Last update: June 2023

1. INTRODUCTION

We regard your privacy as a user ("User," "You," or "Your") and understand the importance of safeguarding your personal information. Our commitment is to protect your personal information and use it solely for the purpose of providing you with the best possible service, products, and opportunities, as detailed in this Privacy Policy.

This Privacy Policy explains the online information practices of Kiimii Inc (collectively referred to as the "Company," "Kiimii," "we," "us," or "our"), specifically in relation to the mobile application called Kalorie (collectively referred to as the "Application"). We believe it is important to outline the information we collect, how we utilize it, and the rights you possess regarding the processing of your personal data by us. Kiimii adheres to applicable data protection laws and regulations, acting as the data controller under relevant local legislation.

Please take note that while using the Application, it is imperative to read this Privacy Policy in conjunction with our Terms of Use. By accessing the Application, you acknowledge that both the Privacy Policy and the Terms of Use govern your usage of the Application.

Privacy and personal data protection principles may differ from one country to another. Consequently, when you visit or access a third-party website or application, you will be subject to the privacy policy of that particular website or application. We recommend reviewing the privacy policy of the third party to understand the privacy practices applicable to the information or data maintained by the website or application.

2. Categories of Personal Data that We Collect, Purposes and Legal Bases for Our Processing

Purpose

Legal Basis

Categories of Processed Data

a) To enable you to use the app and to provide you with its functionalities, including to:

- customize and track your calorie intake and activities

- show information about the app and your progress

The legal basis for the processing is the performance of our contractual relationship (art. 6(1)(b) of the GDPR).

The legal basis for the processing of your health data (e.g. height, weight) is your consent (art. 6(1)(a) of GDPR).

Identification and contact information (such as name), identifiers and internet and network activity information (such as IP address, device model, device type, OS version, device language, device name, country set in the device settings, information about your interactions with the app, and unique identifiers, including IDFA), and other information necessary to enable you to use the app and our personalized services (such as gender, age, physical activity level, dietary preferences, food and water history, weight and height, subscription data).

The app requires your permission to access your camera and your photo library when you use the app to allow you to scan barcodes. However, when you use these features, your pictures are stored within the app on your device, and we do not collect or have access to such data.

b) In order to enhance our products and services, we may engage in activities such as statistical analysis and other research endeavors to optimize our features and introduce new ones.

The legal basis for processing this information is our legitimate interest, as outlined in Article 6(1)(f) of the General Data Protection Regulation (GDPR), which entails improving our products and services.

The types of information we may collect and process include identification and contact details (such as name, age, or email address, when requested), gender, subscription data, and information that is collected or generated to enhance the functionalities of the app. This may encompass details regarding your interactions with the app, inferences we draw from the data, and other relevant information pertaining to your app usage.

c) We strive to maintain the quality of our products and services by analyzing, preventing, and addressing any failures, illicit use, or misuse that may occur.

The legal basis for processing this information is our legitimate interest, as specified in Article 6(1)(f) of the General Data Protection Regulation (GDPR).

We may collect and process any information necessary to fulfill these purposes and ensure the effective performance of our products and services.

d) In order to fulfill our legal obligations, including responding to requests from public authorities, we may process personal information.

The legal basis for processing this information is compliance with the legal obligations to which we are subject, as specified in Article 6(1)(c) of the General Data Protection Regulation (GDPR).

We may collect and process any information that may be required by law or under the instructions of public authorities to ensure compliance with our legal obligations.

e) We process and respond to customer support communications and requests for information that you may raise with us.

The legal basis for processing this information is the performance of our contractual relationship with you, as outlined in Article 6(1)(b) of the General Data Protection Regulation (GDPR).

The types of information we may collect and process for this purpose include identification and contact details that you provide to us, such as your name and email address, as well as the content of your communication or request.

f) In order to establish, exercise, or defend our rights and the rights of our employees, as well as to conduct corporate transactions or operations, we may process personal information.

The legal basis for processing this information is our legitimate interest, as specified in Article 6(1)(f) of the General Data Protection Regulation (GDPR). This includes our interest in establishing, exercising, or defending our rights and carrying out corporate transactions or operations.

