1.1 This Privacy Policy sets out how The GoodFor Company, located at 128 City Road, London, United Kingdom, EC1V 2NX, collects, uses, protects, and manages personal data in connection with the Goodfor.app barcode scanning application for iOS and Android devices.
1.2 Goodfor.app is designed for individuals and families, including children of all ages, and provides tailored product insights based on user profiles, age, sensitivities, allergies, and preferences. The application is committed to safeguarding the privacy and rights of all users, including children, in accordance with applicable data protection laws and regulations.
1.3 This policy explains the types of personal data we collect, the purposes for which we process such data, the lawful bases for processing, and the rights available to users. It also describes our approach to data security, retention, and the procedures in place for managing data breaches.
1.4 Goodfor.app operates globally and complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR), the Children’s Online Privacy Protection Act (COPPA), and the California Consumer Privacy Act (CCPA), as applicable to our users.
1.5 We recognise the importance of protecting children’s data and have implemented specific parental consent procedures for users under the age of 16. Our services are not available to children under 16 without verified parental consent.
1.6 Personal data collected by Goodfor.app includes, but is not limited to, names or nicknames, email addresses, date of birth or age information, allergy or sensitivity information, product preferences or histories, device or usage data, and payment or subscription information. In certain cases, we may process health-related data, such as allergies or sensitivities, with appropriate safeguards.
1.7 We collect personal data directly from users and automatically through app usage, including device information, activity logs, and analytics. We also use cookies, web beacons, and similar tracking technologies to enhance user experience and app functionality.
1.8 Goodfor.app does not share personal data with external third parties. All data is stored within the UK or EEA and is accessible only to authorised personnel within The GoodFor Company, including management, analytics, customer support, and product or engineering teams.
1.9 Users’ personal data is retained for as long as their account remains active. Upon account deletion, data is anonymised to prevent identification. We implement robust security measures, including encryption, pseudonymisation, access controls, and regular security testing, to protect user data.
1.10 Users have rights under applicable data protection laws, including the right to rectification, restriction, erasure, and objection. Requests to exercise these rights can be submitted via email to our privacy contact at hello@goodfor.app.
1.11 This Privacy Policy is reviewed annually and may be updated to reflect changes in legal requirements or our data practices. Users will be notified of significant updates via a notice on our website.
1.12 For privacy-related inquiries or complaints, users may contact our Data Protection Officer or privacy lead at hello@goodfor.app. Complaints may also be directed to the UK Information Commissioner’s Office (ICO) if concerns are not resolved satisfactorily.
1.13 By using Goodfor.app, users acknowledge and accept the practices described in this Privacy Policy.
2.1 This Privacy Policy applies to all users of the Goodfor.app mobile application and website, including individuals and families who use the service to scan product barcodes, create profiles, and receive personalised product insights.
2.2 The policy governs the collection, use, storage, and protection of personal data processed by GoodFor Company in connection with the operation of Goodfor.app, regardless of the user’s country of residence or location.
2.3 This policy is applicable to the following categories of data subjects:
a) Registered users of Goodfor.app, including adults, parents, guardians, and children (with appropriate parental consent where required).
b) Individuals whose personal data is provided by another user (e.g., a parent creating a profile for a child or family member).
c) Visitors to the Goodfor.app website, including those who interact with cookies, web beacons, or other tracking technologies.
2.4 The policy covers all personal data collected, processed, or stored by GoodFor Company through the Goodfor.app platform, including but not limited to names, email addresses, dates of birth, allergy and sensitivity information, product preferences, device and usage data, and payment or subscription details.
2.5 This policy applies to all features and functionalities of Goodfor.app, including profile creation, personalised recommendations, allergy and sensitivity tracking, analytics, marketing communications, and subscription management.
2.6 The policy extends to all processing activities carried out by GoodFor Company staff, including management, analytics, customer support, and product or engineering teams, who may access or handle personal data as part of their roles.
2.7 The policy applies to personal data processed within the United Kingdom and the European Economic Area (EEA), and is designed to comply with applicable privacy laws and regulations, including UK GDPR, Data Protection Act 2018, EU GDPR, COPPA, and CCPA.
2.8 The policy also applies to the processing of special category data, such as health information (e.g., allergies, sensitivities), and outlines the additional safeguards in place for such data.
2.9 This policy does not apply to third-party websites or services that may be linked to or integrated with Goodfor.app, such as product retailer sites, ingredient reference sources, or third-party authentication systems. Users are encouraged to review the privacy policies of those third parties separately.
2.10 The policy is binding on all users of Goodfor.app, and continued use of the service constitutes acceptance of its terms. Users who do not agree with the policy should discontinue use of the app and website.
