Last updated: 10 July 2025
1.1 Scope of application. This document sets out the general terms of use (hereinafter, the "Terms") of the online platform called "Tuduu" (hereinafter, the "Platform"), developed and provided by Drilldown S.r.l., with registered office at Viale Isonzo 8, 20135 Milan (MI), Italy, VAT/Tax Code 12392590969 (hereinafter "Drilldown"). These Terms apply to all Professional Users who register on the Platform and use its services. Professional Users include, by way of example: nutrition professionals (e.g. nutritionists, dieticians, dietitians) who use the "Recipes" and "Nutrition" sections; content creators and content providers (who mainly use the "Recipes" section); and e-commerce operators (who use the "Shop" and "Recipes" sections).
1.2 Acceptance. Access to, registration for, and any use of the Platform by the User presuppose full reading and express acceptance of these Terms, as well as any documents linked to them (such as the Privacy Policy and the Data Processing Agreement, where applicable). In the absence of acceptance, use of the Platform is not permitted. The User declares that they have read the Terms and undertakes to comply with them at all times.
1.3 User requirements. The Platform is intended for adult Professional Users with legal capacity. By registering, the User warrants that they are at least 18 years old (or of the age of majority in their country) and, if acting on behalf of a company or entity, that they have the necessary representative authority. Drilldown reserves the right to request additional information or documentation to verify the User's professional status (for example, registration with a professional register for nutritionists, where required by applicable law).
2.1 Registration procedure. Registration on the Platform may take place (i) through the dedicated online sign-up form made available on the Platform's website, in which the User will provide the requested data, or (ii) by direct invitation sent by Drilldown (for example, as part of collaborations, pilot programs or affiliations). In both cases, upon completion of registration, a personal account will be created for the User (hereinafter, the "Account").
2.2 Data provided and credentials. The User undertakes to provide accurate, complete and truthful information during registration (for example: first name, last name, email address, professional data, etc.) and to keep it updated. The access credentials for the Account (username and password) are personal and non-transferable. The User must keep their credentials strictly confidential and must not share them with third parties. In the event of loss, theft or suspected unauthorized use of the Account, the User must immediately inform Drilldown, which may take the necessary measures (e.g. temporary suspension of the Account).
2.3 Single Account. Each User may create only one Account, unless Drilldown gives written authorization for specific needs (for example, separate accounts for different collaborators within the same organization). Drilldown reserves the right to delete or merge duplicate accounts relating to the same User.
2.4 Account management and suspension. The User is responsible for all activities carried out through their Account. Drilldown reserves the right to refuse, suspend or delete a registration or an Account, at any time and without notice, if it believes that there are violations of these Terms, misuse of the Platform, or for security reasons. In the event of deletion of the Account by Drilldown for breach of the Terms, the User shall not be entitled to any refund of any fees paid for unused service periods, without prejudice to any different provision of applicable law.
3.1 "Recipes" section. The Platform provides a "Recipes" section in which Users can create, upload and manage culinary recipes. This section is accessible to all registered Professional Users, in particular: (i) nutrition professionals, who can create recipes to include in meal plans for their clients or to share with other users; (ii) creators and content providers, who can publish original recipes, with text, ingredients, instructions and images, making them available on the Platform; (iii) e-commerce operators, who can associate products from their online store as ingredients in recipes, turning those recipes into a tool for promoting and selling food products. The Recipes section allows nutritional and food-preference filters to be applied (e.g. vegetarian, vegan, gluten-free recipes, etc.) to make it easier to find dishes suited to specific needs. Uploaded recipes are processed by the Platform using algorithms that analyze the ingredients and automatically calculate nutritional values (for example calories, macronutrients, etc.) per serving, as well as compatibility with certain dietary regimes based on the ingredients indicated.
3.2 "Shop" section. The "Shop" section is dedicated to Professional Users who are e-commerce and/or retail operators, as well as those in the food or nutrition sector. In this section, the User can integrate their food product or ingredient catalog with the Tuduu Platform. In particular, the e-commerce operator can link the products of their online shop to recipes on Tuduu: this makes it possible, for example, for an ingredient listed in a recipe to correspond to a product that can be purchased from the operator's shop. End users of the Platform (e.g. visitors or the operator's customers) will thus be able to add such ingredients/products directly to the shopping cart with a click, creating a "shoppable recipe" experience. The Platform also offers automatic SEO (Search Engine Optimization) features for recipes integrated with the shop, in order to increase their online visibility. For products associated with the Shop, the Platform can also apply nutritional analysis and categorization algorithms: for example, by identifying nutritional characteristics or the presence/absence of allergens and automatically generating filters (e.g. "lactose-free", "organic", etc.) that help users find products aligned with their dietary needs.
