Privacy Policy

Last Updated: 16 November 2025

1. Introduction

SoftSpec ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our food safety and quality management platform ("Service").

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection legislation in the United Kingdom and European Union.

Data Controller: SoftSpec Limited, registered in England and Wales.
Contact: For privacy-related enquiries, please contact us via our support form.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when you:

  • Register for an account (name, email address, company name, phone number)
  • Use our Service (food specifications, supplier data, product information)
  • Communicate with us (support tickets, enquiries, feedback)
  • Subscribe to our marketing communications

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent on platform)
  • Log data (access times, errors, performance metrics)
  • Cookies and similar tracking technologies (see Section 8)

2.3 Business Data

As part of our Service, you may upload business-critical data including food specifications, supplier information, certifications, recipes, and supply chain data. This data remains your property and is processed solely to provide our Service to you.

3. How We Use Your Information

We process your personal data on the following legal bases:

3.1 Contract Performance

To provide and maintain our Service:

  • Account creation and management
  • Service delivery and functionality
  • Customer support and communication
  • Billing and payment processing

3.2 Legitimate Interests

For our business operations:

  • Improving and optimising our Service
  • Security monitoring and fraud prevention
  • Analytics and performance measurement
  • Internal business administration

3.3 Consent

With your explicit consent:

  • Marketing communications and newsletters
  • Non-essential cookies and tracking
  • Participation in surveys and feedback programmes

3.4 Legal Obligations

To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who process data on our behalf:

  • Cloud hosting providers (data storage and infrastructure)
  • Payment processors (subscription and transaction handling)
  • Email service providers (communications and notifications)
  • Analytics providers (usage analysis and improvement)

All service providers are contractually bound to protect your data and process it only as instructed by us.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Respond to valid legal requests from public authorities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained for the duration of your account plus 6 years for legal and accounting purposes
  • Business Data: Retained according to your subscription terms, deleted within 30 days of account termination unless otherwise requested
  • Marketing Data: Retained until you withdraw consent or request deletion
  • Log Data: Typically retained for 12 months for security and troubleshooting purposes

6. Your Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

6.1 Right of Access

Request a copy of the personal data we hold about you.

6.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

6.3 Right to Erasure

Request deletion of your personal data in certain circumstances.

6.4 Right to Restriction of Processing

Request that we limit the processing of your personal data.

6.5 Right to Data Portability

Request transfer of your data to another service provider in a structured, commonly used format.

6.6 Right to Object

Object to processing of your personal data based on legitimate interests or for direct marketing purposes.

6.7 Right to Withdraw Consent

Withdraw your consent at any time where processing is based on consent.

6.8 Right to Lodge a Complaint

Lodge a complaint with the Information Commissioner's Office (ICO):

ICO Website: https://ico.org.uk
Telephone: 0303 123 1113

To exercise any of these rights, please contact us via our support form. We will respond to your request within one month.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery planning

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and personalise content.

8.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the Service to function (authentication, security, session management)
  • Performance Cookies: Collect information about how you use our Service (analytics, error tracking)
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Track your activity for advertising purposes (only with your consent)

8.2 Managing Cookies

You can control cookies through:

  • Our cookie consent banner (displayed on first visit)
  • Your browser settings (block or delete cookies)
  • Opting out of third-party analytics tools

Note that disabling essential cookies may affect the functionality of our Service.

9. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and European Economic Area (EEA).

If we transfer your data outside the UK/EEA, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Binding Corporate Rules
  • Other appropriate safeguards as recognised by UK GDPR

10. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

  • Posting a prominent notice on our Service
  • Sending an email to the address associated with your account
  • Updating the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes indicates your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SoftSpec Limited

Data Protection Enquiries

Submit a Support Ticket

We aim to respond to all data protection enquiries within 30 days.

Back to Home