2.11 GoodFor Company reserves the right to update or amend this policy from time to time. Users will be notified of material changes via an update notice on the website.
3.1 The data controller responsible for the processing of personal data in connection with the use of Goodfor.app is The GoodFor Company, registered at 128 City Road, London, United Kingdom, EC1V 2NX.
3.2 The GoodFor Company determines the purposes and means of processing personal data collected through the Goodfor.app website and mobile applications, in accordance with applicable data protection laws including the UK GDPR, Data Protection Act 2018, EU GDPR, COPPA, and CCPA.
3.3 For all privacy-related inquiries, including requests to exercise data subject rights, questions about this policy, or concerns regarding the handling of personal data, users may contact the company’s designated Data Protection Officer (DPO) or privacy lead at hello@goodfor.app.
3.4 The GoodFor Company is committed to responding to privacy inquiries and requests in a timely and transparent manner, and will provide information or take action as required by law.
3.5 Users may also contact the company by post at the registered address: 128 City Road, London, United Kingdom, EC1V 2NX.
3.6 If users are not satisfied with the company’s response to a privacy inquiry or complaint, they have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or the relevant supervisory authority in their jurisdiction.
3.7 The GoodFor Company processes personal data of users worldwide, and ensures that all processing activities comply with the highest applicable standards of data protection and privacy.
3.8 The company maintains internal procedures to ensure that only authorised personnel, including management, analytics, customer support, and product or engineering teams, have access to personal data strictly on a need-to-know basis.
3.9 The GoodFor Company does not share personal data with external third parties, and all data remains within the UK or EEA unless otherwise required by law.
3.10 Users may submit privacy-related complaints or requests for information by email to hello@goodfor.app, and will be provided with guidance on how to exercise their rights under applicable data protection laws.
4.1 GoodFor.app collects a range of personal data to provide tailored product insights, ensure safe and appropriate use for all family members, and comply with applicable legal requirements. The types of personal data collected may include, but are not limited to, the following:
◦ Full names, nicknames, or other identifiers provided by users.
◦ Email addresses or user login credentials necessary for account creation, authentication, and communication.
◦ Date of birth or age information for each profile, used to tailor product recommendations and ensure age-appropriate guidance.
◦ Relationship to other profiles (e.g., parent, child, sibling) where provided, to support family account management.
◦ Allergy, sensitivity, or health-related information entered by users to enable personalised risk assessments and product suitability analysis.
◦ Product preferences, search histories, and product scan records to enhance user experience and provide relevant recommendations.
◦ Device identifiers, operating system details, app version, and usage analytics automatically collected to support app functionality, security, and performance monitoring.
◦ IP address, device location (where enabled), and log data for security, troubleshooting, and compliance purposes.
◦ Payment details, transaction records, and subscription status for users who purchase premium features or services.
◦ Personal data relating to children under 16, including age, health, and allergy information, is collected only with verified parental consent in accordance with applicable laws.
◦ Cookies, web beacons, and similar technologies are used on the website and app to collect information about user interactions, preferences, and device usage, supporting analytics, security, and user experience improvements.
4.10 GoodFor.app does not collect personal data beyond what is necessary for the purposes described in this policy. Users are encouraged to provide only the information required for safe and effective use of the service.
5.1 GoodFor.app collects personal data using a combination of direct and automated methods to ensure the effective delivery of personalised product insights and services to users, including children and families.
5.2 Data is collected directly from users when they:
5.3 Data is collected automatically through users’ interaction with the app and website, including:
5.4 GoodFor.app may collect data from children under 16 only with verified parental consent, in accordance with applicable laws and the app’s parental consent procedures.
5.5 Data may also be collected when users interact with integrated third-party services, such as logging in via authentication providers or accessing links to product retailers and ingredient reference sources. In such cases, only the minimum necessary data is shared or received, and users are notified where applicable.
5.6 All data collection activities are conducted in compliance with UK GDPR, EU GDPR, COPPA, and CCPA, and are limited to what is necessary for the purposes outlined in this policy.
5.7 Users are informed of data collection practices at the point of data entry and through this Privacy Policy. Where required, explicit consent is obtained before collecting or processing personal or sensitive data.
6.1 GoodFor Company processes personal data for a range of purposes necessary to deliver, maintain, and improve the Goodfor.app service, as well as to comply with legal obligations and support user rights. The lawful bases for such processing are determined in accordance with the UK GDPR, Data Protection Act 2018, EU GDPR, COPPA, and CCPA, as applicable.