3.3 "Nutrition" section. The "Nutrition" section is aimed mainly at nutrition professionals (nutritionists, dieticians, dietitians or other authorized professionals). In this area of the Platform, the professional can manage information and nutrition plans for their clients/patients. The features of the Nutrition section include tools to create and customize meal plans, diets or nutrition reports. The professional can use recipes (their own or available on the Platform) within nutrition plans, with the ability to adjust portions and see nutritional impacts in real time thanks to integrated nutritional calculation algorithms. In addition, the Nutrition section provides the possibility to generate PDF documents (for example, diet sheets or reports to be given to the client) and to take advantage of a dedicated mobile app: this mobile application allows the end customer to view their nutrition plan, recommended recipes and other information shared by the professional directly on their smartphone. This encourages continuous monitoring and more direct interaction between the professional and the client through the Platform.
3.4 Nutritional analysis algorithms. In all the sections described above, the Tuduu Platform uses advanced algorithms for the nutritional analysis of recipes and products. These algorithms process data provided by Users (recipe ingredients, nutritional information of products, portions, etc.) and automatically produce outputs such as: calculation of nutritional values (e.g. energy, macronutrients, micronutrients), indications regarding allergens or specific substances present, and suggestions on the compatibility of recipes/products with particular diets (for example, whether a recipe is suitable for a vegan or gluten-free diet). The algorithms aim to provide useful and accurate information; however, they operate on the basis of available data and general rules, without direct human intervention. Therefore, the generated outputs may not always be perfectly precise or suitable for every circumstance. It is the User's responsibility (especially the nutrition professional's) to examine and verify the accuracy of the nutritional information and suggestions provided algorithmically before using or communicating them to their clients. The ways in which Users must handle any errors or inconsistencies are described in the following sections of these Terms.
4.1 Lawful and compliant use. The User undertakes to use the Platform and related services in compliance with these Terms, any instructions provided by Drilldown, and applicable laws and regulations. The User is prohibited from using the Platform for illegal or unauthorized purposes. In particular, the User must not: (i) use the Platform in such a way as to infringe third-party rights or legal rules (for example, rules on intellectual property, personal data protection, fair competition, etc.); (ii) introduce harmful, offensive, defamatory, obscene or otherwise inappropriate content or materials; (iii) attempt to gain unauthorized access to the Platform's features, other users' accounts or Drilldown's IT systems, or compromise the security or integrity of the Platform (for example by introducing viruses, malware or other disruptive activities).
4.2 Verification of algorithmic outputs. As described in paragraph 3.4, the Platform automatically generates nutritional information and suggestions using algorithms. The User acknowledges that such information is indicative in nature and must always be critically assessed. It is the User's duty, especially if they are a nutrition professional, to check the accuracy and consistency of algorithmic outputs (for example, nutritional values calculated for a recipe, nutritional or dietary labels assigned to a product) before using them for professional purposes or sharing them with their clients or the public. If the User finds errors, inconsistencies or anomalies in the data generated by the Platform, they undertake to report them promptly to Drilldown through the assistance or contact tools made available. The User is aware that failure to comply with this verification obligation may result in the dissemination of inaccurate information, for which they themselves will be held responsible.
4.3 User content – Licenses and warranties. All content uploaded, published or otherwise entered by the User on the Platform (including, by way of example: texts, recipes, ingredients, photos, videos, trademarks, logos, product descriptions) must be lawfully available to the User. The User warrants that they hold the necessary rights (intellectual property and/or usage rights) in such content, or in any case that they have obtained the appropriate authorizations from the rights holders, so that use of the content on the Platform and by Drilldown under these Terms does not infringe third-party rights. Furthermore, by uploading content to the Platform, the User grants Drilldown the non-exclusive, sublicensable and royalty-free right and license to use, reproduce, modify, publish, translate, distribute, display and perform such content solely in connection with the provision of the Platform services and its promotional activities. This license will end when the User removes the content from the Account or from the Platform, except where retention is required by law or for the protection of rights. The User also warrants that the content provided is accurate, truthful (for example, the nutritional information or ingredients of a recipe are true) and does not breach laws or regulations (for example, it does not contain misleading or unauthorized statements in the food sector). The User assumes full responsibility for the content they enter on the Platform, indemnifying and holding Drilldown harmless from any third-party claim arising from the aforementioned content (see also the Indemnity clause in para. 9.4). Drilldown reserves the right to remove or obscure any User content that it deems, at its sole discretion, to breach these Terms or third-party rights, or to be inappropriate.
4.4 Specific obligations for e-commerce operators. The User who uses the Shop section as an e-commerce operator is solely responsible for the products they make available and for any commercial transactions concluded through the Platform. This includes, by way of example but not limited to: compliance of food products with applicable regulations (for example on food safety, labeling, authorized nutritional and health claims); the truthfulness and completeness of product descriptions (ingredients, allergens, nutritional characteristics, price, etc.); the management of orders placed by end users, related shipping, delivery, invoicing, as well as after-sales assistance, returns and refunds in accordance with applicable law (for example the Consumer Code, if applicable to the end customer). Drilldown provides solely the technological infrastructure of the Platform to facilitate the meeting between the e-commerce operator and end-user buyers: Drilldown, unless a third-party partner intervenes, is not a contractual party to the sale transactions between the e-commerce operator User and end customers, nor does it assume any warranty obligations regarding the products sold by such Users. The e-commerce operator shall fully indemnify Drilldown against any liability or cost arising from claims, disputes, damages or breaches relating to the products they offer or the commercial transactions carried out through the Platform.
