top of page

NUTIS privacy policy

Last updated:  09-04-2021

 

Our identity and scope of this Policy 

 

This website nutis.com.ua (the “Website”) and the application Nutis (the “Application”) belong to Nutis, a trade name owned by Lysin Serhii Sergeevich, an individual entrepreneur registered in Ukraine (registration with the Registry 3770009890 dated 06-04-2021) (the “Company”). 

 

This Privacy Policy applies to all users of the Website and its subdomains, whether or not they register, and to all users of the Application. The application of this Privacy Policy is irrelevant to the territorial scope, applying to all users from the moment you open our Website or our Application, no matter where your devices and you are physically located.

 

The use of our Website and Application must comply with the Terms of Use and this Policy. We would strongly recommend reading the Regulation (EU) 2016/679 to know your rights.

 

We act as a data controller and a data processor. When you first encounter our software and type in your personal data, we process it as a data controller. However, once you use our Website or Application to contact your trainer or nutrition expert, we are acting as a data processor and the trainer or nutrition expert is a data controller with respect to your personal data. 

 

Data we collect and process 

 

Our Website and Application cannot work and be useful without processing your personal data. Despite that we have reviewed and limited the data collection and the period of retention of the data to the minimum necessary. We are interested in providing you with a safe and comfortable instrument of keeping track of your nutrition and exercise without jeopardizing or invading your privacy. 

 

We divided the typical use scenario into two roles: Clients and Trainers. Depending on your use case, you can be attributed to one of them as follows: 

  • Clients are interested in recording their daily habits and restrictions and are looking for advice from the nutrition expert; 

  • Trainers use the Website or Application to supervise or monitor their clients’ daily choices in the course of their service.

 

We do not intentionally collect nor process personal data of children who have not reached 16 years. If you are based in the European Union (EU) or European Economic Area (EEA), you may only use our Website or Application if you are over the age at which you can provide consent to data processing under the laws of your country or if verifiable parental consent for your use of our Website and Application has been provided to us. If you are a parent and you learn that your child is using our Website or Application and you don’t want them to, please contact nutisgb@gmail.com.

 

We will never show users’ precise location to other users.

 

Trainer’s personal data:

 

We act as a data controller with respect to your personal data provided to us to use the Website or Application. However, be aware that in case you collect or process personal data of the persons that are currently accessing our Website or Application from the territory of the European Union, you must comply with the applicable data protection laws, including the General Data Protection Regulation and applicable national laws. 

 

If you use our Website or Application to monitor the activity of your mentees (Clients), you thus become the data controller with respect to their data, and we process their personal data on your behalf as your data processor.  

 

To use our Website or Application, you must sign on as a user.

Method of collection

Personal data

Registration: 

 

to create and maintain your account and provide you with the set of services

Data we may collect: 

  • First name and last name;

  • Email address;

  • Password;

  • Your sex;

  • Your height;

  • Your weight;

  • Your age;

  • Your Account picture;

  • Your desired weight;

  • Choose illness(es) (if available) out of the proposed list;

  • Choose your goal (lose weight, gain weight etc.);

  • Indicate your quantity of meals per day;

  • Indicate your level of activity;

  • Indicate whether you register as a Client or as a Trainer;

Chat

 

to facilitate the communication between the Trainer and the Client

Data we may collect depends on the topic of communication the Client and Trainer share. 

 

We use profile data to set up the chat functions. We do not knowingly process the contents of chats for any purpose but storage.

Usage history: 

 

to keep track and monitor your nutrition and exercise, and enable the Client’s Trainer(s) to issue recommendations

Data we may collect: 

  • information on food and meals consumed (calories, ingredients, quantity, etc.);

  • information on drinks consumed (calories, ingredients, level of hydration, quantity, etc.); 

  • information on the user’s exercise (including scheduled workouts appointed by the Trainer(s)).

Location:

to keep track of your meals and activities

Use of this data is optional. You must previously give us consent to use this data.

