“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. .
“EU/EEA” includes all current member states to the European Union and the European Economic Area. .
“Process”, in respect of personal data, includes collecting, storing and disclosing to others. .
We collect data you give us voluntarily (for example, food preferences). In addition, we collect data automatically (for example, your IP address). We also may receive data about you from third parties. .
1.1. Data you give us.
You provide us information about yourself in the process of ordering a custom meal plan on the Website. For example: age, gender, weight, height, target weight, body type, food preferences, name, email address. .
1.2. Data we collect automatically.
1.2.1. Data about how you found us.
We collect data about your referring app or URL (that is, the app or place on the Web where you were when you tapped on our ad). .
1.2.2. Device and Location data. .
We collect data from your device. Examples of such data include: language settings, IP address, time zone, type and model of device, device settings, operating system, Internet service provider, mobile carrier, hardware ID, and Facebook ID. .
1.2.3. Usage data.
We record how you interact with our Service. For example, we may log your taps/clicks on certain areas of the interface, the features and content you interact with, how often and for how long you use the Website, and your meal plan orders. .
1.2.4. Advertising IDs.
We collect your Apple Identifier for Advertising (IDFA) or Google Advertising ID (AAID) (depending on the operating system of your device) when you access our Website from a mobile device. You can typically reset these numbers through the settings of your device’s operating system (but we do not control this). .
1.2.5. Transaction data.
When you make payments through the Service, you need to provide financial account data, such as your credit card number, to our third-party service providers. We do not collect or store full credit card number data, though we may receive credit card-related data, data about the transaction, including: date, time and amount of the transaction, the type of payment method used. .
AntiSpam is a small text file that is stored on a user's computer for record-keeping purposes. AntiSpam can be either session AntiSpam or persistent AntiSpam. A session AntiSpam expires when you close your browser and is used to make it easier for you to navigate our Service. A persistent AntiSpam remains on your hard drive for an extended period of time. We also use tracking pixels that set AntiSpam to assist with delivering online advertising. .
AntiSpam are used, in particular, to automatically recognize you the next time you visit our Website. As a result, the information, which you have earlier entered in certain fields on the Website may automatically appear the next time when you use our Service. AntiSpam data will be stored on your device and most of the time only for a limited time period. .
We process your personal data: .
2.2. To provide our Service.
This includes enabling you to use the Service in a seamless manner and preventing or addressing Service errors or technical issues. For this purpose we, in particular, will send you your customized meal plan to your email, which you will indicate during the purchase. .
To host personal data and enable this Website to operate and be distributed we use Amazon Web Services (AWS), which is a hosting and backend service provided by Amazon. .
To monitor Website infrastructure, we use Crashlytics (Google Inc.), which is a monitoring service provided by Google. Here’s its Data Collection Policy. .
2.3. To customize your experience.
We process your personal data, such as your goals (for example, target weight), to adjust the content of the Service and make offers tailored to your personal preferences. For example, we ask you to provide us with your body measures in order to calculate, in particular, recommended daily amount of calories. .
2.4. To provide you with customer support.
2.5. To communicate with you regarding your use of our Service.
We communicate with you, for example, by emails. These may include, for example, emails with information about the Service. .
The services that we use for these purposes may collect data concerning the date and time when the message was viewed by the Website’s users, as well as when they interacted with it, such as by clicking on links included in the message. .
We also use Mailfire, which is a marketing personalization and retention platform, to deliver tailored email messages to our users. .
2.5. To research and analyze your use of the Service This helps us to better understand our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Website and our new products. We also use such data for statistical analysis purposes, to test and improve our offers. This enables us to better understand what features and sections of the Website our users like more, what categories of users use our Website. As a consequence, we often decide how to improve the Website based on the results obtained from this processing. .
To analyse how visitors use our Website and to measure effectiveness of some ads we use Google Analytics, a web analysis program of Google. In order to provide us with analytics, Google Analytics places cookies on your device. On Google Analytics we get, in particular, aggregated information on the data you enter on our Website (for example, we know how many visitors chose lactose-free meal plans) and users’ interactions within the Website. Google allows you to influence the collection and processing of information generated by the Google, in particular, by installing a browser plug-in, available here. You can read more about how google uses information here. .
To perform standard product analysis, we also use Fabric Answers, which is an analytics service provided by Crashlytics, a business division of Google. Data Processing and Security Terms. Privacy information.
2.6. To send you marketing communications
We process your personal data for our marketing campaigns. We may add your email address to our marketing list. As a result, you will receive information about our products, such as for example, special offers. If you do not want to receive marketing emails from us, you can unsubscribe following instructions in the footer of the marketing emails.
We also use Mailfire, which is a marketing personalization and retention platform, to deliver tailored email messages to our users.
