Last updated
January 5 2023

Privacy Policy

Fimbl is a digital calorie counter app for Android and iOS that is operated by AppRise Ventures Oy (hereinafter: Fimbl, Provider) with registered office in Turku, Finland. The following data protection provisions apply to all registered users of the app. By registering, you agree to these data protection provisions.


1 Controller

The body responsible for collecting, processing and using personal data about you (User) according to the General Data Protection Regulation (GDPR) is:

AppRise Ventures Oy
Puutarhakatu 7
20100 Turku
Finland

Please contact us by email if you have questions about your personal data, this Data Protection Policy, or how to exercise your rights as a data subject.


2 Encryption

All incoming and outgoing data traffic when communicating with the Fimbl app or with third parties is encrypted using TLS. The “https://” code in the address bar and the lock icon indicate that the connection to our website is encrypted.

TLS encryption means that third parties cannot read the transmitted data.


3 Collection, processing and use of personal data

3.1 Personal data

“Personal data” according to the GDPR refers to any information related to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Fimbl only processes personal data about you (e.g. email address, nutritional information in the app) in accordance with applicable data protection laws. The following provisions provide information about the nature, scope, and purposes of collecting, processing, and using personal data. This Privacy Policy only applies to the aforementioned product. If a link leads to another website, please review the information there for the respective treatment of personal data about you.

3.2 Data collection when using our website

When you visit our www.fimbl.com website, the web server automatically creates log files that cannot be associated with a specific person. This processing is based on our legitimate interests according to point (f) of Art. 6 (1) GDPR. Such data may include, for example, browser type and version, operating system used, referrer URL, IP address of the requesting computer, date and time of access of the server request, and the client’s file request (name of file and URL). These data are only collected for statistical purposes and for security reasons (e.g. to investigate misuse and fraudulent acts), stored for a period of seven days, and then erased. Data that needs to be stored as evidence for a longer period is excluded from erasure until the respective incident has been clarified.

Cookies

To make the web pages more user-friendly and effective, Fimbl and third parties commissioned by Fimbl store so-called cookies on the customers’ hard drives. The legal basis for this type of use is point (f) of Art. 6 (1) GDPR.

Cookies are small text files that serve, among other purposes, to record information on how a website is used. These cookies cannot execute programs nor can they infect your computer with viruses. They do not contain any personal data, cannot be attributed to a specific person, and are automatically erased at the latest after one year, unless otherwise stated. Such data is not combined with data from other sources.

The website can also be used without cookies. In your browser settings, you can deactivate or limit the use of cookies or prompt your browser to warn you before a cookie is sent. You can also delete cookies from the computer’s hard drive at any time.

3.3 Personal data when using the Fimbl app

3.3.1 Mandatory information

To be able to use the app, the user must provide an email address and a password (mandatory information). These data serve to identify the user and to enable communication between Fimbl and the user. The email address and all the user’s other data are not visible to other users. The data are stored based on your consent according to point (a) of Art. 6 (1) GDPR.

3.3.2 Data provided by the user

Fimbl also records data provided by the user that can be entered when using the app. This refers to a user profile that consists of the following physical data:

  • sex
  • date of birth
  • height
  • type of activity (sitting, standing, etc.)
  • desired result (lose weight, etc.)
  • starting weight
  • target weight

The physical data is recorded based on your consent according to point (a) of Art. 6 (1) GDPR and is used exclusively to calculate your personal calorie intake. In order to be able to use the features of the Fimbl app, physical data needs to be provided. It is particularly necessary to provide the starting weight, target weight, sex, date of birth, height, and type of professional activities so that Fimbl can calculate the user’s personal calorie intake target. These data are not visible to third parties.

Furthermore, the following data is collected and stored when the user account is set up:

  • First name (optional)
  • Email address
  • Password

3.3.3 Data automatically recorded by Fimbl

The following data is recorded once when the user registers with Fimbl:

Date of registration Operating system of the device used (Android/iOS) Country and language (using the locale: The locale is a set of parameters that contains the user’s regional settings, including in particular the language of the user interface, the country, and settings regarding character classification, keyboard layout, number, currency, date, and time formats.

We record these data for the purpose of improving and personalizing our services based on our legitimate interest according to point (f) of Art. 6 (1) GDPR.

3.3.4 Data recorded during the use of the Fimbl app

When the Fimbl app is used, Fimbl also records:

  • the current IP address,
  • the version of the app in use,
  • the current time zone.

We record these data for the purpose of improving and personalizing our services based on our legitimate interest according to point (f) of Art. 6 (1) GDPR.

