mobile-logo

Privacy Policy

Last updated: March 2026

FoodFlow (“we”, “us”, or “our”), a brand of Panaline Ltd, is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Cypriot data protection law. This Privacy Policy explains who we are, what data we collect, why we collect it, and what your rights are.

1. Data Controller

The data controller responsible for your personal data is:

Panaline Ltd (FoodFlow)
Cyprus
Email: info@foodflow.cy
Website: https://foodflow.cy

2. What Data We Collect

We may collect the following personal data when you interact with our website or lead generation forms:

  • Full name
  • Email address (personal or work)
  • Company name
  • Job title
  • Any other information you voluntarily provide

3. Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

  • Consent (Art. 6(1)(a)): When you submit a lead generation form or subscribe to communications, you give us clear consent to process your data.
  • Legitimate Interests (Art. 6(1)(f)): We may process data to improve our services, prevent fraud, and ensure website security, provided these interests are not overridden by your rights.
  • Contract (Art. 6(1)(b)): Where processing is necessary to fulfil a contractual obligation with you.
  • Legal Obligation (Art. 6(1)(c)): Where we are required to process data to comply with applicable law.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiries and service requests
  • To send you relevant marketing communications and product updates (only with your consent)
  • To improve and develop our products and services
  • To comply with our legal and regulatory obligations
  • To protect against fraud and ensure website security

5. Cookies & Tracking Technologies

Our website uses the following cookies:

  • Functional cookies: Set by WordPress to maintain your session and preferences (e.g. wordpress_*, wp-settings-*). These are strictly necessary for the website to function.
  • Security cookies: Google reCAPTCHA sets cookies on our contact forms to distinguish humans from bots and protect against spam. Google’s privacy policy applies: policies.google.com/privacy.
  • Analytics cookies: A basic traffic analytics script (provided by our hosting provider) helps us understand visitor behaviour in aggregate. No personally identifiable information is collected.

Where cookies require consent under GDPR, we will ask for it before placing them. You can withdraw consent or disable cookies at any time through your browser settings. Note that disabling certain cookies may affect website functionality.

6. Data Sharing & Third Parties

We do not sell or rent your personal data. We may share it only in the following circumstances:

  • Service providers: Trusted third parties who help us operate our website and services (e.g. hosting, email, CRM), bound by data processing agreements and GDPR obligations.
  • LinkedIn: If you submit a lead generation form via LinkedIn, your data is collected and processed subject to LinkedIn’s Privacy Policy.
  • Legal requirements: We may disclose data to comply with a legal obligation or to protect the rights, property, or safety of FoodFlow, its users, or others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the relevant party.

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or adequacy decisions).

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Lead generation data is retained for a maximum of 24 months from the date of collection, after which it is securely deleted or anonymised. You may request deletion at any time (see Your Rights below).

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”).
  • Right to Restrict Processing (Art. 18): Request that we limit how we use your data.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right not to be subject to automated decision-making (Art. 22): We do not use automated decision-making or profiling that produces legal or significant effects.

To exercise any of these rights, please contact us at info@foodflow.cy. We will respond within 30 days in accordance with GDPR requirements. You will not be charged for making a request.

9. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection:

Website: www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. This includes SSL encryption, access controls, and regular security reviews. In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

11. Children’s Data

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically. Where changes are material, we will notify you by email or a prominent notice on our website.

13. Contact Us

For any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please contact us:

FoodFlow — Panaline Ltd
Cyprus
Email: info@foodflow.cy
Website: https://foodflow.cy