Privacy Policy.

About our privacy policy

When you use obi coach’s services, we understand the importance of your privacy and are committed to safeguarding your personal data. We recognize the sensitive nature of the information we handle and are dedicated to protecting the privacy of our users. Our Privacy Policy applies to the services provided by us to our users, encompassing our mobile and web applications. Our policy details how we are compliant with the European Parliament General Data Protection Regulation (GDPR) (EU) 2016/679 which is a comprehensive data protection framework that sets guidelines for the collection and processing of personal information, and to explain how we handle your data.  

2. Definitions

  • Personal Data: Any information related to an identified or identifiable individual, including but not limited to name, contact details, and personalized nutrition and lifestyle coaching information.
  • Data Processing: Any operation performed on personal data, whether automated or not, including collection, use, storage, and dissemination.
  • Data Controller: Evolve Wellness L.L.C. (obi coach) as we are the legal entity determining the purposes and means of processing your personal data.
  • Data Processor: An entity that processes data on behalf of us, the data controller.
  • Data Subject: Any individual whose personal data is being processed by OBI Coach.

3. Our Principles of Data Processing

We adhere to the following principles in our operations:
  • Lawfulness, Fairness, and Transparency: We process personal data legally, fairly, and in a transparent manner.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: We only collect data that is necessary and relevant to our provided services.
  • Storage Limitation: Data is retained only for as long as necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss.

4. What data do we collect?

  • Personal Details - name, email address, age, location, nationality, mobile number, username, password, job title, languages spoken, personal preferences, is collected when you select and/or input this data into the relevant profile section.
  • Health & Wellness - Health History (current health conditions and injuries / surgery history), Anthropometric Data (body type, weight, height and gender), and Health Indicators (stress level, sleep quality, sleep duration, sedentary level, fitness level) is collected when you select and/or input this data into the relevant profile section.
  • Food & Diet Information - Food photos, meal category, mealtime and date, food items, food type, portion size, calorie amount, food mood, food rating and associated metrics are collected when you add food items into your feed (i.e. digital food diary).
  • Feed Comments - the content of your feed comments is collected when you leave a comment on a specific food item.
  • Chat Messages: the content of your chat messages is collected when you use the chat message feature to communicate with your coach(es) including any attachments you share.
  • Call Details: the timing, duration and content of your call is collected when you use the call feature to consult with coaches.

5. Why do we collect data?

  • Personalized Coaching Services: To provide personalized matching of coaches and resources, and for your selected coach to provide a personalized experience.
  • Personalized Insights: Your data will be used by our advanced analytics and artificial intelligence tools to provide you and your selected coach with personalized insights.
  • Providing Support: To offer customer service and address any issues you might face while using our services.
  • Improving Our Services: We analyse technical and usage information to enhance the functionality and user experience of our app.
  • Marketing Communication: With your explicit consent, we may use your personal details to send personalized promotional messages and updates.
  • Fulfilling Legal Obligations: We process certain data to comply with GDPR.
  • Preventing Misuse and Crime: To detect and prevent fraudulent activities or misuse of our services.

6. Your rights

As a user of our services, GDPR grants you certain rights regarding your personal data. Here’s an overview of these rights and how you can exercise them:
  1. The Right to be Informed: You have the right to be informed about how your personal data is being used. This Privacy Policy serves that purpose, but you can always ask us for more details.
  2. The Right of Access: You can request access to your personal data to see what information we hold about you.
  3. The Right to Rectification: If you believe that any personal data, we hold about you is incorrect or incomplete, you have the right to request its correction.
  4. The Right to Object to Processing: You have the right to object to the processing of your personal data, especially if it’s for direct marketing purposes. Consents (if requested and given), can be withdrawn on the same platform(s) as it was given, like our app, or website.
  5. The Right to Restrict Processing: In certain circumstances, you can request that we restrict the processing of your personal data.
  6. The Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request the transfer of this data to another controller.
  7. The Right to be Forgotten: Also known as the right to erasure, you can request the deletion of your personal data when it’s no longer necessary for the purposes for which it was collected.
  8. Rights in Relation to Automated Decision Making and Profiling: You have the right to not be subject to decisions based solely on automated processing, including profiling, which has legal or similarly significant effects on you.