Payment data: 

 

used to check your payment status and access to particular functions

Processor is used. You may unlock extended functionality by using Google's payment instruments. You may learn more by reading Google's privacy terms:  


Also we use LiqPay’s instruments and tools to process the payments. Their terms of service are available here: https://www.liqpay.ua/en/rules/

Billing data: 

 

for compliance with our tax, money laundering and record-keeping obligations

Data we may collect:

  • name;

  • tax number; 

  • address;

  • city;

  • postal code;

  • country;

Automatically created data:

 

to gather information on how you use our Website and Application, so you can receive the tech support advice and get the smoothest experience possible

Cookies and similar technologies can be used. 

 

Collected data: 

  • IP address; 

  • browser and its version; 

  • language (including your choice); 

  • device operating system (iOS, Android, etc.);

Please be aware that we expect Trainers to comply with their non-disclosure or confidentiality obligations, including an oath or professional secrecy. You can consult our Terms of Use to ensure you are aware of our expectations and disclaimers prior to proceeding with the registration of a Trainer’s account. 

 

Client’s personal data: 

 

Please, be aware that your personal data can be collected by the Trainers you authorise to mentor you (onboard) using the QR code. 

 

Normally, we collect your personal data as a data controller until you employ a Trainer (or a few) to monitor your activity. If this is the case, the Trainer becomes the data controller, and we act merely as a data processor with regard to the data you type in or share with your Trainer(s) through our Website or Application for the purposes determined by the Trainer(s). 

 

Be aware that your relationship is not limited by the use of our Website or Application. Your Trainer(s) may request supplementary personal data or record by observation, which may range from “simple” personal data categories (such as your middle name or patronym, billing data, payment data, etc.) to data considered as “special” (for instance, your race, health information, clinical history, food history, other body measurements beyond the personal data you have already disclosed on the Website or Application). We do not have access to this data if you provided it to the Trainer offline or through other websites or applications, and thus cannot be held liable with respect to the abuse of this data by your Trainer(s) or third parties. In the likely manner we cannot be held liable for the actions or omissions of the Trainer(s) acting as a data controller with respect to your personal data. 

Method of collection

Personal data

Registration: 

 

to create and maintain your account and provide you with the set of services

Data we may collect: 

  • First name and last name;

  • Email address;

  • Password;

  • Your sex;

  • Your height;

  • Your weight;

  • Your age;

  • Your Account picture;

  • Your desired weight;

  • Choose illness(es) (if available) out of the proposed list;

  • Choose your goal (lose weight, gain weight etc.);

  • Indicate your quantity of meals per day;

  • Indicate your level of activity;

  • Indicate whether you register as a Client or as a Trainer;

Chat

 

to facilitate the communication between the Trainer and the Client

Data we may collect depends on the topic of communication the Client and Trainer share. 

 

We use profile data to set up the chat functions. We do not knowingly process the contents of chats for any purpose but storage.

Usage history: 

 

to keep track and monitor your nutrition and exercise, and enable the Client’s Trainer(s) to issue recommendations

Data we may collect: 

  • information on food and meals consumed (calories, ingredients, quantity, etc.);

  • information on drinks consumed (calories, ingredients, level of hydration, quantity, etc.); 

  • information on the user’s exercise (including scheduled workouts appointed by the Trainer(s)).

Location:

to keep track of your meals and activities

Use of this data is optional. You must previously give us consent to use this data.

Payment data: 

 

used to check your payment status and access to particular functions

Processor is used. You may unlock extended functionality by using Google's payment instruments. You may learn more by reading Google's privacy terms:  


Also we use LiqPay’s instruments and tools to process the payments. Their terms of service are available here: https://www.liqpay.ua/en/rules/

Billing data: 

 

for compliance with our tax, money laundering and record-keeping obligations

Data we may collect:

  • name;

  • tax number; 

  • address;

  • city;

  • postal code;

  • country;

Automatically created data:

 

to gather information on how you use our Website and Application, so you can receive the tech support advice and get the smoothest experience possible

Cookies and similar technologies can be used. 

 

Collected data: 

  • IP address; 

  • browser and its version; 

  • language (including your choice); 

  • device operating system (iOS, Android, etc.);

If the Client shares their personal data with a Trainer, the latter has access to the Client’s first name and last name, weight, height, age, body mass index, email, and other profile data. 

 

We don’t monitor, record or store the contents of your audio or video chat. We do store messages, usage histories, ingredients and exercises, but these will not be sold or shared with any third parties for commercial gain. 