6.2 The primary purposes for which personal data is processed include:
6.3 The lawful bases relied upon for processing personal data are as follows:
a) Consent: Obtained for processing special category data (such as health information), marketing communications, and for users under the age of 16, including verified parental consent where required.
b) Contract: Processing necessary for the performance of a contract with the user, including account management, service delivery, and provision of personalised insights.
c) Legal obligation: Processing required to comply with applicable laws and regulations, including data protection, children’s privacy, and consumer rights legislation.
d) Legitimate interests: Processing for purposes such as service improvement, analytics, security, and fraud prevention, provided such interests are not overridden by users’ rights and interests.
6.4 Automated decision-making and profiling are used to tailor product recommendations and risk assessments to individual profiles. Such processing is subject to appropriate safeguards, including the right to request human intervention or to contest decisions.
6.5 GoodFor Company does not share personal data with external third parties and does not transfer data outside the UK or EEA. All processing is conducted in accordance with applicable data protection laws and the principles of fairness, transparency, and data minimisation.
7.1 GoodFor.app processes certain types of special category data, specifically health information such as allergies and sensitivities, in order to provide personalised product insights and safety recommendations for users and their families.
7.2 The processing of health information is conducted in strict compliance with applicable data protection laws, including UK GDPR, EU GDPR, and the Data Protection Act 2018, which require enhanced safeguards for special category data.
7.3 Health information is collected directly from users when they create or update profiles, and may include details about allergies, intolerances, sensitivities, and other relevant health-related preferences necessary for the app’s core functionality.
7.4 The lawful bases for processing health information are:
a) Explicit consent, which is obtained from users (or from parents/guardians for users under 16) prior to the collection and use of health information.
b) Contractual necessity, where processing is required to deliver personalised insights and recommendations as part of the app’s services.
7.5 Health information is used exclusively for the following purposes:
a) Providing tailored product recommendations and risk alerts based on individual and family member profiles.
b) Highlighting allergen risks and ingredient sensitivities relevant to each user.
c) Supporting parental controls and consent management for children’s profiles.
7.6 Health information is not shared with any external third parties and is only accessible to authorised personnel within GoodFor Company who require access for the purposes of service delivery, support, or compliance.
7.7 All health information is protected by robust security measures, including encryption at rest and in transit, access controls, and regular security testing, to prevent unauthorised access, loss, or misuse.
7.8 Users may update, correct, or delete health information at any time via their account settings or by contacting the privacy team at hello@goodfor.app. Upon account deletion, health information is promptly anonymised to prevent identification.
7.9 Where health information relates to children under 16, GoodFor.app requires verifiable parental consent before processing such data. Standard procedures are in place to obtain and confirm parental authorisation in accordance with legal requirements.
7.10 GoodFor.app conducts regular reviews of its processing activities involving health information to ensure ongoing compliance with legal obligations and best practices for data protection.
8.1 GoodFor.app utilises automated decision-making and profiling to deliver personalised product insights, risk assessments, and recommendations tailored to each user and their family members. These processes are essential to the core functionality of the application, enabling users to receive relevant, age-appropriate, and sensitivity-specific information about scanned products.
8.2 Automated decision-making refers to decisions made solely by automated means, without human involvement, that have legal or similarly significant effects on users. Profiling involves the automated processing of personal data to evaluate certain personal aspects, such as health sensitivities, age, or preferences, to provide tailored product guidance.
8.3 The types of automated decision-making and profiling conducted by GoodFor.app include:
a) Assessing product suitability for individual users based on age, allergies, sensitivities, and stated preferences.
b) Flagging products as not recommended or highlighting potential risks (such as allergens or age-inappropriate ingredients) according to the user profile.
c) Generating contextual product scores that adapt depending on the selected profile, ensuring that recommendations are relevant for babies, children, teens, or adults.
d) Providing alerts or warnings where products may pose heightened risks to sensitive individuals or children, based on automated analysis of ingredient data.
8.4 The lawful bases for these activities are consent (where required), the performance of a contract (provision of personalised services), legal obligations (such as compliance with child data protection laws), and legitimate interests (improving user experience and safety).
8.5 GoodFor.app does not use automated decision-making to make decisions that produce legal or similarly significant effects on users without appropriate safeguards. Where required by law, users (or their parents/guardians, for children under 16) will be informed of the use of such processes and provided with meaningful information about the logic involved, as well as the significance and potential consequences of the processing.
8.6 Users have the right to request human intervention, express their point of view, and contest decisions made solely by automated means. Requests can be submitted by email to the privacy contact provided in this policy.
8.7 GoodFor.app implements robust technical and organisational measures to ensure the fairness, accuracy, and transparency of automated decision-making and profiling, including regular testing, validation, and review of algorithms and data sources.
8.8 Automated decision-making and profiling processes are designed to minimise risks to users, particularly children and sensitive individuals, and to comply with all applicable data protection laws, including the UK GDPR, EU GDPR, COPPA, and CCPA.