4.5 Compliance with professional regulations. If the User is a professional subject to ethical rules or specific legal requirements (for example, a nutritionist enrolled in a professional register), they must use the Platform in a manner consistent with the obligations arising from their professional status. For example, the nutrition professional must ensure that the use of the Platform's tools (such as the preparation of diets or nutritional advice) is carried out in compliance with the guidelines and regulations applicable to their profession. Nothing in these Terms exempts the User from compliance with such professional obligations.
5.1 Paid services and SaaS plans. Access to some features or sections of the Platform (for example, advanced use of the Recipes section for e-commerce, or advanced tools in the Nutrition section) may be subject to the subscription to a paid SaaS (Software-as-a-Service) plan. Drilldown may offer different plans with different service levels (for example: plans with a maximum number of recipes that can be managed, additional features such as "shoppable" recipes, removal of Tuduu watermark, priority support, etc.), as described on the Platform or in Drilldown's commercial documentation. Some plans may include an initial free trial period, after which the subscription will become paid unless cancelled in time by the User.
5.2 Fees and payment methods. The prices of the various subscription packages (hereinafter, the "Fees") are indicated on the Platform or communicated by Drilldown to the User at the time of subscription. The Fees are normally expressed net of VAT and any applicable taxes, which will be added if due under current tax law. Payment of the Fees is made through external electronic payment systems, such as Stripe, by way of example. At the time of subscription, the User may be asked to enter the details of a credit card or other supported payment method, and the User authorizes Drilldown (or the third-party provider Stripe) to automatically charge the Fee due with the periodicity provided for in the chosen plan (e.g. monthly or yearly). All transactions are subject to the terms and conditions of the payment provider Stripe; Drilldown does not store the User's full credit card details, which are securely managed by Stripe.
5.3 Price changes. Drilldown reserves the right to modify the price of subscription plans at any time. Any price changes will take effect no earlier than the billing period following notice to the User. Drilldown will notify the User appropriately (for example by email or through a notification within the Platform) of price changes with reasonable notice. If the User does not wish to accept the new price, they may cancel the subscription before the change takes effect; continued use of the service after the change comes into force will constitute acceptance of the new price.
5.4 Subscription term and cancellation. Unless otherwise stated, subscriptions are deemed to renew automatically: at the end of each period (monthly, yearly, etc.), the subscription automatically renews for an additional period of the same duration, unless cancelled by the User or terminated by Drilldown within the deadlines indicated below. The User may withdraw from the subscription at any time through the relevant feature on the Platform (for example, in the Account settings) or by contacting Drilldown support to request cancellation. Cancellation will take effect at the end of the already paid subscription period: until that date, the User will retain access to the paid features, and no refunds are provided for any unused periods. In the event of non-payment of the Fee (for example due to an invalid credit card or insufficient funds) or breach of these Terms by the User, Drilldown may suspend or terminate the subscription; in such case the User remains obliged to pay the amounts accrued up to the termination date, without prejudice to Drilldown's right to compensation for further damages if termination occurred due to the User's breach.
If Drilldown and the User have entered into a specific written agreement providing particular terms and conditions for the use of the Platform (for example a customized service contract, a corporate or partner agreement), or the publication of content (recipes and products) on external channels such as the Tuduu.it marketplace or other shared channels, the provisions of that specific agreement shall apply in addition to these Terms. In the event of a conflict between the clauses of the customized contract and what is provided in these General Terms, the clauses of the customized contract shall prevail, limited to the conflicting aspects. It is understood that for anything not expressly regulated in the specific agreement, these General Terms shall apply.
7.1 Platform and Drilldown content. The Platform (including the software, source code, design, user interface, databases, the "Tuduu" and "Drilldown" trademarks, logos, domain names, and all other content and materials present on the website and app except for User Content as defined above) is the exclusive property of Drilldown or its possible licensors. These elements are protected by copyright, trademark, patent, industrial design and/or other intellectual property laws. The User undertakes not to copy, modify, distribute, sell or create derivative works from any part of the Platform or its proprietary content, except as expressly permitted by Drilldown or by law. Access to the Platform does not in any way transfer to the User any intellectual property rights in the software or other elements owned by Drilldown, but only grants a limited, revocable and non-exclusive license to use the Platform in accordance with these Terms.
