Privacy Policy | Chef2Nite

Chef2Nite Privacy Policy

Here at Chef2Nite LLC ("Company", “Chef2Nite” or "We") we respect your privacy and are committed to protecting it through our compliance with this policy.

This policy (“Privacy Policy” or “Policy”) describes the types of information we may collect from you or that you may provide when you visit the website https://chef2nite.com and its sub-domains, including any content, functionality, and Websites offered on or through https://chef2nite.com, our mobile optimized websites, mobile applications or blogs (together the "Website" or “Site”), whether as a guest, a registered User, Host or a Chef.

This Policy applies to information we collect:

On this Website and its sub-domains.
In email, text, and other electronic messages between you and this Website.

It does not apply to information collected by:

us offline or through any other means, including on any other website operated by Company or any third-party; or
Any third-party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this Privacy Policy. This policy may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

If you do not accept the Privacy Policy, you must not access or use the Website or any of our Websites.

1. Personal Information

In order to utilize specific features on the Website, individuals will need to become a registered user (“User”) by registering an account on the Website, that will provide you with either a Host Account or Chef Account functionality (as explained in our Terms).

While using our Website, or registering your Host or Chef account on the Website (“Account”), you may be asked to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Information”). Personally identifiable information may include, but is not limited to:

Email address
First name and Last name
Your username or screen name.
Date of birth
Limited Payment Information - your payment information goes directly to a payment processing company who is responsible for keeping your info safe. We will not store or collect your payment card details.
Certificate/Qualification Documents - used to confirm/validate the Chef’s ability to perform in line with the requirements of our Terms.

2. Other Information and Automated Decision-Making Processes.

Throughout the process of using our Website, you may provide us with other information that individually does not identify you (“Other Information”), that allows us to deliver, personalize and develop relevant features, content, advertising and Website - such as:

Information about Chefs and Hosts you engage with.
Information that you provide when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
Information about your preferences for receiving communications about our products, activities, events, and publications.
Other information you upload, provide, or create while using the Website or our Website.

The Company uses personal data in automated decision-making processes. Where such decisions have a legal (or similarly significant effect) on Users, who are residents of the EEA, those Users have the right to challenge to such decisions under the GDPR, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from the Company

3. Chef Account Information

Should you determine to create a Chef Account - which is an account that a profile that allows a User to have additional functions in presenting their persona to other Hosts, like creating their Chef Profiles, identify the Services and meals that will be available to Hosts to choose from, posting photos of their meals and appropriate pricing therefor that the Hosts may learn more about and request that a particular meal be prepared for them (either as provided on the appropriate image provided by the Chef, or independently of the images provided, upon a specific request for a particular meal) at their home or in a location mutually agreed upon, as well as use the “Messages” tab to communicate with a Host, and send “Proposals” to Hosts in response to their requests, subject to the terms contained herein and the cancellation and refund policies selected by Chefs and located on the Chef Profile - you will be required to provide certain personally identifiable information, such as a color copy of your current government issued photo identification in accordance with the requirements stipulated in our Terms.

This information is stored by us in compliance with United States Federal law. You will also be required to provide "pay to" information such as a bank account or home address. You may be required to provide certain taxpayer information. We report to the United States Internal Revenue Service all moneys paid by us to Chefs as required by law.

4. Geographic Restrictions

Chef2Nite is based in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that are residents of the European Economic Area (EEA), we make sure to be compliant with the requirements thereof. We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you wish to be informed about what Personal Information we hold about you that you want to be removed from our systems, you can contact our Data Protection Officer using the Contact Us Section of this Policy.

5. Your Florida Privacy Rights

Florida Civil Code Section § 1798.83 permits users of our Website that are Florida residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to info@chef2nite.com

6. User Contributions

You also may provide information to be published or displayed (hereinafter, "posted") in the messages sent to other Users, or as to be displayed in your public Chef Profile, as well as comments Sections and other public areas of the Website or transmitted to other users of the Website or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Please be aware that no security measures are perfect or impenetrable and we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

7. Usage Data

Usage Data is collected automatically when using the Website. Usage Data may include information such as your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website or Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Website or Website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic and location data. We may also collect information that your browser sends whenever you visit our Website or use our Website or when you access the Website or Website by or through a mobile device.