8.9 No automated decisions are made that would result in the denial of access to the app or its core features based solely on profiling or automated analysis.
8.10 If any changes are made to the automated decision-making or profiling processes that materially affect users, GoodFor.app will provide clear notice and, where required, obtain renewed consent.
9.1 GoodFor.app uses cookies, web beacons, and similar tracking technologies on its website and mobile applications to enhance user experience, provide core functionality, and support analytics and security.
9.2 Cookies and tracking technologies are used for the following purposes:
a) To enable essential features such as secure logins, user authentication, and account management.
b) To remember user preferences, including language, accessibility settings, and profile selections for different family members.
c) To facilitate personalised product insights and recommendations based on user profiles, age, sensitivities, and preferences.
d) To monitor and analyse app and website usage, performance, and trends, supporting service improvement and troubleshooting.
e) To support marketing communications, including the delivery of relevant updates and offers, subject to user consent where required.
9.3 Types of cookies and tracking technologies used include:
a) Strictly necessary cookies required for the operation of the website and app.
b) Performance and analytics cookies to collect aggregated, anonymised data on usage patterns.
c) Functionality cookies to remember user choices and enhance personalisation.
d) Web beacons and similar technologies to track engagement with communications and app features.
9.4 Where required by law, GoodFor.app obtains user consent for the use of non-essential cookies and provides clear options to manage cookie preferences. Users can adjust their cookie settings at any time via the app or website settings.
9.5 Most web browsers and mobile devices allow users to control cookies through their settings. Disabling certain cookies may affect the functionality and performance of the app or website.
9.6 GoodFor.app does not use cookies or tracking technologies to collect personal data for third-party advertising or to share user data with external parties.
9.7 Information collected through cookies and tracking technologies is retained only as long as necessary for the purposes described and is subject to the same security and privacy protections as other personal data processed by GoodFor.app.
9.8 For further information about the use of cookies and tracking technologies, or to exercise your rights regarding personal data, users may contact the privacy team at hello@goodfor.app.
10.1 The GoodFor Company is committed to ensuring that all personal data collected and processed through Goodfor.app is accessed and handled internally in accordance with applicable data protection laws, including UK GDPR, EU GDPR, COPPA, and CCPA.
10.2 Access to users’ personal data is strictly limited to authorised personnel within the organisation, specifically management and leadership, analytics and data science staff, customer support staff, and product or engineering teams, and only to the extent necessary for the performance of their duties.
10.3 All staff with access to personal data are required to undergo regular data protection and privacy training to ensure ongoing compliance with legal and regulatory obligations.
10.4 Internal access to personal data is governed by robust access controls and authentication measures, including role-based permissions, secure logins, and regular review of access rights to ensure that only those with a legitimate business need can view or process user data.
10.5 Personal data is handled in accordance with the principles of data minimisation and purpose limitation, ensuring that only the minimum necessary data is accessed and processed for the intended purposes, such as account management, personalised insights, allergy and sensitivity tracking, service delivery, analytics, and customer support.
10.6 Special category data, such as health information relating to allergies or sensitivities, is subject to enhanced internal handling procedures, including additional access restrictions and pseudonymisation or anonymisation where appropriate.
10.7 All personal data is protected by technical and organisational security measures, including encryption at rest and in transit, regular security testing, and incident response protocols.
10.8 Internal data handling procedures include regular audits and monitoring to detect and address any unauthorised access, misuse, or potential data breaches.
10.9 In the event of a data breach or suspected breach, The GoodFor Company will follow its incident detection and response plan, including prompt investigation, mitigation, and notification to affected users and relevant authorities as required by law.
10.10 Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, and is anonymised upon account deletion in accordance with the company’s data retention and deletion policy.
10.11 All internal handling of personal data is subject to regular review and continuous improvement to ensure ongoing compliance with evolving legal requirements and best practices.
11.1 The GoodFor Company is committed to protecting the privacy and security of all personal data processed through Goodfor.app. This section outlines our approach to data sharing and the transfer of personal data across borders, in compliance with applicable data protection laws including the UK GDPR, EU GDPR, COPPA, and CCPA.
11.2 Goodfor.app does not share users’ personal data with any external third parties for commercial, marketing, or analytics purposes. Access to personal data is strictly limited to authorised personnel within the GoodFor Company, including management, analytics and data science staff, customer support, and product or engineering teams, solely for the purposes described in this policy.
11.3 All personal data collected and processed by Goodfor.app is stored and maintained within the United Kingdom or the European Economic Area (EEA). No personal data is transferred, stored, or processed outside these jurisdictions.
11.4 Where it is necessary to use third-party service providers (such as cloud hosting, authentication, or payment processors), GoodFor Company ensures that such providers are located within the UK or EEA and are contractually bound to comply with applicable data protection standards. These providers are not permitted to use personal data for their own purposes.