7.2 User content. The User retains full ownership of the rights in their own content that they upload to the Platform (as defined in paragraph 4.3). However, in accordance with clause 4.3, the User grants Drilldown a license to use the aforementioned content for the purposes and subject to the limitations described therein. The User acknowledges that such content published on the Platform may be visible to other users or, in the case of recipes or publicly available information, also to unregistered visitors, and authorizes Drilldown to carry out any publishing, sharing or indexing activities necessary to give visibility to such content within the limits of the Platform's features.
7.3 Feedback and suggestions. If the User provides Drilldown with comments, suggestions or ideas relating to the Platform or services (for example, reporting new features or improvements), such contributions will not be considered confidential. Drilldown shall be free to use such feedback for any purpose, without this entitling the User to any compensation or recognition, and without this resulting in any transfer of rights to the User over any modifications or improvements implemented.
8.1 Processing of personal data. Drilldown processes the personal data provided by the User or otherwise collected during use of the Platform in accordance with EU Regulation 2016/679 ("GDPR") and applicable Italian privacy law. Information on the methods and purposes of the processing of personal data is detailed in the Privacy Notice provided to the User and available on the Platform's website. By accepting these Terms, the User declares that they have read such notice.
8.2 Third-party data entered by the User. If the User (for example, a nutrition professional) enters third-party personal data on the Platform, such as information about their clients or patients (e.g. name, contact details, health data or dietary regimen data), they warrant that they have collected such data lawfully and, where necessary, that they have obtained the informed consent of the data subjects for the use of such data within the Platform. In relation to such processing, the User qualifies as Data Controller and Drilldown acts as Data Processor under Art. 28 GDPR, limited to the storage and processing activities necessary to provide the Platform services. In this regard, a specific Data Processing Agreement may be drawn up, governing in detail the respective obligations regarding personal data protection; where applicable, such agreement shall be deemed an integral part of these Terms.
8.3 Usage data and aggregated data. Drilldown is authorized to collect and process data relating to Users' use of the Platform (for example, features used, number of recipes created, search parameters, browsing statistics, feedback provided, etc.) for the purpose of improving the service and ensuring the Platform functions properly. Once collected, such usage data may be anonymized and aggregated so that Users or natural persons can no longer be directly or indirectly identified. The User expressly acknowledges and agrees that Drilldown, in compliance with applicable law, may use this anonymous and aggregated data for statistical analysis, research and development purposes, and also for commercial and monetization purposes. This may include, for example, the publication of reports or insights on nutrition trends derived from overall user data, or the sharing of statistical data with interested third parties (for example business partners) in strictly anonymous form. In no case shall such activities involve communicating to third parties personally identifiable data of the User without the User's consent or without another valid legal basis provided by law.
9.1 Platform functionality – "as is". The Tuduu Platform and all its services and features are provided to the User on an "as is" and "as available" basis. This means that, while Drilldown undertakes to keep the Platform operational and updated, no specific guarantee is given regarding the absence of errors or interruptions. In particular, Drilldown does not guarantee that: (i) the Platform fully meets the User's specific needs; (ii) the results obtained through the use of the Platform (including algorithmic nutritional analyses) are always precise, accurate or reliable; (iii) the operation of the Platform is free from interruptions, delays, malfunctions or errors; (iv) any defects or bugs in the software will be corrected immediately. The User accepts that use of the Platform is at their own risk.
9.2 Limitation of Drilldown's liability. To the maximum extent permitted by applicable law, Drilldown shall not be liable for indirect, incidental, consequential, special or punitive damages suffered by the User or third parties in connection with the use of the Platform or the inability to use it. In any event, damages such as loss of profit, loss of earnings or savings, loss of business opportunities, loss of data, business interruption or third-party claims against the User are excluded from compensation, within the limits set out above. If Drilldown is held liable for any reason within the contractual relationship with the User, Drilldown's total liability shall not exceed the amount of the fees paid by the User to Drilldown in the 12 months preceding the event giving rise to liability (or, if use of the Platform is free of charge, an amount equal to Euro 100 as a maximum). This limitation of liability applies to the maximum extent permitted by law, and nothing in these Terms is intended to limit Drilldown's liability for wilful misconduct or gross negligence, or any other cases where limitation is not permitted by law.
9.3 No medical or diagnostic advice. The User acknowledges that the Platform and the features provided are not a medical device and in no way constitute an offer of medical advice, diagnosis or personalized health treatment. The nutritional information, data and suggestions generated through Tuduu are for informational and professional support purposes only, and in no case replace medical advice or the assessment of a licensed healthcare professional. Any decision regarding an individual's health, diet or treatment must be made by a competent professional on the basis of a direct assessment of the specific case. If the User is a nutrition professional, they remain fully responsible for the advice provided to their clients/patients: use of the Platform does not exempt the User from their duty of personal assessment and from compliance with best professional practices. If the User is not a healthcare professional, they must always consult doctors or qualified specialists for diagnoses or therapeutic advice. Drilldown does not guarantee any result in terms of health or physical condition arising from the use of the Platform, nor does it assume responsibility for consequences arising from exclusive reliance on information obtained through the Platform.
