Last updated: July 10, 2025
1.1 Scope of application. This document establishes the general terms of use (hereinafter, the "Terms") of the online platform called "Tuduu" (hereinafter, the "Platform"), developed and provided by Drilldown S.r.l., with registered office at Viale Isonzo 8, 20135 Milan (MI), Italy, VAT/Tax ID 12392590969 (hereinafter "Drilldown"). These Terms apply to all Professional Users who register on the Platform and use its services. Professional Users include, by way of example: nutrition professionals (e.g., nutritionists, dietitians) who use the "Recipes" and "Nutrition" sections; content creators and content providers (who mainly use the "Recipes" section); and e-commerce operators (who use the "Shop" and "Recipes" sections).
1.2 Acceptance. Access, registration, and any use of the Platform by the User imply full reading and express acceptance of these Terms, as well as any related documents (such as the Privacy Policy and the Data Processing Agreement, where applicable). Without acceptance, use of the Platform is not permitted. The User declares to have read the Terms and undertakes to comply with them at all times.
1.3 User requirements. The Platform is intended for adult Professional Users with legal capacity. By registering, the User guarantees to be at least 18 years old (or the legal age of majority in their country) and, if acting on behalf of a company or entity, to have the necessary powers of representation. Drilldown reserves the right to request additional information or documentation to verify the User's professional status (for example, registration with a professional association for nutritionists, where required by applicable law).
2.1 Registration procedure. Registration on the Platform can occur (i) through the dedicated online registration form available on the Platform's website, where the User will provide the requested data, or (ii) by direct invitation sent by Drilldown (for example, within collaborations, pilot programs, or affiliations). In both cases, upon completion of registration, a personal account (hereinafter, "Account") will be created for the User.
2.2 Data provided and credentials. The User undertakes to provide accurate, complete, and truthful information during registration (e.g., name, surname, email address, professional data, etc.) and to keep it updated. Access credentials to the Account (username and password) are personal and non-transferable. The User must keep their credentials confidential and not share them with third parties. In case of loss, theft, or suspected unauthorized use of the Account, the User must immediately inform Drilldown, which may take necessary measures (e.g., temporary suspension of the Account).
2.3 Uniqueness of the Account. Each User may create only one Account, unless otherwise authorized in writing by Drilldown for specific needs (e.g., separate accounts for different collaborators of the same organization). Drilldown reserves the right to delete or merge duplicate accounts related to the same User.
2.4 Management and suspension of the Account. The User is responsible for all activities carried out through their Account. Drilldown reserves the right to refuse, suspend, or delete a registration or Account at any time and without notice if it believes there are violations of these Terms, misuse of the Platform, or for security reasons. In case of Account deletion by Drilldown due to violation of the Terms, the User will not be entitled to any refund of fees paid for unused service periods, except as otherwise provided by applicable law.
3.1 "Recipes" section. The Platform provides a "Recipes" section where Users can create, upload, and manage culinary recipes. This section is accessible to all registered Professional Users, in particular: (i) nutrition professionals, who can create recipes to include in meal plans for their clients or share with other users; (ii) creators and content providers, who can publish original recipes with texts, ingredients, instructions, and images, making them available on the Platform; (iii) e-commerce operators, who can associate products from their online store as ingredients of recipes, making such recipes a tool for promoting and selling food products. The Recipes section allows applying nutritional and dietary preference filters (e.g., vegetarian, vegan, gluten-free recipes, etc.) to facilitate the search for dishes suitable for specific needs. Uploaded recipes are processed by the Platform using algorithms that analyze ingredients and automatically calculate nutritional values (e.g., calories, macronutrients, etc.) per serving, as well as compatibility with certain dietary regimes based on the indicated ingredients.
3.2 "Shop" section. The "Shop" section is dedicated to Professional Users who are e-commerce and/or retail operators, as well as in the food or nutritional sector. In this section, the User can integrate their catalog of food products or ingredients with the Tuduu Platform. In particular, the e-commerce operator can link products from their online shop to recipes on Tuduu: this allows, for example, that an ingredient listed in a recipe corresponds to a product purchasable on the operator's shop. End users of the Platform (e.g., visitors or customers of the operator) can thus add such ingredients/products directly to the shopping cart with one click, creating a "purchasable recipe" experience. The Platform also offers automatic SEO (Search Engine Optimization) features for recipes integrated with the shop to increase their online visibility. For products associated with the Shop, the Platform can apply nutritional analysis and categorization algorithms: for example, identifying nutritional characteristics or the presence/absence of allergens and automatically generating filters (e.g., "lactose-free", "organic", etc.) to help users find products aligned with their dietary needs.