3.3.5 Contractual relationship

If a contractual relationship is to be established, designed, or amended between the user and Fimbl, Fimbl stores the user’s personal data based on point (b) of Art. 6 (1) GDPR to the extent that this is needed for the performance of the contract. Through in-app purchasing, the user has the option to subscribe to the Fimbl PRO version of the app. If you decide to subscribe to the PRO version, the order button will lead you directly to either the Apple App Store or the Google Play Store depending on which operating system you use.

In this context, we will transmit the starting date and the end date and, if applicable, the termination date of the subscription and the reason for the termination (for example, withdrawal). The data for processing the payment is collected directly by the app stores.

For the privacy policies of the app stores, please go to:

  • Apple App Store: https://www.apple.com/de/privacy
  • Google Play Store: https://policies.google.com/privacy


4 Use by children

Fimbl is aware of the additional measures that are required to protect the privacy of children. People under 16 may not open accounts unless one parent has agreed in accordance with the applicable law. If we discover that we have recorded personal data of a child below the minimum age without its parent’s consent, we will take measures to immediately erase such data. Parents who believe that their child has made personal data available to us and who wish to have such data erased should please contact us under the details stated in item 1.


5 Use of web analysis, remarketing, and retargeting tools

Based on our legitimate interests in accordance with point (f) of Article 6 (1) of the General Data Protection Regulation (GDPR), we use various tools or plugins to conduct web analysis, remarketing, and retargeting in order to optimize our online offering and to be able to compile more relevant offers for you.

These services use cookies, forward the IP address and/or record and analyze various types of data, including the number of website visitors, duration of the visit, average page loading time, and origin of the visitors.

5.1 Google Analytics

We use Google Analytics, a web analysis service offered by Google. Google Analytics uses cookies that help to analyze how visitors use the website. The information generated by the cookie about the way you use the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. Fimbl has activated IP anonymization by adding the code gat._anonymizeIp(); on the websites, meaning that Google will shorten your IP address within a member state of the EU or another state party to the Agreement on the European Economic Area beforehand (this procedure is called IP masking). Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. Google will use this information on our behalf for the purpose of evaluating the way you use the website, compiling reports on website activity for Fimbl, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Google offers an add-on for web browsers that serves to prevent data collection by Google Analytics and data processing by Google. The add-on can be downloaded and installed at your own risk from: https://tools.google.com/dlpage/gaoptout.

More information is available at:
http://www.google.com/intl/de/analytics/privacyoverview.html
(general information on Google Analytics and data protection).

Google is certified under the Privacy Shield Framework, thus guaranteeing that the European data protection law will be complied with:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

5.2 Firebase Analytics

We use Firebase Analytics for the Fimbl App. Firebase Analytics is a service offered by Google Inc. located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The Firebase Analytics service helps to determine the interactions of App users by recording, for example, the first time the App is opened, deinstallations, updates, system crashes, and how often the App is used. The service also records and analyzes certain user interests. The information processed via Google Firebase may also be used together with other Google services, such as Google Analytics and the Google marketing services. The tool uses identifiers such as the Android Advertising ID or the Advertising Identifier for iOS and cookie-like technologies to identify the users’ mobile devices.

For more information on Google’s use of data for marketing purposes, please go to https://www.google.com/policies/technologies/ads. The Google Privacy Policy is available at https://www.google.de/policies/privacy. Users who wish to object to interest-based marketing by the Google marketing services can use the settings and opt-out options offered by Google at http://www.google.com/ads/preferences.

Google is certified under the Privacy Shield Framework, thus guaranteeing that the European data protection law will be complied with:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

5.3 Crashlytics

The Fimbl App further uses the Crashlytics analysis programme offered by Fabric, a company belonging to Google Inc. domiciled in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Crashlytics provides us with information on unforeseen system crashes and other malfunctions, thus serving our legitimate interest to constantly improve the App and eliminate faults. When a fault occurs, the analysis programme records and transmits information on the device in use, the operating system, the version and functionality of the App, time of the crash and the anonymised IP address of the requesting device. For more information, go to the information provided by Crashlytics at https://try.crashlytics.com/terms/privacy-policy.pdf. The Google Privacy Policy is available at https://www.google.de/policies/privacy.

Google is certified under the Privacy Shield Framework, thus guaranteeing that the European data protection law will be complied with:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI


6 Google Health Connect:

Our app collects various types of personal and sensitive user data to provide enhanced features and services. Specifically, we collect the following data:

  • Active Calories Burned Record: This includes the amount of calories burned during physical activities.
  • Body Fat Record: This includes body fat percentage measurements.
  • Exercise Session Record: This includes details of exercise sessions such as duration, type of exercise, and intensity.
  • Height Record: This includes user height measurements.
  • Steps Record: This includes the number of steps taken by the user.
  • Total Calories Burned Record: This includes the total amount of calories burned, combining both active and resting calories.
  • Weight Record: This includes body weight measurements.