9.4 User indemnity. The User undertakes to indemnify and hold Drilldown, as well as its representatives, employees and collaborators, harmless from any loss, damage, liability, cost or expense (including reasonable legal fees) arising from any third-party claim caused by or connected to: (i) content provided by the User on the Platform that infringes third-party rights or legal rules; (ii) the User's breach of these Terms or legal obligations in using the Platform; (iii) the User's negligence, imprudence or wilful misconduct in using the Platform; (iv) products sold or marketed by the User through the Platform (in the case of an e-commerce operator), including any disputes regarding the quality, conformity or safety of such products. Drilldown shall promptly notify the User of any such claims and shall reasonably cooperate in the defense, it being understood that Drilldown shall be free to manage its own legal defense independently.
10.1 Term of the agreement. This contractual agreement between the User and Drilldown takes effect when the User accepts the Terms (registration and/or first use of the Platform) and remains valid for as long as the User uses the Platform. The User's account and any subscription are for an indefinite period with periodic automatic renewals as described above, unless terminated as provided below.
10.2 User withdrawal. The User may withdraw from this contractual relationship at any time by requesting deletion of their Account and ceasing to use the Platform. The Account may be deleted through the relevant function on the Platform (where available) or by contacting Drilldown in writing. In the event of voluntary withdrawal, the User shall not be entitled to any refund of fees already paid for services not fully enjoyed, without prejudice to the provisions of para. 5.4 above for ongoing subscriptions. Closure of the Account makes future access to data and content entered by the User into the Platform impossible, without prejudice to any data retention obligations for legal compliance or the protection of rights as indicated in the Privacy Policy.
10.3 Suspension or termination by Drilldown. Drilldown reserves the right to temporarily suspend the User's access to the Platform or to terminate this agreement with immediate effect (disabling the Account) in the following cases: (i) when necessary to ensure the security of the Platform or data (for example, in the event of a cybersecurity breach or threat); (ii) in the event of serious or repeated breach by the User of these Terms (for example, unlawful use of the Platform, failure to pay fees due, unauthorized disclosure of confidential data, etc.); (iii) if required by an order of the Authority or by law; (iv) in the event of cessation of Drilldown's activities relating to the Platform or subsequent inability to provide the services. Unless prohibited by law or orders (e.g. an order for immediate blocking by the authority), Drilldown will provide the User with written notice of the suspension or termination, indicating the reasons, with reasonable notice where possible. In the event of termination not attributable to the User (for example, case (iv) above), Drilldown, where applicable, will refund the User the part of the fee already paid relating to the unused subscription period following the effective date of termination.
10.4 Effects of termination. Upon termination of the contractual relationship, for any reason, the User must immediately cease using the Platform. All clauses of these Terms that by their nature are intended to survive termination (such as, by way of example: accrued payment obligations, warranty disclaimers, limitations of liability, indemnities, provisions on intellectual property and data processing) shall continue to have full effect. Termination of these Terms does not affect any rights or legal remedies accrued by the parties up to that time.
Drilldown reserves the right to update or modify these Terms at any time, for example to adapt them to regulatory changes, the introduction of new features or services, or for other organizational needs. In the event of a material change to the Terms, Drilldown will notify the User with adequate advance notice, by publishing a notice on the Platform's website and/or by sending a communication to the User's registered email address. The changes will be effective from the date indicated in the communication (or, if no date is indicated, 15 days after communication). If the User does not wish to accept the changes, they may withdraw from the contract before the effective date by deleting their Account. If no withdrawal occurs within that period, the new Terms shall be deemed accepted and shall apply to the User from the indicated effective date.
These Terms and all contractual relationships arising from them are governed by Italian law. Any dispute arising between Drilldown and the User regarding the interpretation, validity, performance or termination of these Terms, or otherwise relating to the use of the Platform, shall be subject to the exclusive jurisdiction of the Court of Milan, without prejudice to any mandatory jurisdiction provided by applicable law.
13.1 Entire agreement. These Terms (together with the referenced or attached documents, such as the Privacy Notice and, where applicable, the Data Processing Agreement) constitute the entire agreement between the User and Drilldown regarding the User's use of the Platform, and supersede any prior oral or written understanding or agreement between the parties on the same subject matter. The possibility of entering into ad hoc contracts as provided for in Art. 6 above remains unaffected.
13.2 Partial invalidity. If any provision of these Terms is held to be null, invalid or ineffective by a competent authority (for example, a court), it shall be applied to the maximum extent permitted and this shall not affect the validity and effectiveness of the remaining provisions, which shall continue to be fully valid and binding.
13.3 No waiver. Any failure or delay in exercising any right or option granted to Drilldown under these Terms shall not in any way constitute a waiver of that right or option, which may also be exercised at a later time, within the limits permitted by law.