 

Cookies Policy 

 

To provide the functionality and for usage analytics and marketing purposes, we may record information about activities on our Website and Application (e.g. clicks, screens viewed, pages visited). For this purpose, a cookie may be stored on your device. Cookies are small text files that are stored on your computer’s hard drive. They enable recognition of your device but do not permit you to be personally identified.

 

If you do not want cookies to be installed, you can opt out using your browser settings. On mobile devices you can opt out of sharing advertising identifiers.

 

“Cookies” are small data files that are transferred to your computer that allow us to remember certain information about you, namely:

  • to recognize your device and save the actions you have previously made;

  • to store your preferences;

  • to manage Registered Users accounts;

  • to analyse the Users’ usage of the Website to improve our Services;

  • to prevent fraud;

  • marketing purposes

 

We may use four types of cookies:

  • Necessary;

  • Preferential;

  • Statistical;

  • Marketing.

 

We use the following cookies:

You may withdraw the cookies using the settings of your browser. Use the “Help” button to learn how to do it. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. To do so, please follow the instructions provided by your browser which are usually located within the “Help” or “Preferences” menu.

 

Please, bear in mind that this policy DOES NOT cover the cookies provided by the third parties when you follow the links to the other websites presented at our Website or the Application. 

 

Lawful basis and Purposes of the processing

 

We can collect and process your data only if we have a suitable lawful basis to do so. Currently, General Data Protection Regulation allows us to use only six such prerequisites to data processing. Normally, we determine the purposes and ensure that they are based on the suitable lawful basis such as follows: 

  • some features are only available if you give us your consent (such us use of geolocation or notification mechanisms installed on your device); 

  • the performance of the contract (when you register an account, you agree to be party to our Terms of Use); 

  • a legal obligation (for instance, to prevent money laundering or submit tax-related information to the respective authority); 

  • our legitimate interests (development of the Website and Application, including the development of new functions, as well as bug fixing, deciding on our marketing strategy, prevention of fraud, etc.).

The choice of a particular lawful basis depends on the case. 

 

To summarize, we use your personal data for the following purposes: 

  • Performance of the contract: to provide you with the service: we need your data to identify you and give you access to the features of the Website or Application pursuant to the Terms of Use, to provide the customer support (e.g. if you encounter any issues that adversely affect your user experience), disclose your personal data to new Trainer(s) at your request (when you scan their QR), maintain your account, enable you to contact with others or store your information to be monitored by the Trainer(s), etc; 

  • A legal obligation: we process your data when we keep billing records, respond to your data subject requests or requests issued by the state or local authorities pursuant to the EU or national law, and we are legally compelled to process the data for the purposes of fighting money laundering, fraud, abuse or other crimes, provided that, however, we are legally compelled to do so (for instance, if we have received court orders, a warrant or other requests issued by the authority);

  • Our legitimate interests: for maintenance, improvement of services (including the Website and the Application), bug fixing, tech support,  security (to prevent or deal with suspicious or fraudulent activity), verification of your identity if you file a request, as well as generalized analysis for business development (we determine whether a particular feature is useful to the Users and change or correct the services we offer you); we can use some of your data for our marketing activities (send you emails, notifications, text messages within the Website and Application about our special offers or new functions that may be of interest for you).You can choose to refuse tailored advertisements in the Settings menu of your device. 

 

We do not intend to use the automated decision-making to cause any legal or similarly significant effect on our users. We do not sell users’ personal data to third persons. 

 

Retention and Storage 

 

We cannot foresee the precise amount of time we need to process your personal data. However, we write down the pointers and criteria to help you envisage the retention period. 

Method of collection

Retention period

Registration and usage history

As long as your account is active. 

 

We may retain your data for 12 months after your last login, just in case you decide to proceed using our Website or Application. 

 

The retention period can be extended in the case your data is subject to any legal proceeding or we are legally compelled to retain them (for instance, if you have an ongoing dispute with your Trainer(s) or Client(s) and the personal data we hold are used as evidence).

Location:

As long as you allow us to collect the geolocation data. You may withdraw your consent to collection of geolocation data at any time using the Settings of your device. 

However, be aware that disabling the collection of geolocation data might entail the unavailability of some features that are dependent on them. 