We may collect and process any information necessary to fulfill these purposes and ensure the proper performance of these activities.

g) We analyze your usage information, including preferences, interests, and behaviors when using our products and services, for various purposes:

Maintenance, Optimization, and Development: We use this analysis to maintain, optimize, and develop new features for our products and services, ensuring they meet your needs and provide an enhanced user experience.
Campaign Effectiveness and Relevant Advertising: We may measure the effectiveness of our campaigns and strive to make our advertising more relevant to you based on the analysis of your usage information.

The legal basis for processing this information is our legitimate interest, as specified in Article 6(1)(f) of the General Data Protection Regulation (GDPR).

The types of information we may collect and process for this purpose include your identification and contact information (such as name, age, or email address, when requested), identifiers, and internet and network activity information that we collect (such as IDFA and IP address). Additionally, we may collect information about your interactions with the app and other related information regarding your app usage.

Please note that IDFA is a unique device identifier provided by your mobile device's operating system. It enables advertisers to track and identify users for advertising purposes. If you wish to disable this tracking, you can go to Settings > Privacy > Advertising and switch on the "Limit Ad Tracking" option.

h) To personalize and customize your dietary plan, we may access data from Apple HealthKit and Health App, collectively referred to as "Apple HealthKit."

The personal data obtained from Apple HealthKit will be solely processed for the purpose of customizing your dietary plan.

The legal basis for processing this data is your consent, as specified in Article 6(1)(a) of the General Data Protection Regulation (GDPR).

General health and fitness data contained in Apple HealthKit and which includes your physical activity (such as calories burnt).

The app requires your permission to access data in Apple HealthKit.

3. Data Storage and Protection

We utilize both automated and non-automated means to process personal data, which may be stored on our premises as well as on servers provided by our trusted service providers. To safeguard your personal data, we implement technical and organizational measures intended to prevent loss, improper use, and unauthorized alteration. Additionally, we may employ data encryption and pseudonymization measures for enhanced security. However, it's important to note that no transmission over the Internet can be guaranteed as 100% secure. If you wish to avoid any potential risks, we advise against providing any personal data.

The retention periods for personal data processed for different purposes are as follows:

Personal data processed for the purposes outlined in Sections 2.a), 2.d), 2.e), and 2.f) will be retained for a period not exceeding the duration necessary to fulfill these purposes. In all cases, the data will be retained for a maximum of 10 (ten) years from the termination of the agreement.
Personal data processed for the purposes described in Sections 2.b), 2.c), and 2.g) will be retained for a maximum of 2 (two) years from the termination of the agreement.
Personal data processed for the purposes specified in Section 2.h) will be retained until you withdraw your consent by adjusting the privacy and security settings on your mobile device or until the termination of the agreement. However, evidence of your consent will be kept for no more than 10 (ten) years from the termination of the agreement.

Unless there is a legal obligation requiring a longer data retention period, upon the expiration of these retention periods, the processed personal data will be either deleted or anonymized.

4. Use of Your Personal Data

For the purposes outlined in Sections 2.a) and 2.e), it is mandatory for you to provide your personal data. Failure to provide this data will prevent you from enjoying the services and features offered by the app.

Regarding the purposes described in Section 2.h), where we rely on your consent, providing your personal data is optional. You have the right to withdraw your consent at any time. Even if you choose not to provide the personal data, you will still be able to access and use the app's services and features.

In relation to the purposes stated in Sections 2.b), 2.c), 2.f), and 2.g), where we rely on our legitimate interest, you have the right to object to such processing. You may exercise this right at any time as explained in Section 7 (Your Rights) below.

You have the ability to manage the sharing of certain information with us by adjusting the privacy and security settings on your mobile device. On iOS, you can utilize features such as "Limit Ad Tracking," while on Android, options like "Opt Out of Interest-Based Ads" or "Opt Out of Ads Personalization" are available. Please consult the instructions provided by your device's operating system or manufacturer to learn how to adjust these settings effectively.

5. Sharing Personal Data

We may share or disclose your personal data to the following categories of recipients:

Vendors: We may share your personal data with vendors who perform activities related to our business and operational activities. These vendors may act as outsourced data processors appointed in accordance with applicable privacy laws or as autonomous data controllers. Examples of such vendors include IT or storage service providers, mobile measurement partners, suppliers of mobile marketing services, and advertising networks and platforms.
Corporate Transactions: In the event of a corporate transaction or operation, such as bankruptcy, merger, acquisition, reorganization, sale of assets, or assignments, your personal data may be disclosed to our advisers and the advisers of any prospective purchaser. It may also be transferred as one of the assets to the new owner.
Public, Judicial, or Police Authorities: We may disclose your personal data to public, judicial, or police authorities to the extent permitted and required by applicable laws.

