The data gathered by Lowcal can be divided primarily into two categories:
o All data required for the processing, preparation and performance of an agreement with Lowcal.
o When you access our Services, some information is exchanged between your device and our server, or the server of the services we use. This may include personal information. One of the ways in which the information gathered in this way will be used to further improve our Service.
Our Services are only recommended to users who are 18 years of age or older. If you are not at least 18 years old, you may only use our Services under the direct supervision of your parents.
2. Important Contact Information
3. Purposes of Data Collection, Legal Basis and Legitimate Interests Pursued by Us or a Third Party, and Categories of Recipients
3.1. Accessing our Service
If you access our Services, especially by visiting our website or app, the app or the browser used on your device automatically sends information to our server and temporarily stores it in a log file. The following information is collected without your intervention and stored until it is automatically or manually deleted in the log file:
o Your device’s IP address
o Your device’s Model
o Date and time of access
o The name and URL of the retrieved file
o Your browser’s unique identifier
Our legitimate interest arises from the uses listed below. At this point, we note that we are unable and do not attempt to draw any conclusions about your identity from the data collected. Your device’s IP address and the other information listed above are used by us for the following purposes:
o To ensure that a trouble-free connection can be established
o To ensure the convenient use of our Services
o To evaluate system security and stability
o Other administrative purposes
The data is stored in compliance with legally established data retention periods and then deleted automatically. The exact procedures, and how your data will be used for this purpose, are explained in more detail in Section 4 below.
3.2. Concluding, Performing or Terminating an Agreement
We primarily define our Services as those of a personal nutrition and fitness trainer. Based on your own self-defined training goals, we prepare your nutrition and workout plans that are equipped with suggested recipes and a broad variety of other information about health, fitness and nutrition. To do this, we collect the information required to conclude, perform or terminate an agreement. This includes:
o E-mail address
o First and last name
o Subscription information
o Demographic information, such as; gender, age, height, weight, etc.
o Information you enter, such as; training goals and history, sport activities, meals, etc.
o Information gathered from Apple Health and Google Fit in accordance with Section 4.2
Unless we use your contact information for customer support or customer service (see details under Section 3.3), the information required to conclude the agreement is stored until it is no longer needed for this purpose and/or until the rights under any guarantee or warranty expire. Subsequently, we retain the required personal information for the periods established by law. During this retention period (usually 6 to 10 years after conclusion of the agreement), the information is used only in the case of an audit by the tax authority.
3.3. Data Processing for Customer Support or Customer Service
3.3.1. Informational purposes
If you have signed up for our Services, we manage you as an existing customer. In this case, we process your contact information in order to send you information about new, enhanced or improved features, products and services, etc.
3.3.2. Personalized ads
To ensure that you receive only information that corresponds to your interests, we classify and add information to your customer profile. For this purpose, both statistical information as well as information about you (such as basic or historical data from your customer profile) are used. The goal is to optimize our Services by adapting them to your actual or perceived interests and/or needs, and to send you the appropriate recommendations and not bother you with useless ads.
3.3.3. Right to Object
You may object to the use of your data for the aforementioned purposes at any time free of charge for each communication channel and with effect for the future. An email or a letter sent using the contact information shown under Section 2 is sufficient for this purpose.
Once you submit your objection, we will block the relevant contact address for future advertising data processing. We will process your objection as soon as possible and implement the appropriate blocking measures immediately after it is confirmed. Please note that in some exceptional cases the relevant information or product recommendations may still be received even after receipt of your objection. This is simply due to technical reasons and does not mean your objection has not been processed. Thank you very much for your understanding.
4. Data Processing for the Provision of our Services
In this section, we inform you about the data processing necessary for the provision of our Services:
4.1. Online Presence and Website Optimization
We will not sell or lease your information to third parties for their marketing purposes without your explicit consent. We only disclose certain information to third parties from time to time to be able to offer the best possible product to our customers, improve the quality of our Services and protect the interests of our customers. However, this disclosure will always be subject to strict limitations, which are described in more detail below.
