Aqbeż għall-kontenut
FoxiFood għar-ristoranti
  • Karatteristiċi

    Ordnijiet

    • Ordni QR
    • QR Code Menu
    • Phone Orders
    • Self-Service Ordering
    • Table Reservations

    Pjattaforma

    • Restaurant Website
    • Dominju proprju
    • Restaurant Software
    • App mobbli
    • POS System

    Operazzjonijiet

    • Ġestjoni tal-menu
    • Ġestjoni tal-ordnijiet
    • Delivery Management
    • Kitchen Display System
    • Notifiki

    Negozju

    • Pagamenti online
    • Analitika
    • Dashboard tal-amministratur
    • Restaurant Management

    Tkabbir

    • Marketing Tools
    • Reputation Management
    • Marketing Services
    • Loyalty Program
    • Kontijiet tal-klijenti
    • Upsell u tips
    • Branding

    Aktar

    • Appoġġ multilingwi
    • Allerġeni
    • Integrazzjonijiet
    Il-karatteristiċi kollha →
  • Każijiet ta' użu

    Servizz mgħaġġel

    • Fast food
    • Kebab & Döner
    • Food Truck
    • Bakery
    • Taquería

    Ristorant

    • Pizzerija
    • Trattoria
    • Bistro u kafé
    • Fine dining
    • Sushi Restaurant
    • Hotel Restaurant
    • Crêperie

    Bars u xorb

    • Bar and Pub
    • Wine Bar
    • Sports Bar
    • Brewery & Taproom
    • Ice Cream Shop

    Postijiet

    • Canteen
    • Ghost Kitchen
    • Food Court
    • Catering
    • Biergarten & Beer Garden
    Il-każijiet kollha ta' użu →
  • Gwidi

    Biex tibda

    • How to Open a Restaurant
    • Restaurant Business Plan
    • Digital QR Menu Guide
    • Restaurant Digitalization

    Żid id-dħul

    • Żid id-dħul tar-ristorant
    • Restaurant Marketing
    • How to Price Your Menu
    • How to Get More Restaurant Reviews

    Operazzjonijiet

    • Soluzzjonijiet għall-nuqqas ta' persunal
    • Reduce Wait Times
    • How to Reduce Food Waste
    • Restaurant Cost Breakdown
    • How to Handle Negative Reviews

    Qabbel u agħżel

    • Paragun ta' sistemi ta' ordnijiet
    • Best Alternatives to Wolt
    • Best Alternatives to Uber Eats
    • Best QR Menu Apps
    • Best Restaurant POS Systems
    Il-gwidi kollha →
  • Blog
  • Paragun
  • Prezzijiet
  • Kuntatt
Ipprova b'xejn
  1. FoxiFood
  2. Legali
  3. Ftehim ta' pproċessar tad-data

Ftehim ta' pproċessar tad-data

Aġġornat l-aħħar: July 2026

Dan il-Ftehim tal-Ipproċessar tad-Data ("DPA") jagħmel parti mit-Termini tas-Servizz bejn Elite Digital Services, LLC ("Proċessur", "aħna") u s-sieħeb tar-ristorant ("Kontrollur", "inti"), kull fejn fid-dinja jkun stabbilit il-Kontrollur. Huwa mfassal biex jissodisfa l-Artikolu 28 tar-Regolament (UE) 2016/679 ("GDPR") u japplika bl-istess mod, mutatis mutandis, taħt liġijiet applikabbli oħra tal-protezzjoni tad-data (bħall-UK GDPR, l-LGPD tal-Brażil jew leġiżlazzjoni ekwivalenti fil-ġurisdizzjoni tal-Kontrollur).

1. Definizzjonijiet

  • Kontrollur — the restaurant partner (User) who determines the purposes and means of processing personal data of their end customers through the FoxiFood platform.
  • Proċessur — Elite Digital Services, LLC, kumpanija tal-Istati Uniti, li tipproċessa data personali f'isem il-Kontrollur biex tipprovdi s-servizzi tal-pjattaforma FoxiFood. Il-Proċessur jopera l-pjattaforma FoxiFood madwar id-dinja, esklussivament fuq id-dominji foxifood.com u foxi.food, u jista' jinvolvi subproċessuri awtorizzati f'diversi ġurisdizzjonijiet biex iwettqu kompiti tekniċi speċifiċi, kif stipulat fit-Taqsima 5 ta' dan id-DPA.
  • Suġġett tad-Data — the individual whose personal data is being processed (typically the end customer placing a food order).
  • Data Personali — any information relating to an identified or identifiable natural person, as defined in Article 4(1) of GDPR.
  • Ipproċessar — any operation performed on personal data, including collection, storage, use, transmission, and deletion.
  • Sub-proċessur — a third party engaged by the Processor to process personal data on behalf of the Controller.