8. Information from Third-Party Services

The Company may allow you to create a registered user account and log in to use the Website through the following Third-Party Services:

Google
Facebook

If you decide to register through or otherwise grant us access to a Third-Party Service, we may collect Personal Information that is already associated with your Third-Party Service's account, such as your name, your email address, your activities or your contact list associated with that account. You may also have the option of sharing additional information with the Company through your Third-Party Service's account. If you choose to provide such information and Personal Data, during registration or otherwise, you are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.

9. Tracking Technologies and Cookies

The information we collect automatically is only statistical data and does not include personal information. It helps us to improve our Website and to deliver a better and more personalized Website, including by enabling us to:

Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Website according to your individual interests.
Speed up your searches.
Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

General Cookies. A cookie is a small file placed on the hard drive of your computer. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of our websites.
Performance Cookies: These cookies, including Google Analytics cookies, collect anonymous information on the pages visited. Google Analytics stores information about what pages you visit, how long you are on the site, how you got there, and what you clicked on. This data is collected via a JavaScript tag in the pages of our websites and is not tied to personally identifiable information. By using our websites, you agree that we can place these types of cookies on your device. These cookies collect information about how visitors use a website, for instance, which pages visitors go to most often. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
Functionality Cookies: These cookies remember choices you made to improve your experience. By using our websites, you agree that we can place these types of cookies on your device. These cookies allow the websites to remember choices you make and provide enhanced, more personal features. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organization.
Your Choice with respect to Cookies. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. However, note that if you reject some or all cookies, your experience at our websites and on other sites throughout the World Wide Web may not be complete. Some sites require cookies to function, such as those with e-commerce features. In addition, if you do not allow cookies, you will not be able to take advantage of personalized content delivery offered by us or other Internet sites.

10. Third-Party use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Website are served by third parties, including advertisers, ad networks and servers, content providers (Chefs), and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online Websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

11. Use of your Personal Information

The Company may use Personal Information for the following purposes:

To provide and maintain our Website, including to monitor the usage of our Website.
To manage your Account: to manage your registration as a user of the Website.
For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products and services, that you have ordered or purchased on the Website.
To contact you: to contact you by email, or other equivalent forms of electronic communication, such as notifications regarding updates or informative communications related to the functionalities, products or other features of the Website, including the security updates, when necessary or reasonable for their implementation.
To provide you with news, special offers and general information about our Services, particular Chefs that are located in your area, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
To notify you about changes to our Website or any services we offer or provide though it.
To manage your requests: to attend and manage your requests to us.
In any other way we may describe when you provide the information.
For any other purpose with your consent.

We may share your personal information in the following situations:

With Website Providers: we may share your personal information with Website Providers to monitor and analyze the use of our Website, or for payment processing. Website Providers have access to your Personal Information only to perform their tasks on our behalf and are obligated not to disclose or use it for any other purpose.
For Business transfers: we may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our Website users is among the assets transferred. If the Company is involved in any such transaction, we will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.
With Affiliates: we may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
Advertising, Analytics and Business Partners (Limited to Non-Personally Identifiable Information). We may share aggregated or pseudonymous information (including demographic information) with partners, such as publishers, advertisers, measurement analytics, or other companies. For example, we may tell an advertiser how its ads performed or report how many people spent money after seeing a promotion. When you use third-party apps, websites or other products integrated with our Services, they may collect information about your activities subject to their own terms and privacy policies. We allow other companies that show advertisements on our webpages or apps to collect information from your browsers or devices. Other companies' use of cookies and other data collection technologies are subject to their own privacy policies, not this one. Like many companies, we may allow cookie matching with select partners. But, these parties are not authorized to access Chef2Nite cookies.
With other users: when you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If you interact with other users those users may see your screen name, Account, pictures and description of your activity.

The Company processes Personal Information using automated means. Where Users have given their consent to the Company to process their Personal Information in such a manner, or the processing is otherwise required for the performance of a contract between the Company and the User, Users have the right, under the GDPR, to receive a copy of their Personal Information and to use it for other purposes (namely transmitting it to other data controllers).