11.5 In the event that a future need arises to transfer personal data outside the UK or EEA, GoodFor Company will ensure that such transfers are conducted in accordance with applicable legal requirements. This includes implementing appropriate safeguards, such as the use of standard contractual clauses or reliance on adequacy decisions, and providing clear notice to users.
11.6 Goodfor.app does not sell, rent, or otherwise disclose personal data to any third parties, except as required by law, regulation, or valid legal process. Where disclosure is legally required, users will be notified unless prohibited by law.
11.7 All data transfers, whether internal or external, are subject to strict access controls, encryption, and audit procedures to ensure the ongoing confidentiality, integrity, and availability of personal data.
11.8 GoodFor Company regularly reviews its data sharing and transfer practices as part of its annual privacy policy review process, and updates this section to reflect any changes in law, technology, or business operations.
11.9 Users may contact the privacy team at hello@goodfor.app with any questions or concerns regarding data sharing or international transfers. Complaints may also be directed to the UK Information Commissioner’s Office (ICO) if concerns are not resolved satisfactorily.
12.1 The GoodFor Company is committed to retaining personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to support the ongoing provision of the Goodfor.app service.
12.2 Personal data associated with user accounts, including names, email addresses, date of birth, allergy and sensitivity information, product preferences, device data, and payment or subscription details, will be retained for the duration of the user’s active account.
12.3 Upon account deletion by the user, all personal data will be promptly anonymised so that it can no longer be linked to any identifiable individual. Anonymised data may be retained for analytical, statistical, or service improvement purposes, in accordance with applicable data protection laws.
12.4 Where data is required to be retained for a longer period due to legal, regulatory, or contractual obligations (such as for tax, accounting, or fraud prevention purposes), such data will be securely stored and access will be strictly limited to authorised personnel only.
12.5 The Company implements robust technical and organisational measures to ensure the secure storage, handling, and deletion of personal data, including encryption, access controls, and regular security reviews.
12.6 Users may request the deletion of their personal data at any time by contacting the privacy team at hello@goodfor.app. Requests will be processed in accordance with applicable laws and the user will be notified upon completion of the deletion process.
12.7 Where parental consent is required for users under the age of 16, all associated personal data will be deleted or anonymised upon withdrawal of consent or account deletion, subject to any overriding legal obligations.
12.8 Data minimisation principles are applied throughout the data lifecycle, ensuring that only the minimum necessary personal data is retained and that data is securely deleted when no longer required.
12.9 Regular reviews of data retention practices are conducted to ensure ongoing compliance with the UK GDPR, Data Protection Act 2018, EU GDPR, COPPA, and CCPA, as well as any other applicable data protection regulations.
12.10 In the event of a data breach involving retained or deleted data, the Company will follow its incident response procedures, including user and regulator notification where required by law.
12.11 Users have the right to request information about the retention and deletion of their personal data, and to exercise their rights to rectification, restriction, erasure, or objection by contacting the privacy team.
13.1 The GoodFor Company is committed to safeguarding the personal data of all users of Goodfor.app, including children and families, by implementing robust technical and organisational security measures in accordance with applicable data protection laws, including UK GDPR, EU GDPR, COPPA, and CCPA.
13.2 All personal data, including sensitive health information such as allergies and sensitivities, is protected using industry-standard encryption both at rest and in transit to prevent unauthorised access, disclosure, alteration, or destruction.
13.3 Access to personal data is strictly limited to authorised personnel within The GoodFor Company, including management, analytics, customer support, and product or engineering teams, and is governed by role-based access controls and regular access reviews.
13.4 Pseudonymisation and anonymisation techniques are applied where appropriate, particularly when data is used for analytics or after account deletion, to minimise the risk of re-identification.
13.5 Data minimisation principles are observed, ensuring that only the minimum necessary personal data is collected, processed, and retained for the purposes outlined in this Privacy Policy.
13.6 User authentication and secure login procedures are enforced, including password requirements and, where available, integration with secure third-party authentication systems.
13.7 Regular security testing, including vulnerability assessments and penetration testing, is conducted to identify and address potential security risks in the Goodfor.app platform and supporting infrastructure.
13.8 The GoodFor Company maintains a comprehensive incident detection and response plan to promptly identify, investigate, and mitigate any suspected or actual data breaches.
13.9 In the event of a data breach affecting users’ personal data, affected users and, where required, relevant supervisory authorities such as the UK Information Commissioner’s Office (ICO) will be notified in accordance with legal obligations.
13.10 All data processing activities are subject to ongoing monitoring and review to ensure continued compliance with legal, regulatory, and contractual requirements.