3.3 "Nutrition" section. The "Nutrition" section is mainly aimed at nutrition professionals (nutritionists, dietitians, or other qualified figures). In this area of the Platform, the professional can manage information and nutritional plans for their clients/patients. Features of the Nutrition section include tools to create and customize meal plans, diets, or nutritional reports. The professional can use recipes (their own or available on the Platform) within nutritional plans, with the ability to modify portions and see nutritional impacts in real time thanks to integrated nutritional calculation algorithms. Additionally, the Nutrition section provides the ability to generate PDF documents (e.g., diet sheets or reports to deliver to the client) and to use a dedicated mobile app: this mobile application allows the end client to view their nutritional plan, recommended recipes, and other information shared by the professional directly on their smartphone. This facilitates continuous monitoring and more direct interaction between the professional and the client through the Platform.
3.4 Nutritional analysis algorithms. In all the above sections, the Tuduu Platform uses advanced algorithms for the nutritional analysis of recipes and products. These algorithms process data provided by Users (recipe ingredients, product nutritional information, portions, etc.) and automatically produce outputs such as: calculation of nutritional values (e.g., energy, macronutrients, micronutrients), indications on allergens or specific substances present, and suggestions on the compatibility of recipes/products with particular diets (e.g., whether a recipe is suitable for a vegan or gluten-free diet). The algorithms aim to provide useful and accurate information; however, they operate based on available data and general rules, without direct human intervention. Therefore, the generated outputs may not always be perfectly precise or suitable for every circumstance. It is the User's responsibility (especially the nutrition professional) to examine and verify the accuracy of the nutritional information and algorithmically provided suggestions before using or communicating them to their clients. The ways in which Users must handle any errors or inconsistencies are described in the following sections of these Terms.
4.1 Lawful and proper use. The User undertakes to use the Platform and related services in compliance with these Terms, any instructions provided by Drilldown, and applicable laws and regulations. The User is prohibited from using the Platform for illegal or unauthorized purposes. In particular, the User must not: (i) use the Platform in a way that infringes third-party rights or legal provisions (e.g., intellectual property rights, personal data protection, fair competition, etc.); (ii) introduce harmful, offensive, defamatory, obscene, or otherwise inappropriate content or materials; (iii) attempt unauthorized access to Platform features, other users' accounts, or Drilldown's IT systems, nor compromise the security or integrity of the Platform (e.g., by introducing viruses, malware, or other disruptive activities).
4.2 Verification of algorithmic outputs. As described in paragraph 3.4, the Platform automatically generates nutritional information and suggestions through algorithms. The User acknowledges that such information is indicative and should always be critically evaluated. It is the User's obligation, especially if a nutrition professional, to check the accuracy and consistency of algorithmic outputs (e.g., nutritional values calculated for a recipe, nutritional or dietary labels assigned to a product) before using them professionally or sharing them with clients or the public. If the User finds errors, inconsistencies, or anomalies in data generated by the Platform, they agree to promptly report them to Drilldown using the assistance or contact tools provided. The User is aware that failure to comply with this verification obligation may result in the dissemination of inaccurate information, for which they will be held responsible.
4.3 User content – Licenses and warranties. All content uploaded, published, or otherwise entered by the User on the Platform (including, by way of example: texts, recipes, ingredients, photos, videos, trademarks, logos, product descriptions) must be lawfully available to the User. The User guarantees to have the necessary rights (intellectual property and/or usage rights) on such content, or to have obtained appropriate authorizations from rights holders, so that the use of the content on the Platform and by Drilldown under these Terms does not infringe third-party rights. Furthermore, by uploading content to the Platform, the User grants Drilldown a non-exclusive, sublicensable, and royalty-free right and license to use, reproduce, modify, publish, translate, distribute, display, and perform such content solely in connection with the provision of Platform services and its promotional activities. This license will cease when the User removes the content from the Account or the Platform, except where retention is required by law or for rights protection. The User also guarantees that the provided content is accurate, truthful (e.g., nutritional information or ingredients of a recipe correspond to reality), and not contrary to laws or regulations (e.g., does not contain misleading or unauthorized claims in the food sector). The User assumes full responsibility for the content they enter on the Platform, indemnifying and holding Drilldown harmless from any third-party claims arising from such content (see also the Indemnity Clause in par. 9.4). Drilldown reserves the right to remove or obscure any User content it deems, at its sole discretion, to violate these Terms or third-party rights, or to be inappropriate.