To facilitate the right of data portability, the Company shall make available all applicable Personal Information to Users in the following formats:

.doc, .jpg, .png, .pdf, .rtf
Printed information and securely mailed via postal service

Where technically feasible, if requested by a User, Personal Information shall be sent directly to the required data controller. All requests for copies of Personal Information shall be complied with within one month of the User’s request. The period can be extended by up to two months in the case of complex or numerous requests. If such additional time is required, the User shall be informed.

12. Other Disclosures of your Personal Information

We may also disclose your personal information:

To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
To enforce or apply our Terms and Conditions or other agreements, including for billing and collection purposes.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
In good faith belief that such disclosure is necessary to prevent or investigate possible wrongdoing in connection with the Website.

The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of Personal Information of Users, who are subject to the GDPR (as defined below):

All employees, agents, contractors, or other parties working on behalf of the Company shall be made fully aware of both their individual responsibilities and the Company’s responsibilities under the GDPR and under this Policy, and shall be provided with a copy of this Policy.
Only employees, agents, sub-contractors, or other parties working on behalf of the Company that need access to, and use of, Personal Information to carry out their assigned duties correctly shall have access to Personal Information held by the Company.
All employees, agents, contractors, or other parties working on behalf of the Company handling Personal Information will be appropriately trained to do so.
All employees, agents, contractors, or other parties working on behalf of the Company handling Personal Information will be appropriately supervised.
All employees, agents, contractors, or other parties working on behalf of the Company handling Personal Information shall be required and encouraged to exercise care, caution, and discretion when discussing work-related matters that relate to Personal Information, whether in the workplace or otherwise.
Methods of collecting, holding, and processing Personal Information shall be regularly evaluated and reviewed.
All Personal Information held by the Company shall be reviewed periodically, as set out in the Retention of Information Section of this Policy.
The performance of those employees, agents, contractors, or other parties working on behalf of the Company handling Personal Information shall be regularly evaluated and reviewed.
All employees, agents, contractors, or other parties working on behalf of the Company handling Personal Information will be bound to do so in accordance with the principles of the GDPR and this Policy by contract.
All agents, contractors, or other parties working on behalf of the Company handling Personal Information must ensure that any and all of their employees who are involved in the processing of Personal Information are held to the same conditions as those relevant employees of the Company arising out of this Policy and the GDPR. and
Where any agent, contractor or other party working on behalf of the Company handling Personal Information fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

13. Choices About How We Use and Disclose Your Information

The Company currently does not sell, rent or share its customer lists or any Personal Information of its customers to third parties for marketing or commercial purposes.

However, if we were to undertake any such activity, we want to make sure we provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by contacting us using the information in the “Contact Us” Section of this Policy.
Promotional Offers from the Company. If you do not wish to have your email address used by the Company to promote our own or third parties' services, you can opt-out by contacting us using the information in the “Contact Us” Section of this Policy. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions.
Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers' target-audience preferences, you can opt-out by contacting us using the information in the “Contact Us” Section of this Policy.

We do not currently sell data triggering Nevada Revised Statutes Chapter 603A opt-out requirements.

However, if that were to change, effective October 1, 2019, Nevada residents may submit a request asking us to not sell your information to info@chef2nite.com

The Company hasn’t “disclosed” any “personal information” of “customers” to a “third-party” that the Company knows or has reason to know used that information for “direct marketing purposes within the meaning of California's "Shine the Light" law (Civil Code Section § 1798.83). However, you are free to contact us using the information in the “Contact Us” Section of this Policy, to find out more.

14. Retention of your Information

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

We will retain your Personal Information for as long as we consider it necessary to:

Enable you to use our Websites and provide our Websites to you, including maintaining your Account.
Comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting and auditing obligations.
Conduct our business and for our legitimate business interests, such as establishing, exercising or defending legal claims, chargeback prevention, fraud detection and prevention, hindering any other illegal activity on our site, and enhancing safety. For example, if we close or suspend your Account for fraud or illegal activities, we may retain certain information about you to prevent you from opening a new Account in the future. Such information shall also be kept available in case of ongoing judicial proceedings/and or investigations. As part of our fraud detection and prevention process, we also blacklist all former usernames for a certain time. Therefore, a former username cannot be used for a new registration.
Protect our site and your personal information from accidental or malicious loss and destruction. Residual copies of your personal information may not be removed from our backup systems for a very limited time (usually 30 days). Some copies of your information (e.g., log records) may also remain in our database, but are disassociated from personal identifiers.