13.11 Staff with access to personal data receive regular training on data protection, information security, and privacy best practices to ensure a high standard of awareness and compliance.
13.12 The GoodFor Company does not transfer personal data outside the UK or EEA. All data is stored and processed within secure, compliant data centres located in these jurisdictions.
13.13 Users are encouraged to report any suspected security vulnerabilities or incidents to the privacy contact at hello@goodfor.app for prompt investigation and resolution.
14.1 The GoodFor Company is committed to maintaining the security and confidentiality of all personal data processed through Goodfor.app. In accordance with applicable data protection laws, including the UK GDPR, EU GDPR, and other relevant regulations, the following procedures apply in the event of a data breach involving personal data.
14.2 A data breach is defined as any incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed by Goodfor.app.
14.3 The Company maintains a documented incident detection and response plan to promptly identify, assess, and manage suspected or confirmed data breaches. All staff are required to report any actual or suspected data breach to the Data Protection Officer or designated privacy lead without undue delay.
14.4 Upon notification of a potential breach, the Company will:
a) Initiate an immediate investigation to determine the nature, scope, and impact of the breach, including the categories and volume of personal data affected.
b) Take appropriate steps to contain the breach, mitigate risks, and prevent further unauthorised access or disclosure.
c) Document all relevant facts, actions taken, and decisions made throughout the breach management process.
d) Assess whether the breach is likely to result in a risk to the rights and freedoms of affected individuals.
14.5 Where required by law, the Company will notify the relevant supervisory authority (such as the UK Information Commissioner’s Office) of the breach without undue delay and, where feasible, within 72 hours of becoming aware of it.
14.6 If the breach is likely to result in a high risk to the rights and freedoms of users, the Company will notify affected individuals as soon as practicable, providing clear information about the nature of the breach, the data involved, potential consequences, and recommended steps to protect themselves.
14.7 The Company will cooperate fully with regulatory authorities and provide all required information regarding the breach and remedial actions taken.
14.8 Following a breach, the Company will review and, where necessary, update its security measures, policies, and staff training to prevent recurrence.
14.9 All breach incidents, regardless of severity, will be recorded in the Company’s data breach register, including details of the incident, investigation, notifications, and outcomes.
14.10 Users may contact the Company’s privacy contact at hello@goodfor.app for further information regarding any data breach affecting their personal data.
15.1 GoodFor Company is committed to protecting the privacy of children who use Goodfor.app, in accordance with applicable data protection laws, including UK GDPR, EU GDPR, the Data Protection Act 2018, the Children’s Online Privacy Protection Act (COPPA), and other relevant regulations.
15.2 Goodfor.app is designed for use by individuals and families, including children of all ages. We recognise the heightened need for safeguarding children’s personal data and provide additional protections for users under the age of 16.
15.3 We require verifiable parental consent before collecting, using, or processing any personal data from children under the age of 16. This includes, but is not limited to, names or nicknames, date of birth or age information, allergy or sensitivity information, and product preferences.
15.4 The process for obtaining parental consent involves:
a) Requesting a parent or legal guardian to provide their email address during the child’s account or profile creation process.
b) Sending a notification to the parent or legal guardian with information about the data to be collected, the purposes of processing, and a request for consent.
c) Requiring the parent or legal guardian to provide explicit consent by confirming their identity and agreeing to the processing of the child’s data before the child’s profile is activated.
d) If parental consent is not obtained, the child’s profile will not be activated and no personal data will be processed.
15.5 Parents and legal guardians have the right to review, update, or request deletion of their child’s personal data at any time by contacting our privacy team at hello@goodfor.app.
15.6 We do not knowingly collect or process personal data from children under the age of 16 without verifiable parental consent. If we become aware that such data has been collected without appropriate consent, we will take prompt steps to delete or anonymise the data.
15.7 Children aged 16 or over may use Goodfor.app and provide their own consent for data processing, subject to the same rights and protections as adult users.
15.8 All personal data collected from children is subject to the same security measures, retention periods, and data subject rights as set out elsewhere in this Privacy Policy.
15.9 We encourage parents and guardians to supervise their children’s use of Goodfor.app and to contact us with any questions or concerns regarding children’s privacy.
16.1 GoodFor Company is committed to upholding the rights of all users under applicable data protection laws, including the UK GDPR, EU GDPR, CCPA, and COPPA, as relevant to the operation of Goodfor.app. Users are entitled to exercise the following rights in relation to their personal data processed by Goodfor.app:
16.2 To exercise any of the above rights, users should submit their request by email to hello@goodfor.app. Requests will be acknowledged and processed in accordance with applicable legal requirements, and users may be asked to provide information to verify their identity before actioning any request.