4.4 Specific obligations for e-commerce operators. The User using the Shop section as an e-commerce operator is solely responsible for the products they make available and any commercial transactions concluded through the Platform. This includes, by way of example but not limited to: compliance of food products with applicable regulations (e.g., food safety, labeling, authorized nutritional and health claims); truthfulness and completeness of product descriptions (ingredients, allergens, nutritional characteristics, price, etc.); management of orders placed by end users, related shipping, delivery, invoicing, as well as post-sale assistance, returns, and refunds according to applicable law (e.g., the Consumer Code, if applicable to the end customer). Drilldown provides only the technological infrastructure of the Platform to facilitate the meeting between the e-commerce operator and end-user buyers: Drilldown, except for third-party partners' intervention, is not a contractual party to product sales between the e-commerce User and end customers, nor assumes warranty obligations on products sold by such Users. The e-commerce operator will fully indemnify Drilldown from any liability or cost arising from claims, disputes, damages, or violations related to products offered or commercial transactions made through the Platform.
4.5 Compliance with professional regulations. If the User is a professional subject to ethical rules or specific legal requirements (e.g., a nutritionist registered with a professional order), they must use the Platform consistently with obligations arising from their professional status. For example, the nutrition professional must ensure that the use of Platform tools (such as diet processing or nutritional advice) complies with guidelines and regulations applicable to their profession. Nothing in these Terms exempts the User from compliance with such professional obligations.
5.1 Paid services and SaaS plans. Access to some features or sections of the Platform (e.g., advanced use of the Recipes section for e-commerce, or advanced tools in the Nutrition section) may be subject to subscription to a paid SaaS (Software-as-a-Service) plan. Drilldown may offer different plans with varying service levels (e.g., plans with a maximum number of manageable recipes, additional features like "purchasable" recipes, removal of Tuduu watermark, priority support, etc.), as described on the Platform or in Drilldown's commercial documentation. Some plans may include an initial free trial period, after which the subscription becomes paid unless timely canceled by the User.
5.2 Fees and payment methods. Prices of various subscription packages (hereinafter "Fees") are indicated on the Platform or communicated by Drilldown to the User at subscription. Fees are normally expressed excluding VAT and any applicable taxes, which will be added if due according to current tax law. Payment of Fees is made through external electronic payment systems, such as Stripe. At subscription, the User may be asked to enter credit card or other supported payment method data, and the User authorizes Drilldown (or the third-party provider Stripe) to automatically charge the due Fee with the periodicity provided by the chosen plan (e.g., monthly or annual). All transactions are subject to the terms and conditions of the payment provider Stripe; Drilldown does not store the User's full credit card details, which are securely managed by Stripe.
5.3 Price changes. Drilldown reserves the right to change subscription plan prices at any time. Any price changes will take effect no earlier than the billing period following notification to the User. Drilldown will inform the User appropriately (e.g., by email or notification within the Platform) about price changes with reasonable advance notice. If the User does not wish to accept the new price, they may cancel the subscription before the change takes effect; continued use of the service after the change becomes effective constitutes acceptance of the new price.
5.4 Subscription duration and cancellation. Unless otherwise indicated, subscriptions are automatically renewed: at the end of each period (monthly, annual, etc.), the subscription automatically renews for an additional period of the same duration, unless canceled by the User or terminated by Drilldown within the terms indicated below. The User may withdraw from the subscription at any time via the appropriate function on the Platform (e.g., in Account settings) or by contacting Drilldown support to request cancellation. Cancellation will take effect at the end of the already paid subscription period: until then, the User will maintain access to paid features, and no refunds are provided for unused periods. In case of non-payment of the Fee (e.g., invalid credit card or insufficient funds) or violation of these Terms by the User, Drilldown may suspend or terminate the subscription; in such case, the User remains obliged to pay amounts accrued until termination date, without prejudice to Drilldown's right to claim further damages if termination occurred due to User's breach.
If Drilldown and the User have entered into a specific written agreement providing particular terms and conditions for the use of the Platform (e.g., a customized service contract, a corporate or partner agreement), or the publication of content (recipes and products) on external channels such as the marketplace Tuduu.it or other shared channels, the provisions of such specific agreement shall apply in addition to these Terms. In case of conflict between the clauses of the customized contract and these General Terms, the clauses of the customized contract shall prevail, limited to the conflicting aspects. It is understood that for all matters not expressly governed by the specific agreement, these General Terms shall apply.
