Legal

Privacy Policy

Last updated: 23 April 2026

This privacy policy explains what personal data HealthyFoodBCN collects when you fill in the contact form on this site, how we use it, how long we keep it, and the rights you have over it. It is written to comply with the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

Who we are

HealthyFoodBCN is operated by INEDITCOCINA S.L. (NIF B-16967598, C/ Joventut 22, 08022 Barcelona). For data-protection questions, write to [email protected] or call +34 685 732 845.

What we collect

When you submit the contact form we receive:

  • Your name, email address, phone number
  • Your delivery area and household composition (number of adults and kids; kids' ages if provided)
  • The details you give us about your goals, dietary requirements, allergies, cultural preferences, and anything else you type into the free-text fields
  • The channel and time you said you'd prefer to be contacted on
  • Your IP address and browser user-agent at submission time (standard request metadata)

We do not use tracking cookies. Our analytics provider (Cloudflare Web Analytics) is cookieless and does not fingerprint visitors.

Why we collect it and the legal basis

  • To respond to your inquiry and build a personalized meal-plan proposal — legal basis: your consent when you submit the form, and the steps needed at your request prior to entering a contract.
  • To prevent abuse (rate-limiting, spam filtering) — legal basis: our legitimate interest in keeping the service usable.

Who receives your data

  • Our chef — who reads inquiries and prepares proposals.
  • Cloudflare Inc. — our hosting, CDN, and email-routing provider. They may process data in the US. Transfers rely on Standard Contractual Clauses.
  • Resend Inc. — used to send the notification email. EU region where possible; Standard Contractual Clauses apply for any transfer outside the EEA.

We do not sell your data and we do not share it with advertisers.

How long we keep it

Inquiries that don't become active clients are kept for up to 24 months, after which they are deleted. If you become a client, we keep your data for as long as you are an active client plus the period required by Spanish tax and commercial law (typically 6 years for invoicing records).

Your rights

Under GDPR you can:

  • Request a copy of the data we hold about you
  • Ask us to correct inaccurate data
  • Ask us to delete your data (right to be forgotten)
  • Ask us to limit how we use it
  • Withdraw consent at any time — this doesn't affect the lawfulness of processing before withdrawal
  • Lodge a complaint with the Spanish data protection authority (AEPD) if you feel we haven't respected your rights

To exercise any of these, email [email protected] with your request. We reply within 30 days.

Security

Your data is transmitted over HTTPS and stored on Cloudflare infrastructure with access limited to the chef and Jean Galea. We do not store credit card numbers, bank details, or passwords.

Changes to this policy

If we materially change how we handle your data, we'll update this page and the "last updated" date above. Significant changes affecting existing clients will be communicated by email.