16.3 For users under the age of 16, parental consent is required for the collection and processing of personal data. Parents or legal guardians may exercise data subject rights on behalf of their children by contacting the privacy team. Goodfor.app follows standard industry procedures to verify parental consent, including email confirmation and, where necessary, additional verification steps.
16.4 GoodFor Company is committed to responding to all data subject rights requests within one month of receipt, or within any extended period permitted by law where requests are complex or numerous. Users will be informed of any such extension and the reasons for delay.
16.5 The exercise of certain rights may be subject to legal limitations or exemptions. Where Goodfor.app is unable to comply with a request, users will be provided with a clear explanation of the reasons and informed of their right to escalate the matter to the ICO or another supervisory authority.
17.1 As a user of Goodfor.app, you have a range of rights under applicable data protection laws, including the UK GDPR, EU GDPR, CCPA, and COPPA, in relation to your personal data. We are committed to ensuring that you can exercise these rights in a clear, accessible, and timely manner.
17.2 You may exercise your rights by contacting our privacy team at hello@goodfor.app. Requests will be acknowledged promptly and processed in accordance with statutory timeframes, typically within one month of receipt, unless an extension is permitted by law.
17.3 The rights available to you include:
a) Right to access: You may request confirmation as to whether we process your personal data and, if so, obtain a copy of your data and information about how it is used.
b) Right to rectification: You may request correction of inaccurate or incomplete personal data we hold about you.
c) Right to erasure: You may request deletion of your personal data in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.
d) Right to restrict processing: You may request that we restrict the processing of your personal data in certain situations, for example, while we verify the accuracy of your data or consider an objection you have raised.
e) Right to object: You may object to our processing of your personal data where we rely on legitimate interests or where your data is processed for direct marketing purposes.
f) Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller.
g) Right to withdraw consent: Where processing is based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
17.4 For users under the age of 16, or where parental consent is required, parents or legal guardians may exercise these rights on behalf of their children by contacting us using the details provided above.
17.5 We may need to verify your identity before fulfilling your request, to protect your privacy and security. This may involve requesting additional information or documentation.
17.6 If you are dissatisfied with our response or handling of your request, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.
17.7 Exercising your rights is free of charge. However, we reserve the right to charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive, as permitted by law.
18.1 GoodFor.app may provide links to external websites, services, or resources, including product retailer websites, ingredient or allergen reference sources, and third-party login or authentication systems. These third-party links and integrations are offered for user convenience and to enhance the functionality of the application.
18.2 Users are advised that when accessing third-party websites or services via GoodFor.app, the privacy practices and terms of those third parties will apply. GoodFor.app does not control, endorse, or assume responsibility for the content, privacy policies, or practices of any third-party websites or services.
18.3 Users are encouraged to review the privacy policies and terms of use of any third-party websites or services before providing personal data or engaging with their features.
18.4 GoodFor.app does not share users’ personal data with third-party websites or services when users follow external links or use third-party integrations, unless explicitly stated and with user consent.
18.5 Where GoodFor.app integrates with third-party authentication or login systems (such as social media or single sign-on providers), only the minimum necessary information required to facilitate authentication will be processed, and such processing will be subject to the privacy policy of the relevant third-party provider.
18.6 GoodFor.app is not responsible for any personal data that users choose to provide directly to third-party websites or services. Any data provided in this manner is subject to the third party’s privacy and data protection practices.
18.7 GoodFor.app regularly reviews the third-party links and integrations offered within the application to ensure they remain relevant, secure, and appropriate for users, including children and families.
18.8 If a third-party link or integration is found to present a risk to user privacy or security, GoodFor.app will take reasonable steps to remove or disable access to such third-party content as soon as practicable.
18.9 Users may contact GoodFor.app’s privacy contact for further information about third-party links and integrations, or to report concerns regarding any third-party content accessible via the application.
18.10 This section is reviewed annually as part of GoodFor.app’s privacy policy review process, and may be updated to reflect changes in third-party relationships, legal requirements, or user expectations.
19.1 This Privacy Policy is reviewed and updated by GoodFor Company on an annual basis, or more frequently if required by changes in applicable law, regulatory guidance, or business practices.
19.2 Users will be notified of any material changes to this Privacy Policy through a clear and prominent update notice posted on the Goodfor.app website. Where changes are significant or impact users’ rights or the way personal data is processed, additional notice may be provided via email or in-app notification, where appropriate.
19.3 The updated Privacy Policy will indicate the date of the most recent revision at the top of the document. Users are encouraged to review the Privacy Policy periodically to remain informed about how their personal data is collected, used, and protected.
19.4 Continued use of Goodfor.app following the publication of an updated Privacy Policy constitutes acceptance of the revised terms. If users do not agree to the changes, they should discontinue use of the service and may request account deletion in accordance with their data subject rights.
