (notenda)
Þegar þú skráir þig og notar FoxiFood vettvanginn, söfnum við:
- Business identification: business name, registration number, VAT ID, registered address;
- Samskiptaupplýsingar: nafn, netfang, símanúmer;
- Innskráningarupplýsingar: netfang og dulkóðað lykilorð;
- Billing information: payment method details, transaction history, invoices (card details are processed and stored exclusively by the payment processor);
- Service usage data: login history, feature usage, admin dashboard activity;
- Samskiptagögn: stuðningsbeiðnir, viðbrögð, bréfaskipti.
2.2. Gögn endanotenda (unnin fyrir hönd veitingastaðarfélaga)
End customers interact directly with the restaurant partner's ordering website. FoxiFood provides only the technical infrastructure required to operate that website.
When end customers place orders through a restaurant's FoxiFood-powered website, we process the following data on behalf of the restaurant partner:
- Samskiptaupplýsingar: nafn, netfang, símanúmer;
- Afhendingarheimilisfang (þegar við á);
- Pöntunarupplýsingar: pantaðir hlutir, pöntunarsaga, óskir;
- Payment transaction references (card details are handled exclusively by the payment processor).
2.3. FOXI ID (sameiginleg auðkenniskerfi viðskiptavina)
The FoxiFood platform includes a shared customer identity system ('FOXI ID') that allows end customers to create a single account and use the same login credentials across all restaurant ordering websites on the platform. FOXI ID is a technical infrastructure component provided as part of the platform.
Elite Digital Services, LLC acts as the data controller for FOXI ID account data, which includes:
- Innskráningarupplýsingar (netfang og dulkóðað lykilorð);
- Auðkenningarsetugögn;
- Contact information used for pre-filling order forms (name, phone number, delivery address).
Through FOXI ID, the end customer's contact data (name, email, phone number, delivery address) may be pre-filled when placing an order at any restaurant on the platform. Order data, order history, preferences, and payment information are NOT shared between restaurants. Each restaurant can only access data generated through its own ordering website.
Lagalegur grundvöllur fyrir vinnslu FOXI ID gagna er:
- Efndir samnings (grein 6(1)(b) GDPR) — for maintaining the FOXI ID account and authenticating the end customer at the restaurant where they are placing an order;
- Lögmætir hagsmunir (grein 6(1)(f) GDPR) — for pre-filling contact data across restaurants on the platform, where the legitimate interest is providing a seamless ordering experience and reducing friction for returning customers. This interest has been balanced against the end customer's rights — only basic contact data is shared, no order history or preferences are disclosed, and the end customer may request deletion of their FOXI ID account at any time.
The Provider does not use FOXI ID data for marketing, profiling, cross-restaurant analytics, or any purpose other than providing the platform infrastructure.
End customers may exercise their data subject rights regarding their FOXI ID account (access, rectification, erasure, portability, restriction, objection) by contacting: support@foxi.food. Deletion of a FOXI ID account removes the shared login across all restaurants on the platform. Order history at individual restaurants is retained or deleted in accordance with the respective restaurant partner's data retention policy.
2.4. Sjálfkrafa söfnuð gögn
We automatically collect certain technical data when you visit our websites:
- IP-tala og áætluð landfræðileg staðsetning;
- Tegund vafra, útgáfa og tungumálastillingar;
- Tegund tækis og stýrikerfi;
- Heimsóttar síður, dvalartími, tilvísandi vefslóðir;
- Vafrakökugögn (sjá vafrakökustefnu okkar fyrir frekari upplýsingar).
3. Lagalegur grundvöllur vinnslu
Við vinnum persónuupplýsingar á grundvelli eftirfarandi lagalegra heimilda (eins og þær eru skilgreindar í GDPR og endurspeglast í sambærilegum hugtökum samkvæmt öðrum gildandi persónuverndarlögum):
- Efndir samnings — processing necessary for the performance of the Agreement between us and the User (registration, account management, service provision, billing);
- Lögmæt hagsmunir — processing necessary for our legitimate business interests (service improvement, security, fraud prevention, analytics), balanced against your rights;
- Lagaleg skylda — processing required to comply with applicable laws (tax reporting, anti-money laundering, regulatory requirements);
- Samþykki — where required by law, we obtain your explicit consent (e.g., for analytics cookies, marketing communications). You may withdraw consent at any time.