2. Ambitu u Skop tal-Ipproċessar

2.1. Suġġett

The Processor processes personal data on behalf of the Controller for the purpose of providing the FoxiFood restaurant ordering platform, including hosting the Controller's ordering website, processing customer orders, managing customer accounts, facilitating payment transactions, and operating the FOXI ID shared customer identity infrastructure that enables end customers to use a single account across multiple restaurant ordering websites on the platform.

2.2. Tul ta' Żmien

The processing of personal data under this DPA shall continue for the duration of the Agreement between the Controller and the Processor. Upon termination, data shall be handled in accordance with Section 8 of this DPA.

2.3. Natura u Skop

The nature and purpose of processing is to provide a software-as-a-service platform that enables the Controller to receive online food orders from their customers, manage orders, and process payments.

The Processor does not determine the purposes of processing of end customer order data. The Processor provides only the technical infrastructure used by the Controller to collect and process such data.

Exception — FOXI ID account data: For the purposes of operating the FOXI ID shared customer identity infrastructure, Elite Digital Services, LLC acts as an independent data controller for FOXI ID account data (login credentials, authentication sessions, and contact information used for cross-restaurant pre-filling). This data is not processed under this DPA but under the Provider's own Privacy Policy. The Controller's rights and obligations as data controller under this DPA apply to order data, customer preferences, and order history generated through the Controller's ordering website.

2.4. Kategoriji ta' Suġġetti tad-Data

  • End customers of the restaurant partner (individuals placing food orders);
  • Employees or representatives of the restaurant partner with access to the admin dashboard.

2.5. Tipi ta' Data Personali

  • Data ta' kuntatt: isem, indirizz tal-email, numru tat-telefon;
  • Indirizz tal-kunsinna (meta applikabbli);
  • Order data: items ordered, order amounts, order history, dietary preferences;
  • Payment references: transaction IDs, payment status (card details are handled exclusively by the payment processor and not stored by the Processor);
  • Technical data: IP address, device information, browser data (for fraud prevention and service operation);
  • FOXI ID account data: login credentials (email and hashed password), authentication session tokens.

2.6. Iżolament tad-Data u FOXI ID

The platform operates a shared customer identity infrastructure ('FOXI ID') that enables end customers to use a single account across multiple restaurant ordering websites. The following data isolation principles apply:

  • Each Controller can only access order data, customer preferences, and order history generated through its own ordering website;
  • No Controller has access to order data, preferences, or order history of end customers at any other restaurant on the platform;
  • The only data shared across Controllers through FOXI ID is the end customer's contact information (name, email, phone number, delivery address), solely for the purpose of pre-filling the order form to facilitate the ordering process;
  • The Processor does not provide any Controller with aggregated, anonymized, or cross-restaurant data derived from FOXI ID.

3. Obbligi tal-Proċessur

Il-Proċessur għandu:

  • Process personal data only on documented instructions from the Controller, including with regard to transfers of data to third countries, unless required to do so by applicable law;
  • Ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 of GDPR;
  • Not engage another processor (sub-processor) without prior written authorization from the Controller, subject to Section 5 of this DPA;
  • Assist the Controller in responding to Data Subject requests (access, rectification, erasure, restriction, portability, objection) within the timeframes required by GDPR;
  • Assist the Controller in ensuring compliance with obligations related to data protection impact assessments and prior consultation with supervisory authorities (Articles 35 and 36 of GDPR);
  • At the choice of the Controller, delete or return all personal data after the end of the provision of services, and delete existing copies unless EU or Member State law requires storage;
  • Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits and inspections;
  • Maintain Records of Processing Activities carried out on behalf of the Controller, in accordance with Article 30(2) of GDPR;
  • Implement data protection by design and by default in accordance with Article 25 of GDPR, ensuring that only personal data necessary for each specific purpose of processing is processed.

4. Miżuri ta' Sigurtà

The Processor implements the following technical and organizational measures to protect personal data:

  • Kriptaġġ tad-data waqt it-trażmissjoni permezz ta' TLS 1.2+ / SSL;
  • Kriptaġġ ta' data sensittiva meta tkun maħżuna;
  • Access controls with role-based permissions and multi-factor authentication for administrative access;
  • Backups awtomatizzati regolari b'minimu ta' 30 ġurnata ta' żamma;
  • Secure cloud hosting infrastructure with physical access controls (DigitalOcean);
  • Aġġornamenti tas-sigurtà regolari, patches u evalwazzjonijiet tal-vulnerabbiltà;
  • Payment processing delegated to a PCI DSS Level 1 certified payment processor — no card data stored by the Processor;
  • Hashing tal-passwords bl-użu ta' algoritmi kriptografiċi standard tal-industrija;
  • Reġistrazzjoni u monitoraġġ tal-aċċess għad-data personali;
  • Proċeduri ta' risposta għall-inċidenti u notifika ta' ksur tad-data.

