FIELD TO SHELF

Effective date: June 2026

Last updated: June 2026

1. Introduction

Welcome to Field to Shelf. We help food and agrifood producers worldwide to prepare for their market entry into German-speaking retail markets (Germany, Austria, Switzerland).

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. It applies to:

our website (fieldtoshelf.com and any related subdomains)

our free Retail-Ready Check survey (the “Self-Assessment”)

our paid consulting services (Retail-Ready Check assessment, implementation modules, and related advisory)

all communications between you and Field to Shelf.

We take your privacy seriously and comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (nDSG).

2. Who We Are — Joint Data Controllers

Field to Shelf is operated as a partnership. The joint data controllers responsible for your personal data are:

Riccarda Chiappani

RC Future Consulting | rcfutureconsulting.com

Based in Cyprus

[email protected]

Maria Britze

Global Readership | mariabritze.com

Based in Italy

[email protected]

Both parties act as joint controllers under Article 26 GDPR. This means we share responsibility for how your personal data is handled. For any questions, concerns, or requests, you can contact either of us. The primary contact point for data protection matters is:

Email: [email protected]

3. What Personal Data We Collect

3.1 Free Retail-Ready Check Survey

When you complete our free self-assessment survey, we collect:

- Your full name and email address (required to send your results)

- Company name

- Your target retail channel (e.g. Organic Wholesale, Premium Retail, Discount)

- Self-reported information about your product, certifications, packaging, and operational status

- Survey responses you provide

This survey is free of charge and non-binding. Completing it does not create a contractual relationship with Field to Shelf.

3.2 Paid Consulting Services

If you engage us for paid services, we additionally collect:

- Full contact details (name, email, phone, address)

- Business registration information

- Documents and materials you share with us (e.g. product sheets, certificates, packaging artwork, price lists)

- Payment information (processed via third-party payment providers — we do not store card details)

- Communication records (emails, calls, meeting notes)

- Assessment outputs and project documentation

3.3 Website & Technical Data

When you visit our website, we may automatically collect:

- IP address and browser type

- Pages visited and time spent

- Referring URL

- Cookie data (see Section 9 on Cookies)

4. Why We Process Your Data — Legal Bases

We process your personal data only where we have a lawful basis to do so. The following table summarises our processing activities:

Delivering your free Survey results

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) / your consent when submitting the form. We process your data to prepare and send the personalised Retail-Ready Check report you requested.

Providing paid consulting services

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR). Processing is necessary to fulfil our service agreement with you.

Invoicing and payment processing

Legal basis: Legal obligation (Art. 6(1)(c) GDPR) and contract performance. We are required to retain accounting records under applicable law.

Sending you relevant follow-up information or offers

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) for existing clients and Survey respondents; your prior consent where required. You can opt out at any time (see Section 7).

Improving our services and website

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). We use aggregated, anonymised insights from survey responses and website usage to refine our offering.

Legal compliance and record-keeping

Legal basis: Legal obligation (Art. 6(1)(c) GDPR).

5. Third-Party Tools & Data Processors

We use the following third-party services to operate our website and deliver our services. Each acts as a data processor on our behalf and is bound by a Data Processing Agreement (DPA) or equivalent safeguards:

- Go High Level (HighLevel Inc.)

Purpose: CRM, website hosting, survey delivery, automated emails, lead management. Servers are primarily located in the United States. Data transfers are protected under Standard Contractual Clauses (SCCs).

- Namecheap

Purpose: Domain registration. Namecheap processes domain registration data as required by ICANN.

- Email provider (Namecheap)

Purpose: Business email communication. Namecheap acts as a data processor under its own agreement.

- Calendly (or equivalent scheduling tool)

Purpose: Scheduling discovery calls and client meetings. If you book a call with us via a scheduling link, your name, email, and selected time are processed by Calendly.

- Payment processor (e.g. Stripe)

Purpose: Secure payment processing for paid services. We do not store payment card details. Stripe processes payment data as an independent controller for fraud and compliance purposes.