13.4 Assignment of the contract. The User may not assign or transfer this contract to third parties (that is, their Account and the rights/obligations arising from the Terms) without Drilldown's prior written consent. Drilldown, subject to notice to the User, may assign this contract in the context of business transfers, extraordinary corporate transactions or to parent, subsidiary or affiliated companies, provided that this does not prejudice the User's rights under these Terms.
13.5 Language and versions. These General Terms of Use are drafted in Italian. Any translations into other languages or local versions are provided solely for convenience of consultation; in the event of discrepancies or interpretive doubts, the Italian-language text shall prevail over the others.
13.6 Contacts. For any communication relating to these Terms or the use of the Platform, the User may contact Drilldown using the contact details indicated on the website (for example, the provided support email address). Drilldown may contact the User at the contact details (email, address) provided during registration.
Parties: This Data Processing Agreement is entered into between:
Data Controller (hereinafter "Controller"): the professional (natural or legal person) who uses the nutrition module and determines the purposes and means of the processing of patients' personal data;
Data Processor (hereinafter "Processor"): the company providing the nutrition module (e.g. software platform/CRM), which processes personal data on behalf of the Controller.
1.1 Subject matter
Pursuant to Art. 28 of Regulation (EU) 2016/679 (GDPR), this agreement governs the processing of personal data that the Processor carries out on behalf of the Controller within the nutrition module of the service provided to the Controller. In particular, the Processor will process the data entered by the Controller in the CRM (first name, last name, contact details, patients' nutritional data, etc.) exclusively to provide the functionalities of the nutrition module and in accordance with the Controller's instructions (see Section 6). The processing of personal data will take place according to the operations permitted by Art. 4(2) GDPR, such as collection, recording, organization, storage, consultation, use, modification, erasure, etc., as necessary to provide the service.
1.2 Duration
The duration of this agreement coincides with that of the contractual relationship between Controller and Processor relating to the use of the nutrition module. The agreement remains in force as long as the Processor processes personal data on behalf of the Controller. In the event of termination of the main service (e.g. account deletion or end of the service contract), the provisions on data return/deletion in Section 10 shall apply. The Controller has the right to terminate this agreement with immediate effect in the event of a serious breach by the Processor of data protection rules or the obligations set out herein. The right of each party to claim compensation for any damages resulting from breach of the agreement is reserved.
The Processor provides the Controller with a software platform (nutrition module) in Software as a Service mode for managing patients' nutritional activities. The purpose of the processing is to allow the Controller to store and process information about their patients in order to offer personalized nutritional consultations, draw up meal plans, monitor weight trends and other health parameters, as well as manage communications with patients and related appointments. Such functionalities fall within the scope of medical/nutritional practices managed by the software, similarly to digital health services for managing medical records and treatment plans.
In concrete terms, the nature of the processing carried out includes all operations necessary to provide the nutrition module service, including collection, organization, consultation, modification, saving, extraction, communication to the Controller themselves, deletion or destruction of data entered into the system, according to the Controller's instructions. The Processor will not use the data for purposes of its own other than those agreed, nor will it communicate them to third parties except on the Controller's instructions or where required by law (as detailed below).
Within the nutrition module, the Processor will process on behalf of the Controller the following types of personal data relating to the Controller's patients:
Identification and contact data: first name, last name, email address, date and place of birth, telephone numbers and any addresses (e.g. to contact the patient).
Nutritional/health data: information about the patient's health status and eating habits, for example nutritional preferences or restrictions (special diets, food allergies, vegetarian/vegan choices, etc.), weight monitoring data and anthropometric or similar health parameters, as well as any notes on lifestyle relevant to nutrition. Such information falls within personal data relating to health under Art. 4(15) GDPR and/or may indirectly reveal religious or philosophical beliefs (e.g. dietary choices), constituting special categories of data under Art. 9 GDPR. Accordingly, both Controller and Processor undertake to adopt the necessary safeguards and security measures required by law to protect this sensitive data.
The categories of data subjects whose data are processed in performance of this agreement are: the Controller's patients (clients), natural persons who receive nutritional consultation or other services from the Controller and whose personal data are entered into the nutrition module.
The Controller undertakes to:
Lawfulness and transparency: Ensure that the personal data of patients entrusted to the Processor are collected and processed lawfully (for example, obtaining, where necessary, the patient's informed consent or another valid legal basis under Art. 6 GDPR) and that the data subjects have been properly informed about the purposes and methods of processing, in accordance with Arts. 13 and 14 GDPR. The Controller remains responsible to the data subjects for compliance with legal obligations in relation to such data.
Documented instructions: Provide the Processor with documented, clear and up-to-date instructions on the processing of data (e.g. through this agreement and any policies or operational guidelines). Any additional instructions or changes to the initial instructions must be communicated in writing (including by certified email or electronic ticketing system) and kept for reference. The Processor will process the data only according to the instructions received. If, in the Processor's opinion, an instruction from the Controller violates privacy law, the Processor will immediately inform the Controller (see also Section 6).