Exercising Your Rights

To exercise any of these rights, please contact us by email to: admin@obi-coach.com We will respond to your request in accordance with GDPR guidelines.

7. Legal Basis for Processing Your Personal Data

We ensure that the processing of your personal data is backed by a solid legal basis. Here are the key grounds on which we rely:
  1. Consent: For certain types of data processing, particularly those not related to the provision of our services (like marketing communications), we seek your explicit consent. Remember, you have the freedom to withdraw this consent at any time.
  2. Legitimate Interest of the Company: In some instances, we process your data based on our legitimate interests. This includes activities like analysing how you use our app to improve our services. We balance our interests with your rights to ensure there is no undue impact on your privacy.
  3. Performance of a Contract: Much of the data we process is necessary for us to fulfill our contractual obligations to you. This includes using your personal data to provide you with the services.
  4. Legal Obligation: There are times when we need to process your data to comply with legal requirements.
  5. Vital Interests: On rare occasions, we might process personal data when it's necessary to protect someone's life, such as in emergencies.
  6. Public Interest: If necessary, we may process data for tasks that are in the public interest, especially those relating to public health.
 

8. Sharing Your Data

We understand the importance of keeping your personal data confidential. There are certain scenarios where we need to share your information:
  1. With Data Processors: To provide our services effectively, we share data with trusted third-party service providers. These partners help us with various aspects of our service, including data storage, app functionality, and customer support. They are contractually bound to protect your data and use it only for the purposes we specify through Data Protection Agreements (DPAs). They are not allowed to use the data for any purpose other than as a processor for us, within the scope of processing outlined in this document.
  2. Employers, Insurance Companies & Other Sales Partners: In our collaborations with employers, insurance companies and other sales partners, we may share usage data for users who have received free or discounted services in connection to our contracts. This does not include any information related to your personalized nutrition or coaching. It's mainly for administrative, contractual and invoicing purposes. As a User, it will be evident to you, and optional, to utilise our services in connection with one of these partners.
  3. Aggregated and Anonymized Data: We may share data in an aggregated and anonymized form for research, statistical analysis, or public health purposes. This is done only if we are confident that it does not compromise the interests or privacy of our Users. We ensure that such data cannot be used to identify any individual User.
 

9. Transfers to Third Countries

We are a global service and may host and transfer transfer personal data to countries outside of the European Union (EU) and the European Economic Area (EEA).
  • Safeguards: We ensure that appropriate safeguards, as required by GDPR and other relevant laws, are in place. This includes using standard contractual clauses approved by the European Commission or relying on a country's adequacy decision.

10. Duration of Data Storage

We retain your personal data only as long as necessary for the purposes it was collected.
  • Criteria for Determination: The duration of data storage is based on legal requirements, the nature of our relationship with you, and the necessity of the data for providing our services.
  • Deletion: Upon the expiration of the retention period, personal data is securely deleted or anonymized.
  • Right to be forgotten: If you exercise your right to be forgotten, your data will be deleted or anonymized the latest within 3 months of your request.
Certain personal data might be kept for longer, if we are legally obligated, but will no longer be processed for any other reason.

11. Security

We implement a range of technical and organizational measures designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. These measures are crafted to safeguard your data against unauthorized access, alteration, disclosure, or destruction.
  • Encryption: We employ strong encryption technologies to protect data during transmission and while it is stored.
  • Access Control: Access to personal data is strictly controlled and limited to only those employees and partners who require access to perform their duties.
  • Regular Auditing: Our security measures are regularly reviewed and audited to ensure they are up to date and effective.
  • Incident Response Plan: We have a robust incident response plan in place to quickly address any potential data breaches or security incidents.
  • Staff Training: All staff are trained in data protection and security, ensuring they understand the importance of safeguarding personal data and are aware of our security policies and procedures.
  • Data Minimization: We ensure that only the necessary amount of personal data is processed, accessed, and stored.

12. Contact Information

Your Questions, Our Answers: For any questions, concerns, or requests regarding your personal data, please contact us at admin@obi-coach.com. Feedback is Welcome: We value your input and feedback on our data protection practices and encourage you to reach out to us.