 

After you disable the collection of your geolocation data, we retain the data as long as your account is active (included in the usage history that the Client or Trainer with extended functionality can see). 

 

The retention period can be extended in the case your data is subject to any legal proceeding or we are legally compelled to retain them (for instance, if you have an ongoing dispute with your Trainer(s) and the personal data we hold are used as evidence).

Payment and billing data:

We keep your payment data for [number] months (because it is the requirement of our national law, namely, [law on accounting or taxation].

We cannot change the maximum period as we use the payment processor to collect this data. You may learn more about the payment processor’s retention policy here: https://policies.google.com/privacy?hl=en-US

 

The retention period can be extended in the case your data is subject to any legal proceeding or we are legally compelled to retain them (for instance, if you have an ongoing dispute with your Trainer(s) or Client(s) and the personal data we hold are used as evidence).

Automatically created data:

We use the session cookies where it is possible to do so. 

You can learn more about the retention period of each cookie in the Cookies Policy.

After the expiration of the retention period, we either delete the personal data from our servers or anonymise it in such a way that the anonymisation cannot be reversed. 

 

We store the personal data we collect about you on a dedicated server provided by Firebase (USA) and local servers situated in USA. 

 

Please note that if you delete your account, we will continue to store your email address and conversations linked to your account so that other users (your Trainer(s) or Client(s)) can continue to access their conversations with you, and to be able to handle any requests to delete them.

 

Security and safeguards

 

The security of your personal data, our Website, our Application and the services we provide are of utmost importance. 

 

The safeguards we adopted to protect you are as follows: 

  • regular audits and monitoring of the operation of the Website and Application; 

  • regular risk assessments; 

  • spreading and endorsing the culture of security and respect for privacy within our company; 

  • trainings and ongoing enhancement of skills and knowledge in the area of data protection; 

  • specific training procedures for personnel in charge of managing requests for access to personal data;

  • data is kept on secured and restricted database servers;

  • access to the company’s systems and devices is restricted and granted on a strict need-to-know basis; 

  • secure data transmissions, if necessary, using SSL and TLS encryption;

  • the employees must obey the procedures and policies describing the handling of users’ personal data; 

  • supplier, subcontractor and other third party assessment prior to granting any access to the company’s systems or users’ personal data; 

  • use of secure protocols, encryption mechanisms and thorough anonymisation; 

  • entering into the agreements on confidentiality and non-disclosure with the third parties who access the company’s systems or users’ personal data; 

  • adoption and regular review of internal policies to assess the suitability of the implemented complementary measures and identify and implement additional or alternative solutions when necessary, and others.

 

Third parties and (sub)processors 

 

We may work together with third parties to deliver the smooth user experience or share the benefit of working with the top expertise and knowledge available on the market with our users.  These third parties may process some of your personal data. If you want to know more about persons who have access to your data, please contact us to nutisgb@gmail.com

 

Our subcontractors’ service we resort to may include the following: 

  • payment and billing processes are covered by Google Inc. (U.S.) via Google Play Market functionality; we may use the service of LiqPay (Ukraine);

  • communication tools such as social media, messengers and chats to keep in touch with our users and provide relevant tech support; 

  • data storage and record keeping are carried out securely primarily in Europe and U.S.;

  • advertising carried out via embedded SDKs or other analysis tools;

  • analysis of the use of the Website and the Application (such as Google Analytics, Google Inc., U.S. and Firebase Inc., U.S.);

  • audits and security checks to detect errors and debug the Website and Application;

  • legal and financial advice. 

 

Data transfers

 

We will share your personal data with the third parties only where:

  • the user give us explicit consent to such disclosure;

  • the disclosure of the user’s personal data is required by the appropriate laws of the state or EU;

  • to secure our legitimate interests overriding the rights and interests of data subjects;

  • the disclosure of your personal data is necessary for the public authorities to fulfil their official obligations and duties;

  • the disclosure of the user’s personal data is necessary to protect our rights, safety, property or our users.

 

To secure our legitimate interest as defined in this Policy or to comply with our legal obligation we may transfer your Personal Data outside the EEA.

