Our Company prioritizes the respect of your personal data and implements appropriate measures for the compliance with applicable legislation, with regards to the protection of your personal data. The following is a detailed informative policy with regards to the collection and processing, from the Company, of the personal data of the users of the MyHabeats Application (hereinafter referred to as the “Application”).
1. Who is the Data Controller?
For any matter relating to this present Privacy Policy and the processing of your personal data you may contact us in one of the following ways:
2. What personal data does the Company process, for what purpose and on which legal basis?
2.1. Registration and opening of account
User registration to the Application is voluntary. For the purpose of registering to the Application, the User inserts the following information:
The User may, additionally, register through his/her personal account on Facebook. In such case, the Company collects the User’s full name at the social network, gender and profile picture.
Such data is absolutely necessary, relevant and adequate for the purposes of requesting and receiving the services offered by the Application. The User determines which data he/she inserts voluntarily and he/she is responsible for the truth, accuracy and update of such data, in order to allow for the request and provision of services through the Application.
For the creation of his/her profile, the User provides optionally the following data:
The creation of a User profile is absolutely optional, on the basis of the User’s explicit consent, through the optional submission of the above data.
2. What personal data does the Company process, for what purpose and on which legal basis?
2.2. Application operation and provision of services to the User
In order to make use of the Application, the User submits, optionally at his/her own discretion, in addition to the information (under 2.1) above, the following data:
The Company processes the above data in order to enable the User to make use of the services provided through the Application and monitor his/her nutritional habits and activities, for the purposes of maintaining their weight after their submission to a bariatric procedure.
The processing of the above (under 2.1 and 2.2) personal data and special categories of personal data is based on the User’s prior explicit free consent, by accepting this present Privacy Policy which the User is invited to read.
For the completion of the User’s registration the double opt-in process must be followed. More specifically, an e-mail is sent to the User in order to activate his/her registration to the Application through the link provided in such e-mail. In case the User does not proceed to the activation as per the above, the Company will delete his/her data within forty-eight (48) hours and the User must commence the registration process anew.
2.3. Processing of personal data for the performance of our contractual relation
We process the personal data you provide to us through the Application for the performance of our contractual relation and the provision to you of the services, through the Application.
2.4. Processing of personal data for statistical purposes
The Company processes the Users’ personal data for research and/or analysis, to better understand the Users’ needs, for the evaluation and improvement of the existing and the development of new services.
For such purposes, the Company may further process all data it collects within the framework of the scopes analysed above, only in the form of aggregated and statistical data, implementing all appropriate safeguards to ensure that the data subjects are no longer identifiable.
The lawful basis for the above processing is the Company’s legitimate interest for the further compatible processing of aggregated data for the purposes of statistical analysis for the improvement of its services, implementing all necessary safeguards for the collection and processing of data that do not allow for the identification of the data subject and protect the Users’ rights and freedoms.
2.5. Processing of communication data for the delivery of newsletters
By granting your informed consent, our Company is entitled to process the communication data (e-mail) which you provide us at the point of your registration to the Application, for the purposes of commercial communication (newsletters).
You may withdraw the consent you have granted to us for receiving commercial communication, by contacting our Company at the contact details provided herein, or by clicking on the unsubscribe link on the e-mail or sms. The withdrawal of consent is valid for any future communications.
3. For how long does the Company keep my data?
4. What are my rights with regards to the processing of my personal data and how can I exercise them?
Our Company fully respects your rights with regards to the processing of your personal data.
You may exercise your rights to one of the Company’s following contact points:
Your rights, pursuant to the European General Regulation 679/2016 for the protection of personal data, are the following (as each time be applicable):
Supervisory authority:
You may lodge a complaint with the supervisory authority in your country, with regards to the protection of personal data. In Greece, the supervisory authority for the protection of personal data is the Hellenic Data Protection Authority – HDPA (www.dpa.gr).
Our intention is to reply to all valid requests within, the latest, one (1) month from their receipt, unless your request is very complicated or in case you have submitted more requests, in which case we will try to reply within three (3) months. We will notify you in case we need more than one (1) month to reply, for the reasons stipulated above. We might ask you to tell us what is exactly that you need, or what concerns you. Furthermore, our Company reserves the right to reject any unfounded or undue or abusive requests or requests submitted in bad faith, within the provisions of the applicable legal framework.
5. Recipients of your personal data and relation with third parties – Transfer of data to third countries
6. How are my personal data secured?
The Company implements all necessary security measures for the protection and safeguard of your personal data, such as indicatively and not exclusively [encrypted application]. The information you provide to the Company is processed exclusively by specifically authorized personnel under the Company’s control and instructions, as well as the recipients of the personal data when necessary. For the processing, the Company appoints persons with the respective professional skills to provide appropriate safeguards in terms of technical knowledge and personal integrity to ensure privacy and protection of personal data. The Company, through the respective contractual commitments and its associates, implements all necessary security measures for protecting and ensuring privacy and confidentiality, as well as the integrity of personal data. In any case, the security of personal data in the platform environment is subject to factors beyond the Company’s sphere of control, as well as factors relating to technical, functional or other problems of the network or reasons of force majeure or events of chance.
You are responsible not to disclose the data/passwords you have set for the access to your account and, more specifically to safeguard the use/access to your account from third parties. Your account to the Application is personal and non-transferable.
7. Amendments to this Privacy Policy
We reserve the right to amend this present Privacy Policy, for example when this is necessary to comply with new requirements imposed by applicable laws, guidelines or technical requirements, or in the course of a revision of our processes and practices. We will notify you of any amendment to our Privacy Policy through the Application and our website www.myhabeats.co