FatSecret servers are hosted in multiple locations, including Europe and the United States and if you are accessing FatSecret from outside the United States, please be advised that you may be transferring your Personal Data to the United States and that the United States may have data protection laws/standards that are different from where you live. Your continued use of FatSecret represents your consent to this transfer of information.
Sensitive Data is a category of Personal Data and encompasses the definition of "special categories of personal data" under the GDPR as well as the definitions of "sensitive data", "sensitive information" and other like terms applicable under the privacy laws where we carry on business. Generally, however, this is Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a person's sex life or sexual orientation.
As a user of FatSecret or the Services you are required to register before you can use FatSecret (including the FatSecret App) and our Services. During registration, we collect (and if you proceed to register your consent to our collection of):
Your Personal Data such as name, age, height, gender, postcode and email address. We also collect information relating to your current and goal weight which, because of the inferences that can be made about you in combination with your age, gender and height, is considered health data and thus Sensitive Data. When using FatSecret, we may also collect additional information including but not limited to your dietary goals, dietary preferences, allergies and other health conditions affected by nutrition or diet, or requiring nutrition or dietary guidance
We collect the above Personal Data to customise, adapt and personalise your experience with the Services, to assess and improve our Services (such as the educational content) and maintain and analyse the functioning of the Service; and
when using FatSecret, behavioural data (i.e. what you do whilst using FatSecret, what you engage with) such as by monitoring your engagement with FatSecret, our Services and our communications. By collecting this Personal Data we can monitor and analyse your progress in respect of your health goals. This allows us to better customise/tailor your experience with the Services (and how we deliver the Services to you) and to continue improving FatSecret.
As part of our Services, FatSecret will, from time to time, use your Personal Data to provide you with personalised educational content relating to food and nutrition information and other health updates and information. Where you opt in to receive direct marketing we will also use your Personal Data to provide you with personalised direct marketing. We explain our approach to and your rights in respect of Direct Marketing under Section 5 below.
If you wish to stop us processing your behavioural data for non-marketing purposes, as above, you will need to stop using FatSecret and delete your account.
We also collect your Personal Data (such as name, contact details (i.e. email address) and other Personal Data you provide) when you communicate with us or use your personal User Inbox within FatSecret. We use this Personal Data to communicate with you and populate your User Inbox with information related to your weight/health journey.
Where you have opted in to receive direct marketing we will also send our direct marketing, promotions and/or other events we think might interest you to you via your User Inbox and also measure the effectiveness of those and other communications (see Section 5 as regards direct marketing).
If you register for our Premium Service we may additionally collect payment details (including credit card and debit card details) to fulfil your purchase, process your payments and provide you with any necessary customer support.
FatSecret may also access and process your Sensitive Data (i.e. health data) through integration with other services such as Apple's HealthKit API's and Google's Health Connect and Fit APIs (all together "Health Data Services") where you have requested or opted in to us doing so. We will not use or disclose any Sensitive Data gained through Health Data Services to third parties for advertising, marketing or other use-based data mining purposes other than for improving health or for the purpose of health research and will not disclose any of this Sensitive Data to a third party without your express consent. The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.
FatSecret (and our advertisements or email messages) may contain "cookies" and other technologies such as pixel tags. Other technical information we collect include your IP address, ISP, browser type, operating system, language and general user activity on FatSecret. These technologies help us better customise the Services and to facilitate and measure the effectiveness of advertisements or messages. We do not link the information stored in cookies to any Personal Data you have submitted. While most browsers accept cookies automatically, you may also adjust your browser settings to delete or disable cookies. We do not respect do not track browser requests.
For Personal Data subject to the GDPR, we only process your Personal Data where we have a lawful basis for doing so, including one or more of the following:
User consent: this refers to where you have given us explicit permission to process Personal Data and/or Sensitive Data for a given purpose. When we rely on consent we seek such consent at the time we collect your Personal Data and/or Sensitive Data (such as when you register for FatSecret and/or consent to direct marketing). We require you to indicate your consent by an explicit affirmative action by, for example in the FatSecret App or website, clicking the "Yes, I agree" button. This is the basis on which we process your Sensitive Data and, in most cases, your other Personal Data.
For our legitimate business purposes: in certain situations (such as when not processing Sensitive Data) we will have a legitimate interest to process your Personal Data. We may rely on this when we manage your enquiries, requests and complaints, undertake general administrative tasks in connection with our Services, provide you with information about our Services, improve, maintain, and analyse our Service or otherwise detect fraud.