We will also retain Usage Data and Other Information you provide to us for internal analysis purposes. Usage Data and Other Information that personally doesn’t identify you is generally retained to strengthen the security or to improve the functionality of our Website. We may also be legally obligated to retain this data for longer periods. Take note that neither Usage Data nor Other Information is in any way associated with any personal identifiers and is retained by us to improve the quality of our Website.

Users who are residents of the European Economic Area (EEA), may request that the Company ceases processing the personal data it holds about them. If a User makes such a request, the Company shall retain only the amount of personal data concerning that User (if any) that is necessary to ensure that the personal data in question is not processed further.

In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so). The Company shall provide said Users, who are residents of the EEA:

Where personal data is collected directly from Users, those Users will be informed of its purpose at the time of collection; and
Where personal data is obtained from a third party, the relevant Users will be informed of its purpose:

if the personal data is used to communicate with the User, when the first communication is made; or
if the personal data is to be transferred to another party, before that transfer is made; or
as soon as reasonably possible and in any event not more than one month after the personal data is obtained.

The following information shall be provided:

Details of the Company including, but not limited to, the identity of its Data Protection Officer.
The purpose(s) for which the personal data is being collected and will be processed and the legal basis justifying that collection and processing.
Where applicable, the legitimate interests upon which the Company is justifying its collection and processing of the personal data.
Where the personal data is not obtained directly from the User, the categories of personal data collected and processed.
Where the personal data is to be transferred to one or more third parties, details of those parties.
Where the personal data is to be transferred to a third party that is located outside of the European Economic Area (the “EEA”), details of that transfer, including but not limited to the safeguards in place.
Details of data retention.
Details of the User’s rights under the GDPR.
Details of the User’s right to withdraw their consent to the Company’s processing of their personal data at any time.
Details of the User’s right to complain to the Information Commissioner’s Office (the “supervisory authority” under the GDPR).
Where applicable, details of any legal or contractual requirement or obligation necessitating the collection and processing of the personal data and details of any consequences of failing to provide it. and
Details of any automated decision-making or profiling that will take place using the personal data, including information on how decisions will be made, the significance of those decisions, and any consequences.

15. Transfer of your Personal Information

Your information, including Personal Information, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are an individual accessing information on our website from within the European Union, please be advised that we might transfer your Personal Information outside of the EEA, since Company is an American-based company, aimed at providing Websites to its US-based customers, however, we endeavor to ensure that your rights and freedoms in respect of the processing of your Personal Information are adequately and appropriately protected.

The Company shall ensure that the following measures are taken with respect to all communications and other transfers involving Personal Information of EEA residents:

All emails containing Personal Information must be encrypted Microsoft Exchange Transport Layer Security (TLS)
All emails containing Personal Information must be marked “confidential”.
Personal Information may be transmitted over secure networks only. Transmission over unsecured networks is not permitted in any circumstances.
Personal Information may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable.
Personal Information contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted.
Where Personal Information is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data.
Where Personal Information is to be transferred in hardcopy form it should be passed directly to the recipient in physical form or sent using a courier service.
All Personal Information to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy; and we will make no transfer of your Personal Information to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.

16. Security of your Personal Information

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards or comment Sections. The information you share in public areas may be viewed by any user of the Website.

The Company shall ensure that the following measures are taken with respect to the storage of Personal Information:

All electronic copies of Personal Information should be stored securely using encrypted passwords for internet security.
All hardcopies of Personal Information, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar.
No Personal Information should be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or otherwise. Unless express permission is given by the User and the information is not stored on the device any longer than necessary
No Personal Information should be transferred to any device personally belonging to an employee and Personal Information may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

17. Payment Processors

We provide paid products within the Website. We use third-party Websites for payment processing (e.g. payment processors). We do not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. Said documents can be located at https://stripe.com/privacy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

18. Sale of Personal Information

The Company currently does not sell, rent or otherwise communicate its customers’ Personal Information to third parties for monetary or other valuable consideration.

19. "Do Not Track" Policy

Our Website does not respond to Do Not Track signals. Instead, we adhere to the standards set out in this Privacy Policy and offer the opt-out choices described above.