Please note that we will not disclose your personal data for any purpose other than those mentioned above, unless such disclosure is necessary to fulfill a legal obligation or if we obtain your consent.

6. Transfers of Personal Data Outside the European Economic Area

We may transfer personal data from the European Economic Area (“EEA”), the UK or Switzerland to other countries outside the EEA. Such data transfers are based on appropriate safeguards in accordance with Applicable Privacy Laws, including (a) the standard contractual clauses developed by the European Commission; (b) the Swiss-U.S. Privacy Shield, and the decisions of adequacy of the European Commission; or (c) binding corporate rules.

Copies of appropriate warranties are available for consultation by sending an email to contact@kiimii.com.

7. Your Rights

As a user, you have certain rights regarding your personal data, which you can exercise in accordance with the Applicable Privacy Laws. These rights include:

Right of Access: You have the right to obtain information about the processing of your personal data and request access to the data.
Right to Rectification: You have the right to request the correction, updating, or supplementation of your personal data if it is inaccurate or incomplete.
Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed.
Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data in certain situations, for example, if you contest the accuracy of the data or if the processing is unlawful.
Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object: You have the right to object to the processing of your personal data, including profiling, based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: If we rely on your consent for the processing of your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing based on consent before its withdrawal.

You also have the right to lodge a complaint with the competent Data Protection Authority.

To exercise your rights, send us an e-mail to contact@kiimii.com. Please note that we may need to verify your identity before responding to your request.

8. Children’s Personal Data

We do not knowingly collect personal information from children under the age of 16, and in the event that we learn that a child under the age of 16 has provided information on the Application, we will delete that information as soon as possible.

9. Third-party Websites and Services

It's important to note that this Privacy Policy applies only to the activities and data processed by the app itself. If the app includes links to other websites or services operated by third parties, the privacy practices and policies of those third parties will govern the data processing activities on their platforms. We have no control over and are not responsible for the actions, practices, and privacy policies of such third parties and their websites or services.

10. Changes to this Privacy Policy

We reserve the right to modify, integrate, or update this Privacy Policy, either in whole or in part. If any changes are made, we will notify users in accordance with the Applicable Privacy Laws. Notification of changes may be provided by revising the date of this Privacy Policy.

It's important to review this Privacy Policy periodically to stay informed about how your personal data is being handled. The date of this Privacy Policy indicates the last time it was updated.

11. Additional Information for California Consumers.

a) Additional Information Related to Collection, Use, and Disclosure of Personal Information:

In accordance with the California Consumer Privacy Act (CCPA), we provide additional disclosures regarding the collection, use, and disclosure of personal information.

We collect personal information from various sources, including directly from you when you make purchases or participate in surveys within the app, automatically through your app usage (such as device information), from other sources (like mobile measurement partners), and generate inferences based on your app usage and other collected information.

In the past 12 months, we have collected the following categories of personal information: identifiers, internet or electronic network activity information, characteristics of protected classifications under California or U.S. federal law (such as age and gender), commercial information, approximate geolocation information, inferences, and other information reasonably associated with you. For more details, please refer to Section 2 above.

We collect personal information for the business and commercial purposes outlined in Section 2. The categories of third parties with whom we may share personal information are described in Section 5. In the past 12 months, we have disclosed the above-mentioned categories of personal information for business purposes.

We do not sell your personal information. However, we may allow our advertising partners to collect certain device identifiers and electronic network activity through our app for personalized advertising. You can opt out of this activity by adjusting the privacy settings on your device.

b) Rights of California Consumers:

Under the CCPA, California consumers have certain rights, subject to limitations:

Right to request details: You can request more information about the categories and specific pieces of personal information we process.
Right to deletion: You can request the deletion of your personal information.
Right to opt out of sales: While we don't sell personal information, you can opt out of certain information collection for interest-based advertising purposes.
Right to non-discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact us at contact@kiimii.com. We may need to verify your request by asking for information that matches our records. California consumers can also authorize an agent to exercise these rights on their behalf, but we will require proof of authorization and may request identity verification directly from the consumer.