Oversight and audit: Verify, before the start and then regularly, that the Processor provides sufficient guarantees in terms of technical and organizational measures adequate to protect the data entrusted, and that it complies with the provisions of this agreement. The Controller has the right to carry out or have periodic audits (e.g. annual) and inspections carried out, upon reasonable notice, on the Processor's activities relating to the entrusted data, in order to check compliance with data protection rules and the agreed instructions. The Processor undertakes to cooperate by providing information or reasonable access to the infrastructure, within the agreed limits (see Sections 6 and 8 for details on audits and sub-suppliers).
Reporting irregularities: Promptly inform the Processor if it detects errors, inconsistencies or breaches in the processing methods carried out by the Processor that may result in non-compliance with this agreement or with applicable privacy rules. The parties will cooperate to remedy any irregularity found without delay.
Confidentiality of information: Treat as strictly confidential all information relating to the security measures, systems and trade secrets of the Processor of which they become aware in the course of the contractual relationship. This confidentiality obligation remains valid even after termination of this agreement.
Handling data subject requests: The Controller remains responsible for responding to requests to exercise rights made by their patients (access, rectification, erasure, objection, portability, etc. – Chapter III GDPR). If the Processor receives directly communications or requests from a data subject relating to the data covered by this agreement, it must forward them immediately to the Controller without acting on them independently, unless specifically authorized. The Controller will provide the Processor with the instructions necessary to satisfy such requests, bearing in mind that the Processor will assist the Controller to the extent provided by law (see Section 6).
The Processor undertakes to comply with all obligations set out in Art. 28 GDPR. In particular, without prejudice to the obligations further detailed elsewhere in this agreement, the Processor must:
Process only on instructions: process personal data exclusively on documented instructions from the Controller. This also applies to any transfers of data to third countries or international organizations: such operations are not permitted to the Processor without the Controller's prior instruction/authorization (see also Section 9), unless a Union or Member State law requires the Processor to carry out a specific processing; in that case the Processor will inform the Controller of that legal obligation before processing, unless the law prohibits such information on important grounds of public interest.
Staff confidentiality: ensure that persons authorized by it to process personal data (its own employees or any collaborators) have received adequate instructions on compliance with privacy law and have contractually undertaken confidentiality (or are subject to an appropriate legal obligation of confidentiality). The Processor will ensure that anyone acting under its authority and having access to the Controller's personal data does not process them except on the Controller's instructions. This confidentiality obligation also survives termination of this agreement.
Data security: adopt and maintain appropriate technical and organizational measures pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk of the entrusted processing. Such measures include, among other things, pseudonymization and encryption of personal data (where appropriate), access control and authentication systems, the ability to ensure the confidentiality, integrity, availability and resilience of the processing systems and services, as well as the ability to restore access to data promptly in the event of physical or technical incidents. The Processor shall adopt procedures to regularly test, verify and evaluate the effectiveness of the technical and organizational measures implemented (see also Section 7 below for further details on security measures).
Use restrictions: not use personal data provided by the Controller for its own purposes and not make copies or duplicates of the data except as necessary for service provision and in any case subject to the Controller's consent/instructions. The Processor guarantees that the data processed for the Controller are logically or physically separated from those of other customers or from its own databases, in order to avoid mixing.
Sub-processors: not entrust sub-processors with the performance of specific processing activities on behalf of the Controller without the latter's prior (written) authorizationhttps://www.privacy-regulation.eu/it/28.htm. If authorization is given for the use of sub-processors (see Section 8 for details), the Processor shall impose on such persons the same obligations regarding personal data protection set out in this agreement and shall remain fully liable to the Controller for the sub-processor's compliance with its obligations.
Assistance to the Controller: taking into account the nature of the processing and the information available, assist the Controller in complying with their data protection obligations. In particular, the Processor will provide adequate support to the Controller so that the Controller can satisfy requests for the exercise of data subjects' rights (right of access, rectification, erasure, objection, portability, etc.), for example by making available software functions that allow the Controller to extract, correct or delete patient data on request. In addition, the Processor will assist the Controller in ensuring compliance with data security obligations and, where applicable, notification of any personal data breaches to supervisory authorities or data subjects, pursuant to Arts. 32-34 GDPR (for example, by promptly providing the Controller with information relating to a data breach so that they can make the notification within 72 hours, see also the following point). Likewise, the Processor will cooperate with the Controller in the event that a data protection impact assessment (DPIA) or prior consultation with the supervisory authority under Arts. 35-36 GDPR is necessary, providing the relevant information.
Breach notification: immediately inform the Controller in the event of security breaches or incidents (e.g. unauthorized access, loss, destruction or accidental disclosure of personal data) involving data processed on behalf of the Controller. Such communication shall include all information known to the Processor that is useful to the Controller in assessing the seriousness of the event and fulfilling any notification obligations to the Privacy Authority and/or communication to data subjects under Arts. 33 and 34 GDPR. The Processor undertakes to support the Controller in incident analysis and management activities and in the preparation of related notifications or communications, according to the Controller's instructions.
