PRIVACY NOTICE
Last updated: 17.02.20241. Intro
This privacy notice will inform you how we look after, collect, process, and use your personal data when you use our Website https://meal-mentor.com/ and tell you about your legal rights.2. About us
Webpeak OÜ (Ltd) is the controller and responsible for your data ("we", "us", or "our").| Company Name | Webpeak OÜ (Ltd) |
|---|---|
| Registry code | 16904672 |
| Legal Address | Estonia, Harju maakond, Tallinn, Lasnamäe linnaosa, Valukoja tn 8/2, 11415 |
| [email protected] – for general questions [email protected] – for privacy questions |
3. Sources of data
We receive your data when you visit the Website and interact with it, depending on your actions. You can change your personal data by exercising your right to rectification and contact us about it. Please note that the same lawful basis and storage terms apply to the changed data.We may also receive data from third parties. It depends on your settings and the features you use.We could receive your data (phone number) from users who want to use a Service. In this case, you may get a technical message from Company with the consent form and lins to all company privacy resourses. In case if you not give consent to data processing by Company, the Services should not be performed.4. Lawful bases
For processing your personal data, we rely on the following lawful bases:- performance of the contract — for the processing related to the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Use) with you;
- legitimate interest — for the processing aimed at the development of our services, taking into consideration your interests, rights, and expectations;
- legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
- consent — for additional specific purposes.
5. Types of data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).We collect (automatically or with your consent), use, store, and transfer different kinds of personal data about you, which we have grouped as follows:| Reasons for Processing | Types of data | Lawful bases |
|---|---|---|
| To use all Website functions. It is necessary to set up a profile and identify the user. The email address is additionally used to contact the user. | User contact data. The user's email and telephone number. | Performance of the contract. Your consent. |
| To use all Service functionality and provide you with services. | Physical information. The User's weight, height, age, gender. | Performance of the contract. Your consent. |
| For marketing and analytical purposes. To provide, improve, and develop the Website. | Device data. Includes model, OS version, language, time zone, and unique device identifiers (IDFA or GAID). | Your consent. Performance of the contract. |
| To use all Website functions. For marketing and analytical purposes. To provide, improve, and develop the Website. | Location and Demographic data. This includes internet protocol (IP) address, country, state, city, postal, and zip code. | Your consent. Performance of the contract. |
| It is required to identify the subscription the user selects, its duration, and expiration. | Subscription data. The transaction data, ID subscriptions, and subscription terms. This is the information we get from the payment system when you buy our subscription. | Performance of the contract. Your consent. |
| For marketing and analytical purposes. To provide, improve, and develop the Website. | Usage Data. This includes information about how you use our Website and user activity on the Website. | Performance of the contract. Your consent. |
6. Third-party services and disclosures of your data
We share some of your personal data with our service providers, but it is strictly limited to the cases and purposes stipulated in this privacy notice.We require all third parties to respect the security of your personal data and treat it under the law. We don't allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified reasons defined in this privacy notice.We will not process personal data in a way incompatible with the purposes for which it has been collected or subsequently authorized by you by Section "Types of data we collect" of this privacy notice or collect any personal data that is not required for the mentioned purposes.We disclose potentially personally-identifying information (i.e., personal data) among our employees, contractors, and affiliated or other third-party organizations that (i) need to know that information to process it on our behalf or to provide services available at the Company and (ii) that have agreed not to disclose it to others.We share your data with the parties below for the purposes in Section "Types of data we collect" above.Here's an overview of the specific third-party service providers we share data with and the purposes for sharing:| Third-party service provider | Purpose for sharing |
|---|---|
| Google LLC | We leverage Google Analytics to analyze user behavior on our website, identify areas for improvement, and gain valuable insights. Additionally, we may utilize Google Ads to display relevant advertisements to our website users. Google anonymizes the data used for analytics and adheres to its strict data privacy regulations. Also, they help us to store your data. |
| Meta Platforms, Inc. | To measure the effectiveness of our advertising campaigns and improve ad targeting, we may utilize Facebook Pixels or other Meta tools. They also provide insights for optimizing our website based on user behavior. Data shared with Meta is anonymized and aggregated. Also, they help us to store your data. |
| Amplitude, Inc. | We employ Amplitude to track user interactions within our Website, helping us make informed decisions about website design, functionality, and content. They utilize industry-standard security measures to protect your information. Also, they help us to store your data. |
| Hetzner Online GmbH | Provides the network bandwidth, hardware, and data centers for hosting our web servers. Restricted access to usage statistics for infrastructure monitoring. Also, they help us to store your data. |
| Firebase, Inc. | We utilize Firebase for various backend services, including user authentication and database management. They adhere to Google's strict data privacy standards and protect your information with robust security measures. Also, they help us to store your data. |
| IXOPAY GmbH | We engage IXOPAY to process user payments in order to provide a secure and convenient payment for our services. |