5. Sub-proċessuri

5.1. Sub-proċessuri awtorizzati

The Controller hereby grants general authorization for the Processor to engage the following sub-processors:

  • Proċessur tal-pagamenti (bħalissa Stripe, Inc.) — payment processing, fraud prevention (USA, PCI DSS Level 1, SCCs in place);
  • DigitalOcean, LLC — cloud hosting and infrastructure (EU and USA data centers, SCCs in place);
  • Brevo (Sendinblue) — kunsinna ta' emails transazzjonali (Franza/UE).

5.2. Bidliet fis-sub-proċessuri

The Processor will notify the Controller of any intended changes concerning the addition or replacement of sub-processors at least 30 days in advance, giving the Controller the opportunity to object to such changes. If the Controller reasonably objects, the parties shall discuss the concerns in good faith. If no resolution is reached, the Controller may terminate the Agreement.

5.3. Obbligi tas-sub-proċessuri

The Processor shall ensure that each sub-processor is bound by data protection obligations no less protective than those set out in this DPA. The Processor remains fully liable to the Controller for the performance of each sub-processor's obligations.

6. Drittijiet tas-Suġġett tad-Data

Il-Proċessur għandu:

  • Promptly notify the Controller if it receives a request directly from a Data Subject regarding their personal data;
  • Not respond to such requests directly unless authorized by the Controller or required by law;
  • Provide the Controller with reasonable assistance in fulfilling Data Subject requests, including technical measures for data access, rectification, erasure, restriction, and portability;
  • Provide tools within the Service that enable the Controller to manage, export, and delete customer data independently.

7. Evalwazzjonijiet tal-Impatt fuq il-Protezzjoni tad-Data

Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons (Article 35 GDPR), the Controller is responsible for conducting a Data Protection Impact Assessment (DPIA). The Processor shall:

  • provide the Controller with all information reasonably necessary to conduct a DPIA;
  • assist the Controller with the DPIA upon reasonable request, at the Controller's expense;
  • assist the Controller in prior consultation with the supervisory authority where required by Article 36 of GDPR.

The Controller must notify the Processor in advance if a DPIA indicates that the processing would result in a high risk in the absence of measures taken by the Processor.

8. Notifika ta' Ksur tad-Data

Fil-każ ta' ksur tad-data personali, il-Proċessur għandu:

  • Notify the Controller without undue delay, and in any case within 24 hours after becoming aware of the breach, to enable the Controller to meet its 72-hour notification obligation to the supervisory authority under Article 33 of GDPR;
  • Provide the Controller with sufficient information to enable the Controller to meet its obligation to notify the supervisory authority and affected Data Subjects under Articles 33 and 34 of GDPR;
  • Cooperate with the Controller and take reasonable steps to mitigate the effects of the breach;
  • Document the breach including its effects and the remedial actions taken.

The breach notification shall include, to the extent available: the nature of the breach, categories and approximate number of Data Subjects affected, likely consequences, and measures taken or proposed to address the breach.

9. Żamma u Tħassir tad-Data

9.1. Responsabbiltà tal-Kontrollur għaż-Żamma

The Controller, as the data controller for order data of its end customers, is solely responsible for determining appropriate data retention periods and for compliance with all applicable legal, tax, and accounting data retention obligations in the Controller's jurisdiction. FOXI ID account data retention is managed by the Processor in its capacity as independent data controller, as described in the Provider's Privacy Policy.

The Service may provide configurable data retention settings that allow the Controller to set automatic deletion periods for end customer data. The Processor processes and deletes end customer data strictly according to the documented instructions of the Controller, including the retention settings configured by the Controller within the platform. The Processor bears no responsibility for the Controller's choice of retention periods or for any legal consequences arising from data being retained or deleted in accordance with the Controller's instructions.

9.2. Terminazzjoni

  • Upon termination of the Agreement, the Processor will provide the Controller with 30 calendar days to export all personal data through the Service's export functions;
  • After the 30-day period, the Processor will delete all personal data processed on behalf of the Controller, unless retention is required by applicable law;
  • Deletion will be carried out using secure methods that render data irrecoverable;
  • The Processor will provide written confirmation of data deletion upon request by the Controller;
  • Backup copies will be deleted according to the regular backup rotation schedule (within 30 days of the deletion request).

