GDPR Policy
Last updated: June 2026
Table of Contents
GDPR Policy Sections
This policy outlines how olivv.ai (operated by THEFOODO LTD) adheres to the General Data Protection Regulation (GDPR) and UK GDPR, ensuring the highest standards of dataintegrity for our restaurant partners and their guests.
1. Data controller
THEFOODO LTD is the data controller for the primary operations of the olivv.ai platform.
Registered Office
85 Great Portland Street, W1W 7LT, London, UK
Contact
legal@olivv.ai
2. Data we process
We process account and billing data for restaurant operators as a Data Controller. This is necessary for service provision.
We process guest data strictly as a Data Processor on behalf of the operator, governed by our Data Processing Agreement (DPA).
3. Lawful bases
We process personal data under the following Article 6(1) bases:
- Article 6(1)(b) Contract: Processing necessary for the performance of a contract.
- Article 6(1)(c) Legal obligation: Processing necessary for compliance with a legal obligation.
- Article 6(1)(f) Legitimate interests: Processing for our legitimate business interests.
- Article 6(1)(a) Consent: Where you have given clear consent for us to process your data.
4. Special category data
olivv.ai does not intentionally collect special category data (as defined in Art 9). Any dietary data collected via allergen filters is processed by the restaurant operator under their own legal bases and managed via the platform's filtering logic.
5. Data subject rights
Access (Art 15)
Request a copy of your personal data.
Rectification (Art 16)
Correct inaccurate or incomplete data.
Erasure (Art 17)
Request deletion of data (Right to be Forgotten).
Restriction (Art 18)
Limit how your data is processed.
Portability (Art 20)
Move your data to another service provider.
Object (Art 21)
Object to processing based on legitimate interest.
6. International transfers
We utilize appropriate safeguards, including International Data Transfer Agreements (IDTAs) and Standard Contractual Clauses, for data transfers outside the UK and EEA.
7. Data processor obligations
Where we act as a data processor on behalf of restaurant operators, we:
- Process data only on documented instructions from the operator
- Ensure all staff with access to personal data are bound by confidentiality obligations
- Implement appropriate technical and organisational security measures
- Assist the operator in responding to data subject rights requests
- Delete or return all personal data at the end of the service relationship
- Provide all information necessary to demonstrate compliance with Article 28 UK GDPR
8. Security measures
- Encryption in transit and at rest using AES-256.
- Strict role-based access controls (RBAC).
- Regular security reviews and penetration testing.
9. Data breach notification
In the event of a personal data breach likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and affected individuals without undue delay where required.
10. Complaints
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first at legal@olivv.ai.
Contact Us
THEFOODO LTD(operating as olivv.ai / Foodo.ai)
85 Great Portland Street, W1W 7LT, London, United Kingdom
Email:legal@olivv.ai