For contractual necessity: we may process your Personal Data to meet our contractual obligations. For example, when you purchase our Premium Service we may need to process your payment information to fulfill your subscription.
For compliance with a legal obligation: we must process Personal Data in order to comply with laws, regulations, court orders or other legal obligations (such as assisting with an investigation).
to service providers (such as those that provide services relating to information technology, customer support, sales, marketing, payments, data/market analysis, and surveys) and other vendors to provide, improve and otherwise customise our Services;
if we are permitted or required to do so by applicable law or we have a good faith belief that sharing information is necessary to comply with any applicable law; and/or
when otherwise authorised by you to do so whether at the time you supply the Personal Data or subsequently.
Where you have opted in to receive direct marketing we will use your Personal Data to provide you personalised information about other features, products or services we think you might be interested in. This may include details relating to current promotions, special offers and our Premium Service or promotions/offers relating to our Premium Service and/or other materials so that we can undertake market research into nutrition and health services and products. We will use your behavioural data to assess what products and services you may be interested in and which we will directly market to you.
We will share our direct marketing with you using a variety of channels, such as your User Inbox, email or by telephone, unless you have specifically requested us to only use one specific channel for marketing. We may also collect and use your demographic and other Personal Data for market research, statistical, advertising and promotional purposes.
All direct marketing emails, User Inbox messages and SMS messages will include instructions for opting-out of direct marketing communications. If at any time you no longer wish to receive direct marketing from us, please follow the unsubscribe opt-out options available in each email or SMS marketing, User Inbox message or write to us at our "Contact Details" in Section 12.
Please note that, regardless of your communication (and specifically email) settings for direct marketing, we may still send you communications (including by email) relating to:
educational materials we deem relevant to your goals and progress; and/or
your requests for technical support or other questions or complaints about the Services.
We retain your Personal Data for as long as you maintain your account with us or as otherwise necessary to provide you the Services. We may also retain your Personal Data as required to comply with our legal obligations.
Your Personal Data may remain on our backup/disaster recovery systems. However, this Personal Data will be completely and irredeemably destroyed or deidentified within 6 months after you delete your account.
We endeavour to keep your Personal Data accurate and up to date and retain it in accordance with your directions and request your assistance to do so by letting us know of any changes. In respect of your Personal Data that we hold you can exercise your rights (detailed below) by contacting us via our 'Contact Details' below.
We will respond to your requests as soon as practicable (and after verifying your identity if necessary) and, in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes to comply with legal requirements and/or to complete any transactions that you began prior to requesting such change or deletion.
Your rights include:
the right to access your Personal Data we hold. You may also seek confirmation that we are processing your Personal Data and access your Personal Data and information related to that processing (e.g. such as the purpose or categories of that processing);
where we process your Personal Data only with your consent, the right to withdraw your consent to such processing at any time;
the right to rectify or correct your Personal Data where that Personal Data is incomplete or contains any inaccuracies;
the right to restrict our processing or to object to our processing of your Personal Data;
the right to request us to transfer your Personal Data to a third party in a structured, standardised and machine-readable format;
the right to object to and opt-out of receiving direct marketing at any time;
the right to request (subject only to our legal obligations to retain it) we erase (i.e. forget) your Personal Data where that Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, where you withdraw consent or otherwise object to the processing of your Personal Data; and
the right to lodge a complaint with a supervisory authority (For example, the Information Commissioner's Office in the United Kingdom or the Office of the Australian Information Commissioner in Australia).
FatSecret takes reasonable steps to ensure the security of your Personal Data. For example, we take reasonable security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of user Personal Data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store Personal Data.
We also restrict access to your Personal Data to our employees, contractors and agents who require access to that Personal Data in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
We do not knowingly collect Personal Data from children under 13 years of age without parental consent. If you become aware that a child under the age of 13 has provided us with Personal Data without parental consent, please contact us immediately by our contact details below. If we become aware that an individual under the age of 13 has provided us with Personal Data, we will take steps to remove that Personal Data and cancel that individual’s account as soon as possible.
Company Name: Secret Industries Pty Ltd (FatSecret)
Company Address: Level 1, 1B Cromwell Street, Caulfield North, 3161, Victoria, Australia
If you have any concerns, complaints or questions relating to your privacy we encourage you to contact us directly (at the above email address) and allow us the opportunity to assist you. Nevertheless, you have the right to escalate your concerns/lodge a complaint with your local data protection supervisory authority (e.g. the Information Commissioner's Office in the United Kingdom or the Office of the Australian Information Commissioner in Australia) if you believe our processing of your Personal Data infringes any privacy/data protection laws.