7.1 Platform and Drilldown content. The Platform (including software, source code, design, user interface, databases, the "Tuduu" and "Drilldown" trademarks, logos, domain names, and all other content and materials on the site and app except User Content as defined above) is the exclusive property of Drilldown or its licensors. These elements are protected by copyright, trademark, patent, industrial design laws, and/or other intellectual property protection regulations. The User agrees not to copy, modify, distribute, sell, or create derivative works from any part of the Platform or its proprietary content, except as expressly permitted by Drilldown or by law. Access to the Platform does not transfer any intellectual property rights on software or other Drilldown-owned elements to the User, but only grants a limited, revocable, non-exclusive license to use the Platform in accordance with these Terms.
7.2 User content. The User retains full ownership of rights on their own content uploaded to the Platform (as defined in paragraph 4.3). However, as established in clause 4.3, the User grants Drilldown a license to use such content for the purposes and with the limitations described therein. The User acknowledges that such content published on the Platform may be visible to other users or, in the case of recipes or publicly shared information, also to unregistered visitors, and authorizes Drilldown to carry out any publication, sharing, or indexing activities necessary to give visibility to such content as provided by the Platform's features.
7.3 Feedback and suggestions. If the User provides Drilldown with comments, suggestions, or ideas related to the Platform or services (e.g., reporting new features or improvements), such contributions will not be considered confidential. Drilldown is free to use such feedback for any purpose, without the User being entitled to any compensation or recognition, and without transferring rights to the User on any implemented changes or improvements.
8.1 Processing of personal data. Drilldown processes personal data provided by the User or otherwise collected during the use of the Platform in compliance with EU Regulation 2016/679 ("GDPR") and applicable Italian privacy laws. Information on the methods and purposes of personal data processing is detailed in the Privacy Policy provided to the User and available on the Platform's website. By accepting these Terms, the User declares to have read such policy.
8.2 Third-party data entered by the User. If the User (e.g., a nutrition professional) enters personal data of third parties on the Platform, such as information about their clients or patients (e.g., name, contacts, health or dietary data), they guarantee to have lawfully acquired such data and, where necessary, to have obtained informed consent from the data subjects for the use of such data within the Platform. Regarding such processing, the User qualifies as Data Controller and Drilldown acts as Data Processor pursuant to art. 28 GDPR, limited to storage and processing activities necessary to provide the Platform services. A specific Data Processing Agreement may be prepared detailing respective data protection obligations; such agreement, where applicable, is an integral part of these Terms.
8.3 Usage data and aggregated data. Drilldown is authorized to collect and process data related to Platform usage by Users (e.g., features used, number of recipes created, search parameters, browsing statistics, feedback provided, etc.) to improve the service and ensure proper Platform functioning. Such usage data, once collected, may be anonymized and aggregated so as not to allow direct or indirect identification of Users or individuals. The User expressly acknowledges and agrees that Drilldown, in compliance with applicable law, may use these anonymous and aggregated data for statistical analysis, research and development, and also commercial and monetization purposes. This may include, for example, publishing reports or insights on nutritional trends derived from overall user data, or sharing statistical data with interested third parties (e.g., commercial partners) in strictly anonymous form. Under no circumstances will such activities involve disclosure to third parties of User's personally identifiable data without their consent or other valid legal basis.
9.1 Platform functionality - "as is". The Tuduu Platform and all its services and features are provided to the User on an "as is" and "as available" basis. This means that, while Drilldown commits to keeping the Platform operational and updated, no specific warranty is given regarding the absence of errors or interruptions. In particular, Drilldown does not guarantee that: (i) the Platform fully meets the User's specific needs; (ii) results obtained through the use of the Platform (including algorithmic nutritional analyses) are always precise, accurate, or reliable; (iii) the Platform operates without interruptions, delays, malfunctions, or errors; (iv) any software defects or bugs will be corrected immediately. The User accepts that use of the Platform is at their own risk.
9.2 Limitation of Drilldown's liability. To the maximum extent permitted by applicable law, Drilldown shall not be liable for indirect, incidental, consequential, special, or punitive damages suffered by the User or third parties in connection with the use of the Platform or the inability to use it. Excluded from compensation under the above limits are damages such as loss of profit, lost earnings or savings, loss of business opportunities, data loss, business interruption, or third-party claims against the User. If Drilldown is held liable for any reason under the contractual relationship with the User, Drilldown's total liability shall not exceed the amount of fees the User paid to Drilldown in the 12 months preceding the event that caused the liability (or, if the Platform use is free, an amount of Euro 100 as maximum). This limitation applies to the maximum extent permitted by law, and nothing in these Terms limits Drilldown's liability for willful misconduct or gross negligence, or other cases where limitation is not allowed by law.