We do not sell your data to any third party. We do not use your data for advertising or profiling beyond the purposes described in this Policy.

6. International Data Transfers

Some of our third-party tools (in particular Go High Level) are based in the United States. Data transfers to the US and other countries outside the EU/EEA, UK, and Switzerland are protected by one or more of the following mechanisms:

Standard Contractual Clauses (SCCs) approved by the European Commission

The EU–US Data Privacy Framework (where applicable)

The UK’s International Data Transfer Agreements (IDTA)

Switzerland’s equivalent transfer safeguards under the nDSG

You can request further information about the specific safeguards in place for any given transfer by contacting us.

7. Your Rights

Depending on where you are located, you have the following rights regarding your personal data:

Right of access — You can request a copy of the personal data we hold about you.

Right to rectification — You can ask us to correct inaccurate or incomplete data.

Right to erasure — You can request deletion of your data where there is no overriding legal basis for us to retain it.

Right to restriction — You can ask us to limit how we use your data in certain circumstances.

Right to data portability — You can request your data in a structured, machine-readable format.

Right to object — You can object to processing based on legitimate interests, including direct marketing. We will stop processing unless we can demonstrate compelling grounds.

Right to withdraw consent — Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

Right not to be subject to automated decision-making — We do not make legally significant decisions about you solely by automated means.

Swiss residents: You have equivalent rights under the nDSG, including the right to information, correction, and deletion.

UK residents: You have the same rights as EU residents under the UK GDPR. You may also lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of your rights, please contact us at the email address listed in Section 2. We will respond within 30 days (or 1 month under GDPR). We may ask you to verify your identity before fulfilling your request.

8. How Long We Retain Your Data

Free Survey responses: Retained for up to 24 months from submission, unless you request earlier deletion or opt out of follow-up communications.

Paid client records (contracts, project files, correspondence): Retained for 7 years from the end of the engagement, in line with standard commercial and tax retention obligations.

Invoice and payment records: Retained for 7–10 years depending on applicable accounting law (Cypriot, Italian, German, and/or Swiss requirements).

Marketing communications: Until you unsubscribe or request deletion.

Website analytics data: Retained in aggregated form; individual session data typically 26 months or less depending on tool configuration.

After retention periods expire, data is securely deleted or anonymised.

9. Cookies

Our website may use cookies and similar tracking technologies. Cookies are small text files stored on your device.

We may use the following categories of cookies:

Essential cookies: Necessary for the website and survey to function. Cannot be disabled.

Analytics cookies: Help us understand how visitors interact with our website (e.g. pages visited, session length). We use these only where permitted by applicable law.

Marketing / preference cookies: Used by Go High Level for CRM tracking and funnel attribution. These are set only with your consent where required.

Where required by law (EU, UK, Switzerland), we will ask for your consent before setting non-essential cookies. You can withdraw consent or manage cookie preferences at any time via your browser settings or our cookie consent tool.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

Encrypted communication (HTTPS/TLS) across our website and tools

Access controls limiting who can view client data

Secure, password-protected accounts on all third-party platforms

Regular review of our data handling practices

No method of data transmission over the internet is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

11. Children’s Privacy

Our services are directed at business professionals and companies. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, tools, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email.

We encourage you to review this Policy periodically. Your continued use of our website or services after any update constitutes acceptance of the revised Policy.

13. Contact Us & How to Complain

If you have any questions about this Privacy Policy, want to exercise your rights, or have a complaint about how we handle your data, please contact us:

Field to Shelf

Email: [email protected]

Website: www.fieldtoshelf.eu

We will acknowledge your request within 5 business days and aim to resolve all queries within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

EU residents: The data protection authority in your EU member state (e.g. BfDI in Germany, DSB in Austria)

UK residents: Information Commissioner’s Office (ICO) — ico.org.uk

Swiss residents: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch

Cyprus (where one controller is based): Office of the Commissioner for Personal Data Protection — dataprotection.gov.cy

Field to Shelf — Privacy Policy — June 2026