We use cookies to run the platform, analyze usage, and measure marketing. Privacy · Imprint

Fodoni NetworkFodoni Network

Privacy Policy

Last updated: May 2026

1. Controller

Fodoni GmbH Karl-Broel-Str. 13 53604 Bad Honnef Germany Email: info@fodoni.com

Represented by: David Rein (Managing Director)

2. Overview

Fodoni Network is a B2B SaaS platform for the food and agricultural sector. The platform is directed exclusively at businesses (not consumers). We process personal data solely in connection with the provision of our services and statutory obligations.

3. Categories of Data

We process the following categories of personal data:

  • Account data: name, email address, password (hashed), role, account creation date
  • Company data: company name, address, country, industry, description, logo, verification status
  • Company identifiers: VAT ID, trade register data
  • Billing data: Stripe customer/subscription ID, license plan, payment status (payment method details are stored exclusively by Stripe)
  • Usage data: IP address, browser/device type, access times, pages viewed
  • Communication data: messages in response threads, notifications, contact form submissions
  • Documents: uploaded company documents and listing images
  • Analytics data: page views, search queries, conversion events (only with consent)

4. Legal Basis (Art. 6 GDPR)

Processing is based on the following legal grounds:

  • Art. 6(1)(b) GDPR – Contract performance: provision of the platform, account management, subscription management, transactional emails
  • Art. 6(1)(a) GDPR – Consent: statistics cookies, marketing cookies, marketing/tracking services (Google Analytics, Google Tag Manager, Meta Pixel, LinkedIn Insight Tag)
  • Art. 6(1)(f) GDPR – Legitimate interest: fraud prevention, system security, debugging, CRM management for existing customers (Pipedrive)
  • Art. 6(1)(c) GDPR – Legal obligation: tax retention requirements, commercial law

5. Cookies & Consent

We use cookies and similar technologies in three categories:

Necessary Cookies (no consent required)

  • Session cookie (authentication, CSRF protection)
  • Language preference
  • Cookie consent status (fodoni_tracking_consent)

Statistics Cookies (consent required)

  • Google Analytics 4 (_ga, _ga_*) – website analytics and usage statistics

Marketing Cookies (consent required)

  • Google Tag Manager – tag orchestration
  • Meta Pixel (_fbp, _fbc) – conversion tracking and audience building
  • LinkedIn Insight Tag (li_*, ln_*) – B2B conversion tracking

We implement Google Consent Mode v2. Without consent, all tracking signals are suppressed (analytics_storage, ad_storage, ad_user_data, ad_personalization set to "denied"). Consent preferences can be changed at any time via the cookie banner.

You can revoke your consent at any time by clicking "Cookie Settings" in the footer.

6. Recipients & Processors

We share personal data with the following third parties:

  • Amazon Web Services EMEA SARL (Luxembourg) – Hosting, database, CDN (CloudFront), file storage (S3). Processing in eu-central-1 (Frankfurt). Data processing agreement based on the AWS Data Processing Addendum.
  • Stripe Technology Europe Ltd. (Ireland) – Payment processing, subscription management, tax calculation (Stripe Tax). Stripe processes payment details as an independent controller.
  • Microsoft Ireland Operations Ltd. – Sending transactional emails via Microsoft Graph Mail API (Microsoft 365).
  • Pipedrive OÜ (Estonia) – Customer relationship management for contact inquiries and existing customer management.
  • Zendesk Inc. (USA, EU data processing) – Customer support (ticketing, Help Center, chat widget). Transfer to the USA based on Standard Contractual Clauses (SCCs) and supplementary measures.
  • Google Ireland Ltd. – Google Analytics 4, Google Tag Manager (consent required only). Data processing in the EU. Google Ads Data Processing Terms.
  • Meta Platforms Ireland Ltd. – Meta Pixel for conversion tracking (consent required only).
  • LinkedIn Ireland Unlimited Company – LinkedIn Insight Tag for B2B conversion tracking (consent required only).
  • Klaviyo Inc. (USA, EU data processing) – Email marketing and newsletters (planned). Transfer based on Standard Contractual Clauses.

7. International Data Transfers

The primary data processing location is the EU (AWS eu-central-1, Frankfurt am Main). Where data is transferred to third countries (in particular the USA), this is done on the basis of:

  • EU Standard Contractual Clauses (Art. 46(2)(c) GDPR)
  • Adequacy decisions (where applicable)
  • Supplementary technical and organizational measures

8. Data Retention

We retain personal data only as long as necessary for the respective purpose:

  • Account data: As long as the account is active, plus retention periods after deletion
  • Billing data: 10 years after the end of the fiscal year (§ 147 AO, § 257 HGB)
  • Server logs and usage data: 90 days
  • Analytics data: 14 months (Google Analytics standard)
  • Communication data: Until account deletion
  • After deletion request: Without undue delay, unless a statutory retention obligation applies

9. Your Rights (Art. 15–21 GDPR)

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR): You may request a copy of your stored data.
  • Rectification (Art. 16 GDPR): Inaccurate data will be corrected upon your request.
  • Erasure (Art. 17 GDPR): You may request deletion of your data, provided no retention obligation applies.
  • Restriction (Art. 18 GDPR): You may request restriction of processing.
  • Data portability (Art. 20 GDPR): You may receive your data in a machine-readable format.
  • Objection (Art. 21 GDPR): You may object to processing based on legitimate interests.

To exercise your rights, please contact: info@fodoni.com. We will respond to requests within 30 days.

You have the right to file a complaint with a supervisory authority. The competent authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW).

10. Technical and Organizational Measures

We implement the following protective measures:

  • End-to-end TLS encryption of all data transfers
  • Passwords are hashed with bcrypt – plaintext storage is excluded
  • Role-based access control with capability-based authorization
  • Two-factor authentication (email-based, time-limited)
  • Single-session enforcement with session versioning
  • Structured audit logging of critical operations
  • Encryption of data at rest (AWS RDS, S3)
  • Proactive monitoring and alerting for anomalies
  • Regular encrypted backups with documented recovery procedures

11. Changes to this Privacy Policy

We reserve the right to update this privacy policy as needed – particularly in the event of technical changes, new features, or changes in the legal landscape. The current version is always available on this page. In the event of material changes, we will inform registered users by email.