Privacy Policy

Preamble

FoodFix Tech LTD operates websites at foodfix.app. The company is incorporated in the United Kingdom with registration number 14433407 and address at 41 Devonshire Street, Ground Floor, W1G 7AJ, London. This Privacy Policy incorporates into the Terms of Use. Users with disabilities may request alternative formats by contacting the company email.

1. Definitions

• Consent: Freely given, specific, informed agreement to data processing.
• Data controller: Entity determining purposes and means of data processing.
• Data subject: Natural or legal persons whose data is processed.
• Disclosure: Making personal data accessible through access, transmission, or publication.
• Personal data: Information relating to identified or identifiable persons.
• Personal data breach: Security breach causing destruction, loss, alteration, unauthorized disclosure or access.
• Processing: Operations on personal data including collecting, recording, organizing, structuring, storing, adapting, retrieving, consulting, using, disclosing, or erasing.
• Recipient: Third party, public authority, or entity receiving disclosed personal data.

2. Coverage

This policy covers personal data processing when accessing or using the service. The company does not cover practices of unowned or uncontrolled companies.

3. Data We Collect

Customer Information

Information includes name, address, email, telephone number. Used for account management, determining applicable laws, and geographic analysis. This data is required for account signup. Data retention spans 6 years after the end of your visit or account deletion.

Emails

The company sends emails for:

• Product or service information
• App updates and performance information
• Scientific discovery updates
• Webinar invitations

Legal basis is legitimate interest in service promotion.

Self-reported Health Information

Includes height, weight, dietary information, pre-existing conditions. Used for eligibility determination, analysis input, and scientific research.

Device & Browser Data

Collects IP address, browser type, mobile phone make, cookie contents, and third-party analytics. Processing prevents fraud, locates system errors, improves service functioning. Web server logs delete after 90 days unless serious problems require preservation.

Correspondence

Company processes correspondence details including emails and responses. Retention continues through complaint resolution plus 6 years, in case we need it to defend or establish a legal claim.

4. Purpose for Using Personal Data

Core purpose involves research into nutrition, food recipes, diets, healthcare, and their interconnections. Data processes for service support and legal compliance. Additional data categories or purposes require notice before implementation.

5. Personal Data Sharing

The company shares personal data only with:

• FoodFix Ltd group entities (UK and British Virgin Islands)
• Contractors including hosting providers, security consultants, analytics providers, support vendors, payment processors
• Professional advisors under confidentiality duties

6. Business Transfers

All personal data transfers to third parties upon merger, acquisition, bankruptcy, or control changes. The company makes reasonable notification efforts before information becomes subject to different privacy policies.

7. Data That Is Not Personal Data

The company converts personal data into anonymous, aggregated, or de-identified data by removing identifiers. Anonymous data may be shared indefinitely for lawful business purposes without deletion schedules.

8. Tracking Tools, Advertising and Your Right to Opt Out

General Tracking

Services use cookies, pixel tags, web beacons, GIFs, and JavaScript to recognize browsers, analyze trends, and improve service. The service does not support “Do Not Track” requests currently. Additional information details appear in the Cookie Policy.

Mailing Lists

Users subscribe without creating accounts. Data processes based on consent. Unsubscribing requires clicking “unsubscribe from this list” in emails.

User Research

FoodFix customers may receive emails inviting survey participation, feedback sharing, or focus group involvement.

9. Data Security and Retention

The company protects personal data using appropriate physical, technical, organizational, and administrative security measures. Users should protect passwords, limit device access, and sign off after sessions. No transmission or storage method provides complete security. Retention periods follow categories detailed under “Data we collect,” with longer retention for legal compliance, dispute resolution, or fee collection.

10. Personal Data of Children

The company does not knowingly collect personal data from individuals under 18 years old (19 in Alabama or Nebraska). Children should not register or provide data. Discovery of child data results in rapid deletion. Report suspected child data provision to the company email.

11. European Union Data Subject

FoodFix Tech Ltd headquarters in the UK provides GDPR protection to all users regardless of citizenship or residence. Conflicts favor more protective provisions.

Personal Data Use and Processing Grounds

• Consent: Customer and self-reported information process by consent, withdrawable anytime.
• Contractual Necessity: Required customer information and payment data necessary for contract performance.
• Legal Compliance: Legal obligations provide lawful grounds.
• Legitimate Interest: Device data justified by system reliability and security. Health information processes exclusively through consent.

Data Subject Rights

• Access: Request personal data information and copies.
• Rectification: Request correction of incorrect or incomplete data.
• Erasure: Request data deletion in applicable situations.
• Withdrawal of Consent: Withdraw consent-based processing anytime.
• Portability: Request machine-readable data copies; request transmission to other controllers.
• Objection: Object to further processing for specific purposes like direct marketing.
• Restriction of Processing: Request processing limitations.
• Right to File Complaint: Lodge complaints with the UK Information Commissioner.

12. California Resident Rights

Access

California residents may request information about collection and use over 12 months. The company provides: personal data categories collected, collection sources, collection or sale business purposes, third-party sharing categories, specific collected personal data, and disclosed or sold categories to third parties.

Deletion

Residents may request personal data deletion, subject to exceptions including service provision needs or requested transaction completion.

Exercising Your Rights

Valid requests require sufficient identity verification information. The company responds within 45 days. No fees apply unless requests are excessive, repetitive, or manifestly unfounded. Authorized agents may exercise rights with written permission documentation. Requests may be submitted via company email.

Personal Data Sales Opt-out

The company will not sell personal data and has not done so during the past 12 months.

Non-Discrimination

The company will not discriminate against rights exercisers through service denial, price differences, or quality reductions.

13. Other Privacy Rights

California Resident Rights

California residents may request prevention of personal data disclosure to third parties for direct marketing under California Civil Code Sections 1798.83-1798.84.

Nevada Resident Rights

Nevada residents may opt-out of certain personal data sales to licensees or resellers. The company does not currently sell personal data as defined in Nevada Revised Statutes Chapter 603A.

14. Changes to the Privacy Policy

The company may modify policies and posts current versions on websites. Rights-reducing modifications trigger immediate popup notification requiring acceptance.

15. Contact

Contact the company at:

Address: 41 Devonshire Street, Ground Floor, W1G 7AJ, London, United Kingdom

Email: [email protected]