10. Trasferimenti Internazzjonali tad-Data

Where personal data is transferred outside the European Economic Area (EEA), the Processor ensures that appropriate safeguards are in place as required by Chapter V of GDPR, including:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. For transfers to sub-processors, Module Two (controller-to-processor) or Module Three (processor-to-processor) SCCs are applied, as applicable;
  • Transfer Impact Assessments for each sub-processor to evaluate the legal framework of the destination country;
  • Supplementary measures to ensure adequate protection of personal data where the Transfer Impact Assessment identifies risks.

The Processor shall inform the Controller of any legal requirements in the destination country that may impact the protection of personal data and the ability to comply with this DPA. Copies of the signed SCCs are available upon request.

11. Awditjar u Spezzjonijiet

The Processor shall make available to the Controller all information reasonably necessary to demonstrate compliance with Article 28 of GDPR. The Controller may conduct audits, including inspections, either directly or through an independent third-party auditor, subject to:

  • Avviż raġonevoli bil-quddiem ta' mill-inqas 30 jum kalendarju;
  • Audits conducted during regular business hours and in a manner that minimizes disruption;
  • L-awditur irid ikun marbut b'obbligi ta' kunfidenzjalità;
  • No more than one audit per 12-month period, unless required by a supervisory authority.

12. Responsabbiltà

The liability of each party under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service. Nothing in this DPA limits either party's liability for breaches of GDPR to the extent that such limitation is not permitted by applicable law.

13. Rappreżentant fl-UE

In accordance with Article 27 of the GDPR, the Processor has appointed the following entity as its representative in the European Union:

Euro business company Kft.
Rómer Flóris utca 8/B. 3. em., Budapest 1024, Hungary
Numru tat-taxxa: HU28959364

For full details on the EU representative and its role, see the GDPR page in the Legal section of the FoxiFood website.

14. Kuntatt

For questions about this Data Processing Agreement or data processing matters, contact us at: support@foxi.food

Elite Digital Services, LLC
1111B S Governors Ave #21653
Dover, DE 19904, USA

FoxiFood

Ir-ristorante tiegħek, il-pjattaforma ta' ordnijiet tiegħek.

  • Prezzijiet
  • Paragun
  • Kalkulatur tal-kummissjonijiet
  • Dwarna
  • Kuntatt

Karatteristiċi

  • Ordni QR
  • Restaurant Website
  • Restaurant Software
  • Pagamenti online
  • App mobbli
  • Ġestjoni tal-menu
  • Ġestjoni tal-ordnijiet
  • Delivery Management
  • Kitchen Display System
  • POS System
  • Analitika
  • Loyalty Program
  • Marketing Tools
  • Appoġġ multilingwi
  • Il-karatteristiċi kollha →

Każijiet ta' użu

  • Pizzerija
  • Bistro u kafé
  • Fast food
  • Fine dining
  • Kebab & Döner
  • Sushi Restaurant
  • Bar and Pub
  • Hotel Restaurant
  • Ghost Kitchen
  • Food Truck
  • Wine Bar
  • Canteen
  • Crêperie
  • Trattoria
  • Il-każijiet kollha ta' użu →

Gwidi

  • How to Open a Restaurant
  • Żid id-dħul tar-ristorant
  • Restaurant Marketing
  • Digital QR Menu Guide
  • Soluzzjonijiet għall-nuqqas ta' persunal
  • Best Alternatives to Wolt
  • Best Alternatives to Uber Eats
  • Best QR Menu Apps
  • FoxiFood vs Wolt
  • FoxiFood vs Bolt Food
  • FoxiFood vs Foodora
  • FoxiFood vs Glovo
  • FoxiFood vs Uber Eats
  • FoxiFood vs Just Eat
  • FoxiFood vs Lieferando
  • FoxiFood vs Rappi
  • FoxiFood vs PedidosYa
  • Best Restaurant Management Software
  • Best Free Restaurant Website Builders
  • Gwida għall-ordni QR
  • Il-gwidi kollha →

Blog

  • L-artikli kollha →

Informazzjoni legali

  • Termini
  • Politika tal-privatezza
  • Termini tas-servizz
  • Cookies
  • GDPR
  • Termini Speċifiċi għall-Pajjiż
  • FOXI ID Terms of Use
  • FOXI ID Privacy Notice
English Česky Slovensky Magyar Deutsch Français Español (España) Italiano Português Português (Brasil) Nederlands Dansk Svenska Suomi Norsk Polski Română Български Hrvatski Slovenščina Lietuvių Latviešu Eesti Ελληνικά Türkçe

© 2026 FoxiFood. Id-drittijiet kollha riservati.
FOXIFOOD® hija trademark irreġistrata ta' Elite Digital Services, LLC (EUTM Nru 019320283).

FoxiFood - Approved on SaaSHub

We use cookies to improve your experience. By continuing, you agree to our use of cookies. Politika tal-Cookies