This policy has been updated to comply with the General Data Protection Regulation 2016 (GDPR) and electronic communication regulations. Created May 2018 and reviewed every 6 months thereafter, this policy will be updated as needed for operational and legal changes.
GDPR provides the following rights for individuals;
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
What personal information do we collect from people that visit our website or app?
When registering on our site, you may be asked to enter your name, email address or other details to help you with your experience. The Carbs & Cals app asks for some basic personal information (if you are over 16) such as height, weight and date of birth to customise your app experience. The app also stores the foods and drinks you consume, and exercise data locally on your device only. If you choose to use the contact form we will obtain your email address and any other personal information you choose to disclose to us.
When do we collect information?
We collect information from you when you:
- Subscribe to our newsletter
- Request access to our free PDFs
- Request flyers or bookmarks
- Request BMI/Calorie Calculator results to be emailed to you
- Set up and use the app
- Request or order poster sets or books in bulk
- Agree to review a new or updated product
- Request permission to use our images
How do we use your information?
We may use the information we collect from you in the following ways:
- To personalise your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To respond to your query, question or comment.
- To send you newsletters via SendInBlue, providing information and updates on our products.
- To administer additional features on the website.
- To ask for ratings and reviews of services or products.
- To personalise your app experience.
- To allow you to use the personal data of your app (e.g. nutrition info of foods consumed) with third-party apps at your discretion and approval, via Apple HealthKit and Google Fit.
- To correspond with you regarding a request for a bulk product order, flyers or bookmarks.
How do we protect your information?
We only provide articles and information. We never ask for credit card numbers. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.
All credit card transactions are processed through a gateway provider (e.g. Stripe, PayPal or iTunes) and are not stored or processed on our servers.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising or other uses.
- When you subscribe to the mailing list, request free PDFs, request BMI/Calorie Calculator results via email, or request flyers / bookmarks, the details you have entered, including name and email address, will be retained in our mailing list system SendInBlue. These will be kept until you unsubscribe, or your email address becomes invalid and will be removed.
- When you contact us via HelpScout, we will keep the email chain for no more than 60 months after the conversation has ended in case of further questions. Then it will be deleted.
- When you order bulk products from us we will add you to our mailing list and retain the correspondence relating to the order for 60 months before deleting it. This is in case of any financial queries such as VAT.
- Data captured by using the app will be stored within the app until it is uninstalled from your device, at which point the data is deleted from the device. The data, however, may still exist in a cloud backup (e.g. iCloud) but we do not have access to this data.
- When you agree to review a new or updated product, we will keep your name, email and address for a period of 24 months since last contact. If during this time we have a new product we may contact you to ask if you would like to review it. We may keep a copy of your public review on our files.
We do not include or offer third-party products or services on our website or app.
Please see our Cookies policy.
We use Google Analytics on our website.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
To opt out, users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add-on.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via in-site notification. We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honour opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us via our contact page. Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Access, change, erase or complaints
You may contact us at any time if you wish to access, erase or change the data we hold on you.
If you have a complaint about the use, or retention, of your personal data in relation to any of the above legislation, please contact us in the first instance so we can try to resolve the issue. However you have the right to contact the relevant supervisory authority for the area you are resident in. In the UK this is the Information Commissioner’s Office.