Some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

20. Communications Preferences

We may send you communications (including emails, phone calls, text messages, push notifications, and snail mail) to your Account and transactions initiated by you (such as order status updates and billing receipts). We need the ability to send you these communications to offer our Websites, so we do not allow you turn them off entirely. But you can let us know if you have a preferred method for receiving these communications by changing the Notification Settings in your Account, disabling push notifications as described below, or contacting us. We try our best to honor your reasonable preferences about communications.

We may also send additional communications about the Websites, such as newsletters and additional options that may be of interest to you. We do our best to only send this type of communication to people who want to receive it. If you would like to discontinue receiving these communications, you can update your preferences by using the “Unsubscribe” link found in such emails or by contacting us using the information in the “Contact Us” Section of this Policy.

21. Your Data Protection Rights under the General Data Protection Regulation (GDPR)

In certain circumstances, you have the following data protection rights:

The right to access, update or delete your information. You can access, update or request deletion of your Personal Information directly within your account settings. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Information.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where we previously relied on your consent to process your personal information.

Users, who are residents of the European Economic Area (EEA) have the right to object to the Company processing their Personal Information based on legitimate interests, direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes. Where a User objects to the Company processing their Personal Information based on its legitimate interests, the Company shall cease such processing immediately, unless it can be demonstrated that the Company’s legitimate grounds for such processing override the User’s interests, rights, and freedoms, or that the processing is necessary for the conduct of legal claims. Where a User objects to the Company processing their Personal Information for direct marketing purposes, the Company shall cease such processing immediately. Where a User objects to the Company processing their Personal Information for scientific and/or historical research and statistics purposes, the User must, under the GDPR, “demonstrate grounds relating to his or her particular situation”. The Company is not required to comply if the research is necessary for the performance of a task carried out for reasons of public interest.

22. Subject Access Requests as per the GDPR

Users who are residents of the European Economic Area (EEA), may make subject access requests (“SARs”) at any time to find out more about the Personal Information which the Company holds about them, what it is doing with that Personal Information, and why. Users wishing to make a SAR may do so in writing and the SARs should be addressed to our Data Protection Officer using the Contact Us Section of this Policy. Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the User shall be informed. All SARs received shall be handled by the Company’s Data Protection Officer. The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a User, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive. Please note that we may ask you to verify your identity before responding to such requests.

23. Data Breach Notification as per the GDPR

All Personal Information breaches must be reported immediately to the Company’s Data Protection Officer. If a Personal Information breach occurs and that breach is likely to result in a risk to the rights and freedoms of Users (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it. In the event that a Personal Information breach is likely to result in a high risk to the rights and freedoms of Users, the Data Protection Officer must ensure that all affected Users are informed of the breach directly and without undue delay. Data breach notifications shall include the following information:

The categories and approximate number of Users concerned.
The categories and approximate number of Personal Information records concerned.
The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained).
The likely consequences of the breach.
Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.

24. Lawful, Fair, And Transparent Data Processing as per the GDPR

Chef2Nite is based in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. However, as a courtesy to the Users of our Website, that do fall under the jurisdiction of the GDPR, we make sure to be compliant with the requirements thereof. If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you wish to be informed about what Personal Information we hold about you that you want to be removed from our systems, you can contact our Data Protection Officer using the Contact Us Section of this Policy.

The GDPR seeks to ensure that Personal Information is processed lawfully, fairly, and transparently, without adversely affecting the rights of the User. The GDPR states that processing of Personal Information shall be lawful if at least one of the following applies:

The User has given consent to the processing of their Personal Information for one or more specific purposes.
The processing is necessary for the performance of a contract to which the User is a party, or in order to take steps at the request of the User prior to entering into a contract with them.
The processing is necessary for compliance with a legal obligation to which the data controller is subject.
The processing is necessary to protect the vital interests of the User or of another natural person.
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. or
The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the User which require protection of Personal Information, in particular where the User is a child.