9.3 No medical or diagnostic advice. The User acknowledges that the Platform and provided features do not constitute a medical device and do not in any way offer medical advice, diagnosis, or personalized health treatment. Nutritional information, data, and suggestions generated through Tuduu are for informational and professional support purposes only and do not replace medical advice or evaluation by a qualified healthcare professional. Any decision regarding health, diet, or treatment must be made by a competent professional based on direct assessment of the specific case. If the User is a nutrition professional, they remain fully responsible for advice given to their clients/patients: use of the Platform does not exempt the User from personal evaluation and adherence to best professional practices. If the User is not a healthcare operator, they must always consult qualified doctors or specialists for diagnosis or therapeutic advice. Drilldown does not guarantee any health or physical condition results from using the Platform, nor assumes responsibility for consequences from exclusive reliance on information obtained through the Platform.
9.4 User indemnity. The User agrees to indemnify and hold harmless Drilldown, as well as its representatives, employees, and collaborators, from any loss, damage, liability, cost, or expense (including reasonable legal fees) arising from any third-party claim caused by or related to: (i) content provided by the User on the Platform that infringes third-party rights or laws; (ii) User's violation of these Terms or legal obligations in using the Platform; (iii) negligence, recklessness, or willful misconduct by the User in using the Platform; (iv) products sold or marketed by the User through the Platform (in the case of e-commerce operator), including any disputes regarding quality, compliance, or safety of such products. Drilldown will promptly notify the User of any such claims and reasonably cooperate in the defense, it being understood that Drilldown may independently manage its legal defense.
10.1 Contract duration. This contractual agreement between the User and Drilldown takes effect upon the User's acceptance of the Terms (registration and/or first use of the Platform) and remains valid for the entire duration of the User's use of the Platform. The User's account and any subscription are indefinite with automatic periodic renewals as described above, unless terminated as provided below.
10.2 User withdrawal. The User may withdraw from this contractual relationship at any time by requesting deletion of their Account and ceasing use of the Platform. Account deletion can be done via the appropriate function on the Platform (if available) or by contacting Drilldown in writing. In case of voluntary withdrawal, the User is not entitled to any refund of fees already paid for services not fully enjoyed, except as provided in par. 5.4 for ongoing subscriptions. Account closure results in future inaccessibility to data and content entered by the User on the Platform, except for data retention obligations for legal compliance or rights protection as indicated in the Privacy Policy.
10.3 Suspension or termination by Drilldown. Drilldown reserves the right to temporarily suspend the User's access to the Platform or terminate this contract with immediate effect (disabling the Account) in the following cases: (i) when necessary to ensure Platform or data security (e.g., in case of security breach or threat); (ii) in case of serious or repeated violation by the User of these Terms (e.g., illicit use of the Platform, non-payment of due fees, unauthorized disclosure of confidential data, etc.); (iii) if required by an Authority's order or law; (iv) in case of Drilldown's cessation of activity related to the Platform or impossibility to provide services. Unless prohibited by law or orders (e.g., immediate blocking order by authority), Drilldown will provide the User with written notice of suspension or termination, indicating reasons, with reasonable advance notice when possible. In case of termination not attributable to the User (e.g., case (iv) above), Drilldown will, where applicable, refund the User the portion of fees already paid relating to the unused subscription period after the termination date.
10.4 Effects of termination. Upon termination of the contractual relationship, for any reason, the User must immediately cease using the Platform. All clauses of these Terms that by their nature are intended to survive termination (such as payment obligations, warranty exclusions, liability limitations, indemnities, intellectual property and data processing provisions) will remain fully effective. Termination does not prejudice any rights or legal remedies accrued by the parties up to that moment.
Drilldown reserves the right to update or modify these Terms at any time, for example to comply with regulatory changes, introduce new features or services, or for other organizational needs. In case of substantial changes, Drilldown will notify the User with adequate notice by publishing a notice on the Platform's website and/or sending a communication to the User's registered email address. Changes will take effect from the date indicated in the communication (or, if not indicated, 15 days after notification). If the User does not accept the changes, they may withdraw from the contract before the effective date by deleting their Account. If no withdrawal occurs within this period, the new Terms will be deemed accepted and apply to the User from the effective date.
These Terms and all contractual relationships arising from them are governed by Italian law. Any dispute arising between Drilldown and the User regarding interpretation, validity, execution, or termination of these Terms, or related to the use of the Platform, will be subject to the exclusive jurisdiction of the Court of Milan, without prejudice to any mandatory jurisdiction provided by applicable law.
13.1 Entire agreement. These Terms (together with referenced or attached documents, such as the Privacy Policy and, where applicable, the Data Processing Agreement) constitute the entire agreement between the User and Drilldown regarding the User's use of the Platform and supersede any prior understanding or agreement, oral or written, between the parties on the same subject. The possibility of entering into ad hoc contracts as provided in art. 6 above remains reserved.