Proof of compliance and audit: make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this agreement. At the Controller's request, the Processor will provide documentation attesting to the security measures implemented (e.g. certifications, internal/external audit reports, compliance statements) and will facilitate inspections or checks by the Controller or a person appointed by the Controller. The audit arrangements (timing, scope, security measures to protect other customers' data, etc.) will be agreed between the parties in compliance with their respective needs.
Reporting conflicting instructions: if the Processor believes that an instruction given by the Controller violates the GDPR or other legal provisions on data protection, it must inform the Controller promptly before carrying out such instruction, and may suspend its application until confirmation or modification by the Controller (as permitted by Art. 28(3) GDPR).
The Processor declares that it has adopted technical and organizational measures suitable to ensure a level of security appropriate to the risk of the processing carried out, in accordance with Art. 32 GDPR. The selection of such measures has been made taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, as well as the risks to the rights and freedoms of natural persons. In particular, the Processor implements measures such as:
Access control: access to personal data allowed only to authorized personnel for strictly necessary purposes; adoption of secure authentication systems for users and administrators (e.g. strong passwords, two-factor authentication).
Encryption and pseudonymization: use of encryption protocols to protect personal data during transmission (e.g. HTTPS/TLS) and, where possible, encryption of data at rest on servers or in backups. Possible pseudonymization of patients' identifying data in aggregated analyses so that they cannot be attributed to specific natural persons without additional information.
Integrity and availability: regular data backup systems and recovery procedures to ensure the availability of and rapid access to personal data in the event of physical or technical incidents. Use of anti-malware measures, firewalls and monitoring to prevent unauthorized access or data loss.
Testing and monitoring: periodic verification of the effectiveness of the security measures adopted, through internal audits, vulnerability tests, monitoring of security logs and, where appropriate, prompt correction of any weaknesses identified.
The security measures adopted by the Processor are described in greater detail in specific technical documentation (e.g. appendix on Technical and Organizational Measures), which may be provided to the Controller upon request and is deemed an integral part of this agreement. The Processor guarantees that it will keep such measures updated to adapt them to the evolution of risks and best security practices, notifying the Controller of any material changes that may affect the protection of the entrusted data.
The Processor may involve other parties as sub-processors only with the Controller's authorization. The authorization may be specific to a single sub-processor, or general for categories of sub-processors (for example, hosting providers, email services, etc.) known at the time of signing: in the latter case the Processor shall nevertheless inform the Controller of any planned addition or replacement of such sub-processors, giving the Controller the opportunity to object to such changes before the sub-processor begins processing the data.
Any authorized sub-processors shall be bound in writing by the Processor through a contract that imposes at least the same data protection obligations set out in this agreement, including in particular adequate security and confidentiality guarantees. The Processor remains fully responsible to the Controller for compliance with the obligations incumbent upon any sub-processors it appoints; if a sub-processor breaches its obligations, the Processor shall be directly liable to the Controller for any default.
The processing of personal data covered by this agreement shall take place exclusively in infrastructures (servers, data centers) located in territories of the European Union or the European Economic Area. No transfer of personal data to third countries (outside the EEA) is envisaged by the Processor, except as may be necessary for the use of sub-processors authorized by the Controller under Section 8. In any case, any transfer of data to a third country or an international organization by the Processor (or its sub-processors) may take place only in compliance with Chapter V GDPR. In particular, prior authorization from the Controller must be obtained and the conditions set out in Arts. 44 et seq. GDPR must be met, for example on the basis of an adequacy decision by the European Commission or through the adoption of standard contractual clauses approved by the Commission, binding corporate rules or other appropriate safeguards. The Processor will inform the Controller of the methods and legal bases of the proposed transfer so that the Controller can assess and grant (or deny) authorization.
Upon termination, for any reason, of the service relationship between the parties relating to the nutrition module (for example, in the event of withdrawal or expiry of the main contract, or permanent suspension of the service by the Processor), the Processor shall cease any further processing of personal data carried out on behalf of the Controller. At the Controller's choice, communicated in writing at the time of termination of the contract or within an agreed period, the Processor shall either return all personal data processed on behalf of the Controller (for example by export in an interoperable format) or permanently delete all such data from its systems. In any case, the Processor shall delete any existing copies of the data (including backup copies) except to the extent that retention of the data is required by applicable Union or Member State law applicable to the Processor (in which case the Processor shall inform the Controller of the data and the legislation requiring retention, processing them only for that legal retention purpose). Deletion carried out at the Controller's request shall be certified in writing by the Processor upon request.
The confidentiality obligations assumed by the Processor and authorized personnel during the term of this agreement shall remain in force after termination. The Processor also guarantees that, in the event of termination, any appointed sub-processors will be bound by the same obligations to return/delete the Controller's personal data.