19.5 GoodFor Company is committed to transparency regarding privacy practices. Users may contact the privacy lead or data protection officer at hello@goodfor.app with any questions or concerns about policy updates or their implications.
19.6 In the event of updates required by law or regulatory authorities, GoodFor Company will implement such changes promptly and notify users as required to ensure ongoing compliance with UK GDPR, EU GDPR, COPPA, CCPA, and other applicable regulations.
19.7 Where updates relate to the processing of children’s data or parental consent procedures, GoodFor Company will take additional steps to inform parents or guardians, as appropriate, and obtain renewed consent if necessary.
19.8 Users may submit privacy-related complaints or concerns regarding policy updates to hello@goodfor.app. If users are dissatisfied with the response, they may escalate their complaint to the UK Information Commissioner’s Office (ICO) or the relevant supervisory authority in their jurisdiction.
19.9 GoodFor Company maintains records of all previous versions of the Privacy Policy and will provide copies upon request to ensure transparency and accountability.
20.1 GoodFor Company is committed to upholding the highest standards of data protection and privacy for all users of Goodfor.app. We take all privacy-related concerns seriously and provide clear procedures for users to raise complaints or concerns regarding the handling of their personal data.
20.2 Users may submit privacy-related complaints, questions, or requests by contacting our Data Protection Officer or privacy team at hello@goodfor.app. We encourage users to provide as much detail as possible to assist in the prompt and thorough investigation of their concerns.
20.3 Upon receipt of a complaint, GoodFor Company will:
a) Acknowledge receipt of the complaint within a reasonable timeframe, typically within five (5) business days.
b) Investigate the complaint promptly and impartially, gathering relevant facts and evidence as necessary.
c) Communicate the outcome of the investigation to the complainant, including any steps taken to address the issue or prevent recurrence.
d) Where appropriate, offer remedies or corrective actions, such as data rectification, restriction, or erasure.
20.4 If a user is dissatisfied with our response or believes that their data protection rights have not been adequately addressed, they have the right to lodge a complaint with the relevant supervisory authority.
20.5 For users in the United Kingdom, the supervisory authority is the Information Commissioner’s Office (ICO). The ICO can be contacted as follows:
a) Website: https://ico.org.uk/
b) Telephone: 0303 123 1113
c) Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
20.6 Users located outside the United Kingdom may have the right to contact their local data protection authority, depending on their jurisdiction.
20.7 GoodFor Company will cooperate fully with the ICO or any other relevant supervisory authority in the investigation and resolution of privacy complaints.
20.8 We are committed to continuous improvement of our privacy practices and welcome feedback from users to help us enhance our services and data protection measures.
21.1 These Additional Provisions apply to the processing of personal data by GoodFor Company in connection with the use of Goodfor.app and supplement the main terms of this Privacy Policy.
21.2 Severability. If any provision of this Privacy Policy is found to be invalid, unlawful, or unenforceable by a court or competent authority, such provision shall be deemed severed from the remainder of the policy, which shall remain in full force and effect.
21.3 Governing Law. This Privacy Policy and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of England and Wales, unless otherwise required by applicable data protection laws.
21.4 Changes to the Policy. GoodFor Company reviews and updates this Privacy Policy annually or as required by changes in law or business practices. Users will be notified of material changes via an update notice on the website. Continued use of Goodfor.app after such updates constitutes acceptance of the revised policy.
21.5 Third-Party Links and Integrations. Goodfor.app may contain links to third-party websites, such as product retailers or ingredient reference sources, and may integrate with third-party authentication systems. GoodFor Company is not responsible for the privacy practices or content of such third parties. Users are encouraged to review the privacy policies of any third-party services accessed through Goodfor.app.
21.6 Parental Consent for Children. Where personal data is collected from children under the age of 16, GoodFor Company requires verifiable parental consent before account creation. Standard procedures include requesting a parent or legal guardian’s email address, sending a consent request, and requiring confirmation before the child’s profile is activated. If parental consent is not obtained, the child’s data will not be processed and the account will not be created.
21.7 Complaints and Supervisory Authority. Users may submit privacy-related complaints or concerns to GoodFor Company via the support or privacy contact email. If users are dissatisfied with the response, they have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or the relevant supervisory authority in their jurisdiction.
21.8 No Waiver. Failure by GoodFor Company to enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision.
21.9 Entire Agreement. This Privacy Policy constitutes the entire agreement between users and GoodFor Company regarding the processing of personal data in connection with Goodfor.app, superseding any prior agreements or understandings.
21.10 Contact. For any questions, requests, or concerns regarding this Privacy Policy or the processing of personal data, users may contact GoodFor Company at hello@goodfor.app.