13.2 Partial invalidity. If any provision of these Terms is found null, invalid, or ineffective by a competent authority (e.g., a court), it will be applied to the maximum extent permitted and this will not affect the validity and effectiveness of the remaining provisions, which will remain fully valid and binding.
13.3 No waiver. Any failure or delay in exercising a right or power granted to Drilldown under these Terms does not constitute a waiver of such right or power, which may be exercised later within legal limits.
13.4 Assignment of contract. The User may not assign or transfer this contract (i.e., their Account and rights/obligations under the Terms) to third parties without prior written consent from Drilldown. Drilldown may assign this contract in the context of business transfers, extraordinary corporate transactions, or to parent, subsidiary, or affiliated companies, with prior notice to the User, without prejudice to the User's rights under these Terms.
13.5 Language and versions. These General Terms of Use are drafted in Italian. Any translations into other languages or local versions are provided solely for convenience; in case of discrepancies or interpretative doubts, the Italian text prevails.
13.6 Contacts. For any communication regarding these Terms or the use of the Platform, the User may contact Drilldown at the contacts indicated on the site (e.g., the provided support email address). Drilldown may contact the User at the contacts (email, address) provided during registration.
Parties: This Data Processing Agreement is entered into between:
Data Controller (hereinafter "Controller"): the professional (natural or legal person) who uses the nutrition module and determines the purposes and means of processing personal data of patients;
Data Processor (hereinafter "Processor"): the company providing the nutrition module (e.g., software platform/CRM), which processes personal data on behalf of the Controller.
1.1 Object
Pursuant to art. 28 of Regulation (EU) 2016/679 (GDPR), this agreement governs the processing of personal data that the Processor carries out on behalf of the Controller within the nutrition module of the service provided to the Controller. In particular, the Processor will process data entered by the Controller in the CRM (name, surname, contacts, patients' nutritional data, etc.) exclusively to provide the nutrition module functionalities and in compliance with the Controller's instructions (see Section 6). Personal data processing will include operations permitted by art. 4(2) GDPR, such as collection, recording, organization, storage, consultation, use, modification, deletion, etc., necessary to provide the service.
1.2 Duration
The duration of this agreement coincides with that of the contractual relationship between Controller and Processor regarding the use of the nutrition module. The agreement remains in force as long as the Processor processes personal data on behalf of the Controller. In case of termination of the main service (e.g., account cancellation or end of service contract), provisions on data return/deletion in Section 10 apply. The Controller may terminate this agreement immediately in case of serious violation by the Processor of data protection rules or obligations herein. The right of each party to claim damages for breach remains reserved.
The Processor provides the Controller with a software platform (nutrition module) in Software as a Service mode for managing patients' nutritional activities. The purpose of processing is to allow the Controller to store and process information about their patients to offer personalized nutritional consultations, develop meal plans, monitor weight and other health parameters, and manage communications and related appointments. These functionalities fall within medical/nutritional practices managed by the software, similarly to digital health services for managing medical records and care plans.
Specifically, the nature of processing includes all operations necessary to provide the nutrition module service, including collection, organization, consultation, modification, saving, extraction, communication to the Controller, deletion or destruction of data entered in the system, according to the Controller's instructions. The Processor will not use the data for its own purposes beyond those agreed, nor disclose them to third parties except on Controller's instruction or legal obligation (as detailed below).
Within the nutrition module, the Processor will process on behalf of the Controller the following types of personal data related to the Controller's patients:
Identification and contact data: name, surname, email address, date and place of birth, phone numbers, and any addresses (e.g., to contact the patient).
Nutritional/health data: information on the patient's health status and eating habits, such as preferences or nutritional restrictions (special diets, food allergies, vegetarian/vegan choices, etc.), weight monitoring data and anthropometric or similar health parameters, as well as any lifestyle notes relevant to nutrition. Such information falls under health-related personal data pursuant to art. 4(15) GDPR and/or may indirectly reveal religious or philosophical beliefs (e.g., dietary choices), constituting special categories of data under art. 9 GDPR. Consequently, both Controller and Processor commit to adopting necessary precautions and security measures required by law to protect these sensitive data.
The categories of data subjects whose data are processed under this agreement are: patients (clients) of the Controller, natural persons receiving nutritional consultation or other services from the Controller whose personal data are entered in the nutrition module.
The Controller undertakes to:
Lawfulness and transparency: Ensure that patients' personal data entrusted to the Processor are collected and processed lawfully (e.g., obtaining informed consent where necessary or other valid legal basis under art. 6 GDPR) and that data subjects have been adequately informed about processing purposes and methods, in accordance with arts. 13 and 14 GDPR. The Controller remains responsible towards data subjects for compliance with legal obligations regarding such data.