If the Personal Information in question is “special category data” (also known as “sensitive Personal Information”) (for example, data concerning the User’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes), health, sex life, or sexual orientation), at least one of the following conditions must be met:

The User has given their explicit consent to the processing of such data for one or more specified purposes (unless EU or EU Member State law prohibits them from doing so).
The processing is necessary for the purpose of carrying out the obligations and exercising specific rights of the data controller or of the User in the field of employment, social security, and social protection law (insofar as it is authorized by EU or EU Member State law or a collective agreement pursuant to EU Member State law which provides for appropriate safeguards for the fundamental rights and interests of the User).
The processing is necessary to protect the vital interests of the User or of another natural person where the User is physically or legally incapable of giving consent.
The data controller is a foundation, association, or other non-profit body with a political, philosophical, religious, or trade union aim, and the processing is carried out in the course of its legitimate activities, provided that the processing relates solely to the members or former members of that body or to persons who have regular contact with it in connection with its purposes and that the Personal Information is not disclosed outside the body without the consent of the Users.
The processing relates to Personal Information which is clearly made public by the User.
The processing is necessary for the conduct of legal claims or whenever courts are acting in their judicial capacity.
The processing is necessary for substantial public interest reasons, on the basis of EU or EU Member State law which shall be proportionate to the aim pursued, shall respect the essence of the right to data protection, and shall provide for suitable and specific measures to safeguard the fundamental rights and interests of the User.
The processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of an employee, for medical diagnosis, for the provision of health or social care or treatment, or the management of health or social care systems or services on the basis of EU or EU Member State law or pursuant to a contract with a health professional, subject to the conditions and safeguards referred to in Article 9(3) of the GDPR.
The processing is necessary for public interest reasons in the area of public health, for example, protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of EU or EU Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the User (in particular, professional secrecy). or
The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR based on EU or EU Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection, and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the User.

25. Erasure of Users’ Personal Information as per the GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. You have the right to request that the Company erases the Personal Information it holds about them in the following circumstances:

It is no longer necessary for the Company to hold that Personal Information with respect to the purpose(s) for which it was originally collected or processed.
The User wishes to withdraw their consent to the Company holding and processing their Personal Information.
The User objects to the Company holding and processing their Personal Information (and there is no overriding legitimate interest to allow the Company to continue doing so).
The Personal Information has been processed unlawfully.
The Personal Information needs to be erased in order for the Company to comply with a particular legal obligation

Unless the Company has reasonable grounds to refuse to erase Personal Information, all requests for erasure shall be complied with, and the User informed of the erasure, within one month of receipt of the User’s request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the User shall be informed. In the event that any Personal Information that is to be erased in response to a User’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).

26. Rectification of Users’ Data as per the GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. You have the right to request that the Company rectify the Personal Information it holds about them in the following circumstances:

Users have the right to require the Company to rectify any of their Personal Information that is inaccurate or incomplete.
The Company shall rectify the Personal Information in question, and inform the User of that rectification, within one month of the User informing the Company of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the User shall be informed.
In the event that any affected Personal Information has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that Personal Information.

27. Children's Privacy

Our Website does not address anyone under the age of 16. No one under the age of 16 may provide any personal information to or on the Website. We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us using the information in the “Contact Us” Section of this Policy. If you are under 16, you must immediately leave this site now and do not use or provide any information on this Website or through any of its features, do not register on the Website, do not make any purchases through the Website, do not use any of the interactive or public comment features of this Website, or provide any information about yourself to us.

We use age verification services, where required, and credit card to prove age, as well as require Chefs to provide a copy of their current government issued photo identification in order to ensure our users and Chefs’ compliance with applicable legislation. We also recommend that Users implement parental control protections, such as computer hardware, software, or filtering services, which reduce the opportunity for minors' access to Site.

If we become aware that we have collected Personal Information from anyone under the age of 16 without verification of parental consent, we take steps to remove that information from our servers.

28. Links to Other Websites

Our Website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or Websites.

29. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. If we make material changes to how we treat our users' personal information we will notify you by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Website, prior to the change becoming effective and update the "Last Modified" date at the top of this Privacy Policy.

You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes. You are advised to review this Privacy Policy frequently for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

30. Contact Us

If you have any questions about this Privacy Policy, you can contact us at the following addresses:

Chef 2 Nite Inc.

8 the Green, Suite A, Dover, DE, 19901

info@chef2nite.com

Our Data Protection Officer can be contacted at:

Kelly Lyles, DPO,

Chef 2 Nite Inc.

8 the Green, Suite A, Dover, DE, 19901

info@chef2nite.com