6.1 Usage of Personal and Sensitive User Data:

The collected data is used solely to provide and improve the app’s features, including:

  • Active Calories Burned Record: To calculate and display the calories you have burned during physical activities, helping you track your fitness progress.
  • Body Fat Record: To help you monitor your body composition and track changes over time.
  • Exercise Session Record: To log and display details of your exercise sessions, providing insights into your workout patterns and progress.
  • Height Record: To personalize fitness calculations and provide accurate insights related to your health metrics.
  • Steps Record: To track and display the number of steps you take, helping you monitor your daily activity levels.
  • Total Calories Burned Record: To give you a comprehensive view of your calorie expenditure throughout the day.
  • Weight Record: To help you track your body weight changes and trends over time.

6.2 Sharing of Personal and Sensitive User Data:

We do not share your personal and sensitive user data with any third parties. All data collected is stored and used exclusively for providing the app’s features to you, the user.

6.3 Data Storage:

Your data is stored securely on your device and/or on our servers (if applicable) solely for your usage and to enable the app features effectively.

6.4 Reading of Personal and Sensitive User Data:

Our app reads and displays the following data from your device for your use:

  • Active Calories Burned Record: Read from your device and displayed in the app.
  • Body Fat Record: Read from your device and displayed in the app.
  • Exercise Session Record: Read from your device and displayed in the app.
  • Height Record: Read from your device and displayed in the app, saved and synced to the user profile.
  • Steps Record: Read from your device and displayed in the app.
  • Total Calories Burned Record: Read from your device and displayed in the app.
  • Weight Record: Read from your device and displayed in the app, saved and synced to user profile.

6.5 Writing of Personal and Sensitive User Data:

Our app allows users to input and update certain personal and sensitive data points, which are then written back to the user’s device health data:

  • Body Fat Record: Users can input their body fat percentage to monitor changes over time, and this data is written back to the user’s device.
  • Height Record: Users can enter their height measurements to ensure accurate fitness and health calculations, and this data is written back to the user’s device.
  • Weight Record: Users can log their body weight measurements to track their weight management progress, and this data is written back to the user’s device.


7 Erasure of your data

Fimbl stores personal data concerning users as long as the App is used. When the user account is deleted, we will permanently and irrevocably erase the email address, first name, surname, profile image, and links to third party providers.


8 Your rights

Please do not hesitate to contact us using the contact details in item 1 at any time if you have questions regarding your rights and other topics surrounding personal data.

You have the following rights:

8.1 Right of access

You have the right to request, free of charge at any time, information about the personal data concerning you that is stored by Fimbl, the origin and recipients of such data, the purpose of data processing, the planned duration of data storage, and a copy of the personal data that is being processed (Art. 15 GDPR).

8.2 Right to rectification

You also have the right to obtain without undue delay the rectification of inaccurate personal data and to have incomplete personal data completed (Art. 16 GDPR).

You have the right to withdraw, without stating reasons, your consent to data processing at any time with effect to future processing (Art. 7 (3) GDPR).

8.4 Right to erasure

You have the right to obtain erasure of personal data concerning you without undue delay if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or if you withdraw your consent to lawful processing and there are no other legal grounds for the processing. If you object to data processing and there are no overriding legitimate grounds for the processing, your data will also be erased. Finally, your data will be erased if processing is unlawful for any other statutory reasons (Art. 17 GDPR).

8.5 Right to restriction of processing

You have the right to request that Fimbl restrict the processing of your personal data (Art. 18 GDPR) if you contest the accuracy of the data for a period of time that allows us to review its accuracy. Processing may also be restricted if it is unlawful, but you object to the erasure of your personal data and instead request that the processing be restricted, or if we no longer need the personal data for the relevant purposes but need it for the establishment, exercise, or defense of legal claims. Additionally, processing may be restricted if you have previously objected to the processing, but it is not yet clear whether Fimbl has legitimate grounds to continue storing your personal data that override your interests.

8.6 Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller (Art. 20 GDPR) if the processing is based on your consent and the data is processed automatically.

8.7 Right to object

You have the right to object at any time to the processing of your personal data, including the creation of user profiles (Art. 21 GDPR). If the processing of your personal data is based on your consent, you may object at any time. Your personal data will no longer be processed if Fimbl does not have compelling legitimate grounds that override your interests, rights, and freedoms. If your personal data is processed for direct marketing purposes, you have the right to object to that processing at any time.

8.8 Right to lodge a complaint

You have the right to file a complaint with a supervisory authority (Art. 77 GDPR).


9 Validity and updates

This Privacy Policy is currently in effect and was last updated on January 5 2023. As Fimbl’s website continues to develop, it may be necessary to update this Privacy Policy. We reserve the right to make changes to this Privacy Policy at any time in the future.”