Bomdiu

Privacy Policy

Effective Date: 2025-06-01

1. Introduction

This Privacy Policy ("Policy") delineates the principles and procedures governing the collection, processing, storage, and protection of Personal Data by Bomdiu ("we," "us," or "our"). This Policy applies to all users of the Bomdiu platform, including but not limited to food distributors, suppliers, restaurants, cafeterias, bars, and other food establishments (collectively, "Users," "you," or "your").

Our services are intended for business-to-business (B2B) transactions. By accessing or utilizing the Bomdiu platform, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

2. Data Controller

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the Data Controller is Bomdiu. For any data protection inquiries, please refer to the contact details provided in Section 12 of this Policy.

3. Information We Collect

We collect and process Personal Data in the course of providing our services. The types of data we collect are strictly limited to what is necessary for the purposes outlined in this Policy.

3.1. Data Provided by Users

We collect the following information directly from our Users:

  • Business Contact Information: Full name, business email address, business telephone number, and business adresses. This information is for professional correspondence and identification within the platform. We do not solicit personal contact details.
  • Account Information: User-provided profile photograph for the purpose of identification by other platform Users.
  • Corporate Data: Information pertaining to your organization, including but not limited to orders, products, customers, and other business-related data required for order processing and management.

3.2. Data Collected Automatically

  • Usage and Log Data: We automatically collect information about your interaction with our platform, including your Internet Protocol (IP) address, browser type, operating system, and a record of your activities on the platform.
  • Analytics Data: We utilize third-party services, PostHog and Cloudflare, to gather and analyze usage patterns. This is strictly for the purpose of service enhancement and performance monitoring.

3.3. Cookies

Our platform does not utilize cookies for tracking or any other purpose.

4. How We Use Your Information

The processing of your Personal Data is predicated on legitimate and lawful purposes, which include:

  • Service Provision: To operate, maintain, and provide the full functionality of the Bomdiu platform, including order processing and management.
  • User Management: To create and manage User accounts, facilitate communication between Users, and provide customer support.
  • Platform Improvement: To analyze usage patterns and feedback for the sole purpose of improving our platform's functionality, performance, and user experience.
  • Legal and Contractual Obligations: To comply with applicable legal requirements, including but not limited to bookkeeping, auditing, and financial record-keeping.
  • Security: To monitor for and prevent fraudulent or unauthorized activity and to ensure the security and integrity of our platform.

WE DO NOT SELL, LEASE, RENT, OR OTHERWISE COMMERCIALLY EXPLOIT YOUR PERSONAL DATA.

5. Legal Basis for Processing

Our legal basis for processing Personal Data under the GDPR includes:

  • Performance of a Contract (Article 6(1)(b) GDPR): Processing is necessary for the performance of the service contract to which you and your organization are a party.
  • Legitimate Interests (Article 6(1)(f) GDPR): We process Personal Data for our legitimate interests, such as for internal analytics to improve our platform and for security purposes. We have balanced these interests against your rights and freedoms and have determined that such processing is necessary and proportionate.
  • Legal Obligation (Article 6(1)(c) GDPR): We process and retain certain data to comply with our legal obligations, particularly concerning auditing and bookkeeping.

6. Data Sharing and Disclosure

We may share your information with third parties only in the circumstances described below:

  • Service Providers (Sub-processors): We engage third-party companies to perform services on our behalf. Our current sub-processors are:
    • PostHog: For product analytics to understand user behavior and improve the platform.
    • Cloudflare: For content delivery, security, and analytics. These service providers are bound by contractual obligations to keep Personal Data confidential and to use it only for the purposes for which we disclose it to them.
  • Legal Compliance: We may disclose your information where required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

7. Data Retention

We retain Personal Data for varying periods, depending on the type of information and the purposes for which it was collected.

  • User Account Data: We retain your name, profile photo, and business contact information for as long as your account remains active.
  • Corporate and Transactional Data: In compliance with legal obligations for bookkeeping and auditing, we retain all company-related and transactional data indefinitely, or for the maximum period permitted or required by applicable law.

8. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Data we process. These measures are intended to prevent the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

9. Your Rights Under the GDPR

As a Data Subject within the European Union, you have the following rights:

  • The right to access: You can request copies of your Personal Data.
  • The right to rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure: You can request that we erase your Personal Data, under certain conditions.
  • The right to restrict processing: You can request that we restrict the processing of your Personal Data, under certain conditions.
  • The right to object to processing: You can object to our processing of your Personal Data, under certain conditions.
  • The right to data portability: You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the details provided below. You also have the right to lodge a complaint with a supervisory authority.

10. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. We ensure that any such transfers are conducted in compliance with the GDPR, utilizing safeguards such as Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

11. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

Should you have any questions or concerns regarding this Privacy Policy or our data protection practices, please contact us at:

Bomdiu Ltd
Thessaloniki, Greece
[email protected]
https://bomdiu.com