Documented instructions: Provide the Processor with clear, updated documented instructions on data processing (e.g., through this agreement and any policies or operational guidelines). Any additional instructions or changes must be communicated in writing (including via certified email or electronic ticketing system) and kept as reference. The Processor will process data only according to received instructions. If the Processor believes an instruction violates privacy law, it will immediately inform the Controller (see also Section 6).
Supervision and audit: Verify, before starting and regularly thereafter, that the Processor provides sufficient guarantees regarding technical and organizational measures to protect entrusted data and complies with this agreement. The Controller has the right to conduct or have audits and inspections (e.g., annually) with reasonable notice on Processor's activities related to entrusted data to check compliance with data protection rules and agreed instructions. The Processor agrees to cooperate by providing information or reasonable access to infrastructure, within agreed limits (see Sections 6 and 8 for audit and subcontractor details).
Reporting irregularities: Promptly inform the Processor if it detects errors, inconsistencies, or violations in processing methods by the Processor that may cause non-compliance with this agreement or privacy laws. The parties will cooperate to promptly remedy any irregularities found.
Confidentiality of information: Treat as strictly confidential all information about security measures, systems, and trade secrets of the Processor learned during the contractual relationship. This confidentiality obligation remains valid after termination of this agreement.
Handling data subject requests: The Controller remains responsible for responding to requests to exercise rights made by their patients (access, rectification, deletion, objection, portability, etc. – Chapter III GDPR). If the Processor receives communications or requests directly from a data subject regarding data under this agreement, it must immediately forward them to the Controller without acting independently unless specifically authorized. The Controller will provide instructions to the Processor to satisfy such requests, considering that the Processor will assist the Controller as required by law (see Section 6).
The Processor undertakes to comply with all obligations under art. 28 GDPR. In particular, without prejudice to further obligations detailed elsewhere in this agreement, the Processor must:
Process only on instructions: Process personal data exclusively on documented instructions from the Controller. This also applies to any transfers of data to third countries or international organizations: such operations are not allowed without prior instruction/authorization from the Controller (see also Section 9), unless Union or Member State law requires the Processor to perform certain processing; in such case, the Processor will inform the Controller of the legal obligation before processing unless prohibited for important public interest reasons.
Personnel confidentiality: Ensure that persons authorized to process personal data (employees or collaborators) have received adequate instructions on privacy compliance and are contractually bound to confidentiality (or subject to appropriate legal confidentiality obligations). The Processor will ensure that anyone acting under its authority with access to Controller's personal data processes them only on Controller's instructions. This confidentiality obligation continues after termination of this agreement.
Data security: Adopt and maintain appropriate technical and organizational measures pursuant to art. 32 GDPR to ensure a level of security appropriate to the risk of entrusted processing. Such measures include, among others, pseudonymization and encryption of personal data (when appropriate), access control and authentication systems, the ability to ensure confidentiality, integrity, availability, and resilience of processing systems and services, and the ability to restore timely access to data in case of physical or technical incidents. The Processor will implement procedures to regularly test, verify, and evaluate the effectiveness of implemented measures (see also Section 7 below for more on security measures).
Use limitations: Not use personal data provided by the Controller for own purposes and not make copies or duplicates unless necessary for service provision and with Controller's consent/instruction. The Processor guarantees to keep data processed for the Controller logically or physically separate from those of other clients or own databases to avoid commingling.
Sub-processors: Not engage sub-processors without prior written authorization from the Controller. If authorized (see Section 8 for details), the Processor must impose the same data protection obligations on sub-processors and remains fully responsible to the Controller for their compliance.
Assistance to Controller: Considering the nature of processing and available information, assist the Controller in fulfilling data protection obligations. In particular, the Processor will provide adequate support to enable the Controller to satisfy data subject rights requests (access, rectification, deletion, objection, portability, etc.), e.g., by providing software features allowing extraction, correction, or deletion of patient data on request. The Processor will also assist the Controller in ensuring data security obligations and, if applicable, notifying data breaches to supervisory authorities or data subjects under arts. 32-34 GDPR (e.g., promptly providing information about a data breach to allow notification within 72 hours). The Processor will cooperate with the Controller in data protection impact assessments or prior consultations with supervisory authorities under arts. 35-36 GDPR.