4. Hvernig við notum gögnin þín
Við notum persónuupplýsingar þínar í eftirfarandi tilgangi:
- Að veita og reka FoxiFood vettvanginn og alla eiginleika hans;
- Stofnun reiknings, auðkenning og stjórnun;
- Vinnsla greiðslna og útgáfa reikninga í gegnum greiðsluaðila okkar;
- Tæknilegur stuðningur og svörun fyrirspurna;
- Sending service notifications (maintenance, security alerts, Terms updates);
- Bætum þjónustuna á grundvelli notkunarmynstra og viðbragða;
- Tryggja öryggi, koma í veg fyrir svik og greina óheimilan aðgang;
- Uppfylla lagalegar og reglugerðarskyldur;
- Búa til nafnlausar og samanteknar tölfræðiupplýsingar.
5. Gagnadeling og þriðju aðilar
We do not sell your personal data. We share data only with the following categories of recipients, to the extent necessary:
- Greiðsluþjónusta (sem stendur Stripe) — greiðsluvinnsla (PCI DSS stig 1 vottað);
- DigitalOcean — skýjahýsing og innviðir;
- Brevo — viðskiptatengd tölvupóstsending;
- Google Analytics — vefgreiningar (með samþykki þínu, nafnlausar);
- Legal and regulatory authorities — when required by law, court order, or government request;
- Professional advisors — lawyers, auditors bound by professional secrecy.
All third-party processors are contractually bound to process data only according to our instructions and to maintain appropriate security measures.
6. Alþjóðlegur gagnaflutningur
Elite Digital Services, LLC hefur höfuðstöðvar í Bandaríkjunum og þjónar viðskiptavinum um allan heim; gögnum þínum kann að vera miðlað til og unnið úr þeim í Bandaríkjunum og öðrum löndum þar sem undirvinnsluaðilar okkar starfa. Þar sem gildandi persónuverndarlög krefjast þess tryggjum við að viðeigandi verndarráðstafanir séu til staðar fyrir slíkan flutning gagna. Fyrir gögn sem falla undir GDPR er flutningur framkvæmdur í samræmi við V. kafla GDPR, þar á meðal staðlaða samningsskilmála (SCC) sem framkvæmdastjórn Evrópusambandsins samþykkti með framkvæmdaákvörðun (ESB) 2021/914 frá 4. júní 2021 — fyrir flutning til undirvinnsluaðila eru notaðir SCC-skilmálar úr einingu tvö (ábyrgðaraðili til vinnsluaðila) eða einingu þrjú (vinnsluaðili til vinnsluaðila), eftir því sem við á, og við framkvæmum mat á áhrifum flutnings (Transfer Impact Assessment) fyrir hvern undirvinnsluaðila til að leggja mat á lagaumhverfi viðtökulandsins; afrit af undirrituðum SCC-skilmálum eru afhent sé þess óskað. Fyrir gögn sem falla undir önnur persónuverndarkerfi styðjumst við við þau flutningsúrræði sem viðurkennd eru samkvæmt gildandi lögum. Hýsingarinnviðir okkar (DigitalOcean) reka gagnaver á mörgum svæðum, þar á meðal gagnaver innan ESB fyrir evrópska notendur.
7. Varðveisla gagna
We retain personal data only for as long as necessary for the purposes for which it was collected:
- Account data: for the duration of the Agreement plus 30 days for data export;
- Billing and transaction data: for the period required by applicable tax and accounting laws (typically 5-10 years);
- Samskiptaskrár: í 3 ár eftir síðustu samskipti;
- Analytics data: retained for statistical purposes in anonymized form; identifiable data deleted after 26 months;
- End customer order data: as determined by the restaurant partner (data controller). The restaurant partner may configure data retention settings within the platform. FoxiFood processes and deletes end customer data strictly according to the instructions of the restaurant partner. Upon termination of the restaurant partner's Agreement, data is deleted within 30 days;
- FOXI ID account data: for as long as the end customer maintains an active FOXI ID account. Upon account deletion request, FOXI ID data is deleted within 30 days. Inactive FOXI ID accounts (no login activity for 36 months) are automatically scheduled for deletion with 30 days' prior notice to the end customer's registered email address.
The restaurant partner, as the data controller for order data of its end customers, remains solely responsible for compliance with all applicable legal, tax, and accounting data retention obligations in its jurisdiction. FOXI ID account data retention is managed by the Provider as described in Section 2.3.
