NEUTRALLY: PRIVACY NOTICE
Who we are
The services - which include the supply of our 'Neutrally' mobile software application and any updates or supplements to it ('App'), our 'Neutrally' websites, and any products or services connected with the App and our websites (the 'Services') - are operated by Neutrally Holdings Ltd, a company registered in England and Wales with registered office at 10 College Lane, London, United Kingdom, NW5 1BJ and company number 13416338 ('Neutrally', 'we', 'us', 'our').
If you have any specific concerns around the privacy or require further information about how we handle your personal information, please get in touch with us directly by email at privacy@neutrally.io.
Scope and acknowledgement
This Privacy Notice applies to any personal data (also referred to as personal information, information or data) processed as a result of your use of our Services. That is any information capable of identifying you either directly or indirectly.
We may use personal data to:
direct targeted advertising (and we may take affiliate marketing fees for any successful purchases linked to targeted advertising);
improve our products, services and algorithms; and
develop new products, services and algorithms.
By submitting personal data to us, you acknowledge that you have read this Privacy Notice.
Personal data processing
The table below sets out what sort of personal data processing is necessary in respect of each Service functionality. It also details the processing purposes and the lawful grounds for processing in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (the 'Regulation'). For the purposes of the Regulation, Neutrally acts as 'controller'.
Functionality
Relevant data
Purpose for processing
Legal justification
User sign up
Unique user ID ('UUID'), mobile phone number (with country code), first and last name, email address.
To grant you access to our Services and to verify your account.
The processing is necessary for the performance of the contract between Neutrally and you.
Profile and Service personalisation
Date of birth, age, gender, waist measurements, weight, height, allergy information, dietary requirements and any other health information the user wishes to share.
To provide the Services.
The processing is necessary for the performance of the contract between Neutrally and you.
Glucose data
Glucose levels.
To provide an assessment of the user's physical response to foods, exercise, stress, etc., as part of our Services.
The processing is necessary for the performance of the contract between Neutrally and you.
Device Data
Activity based data such as content read & watched, views & any other interaction based engagement.
To enhance the applications experience.
The processing is necessary for the performance of the contract between Neutrally and you.
Personal data sharing
We may share your personal data with the following recipients.
Recipient
For the following purposes:
On the following legal grounds:
Suppliers and partners
We may disclose your personal data to our suppliers who help us run our business and perform our Services. Our suppliers may process your personal data on our behalf solely in accordance with our instructions and pursuant to a written contract.
For example, we use suppliers for webhosting, secure cloud storage, analytics, email services, customer relationship management, and other services.
We may also use suppliers such as social media companies, and search engines in order to promote our Services and/or to generate targeted advertising. We may share your email address or device ID with these suppliers.
This is either:
necessary for the performance of the contract between Neutrally and you; or
necessary for the purposes of our legitimate interests that are connected to the proper administration of our business; or
necessary for the purposes of our legitimate interests to promote our Services.
When none of the above applies, we will seek your express consent in order to use a certain supplier with respect to your personal data.
Advertising companies
We may disclose your personal data to advertising companies to allow them to direct targeted advertising based on user demographic/behaviour and/or to promote our Services.
We will seek your express consent in order to share your personal data with advertising companies.
Insurance companies
We may disclose your personal data to insurance companies to allow them to improve their services and pricing policies. For example, subject to the express consent of the user, we would provide an insurance company with personal data to help lower premium costs.
We will seek your express consent in order to share your personal data with insurance companies.
Advisors
We may disclose your personal data to our professional advisors that are usually regulated by a competent authority (lawyers, accountants, etc.) where that proves necessary.
This is necessary for the purposes of the legitimate interests that we pursue namely the proper administration of our business.
Authorities
We may disclose your personal data to the court service or regulators or law enforcement agencies in connection with proceedings or investigations where we are compelled to do so.
We would do this if we need to comply with a legal obligation or when in pursuit of our legitimate interests, namely the protection of our business.
Corporate restructuring
If we sell or buy any assets or business, we may disclose your personal data to the prospective seller or buyer of such business or assets. Conversely, if we are acquired by another business, personal information about our customers will be transferred to the buyer.
This is necessary for the purposes of the legitimate interests, namely the proper administration of our business and our business' continued ability to provide our Services.
Third party technology integrations with our Services
We automatically exchange information with the following third parties as necessary to deliver our Services. These exchanges occur only when the App is 'active' and as such are not limited in duration but occur when you open our App and cease when you close it.
Third party
Purpose of the exchange
Privacy practices
Google Firebase Services / Google Cloud
Storage of application data, including user information, for the purpose of offering the services and functionalities of the Neutrally application.
https://firebase.google.com/support/privacy
Google Analytics
Usage analytics used to improve the application experience.
https://policies.google.com/privacy?hl=en-US
Transfers of personal data in and out of the European Economic Area and the United Kingdom ('EEA'; 'UK')
Our App and customer database is stored on Google Cloud, in server farms physically located in the UK. However, the very nature of Internet communications means that at least some of the personal data processed by us and the parties we share it with may be transferred in and out of the EEA, which is an area composed of countries offering a high standard of personal data protection pursuant to the Regulation which imposes certain restrictions on outbound transfers to most non-EEA territories. On the other hand, most non-EEA territories do not impose any restrictions on transfers of personal data to the EEA.
Regardless of location, we will impose data protection safeguards similar to those that we deploy inside the UK and the EEA. Where required by applicable law, we will transfer your personal data subject to European Commission and UK Information Commissioner's Office approved contractual terms that impose equivalent data protection obligations directly on the recipient. Please contact us if you would like further details of the specific safeguards applied to the export of your personal data.
Your rights over your information
We are committed to fulfilling the statutory data protection rights of our customers. Please use our contact details provided at the beginning of this Privacy Notice if you wish to exercise the following rights in respect of the personal data about you that we process:
to be informed;
to access;
to rectification;
to erasure;
to restrict processing;
to object to profiling; and
to data portability;
to complain to the Information Commissioner's Office;
to withdraw consent.
Detailed information on the full content of your rights (and the conditions that apply) is provided by the United Kingdom's Information Commissioner's Office and is available on their website: https://ico.org.uk/your-data-matters/.
Profiling and the right to object
As our Services evolve we are planning to categorise App users in accordance with age, gender, lifestyle preferences, physical conditions and psychological conditions. Such information will be anonymised and may be shared with academics, insurance companies and other large organisations. These third parties will never know who you are, unless you decide to use their services. This process involves profiling and under data protection law you are entitled to object to it. However, please note that our business model relies on this profiling and we may not be able to provide you our Services should you decide to exercise your right to object.
Information security
At Neutrally we maintain physical, electronic and procedural safeguards to protect personal data in accordance with data protection legislation requirements. We only use suppliers who undertake to maintain comprehensive information security programs with effective administrative, technical, and physical safeguards capable of identifying, detecting, protecting against, responding to, and recovering from security incidents.
Data retention period
We shall retain your personal data until you request us to no longer hold it, unless we required to keep it by law. If your personal data becomes irrelevant for the purpose for which it was originally collected then we will securely dispose of it. As a general rule, we delete data about users who have been inactive for over 24 months. In all other cases, to determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Please note that the foregoing does not apply to any personal data that has been irreversibly anonymised, meaning data rendered anonymous in such a manner that you are no longer identifiable from such data. Under the applicable law, such data is not deemed personal and may be retained and shared indefinitely.
Changes
We reserve the right to amend this Privacy Notice from time to time. Any changes we make in the future will be published on our website and it is your responsibility to consult the website regularly in order acquaint yourself with such changes.
Date of last amendment
26 July 2022