Breach notification: Immediately inform the Controller of security breaches or incidents (e.g., unauthorized access, loss, destruction, or accidental disclosure of personal data) concerning data processed for the Controller. Such communication will include all information known to the Processor useful for the Controller to assess the severity and fulfill notification obligations to the Privacy Authority and/or data subjects under arts. 33 and 34 GDPR. The Processor commits to support the Controller in analyzing and managing the incident and preparing related notifications or communications, according to Controller's instructions.
Proof of compliance and audit: Provide the Controller with all necessary information to demonstrate compliance with obligations under this agreement. Upon Controller's request, the Processor will provide documentation of implemented security measures (e.g., certifications, internal/external audit reports, compliance attestations) and facilitate inspections or verifications by the Controller or its designee. Audit modalities (timing, scope, security measures to protect other clients' data, etc.) will be agreed respecting mutual needs.
Reporting conflicting instructions: If the Processor believes an instruction from the Controller violates GDPR or other data protection laws, it must promptly inform the Controller before executing the instruction and may suspend its application until confirmation or modification by the Controller (as allowed by art. 28(3) GDPR).
The Processor declares to have adopted technical and organizational measures suitable to ensure a security level appropriate to the risk of processing, in compliance with art. 32 GDPR. Selection of such measures considered state of the art, implementation costs, nature, scope, context, and purposes of processing, as well as risks to individuals' rights and freedoms. In particular, the Processor implements measures such as:
Access control: Access to personal data allowed only to authorized personnel for strictly necessary purposes; adoption of secure authentication systems for users and administrators (e.g., strong passwords, two-factor authentication).
Encryption and pseudonymization: Use of encryption protocols to protect personal data during transmission (e.g., HTTPS/TLS) and, where possible, encryption of data at rest on servers or backups. Possible pseudonymization of patient identifiers in aggregated analyses to prevent attribution to specific individuals without additional information.
Integrity and availability: Regular data backups and recovery procedures to ensure availability and access to personal data promptly in case of physical or technical incidents. Use of anti-malware, firewalls, and monitoring to prevent unauthorized access or data loss.
Testing and monitoring: Periodic verification of the effectiveness of security measures through internal audits, vulnerability tests, security log monitoring, and timely correction of identified weaknesses.
Security measures adopted by the Processor are described in more detail in specific technical documentation (e.g., appendix on Technical and Organizational Measures), which can be provided to the Controller upon request and is part of this agreement. The Processor guarantees to keep such measures updated to adapt to evolving risks and best security practices, notifying the Controller of any substantial changes that may impact data protection.
The Processor may involve other parties as sub-processors only with the Controller's authorization. Authorization may be specific for a single sub-processor or general for categories of sub-processors (e.g., hosting providers, email services, etc.) known at contract signing; in the latter case, the Processor will inform the Controller of any planned additions or replacements, allowing the Controller to object before the sub-processor begins processing.
Authorized sub-processors will be contractually bound by the Processor to at least the same data protection obligations as in this agreement, including adequate security and confidentiality guarantees. The Processor remains fully responsible to the Controller for sub-processors' compliance; if a sub-processor breaches obligations, the Processor will be directly liable to the Controller for any non-compliance.
Personal data processing under this agreement will occur exclusively in infrastructures (servers, data centers) located within the European Union or European Economic Area. No transfer of personal data to third countries (outside the EEA) by the Processor is planned, except as necessary for authorized sub-processors per Section 8. Any transfer to a third country or international organization by the Processor (or sub-processors) will only occur in compliance with Chapter V GDPR. In particular, prior authorization from the Controller must be obtained, and conditions under arts. 44 et seq. GDPR must be met, e.g., based on an adequacy decision by the European Commission or adoption of standard contractual clauses, binding corporate rules, or other appropriate safeguards. The Processor will inform the Controller of the proposed transfer methods and legal bases so the Controller can evaluate and grant or deny authorization.
Upon termination, for any reason, of the service relationship between the parties regarding the nutrition module (e.g., withdrawal or contract expiration, or permanent service suspension by the Processor), the Processor will cease any further processing of personal data on behalf of the Controller. At the Controller's choice, communicated in writing at contract termination or within an agreed term, the Processor will return all personal data processed for the Controller (e.g., by exporting in interoperable format) or permanently delete all such data from its systems. In any case, the Processor will delete any existing copies (including backups) except to the extent data retention is required by Union or Member State law applicable to the Processor (in which case, the Processor will inform the Controller of the data and laws requiring retention, processing them only for legal retention purposes). Deletion upon request will be certified in writing by the Processor upon request.
Confidentiality obligations assumed by the Processor and authorized personnel during the agreement remain in force after termination. The Processor also guarantees that, upon termination, any appointed sub-processors will be bound by the same data return/deletion obligations of the Controller's personal data.
