Privacy Policy
This Privacy Policy (“Policy”) is an integral and inseparable component of the Merchant Agreement, Terms of Use, and ancillary contractual instruments executed between J29 F&B Consultancy LLP (hereinafter referred to as “FoodPe”, “we”, “our”, or “us”) and its counterparties, licensees, and end-users (hereinafter referred to as the “Merchant”, “Client”, “you”, or “your”). This Policy is promulgated pursuant to, and in compliance with, the provisions of:
- The Information Technology Act, 2000, together with all amendments thereto;
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”);
- The Indian Contract Act, 1872 insofar as enforceability of obligations are concerned;
- The Consumer Protection Act, 2019 (to the extent applicable);
- And, where extraterritorial applicability may arise, the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other analogous international instruments.
By executing the Merchant Agreement and/or utilizing the FoodPe platform, you provide express, unequivocal, and irrevocable consent to the terms of this Policy, and acknowledge that FoodPe’s role is limited to that of a data processor and technology facilitator, without assuming any fiduciary responsibility for the Merchant’s obligations under food safety, customer service, or consumer protection statutes.
1. Definitions
For the purposes of this Policy:
1.1 “Confidential Information” shall mean and include all Personal Information, Business Information, Transaction Data, Technical Metadata, and any derivative data collected by or through FoodPe’s platform.
1.2 “Personal Information” means information relating to a natural person, which, either directly or indirectly, is capable of identifying such person, and shall include but not be limited to: name, email address, mobile number, WhatsApp account, and delivery address.
1.3 “Sensitive Personal Data or Information (SPDI)” shall have the meaning ascribed under the SPDI Rules and shall include passwords, financial information (such as bank account details), and official identifiers.
1.4 “Processing” means collection, storage, use, disclosure, transfer, retention, archival, anonymization, or destruction of data, whether manual or automated.
2. Collection of Data
2.1 FoodPe may, directly or indirectly, collect Confidential Information including but not limited to:
- Business Credentials: GST registration certificate, FSSAI license, bank details, cancelled cheques, and associated regulatory approvals.
- Merchant Personnel Data: Proprietor/Director/Manager names, identification details, mobile numbers, and WhatsApp Business accounts.
- Customer Data: End-customer names, order details, delivery addresses, payment identifiers, and communications with the Merchant via WhatsApp chatbot.
- Technical Identifiers: IP addresses, cookies, tokens, device identifiers, diagnostic logs, and chatbot transcripts.
2.2 By providing such information, you warrant its accuracy, completeness, and legality, and indemnify FoodPe against claims arising from misrepresentation or unlawful disclosure.
3. Purpose and Lawful Basis of Processing
3.1 Confidential Information is processed under lawful bases including contractual necessity, compliance with statutory obligations, legitimate business interest, and where applicable, data subject consent.
3.2 The purposes of processing include:
- Enabling onboarding, KYC validation, and Merchant authentication.
- Executing chatbot, menu hosting, and ordering functionalities.
- Routing payments through banking channels and payment aggregators.
- Facilitating delivery partner integrations.
- Generating reports, dashboards, analytics, and performance metrics.
- Fulfilling legal, regulatory, and audit requirements.
- Defending FoodPe in the event of disputes, claims, or regulatory inquiries.
4. Data Sharing and Disclosure
4.1 Subject to contractual necessity, FoodPe may disclose Confidential Information to:
- Payment System Operators & Banks, in accordance with RBI and NPCI regulations.
- Delivery Service Providers, solely for order fulfillment.
- Meta Platforms, Inc. (WhatsApp), pursuant to integration requirements.
- Cloud Infrastructure Providers hosting FoodPe’s SaaS services.
- Government, Quasi-Government, or Judicial Authorities, where compelled under applicable law.
4.2 Such disclosures shall be strictly on a need-to-know basis, but you expressly acknowledge that FoodPe shall not be held liable for any breach, misuse, or misconduct attributable to independent third-party service providers.
5. Data Retention
5.1 FoodPe shall retain Confidential Information only for such duration as may be necessary for:
- Performance of contractual obligations;
- Compliance with statutory record-keeping under tax, corporate, or FSSAI laws;
- Resolution of disputes, recovery of dues, or enforcement of contractual claims.
5.2 FoodPe may, at its discretion, anonymize and archive datasets for benchmarking, analytics, or lawful business purposes, which datasets shall no longer constitute “Personal Information”.
6. Security and Risk Allocation
6.1 FoodPe undertakes to implement Reasonable Security Practices within the meaning of Rule 8 of the SPDI Rules, including encryption, access control, vulnerability assessments, and restricted authorizations.
6.2 Notwithstanding the foregoing, you expressly acknowledge and agree that:
- No system of electronic storage or transmission can be rendered absolutely secure.
- FoodPe shall not be liable for breaches occasioned by cyberattacks, force majeure, or third-party misconduct.
- The Merchant shall indemnify, defend, and hold harmless FoodPe, its affiliates, employees, and officers from any claims, losses, penalties, liabilities, costs, or damages arising from (i) breach of this Policy, (ii) mismanagement of end-customer data, or (iii) failure to comply with statutory obligations under FSSAI, GST, or consumer protection laws.
7. Rights of Data Subjects
Subject to applicable legal frameworks, data subjects (including Merchants and end-customers) may request:
- Access and Rectification of their personal data.
- Erasure (subject to overriding statutory obligations and lock-in periods).
- Restriction of Processing in specified circumstances.
- Data Portability, where technically feasible.
All such requests must be submitted in writing to support@food-pe.com. FoodPe reserves the right to charge an administrative fee and to refuse requests that are manifestly unfounded, repetitive, or disproportionate.
8. Cross-Border Data Transfer
You expressly consent that Confidential Information may be transferred, processed, or stored in jurisdictions outside India, including those lacking equivalent data protection laws. FoodPe shall not be liable for compliance with foreign data protection obligations in such cases.
9. Cookies and Tracking Technologies
FoodPe may deploy cookies, SDKs, pixels, or equivalent technologies for tracking user interactions, performing analytics, and optimizing marketing campaigns. Disabling such cookies may impair functionality, and FoodPe disclaims liability for resultant service degradation.
10. Policy Amendments
FoodPe reserves the unilateral right to amend, supplement, or rescind this Policy at its sole discretion. Notification shall be effected by publication on FoodPe’s website. Continued use of the Services post-notification shall be deemed conclusive acceptance of the revised Policy.
11. Governing Law and Dispute Resolution
This Policy shall be governed by the laws of India. Any dispute hereunder shall be subject to exclusive jurisdiction of the courts at Gurgaon, Haryana, and shall be referred to arbitration in accordance with the Arbitration and Conciliation Act, 1996. The arbitral tribunal shall consist of a sole arbitrator appointed by FoodPe, and the award shall be final and binding.
12. Data Protection Contact
For all matters pertaining to data protection, please contact:
Data Protection Officer (DPO)
FoodPe – J29 F&B Consultancy LLP
5th Floor, WeWork, DLF Two Horizon Centre, DLF Phase 5, Sector 43, Gurugram, Haryana – 122002