2.7. To personalize our ads
We and our partners, including Facebook and Google, use your personal data to tailor ads and possibly even show them to you at the relevant time. For example, if you have accessed our Website, you might see ads of our products, for example, in your Facebook’s feed.
How to opt out or influence personalized advertising
iOS: On your iPhone or iPad, go to “Settings,” then “Privacy” and tap “Advertising” to select “Limit Ad Track”. In addition, you can reset your advertising identifier (this also may help you to see less personalized ads) in the same section.
Android: To opt-out of ads on an Android device, simply open the Google Settings app on your mobile phone, tap “Ads” and enable “Opt out of interest-based ads”. In addition, you can reset your advertising identifier in the same section (this also may help you to see less personalized ads).
To learn even more about how to affect advertising choices on various devices, please look at the information available here.
In addition, you may get useful information and opt out of some interest-based advertising, by visiting the following links:
We value your right to influence the ads that you see, thus we are letting you know what service providers we use for this purpose and how some of them allow you to control your ad preferences.
We use Facebook pixel on the Website. Facebook pixel is a code placed on the Website collecting data that helps us track conversions from Facebook ads, build targeted audiences and remarket to people who have taken some action on the Website (for example, purchased a meal plan).
We also use Facebook Ads Manager together with Facebook Custom Audience, which allows us to choose audiences that will see our ads on Facebook or other Facebook’s products (for example, Instagram). Through Facebook Custom Audience we may create a list of users with certain sets of data, such as an IDFA, choose users that have completed certain actions on the Website. As a result, we may ask Facebook to show some ads to a particular list of users. As a result, more of our ads may show up while you are using Facebook or other Facebook’s products (for example, Instagram). You may learn how to opt out of advertising provided to you through Facebook Custom Audience here.
Facebook allows its users to influence the types of ads they see on Facebook. To find how to control the ads you see on Facebook, please go here or adjust your ads settings on Facebook.
2.8. To process your payments
We provide paid products and/or services within the Service. For this purpose, we use third-party services for payment processing (for example, payment processors). As a result of this processing, you will be able to make a payment for a customized meal plan and we will be notified that the payment has been made and will send you the meal plan.
We will not store or collect your payment card details ourselves. This information will be provided directly to our third-party payment processors. Our payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council. Payment processors, who follow PCI-DSS requirements are committed to ensuring the secure handling of payment information.
2.9. To enforce our Terms and Conditions of Use and to prevent and combat fraud
We use personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with our Terms and Conditions of Use).
2.10. To comply with legal obligations
We may process, use, or share your data when the law requires it, in particular, if a law enforcement agency requests your data by available legal means.
In this section, we are letting you know what legal basis we use for each particular purpose of processing. For more information on a particular purpose, please refer to Section 2. This section applies only to EEA-based users.
We process your personal data under the following legal bases:
3.1. to perform our contract with you;
Under this legal basis we:
3.2. for our (or others') legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data;
We rely on legitimate interests:
4.1. Service providers
We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions. We may share your personal information with the following types of service providers:
4.2. Law enforcement agencies and other public authorities
We may use and disclose personal data to enforce our Terms and Conditions of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.
4.3. Third parties as part of a merger or acquisition
As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
To be in control of your personal data, you have the following rights:
Accessing / reviewing / updating / correcting your personal data. You may review, edit, or change the personal data that you had previously provided in the Website in the settings section of the Website.
You may also request a copy of your personal data collected during your use of the Website at [email protected].
Deleting your personal data. You can request erasure of your personal data by sending us an email at [email protected].
When you request deletion of your personal data, we will use reasonable efforts to honor your request. In some cases we may be legally required to keep some of the data for a certain time; in such an event, we will fulfill your request after we have complied with our obligations.
Objecting to or restricting the use of your personal data. You can ask us to stop using all or some of your personal data or limit our use thereof by sending a request at [email protected].
Additional information for EEA-based users:
If you are based in the EEA, you have the following rights in addition to the above:
The right to lodge a complaint with supervisory authority. We would love you to contact us directly, so we could address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or where the alleged infringement has taken place.
The right to data portability. If you wish to receive your personal data in a machine-readable format, you can send respective requests at [email protected].
We do not knowingly process personal data from persons under 18 years of age. If you learn that anyone younger than 18 has provided us with personal data, please contact us at [email protected].
California’s Shine the Light law gives California residents the right to ask companies once a year what personal information they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be personal information under the statute.
To obtain this information from us, please send an email message to [email protected] which includes “Request for California Privacy Information” on the subject line and your state of residence and email address in the body of your message. If you are a California resident, we will provide the requested information to you at your email address in response.
Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
This Service does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Frentinol Limited, a company with a registered office at Florinis 7, Greg Tower, 2nd floor, 1065, Nicosia, Cyprus will be the controller of your personal data.