| Amazon | We use Amazon's AWS as our cloud and storage provider. |
| Namecheap | We use Namecheap as our cloud and storage provider. |
7. Cross-border transfer of personal data.
Some employees, contractors, and affiliated or third-party organizations may be located within or outside the USA, EU, or the European Economic Area (EEA). By using our Website, you consent to transfer such information to them.For cross-border data transfers, we use additional means of protecting personal data in the event of their transfer outside the EEA, such as Data Processing Agreements with Standard Contractual Clauses, additional organizational and technical measures, etc.8. Changes to the privacy notice
We reserve the right to and may change this privacy notice occasionally. If we make any material changes, we will notify you through our Website or email or by presenting you with a new version of this privacy notice for you to accept if we, for example, add new processing activities or collect additional personal data from you.Your continued use of the Website after the effective date of an updated version of the privacy notice will indicate your acceptance of the privacy notice as modified.9. Cookies
We have set aside a detailed description and procedure for using cookies on a separate page , which is an integral part of this notice.10. Opt-out options.
You can withdraw your consent or opt-out, whatever applies in your case, from sharing your personal data under this subsection anytime by using one of the following options: By contacting us at [email protected] and stop using our Website;11. Obtaining data from third parties
When a user buys a subscription, we receive transaction data, ID subscriptions, and subscription terms from the payment system.The payment system data processing notice further regulates the collection, processing, and transmission of data on purchase via the payment system.12. Payments and billing
When you pay for a subscription to our Website, you share your banking information with the payment system. This relationship is also regulated between the user and the privacy notice of the payment system.We don't process your payments or collect your debit or credit card details.13. Data security
We have implemented appropriate security measures to prevent your data from being accidentally lost, used, or accessed unauthorizedly, altered, or disclosed. In addition, we limit access to your data to those employees, agents, contractors, and other third parties who have a business need to know.They will only process your data based on our instructions and are subject to a duty of confidentiality.We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.We also use technical data encryption tools like SSL protocols to secure your data.14. Data retention
How long will you use my personal data?We will only retain your data for as long as necessary to fulfill the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements.To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, and the applicable legal requirements.We store your data while you use our Website.You can ask us to delete your data. Send an email to our address: [email protected].In some circumstances, we may anonymize your data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.We require all third parties to respect the security of your personal data and treat it under the law. We do not allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified purposes and under our instructions.We do not use user data for sale (or any other commercial activity) to other companies. User data is used solely to ensure the functionality of the Website.15. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
We are not entities that require HIPAA compliance (covered entities, such as health insurance companies, healthcare providers, including pharmacies and healthcare clearinghouses), and not business associates — persons or entities who handle protected health information for a covered entity. Therefore, we are not covered by the HIPAANevertheless, we have obligations to comply with other laws and regulations governing mHealth applications and the protection of users' personal data, such as the Federal Trade Commission Act and FTC's Health Breach Notification Rule.16. Your legal rights
European Economic Area residents
As a data subject, you have the right to interact with its data directly or through a request to us. This section describes these rights and how you can exercise them:| Rights | Description |
|---|---|
| Right to access | You can request an explanation of how your personal data is processed. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
United States residents
You, as data subjects, have some special privacy rights. To use them, please contact us [email protected].Please note! Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request, with the right to postpone it for 30 days more.If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.Your rights vary depending on the laws that apply to you but may include:| Rights | Description | Area |
|---|---|---|
| Right to access | You can request an explanation of how your personal data is processed. | California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah, Virginia |
| Right to correct | You can change the data if it needs to be more accurate or complete. | California, Colorado, Connecticut, Indiana, Montana, Tennessee, Texas, Virginia |
| Right to delete | You can request to delete your personal data from our systems. | California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah, Virginia |
| Right to portability | You can request all the data you provided to us and request to transfer data to another controller. | California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah, Virginia |
| Right to opt out of sales | The right to opt out of the sale of personal data to third parties. | California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah, Virginia |
| Right to opt out of certain purposes | The right to opt-out of processing for profiling/targeted advertising purposes. | Colorado, Connecticut, Indiana, Montana, Tennessee, Texas, Utah, Virginia |
| Right to opt out of the processing of sensitive data | The right to opt-out of processing of sensitive data. | California |
| Right to opt in for sensitive data processing | The right to opt in before processing sensitive data. | Colorado, Connecticut, Indiana, Montana, Tennessee, Texas, Virginia |
| Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input | California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Virginia |
| Private right of action | The right to seek civil damages from a controller for statute violations. | California |