 

For transfers to countries that do not fall under Article 45 of the GDPR on the adequacy of the level of protection or Article 46 of the GDPR on the appropriate safeguards, we may assist you in transferring your personal data under Article 49 of the GDPR on the derogations for specific situations, namely paragraphs (a), (b), (c) or (f). Each selected data controller and/or data processor will treat your personal data in accordance with its own privacy policy (which is published on its website). Disclosure of personal data to other data controllers and/or data processors will be done in accordance with the applicable personal data laws and regulations.

 

Data subject (user) rights

 

As we said earlier, it is highly likely that you are protected by the national law, namely, the data protection law. For instance, any user who accesses our Website or Application from the territory of the European Union or European Economic Area may enjoy the rights enshrined in the General Data Protection Law. 

 

To submit a request or get more information on your rights and options, please contact us to nutisgb@gmail.com. Be aware that we may send you questions or otherwise contact you to identify you as the user and verify your persona. 

Data subject right

More information

Right of access

The data subject has the right to access the information concerning him, namely the purposes of the processing, the categories of personal data processed, and other information. 

 

You can access your account profile to learn whether your personal data is being processed as a first step of your data subject information request. 

 

This right is provided for in Article 15 of the GDPR.

Right to rectification

The data subject has the right to obtain correction of inaccurate or incomplete personal data, and where it is compatible with the purposes of processing, the right to rectify it. 

 

Users are able to correct and rectify most of their personal data in the account profile area. 

 

This right is provided for in Article 16 of the GDPR.

Right to erasure (“right to be forgotten”)

The data subject has the right to obtain the erasure of personal data concerning him without undue delay. 

 

However, we still may refuse to delete your personal data if the General Data Protection Regulation or applicable national laws apply to the extent that the processing is necessary: 

  • for exercising the right of freedom of expression and information;

  • for compliance with a legal obligation which requires processing by EU or national law to which we controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

  • for the establishment, exercise or defence of legal claims.

 

This right is provided for in Article 17 of the GDPR.

Right to restriction of processing and right to object

If you are, for example, disturbed by the marketing notifications and emails you receive from us, you can either click the “unsubscribe” link in the footer of the marketing message, disable the notifications or contact us to nutisgb@gmail.com

 

These rights are provided for in Article 18 (right to restriction) and Article 21 (right to object) of the GDPR.

Right to data portability

The data subject has the right to receive, in a reusable digital format, all information concerning them, which you have provided to us. 

 

Partly we ensure that this right is accessible by providing the Trainer(s) with the personal data of Client(s) at the request of the parties to disclosure transaction (namely, authorisation through the QR codes). 

 

This right is provided for in Article 20 of the GDPR.

 

Please, keep in mind that when the Trainer(s) obtains access to the Client’s personal data, the Trainer(s) in question must be responsible for collection the Client’s consent (or ensure that any other lawful basis as provided for in Article 6 of the GDPR) as a data controller. It is the responsibility of the Trainer to guarantee the data subject rights. 

 

Changes and amendments to this Privacy Policy

 

We intend to give the Privacy Policy a constant and periodic review, especially if there are legal developments, recommendations issued by the supervisory authorities, or changes to our business model and processing activities or applied technology, among others.

 

We recommend that you visit this page regularly and keep up with the latest updates. We will notify you whenever we make substantial changes to this Policy that might jeopardize your rights. 

 

Contacts

 

In the case you want to make a request or complaint, please contact us to:

 

Lysin Serhii Sergeevich, 

(registration with the Registry 3770009890 dated 06-04-2021)

lysinsergej@gmail.com

Vasily Verhovyntsa street 10, apartment 26, 03148, Kyiv, Ukraine

+380664786366

 

Data Protection Authority

 

Without prejudice to any claims that you may submit to us through the contacts made available on this page, you may also submit a complaint to the Dutch Data Protection Authority (Dutch DPA) through the following contacts:

 

Dutch Data Protection Authority (Dutch DPA)

Autoriteit Persoonsgegevens

PO Box 93374

2509 AJ DEN HAAG

 

(+31) - (0)70 - 888 85 00

 

Be careful! Some supervisory authorities may publish prerequisites or procedure steps that the data subject must follow prior to filing a complaint with them, including specific contact details. 

© 2020 Nutis

  • Facebook
  • Instagram
bottom of page