After the expiration of retention periods, data is irreversibly deleted or anonymized.
8. Gagnaöryggi
In accordance with Article 32 of GDPR and the principle of data protection by design and by default (Article 25 GDPR), we implement appropriate technical and organizational measures to protect personal data, including:
- Dulkóðun allra gagna í flutningi með TLS/SSL;
- Dulkóðuð geymsla viðkvæmra gagna;
- Lykilorðahashing með iðnaðarstaðla reikniritum;
- Aðgangsstýringar og hlutverkamiðaðar heimildir;
- Reglulegar öryggisuppfærslur og eftirlit með veikleikum;
- Daglegar sjálfvirkar afritanir með 30 daga varðveislu;
- Payment card data handled exclusively by the PCI DSS Level 1 certified payment processor — we never store card numbers;
- Viðbragðsferlar vegna atvika og tilkynningarreglur um öryggisbrot.
9. Réttindi þín til persónuverndar
Það fer eftir búsetu þinni hvort þú hefur einhvern eða öll eftirfarandi réttindi samkvæmt þeim persónuverndarlögum sem gilda um þig — þar á meðal GDPR (EES/Bretland), persónuverndarlögum einstakra Bandaríkjaríkja á borð við California Consumer Privacy Act (CCPA/CPRA), LGPD í Brasilíu, og sambærilegum lögum í öðrum löndum:
- Aðgangsréttur — óska eftir afriti af persónuupplýsingum þínum sem við geymum;
- Réttur til leiðréttingar — óska eftir leiðréttingu á ónákvæmum eða ófullnægjandi gögnum;
- Réttur til eyðingar — request deletion of your data ('right to be forgotten'), subject to legal retention obligations;
- Réttur til takmörkunar — óska eftir takmörkun á vinnslu við ákveðnar aðstæður;
- Réttur til gagnaflutnings — fá gögnin þín á skipulögðu, véllesanlegu formi;
- Andmælaréttur — andmæla gegn vinnslu sem byggist á lögmætum hagsmunum;
- Réttur til að afturkalla samþykki — afturkallaðu samþykki hvenær sem er þar sem vinnsla byggist á samþykki;
- Réttur til að leggja fram kvörtun — leggja fram kvörtun til persónuverndaryfirvalda í búsetulandi þínu. Fyrir lönd innan ESB/EES, sjá GDPR-síðu okkar fyrir tengiliðaupplýsingar eftirlitsyfirvalda; fyrir önnur lönd getur lögbært yfirvald verið tilgreint í viðeigandi landssértækum skilmálum.
Til að nýta þér einhver þessara réttinda, hafðu samband við okkur á: support@foxi.food. We will respond to your request within 30 days. You may also contact our EU representative (Euro business company Kft.) — see our GDPR page for details.
10. Vafrakökur
We use essential cookies for site functionality and optional analytics cookies with your consent. For detailed information about the cookies we use and how to manage your preferences, see our separate Cookie Policy.
The FOXI ID shared customer identity infrastructure uses the following cookies:
- Lotuvafrakaka á léninu .foxi.food — maintains the end customer's authenticated session at the restaurant where they are currently placing an order. Classified as strictly necessary for the ordering service to function (no consent required);
- Þversöluveitinga auðkenningarhald — enables the end customer to remain logged in when visiting other restaurants on the platform. Classified as a functional cookie. On restaurant ordering websites, this cookie is presented through the cookie consent mechanism, and the end customer may decline it without affecting the ability to place orders (manual login will be required at each restaurant);
- SSO tilvísun fyrir sérsniðin lén — for restaurants using their own custom domain, a short-lived redirect cookie facilitates authentication. Classified as strictly necessary for the login process on custom domains (no consent required).
FOXI ID does not use any third-party cookies, tracking cookies, or cross-domain tracking mechanisms. All FOXI ID cookies serve exclusively the technical purpose of authentication.
11. Persónuvernd barna
The FoxiFood Service is a B2B platform intended for businesses. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have collected data from a child, we will delete it promptly.
12. Breytingar á þessari persónuverndarstefnu
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email or notification in the Service. The date of the last update is shown at the top of this document. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
13. Samskipti
For privacy-related inquiries, data subject requests, or complaints, contact us at: support@foxi.food
Elite Digital Services, LLC
1111B S Governors Ave #21653
Dover, DE 19904, USA