4.1.1. Cookies – General Information
If you already have a customer account and are logged on, the information stored in the cookies are associated with that account.
4.1.2. Facebook Login
We allow you to sign up for and log on to our Services via the Login with Facebook feature. This replaces the otherwise necessary registration. To log in, you are redirected to the Facebook server, where you sign on using your user information. This links your Facebook profile to our Services. By using this simplified login feature, you give us your consent to use the following information from your publicly visible profile:
o Birth date
o Email address
o Time zone
o Profile photo
The purpose of the data collection above is the simplified login and the establishment and fulfilment of an agreement. This information is required for the conclusion of the agreement in order to be able to identify it. For the purpose and scope of Facebook’s data collection and the further processing and use of the information, as well as the associated rights and setting options to protect your privacy, please consult the Facebook privacy information.
4.1.3. Google Analytics
For the custom design and continuous improvement of our Services, we use the web analytics service of Google Analytics of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Using cookies, Google creates pseudonymised user profiles. The information generated by the cookies for users includes:
o Browser type/version
o Operating system
o Referrer URL (previously visited page)
o Host name of the accessing computer (IP address)
o Time of the server request
This information is sent to a Google server in the U.S. and stored there. The information is used to evaluate the use of our Services, to compile reports on the activities, and to provide other related services for purposes of market research and customized design. This information may also be sent to third parties if required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be merged with any other Google data. The IP addresses are anonymised so that assignment is not possible (IP masking).
You can prevent the installation of the cookies in advance by configuring your browser software accordingly or object to the continued processing of your data with the cookies by clicking on the opt-out link. Please note that if you disable cookies, it will not be possible to fully take advantage of all of the features of our Services. You can also prevent Google from collecting and processing the data generated by the cookies and related to your usage (including your IP address) by downloading and installing this browser add-on. On mobile devices, we recommend using private mode. You can find more information on protecting your privacy in relation to Google Analytics on the Google Analytics website.
4.2. Apple Health Kit and Google Fit
To improve fitness tracking and health management, you have the option of transmitting the data collected by our Services via the interface provided by the respective providers into the Apple Health Kit or the Google Fit app. This only happens if you explicitly agree to the process via your device settings. If you consent to this transfer, we store the following personal data on our servers:
o Current weight
o Number of steps and burnt calories
o Exercise/Activity duration and burnt calories
o Sleep start and end times
o Consumed water to measure hydration
We also request access to store the current weight of the user on Apple Health Kit and Google Fit by way of helping you keep your weight updated on Apple Health Kit and Google Fit.
5. Your Rights
In addition to the right at any time to withdraw any consent you have given us, you are also entitled to the following if the respective legal conditions are met:
o The right to be informed about your personal data that is stored with us
o In the event of transmissions, the right to information, or references to suitable or appropriate guarantees that a copy of them can be obtained, or where they are available
o The right to correct inaccurate or incomplete data
o The right to the deletion of your personal information that is stored with us
o The right to limit the processing of your data
o The right to data portability
6. Data Security
We apply the highest standards to data security for our infrastructure and the processing of your data. For example, we use protection mechanisms for computers such as firewalls and data encryption. Our offices and data are subject to physical access controls. Access to the personal information of our customers is only possible for those employees who need them to carry out their activities.
All personal data sent by you, including your payment information, is also transmitted using the generally accepted and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard, e.g. it is also used for online banking. You will recognize a secure SSL connection with the placement of an “s” at the end of http (i.e. https: // …) in the address bar of your browser, or with the lock icon at the bottom of the browser.
We also apply suitable technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously monitored using the latest technology, and regularly adapted to the relevant risk, and improved if necessary.
7. Notification Procedures
We are not a “covered entity” under the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The HIPAA privacy rules and regulations apply to health plans, health care clearinghouses, any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA (collectively, “covered entities”), and their service providers (“business associates”). This means that the personal data that you provide to us is not protected by the HIPAA privacy rules and regulations.