Last updated
January 5 2023
Privacy Policy
Fimbl is a digital calorie counter app for Android and iOS that is operated by AppRise Ventures Oy (hereinafter: Fimbl, Provider) with registered office in Turku, Finland. The following data protection provisions apply to all registered users of the app. By registering, you agree to these data protection provisions.
1 Controller
The body responsible for collecting, processing and using personal data about you (User) according to the General Data Protection Regulation (GDPR) is:
AppRise Ventures Oy
Puutarhakatu 7
20100 Turku
Finland
Please contact us by email if you have questions about your personal data, this Data Protection Policy, or how to exercise your rights as a data subject.
2 Encryption
All incoming and outgoing data traffic when communicating with the Fimbl app or with third parties is encrypted using TLS. The “https://” code in the address bar and the lock icon indicate that the connection to our website is encrypted.
TLS encryption means that third parties cannot read the transmitted data.
3 Collection, processing and use of personal data
3.1 Personal data
“Personal data” according to the GDPR refers to any information related to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Fimbl only processes personal data about you (e.g. email address, nutritional information in the app) in accordance with applicable data protection laws. The following provisions provide information about the nature, scope, and purposes of collecting, processing, and using personal data. This Privacy Policy only applies to the aforementioned product. If a link leads to another website, please review the information there for the respective treatment of personal data about you.
3.2 Data collection when using our website
When you visit our www.fimbl.com website, the web server automatically creates log files that cannot be associated with a specific person. This processing is based on our legitimate interests according to point (f) of Art. 6 (1) GDPR. Such data may include, for example, browser type and version, operating system used, referrer URL, IP address of the requesting computer, date and time of access of the server request, and the client’s file request (name of file and URL). These data are only collected for statistical purposes and for security reasons (e.g. to investigate misuse and fraudulent acts), stored for a period of seven days, and then erased. Data that needs to be stored as evidence for a longer period is excluded from erasure until the respective incident has been clarified.
Cookies
To make the web pages more user-friendly and effective, Fimbl and third parties commissioned by Fimbl store so-called cookies on the customers’ hard drives. The legal basis for this type of use is point (f) of Art. 6 (1) GDPR.
Cookies are small text files that serve, among other purposes, to record information on how a website is used. These cookies cannot execute programs nor can they infect your computer with viruses. They do not contain any personal data, cannot be attributed to a specific person, and are automatically erased at the latest after one year, unless otherwise stated. Such data is not combined with data from other sources.
The website can also be used without cookies. In your browser settings, you can deactivate or limit the use of cookies or prompt your browser to warn you before a cookie is sent. You can also delete cookies from the computer’s hard drive at any time.
3.3 Personal data when using the Fimbl app
3.3.1 Mandatory information
To be able to use the app, the user must provide an email address and a password (mandatory information). These data serve to identify the user and to enable communication between Fimbl and the user. The email address and all the user’s other data are not visible to other users. The data are stored based on your consent according to point (a) of Art. 6 (1) GDPR.
3.3.2 Data provided by the user
Fimbl also records data provided by the user that can be entered when using the app. This refers to a user profile that consists of the following physical data:
- sex
- date of birth
- height
- type of activity (sitting, standing, etc.)
- desired result (lose weight, etc.)
- starting weight
- target weight
The physical data is recorded based on your consent according to point (a) of Art. 6 (1) GDPR and is used exclusively to calculate your personal calorie intake. In order to be able to use the features of the Fimbl app, physical data needs to be provided. It is particularly necessary to provide the starting weight, target weight, sex, date of birth, height, and type of professional activities so that Fimbl can calculate the user’s personal calorie intake target. These data are not visible to third parties.
Furthermore, the following data is collected and stored when the user account is set up:
- First name (optional)
- Email address
- Password
3.3.3 Data automatically recorded by Fimbl
The following data is recorded once when the user registers with Fimbl:
Date of registration Operating system of the device used (Android/iOS) Country and language (using the locale: The locale is a set of parameters that contains the user’s regional settings, including in particular the language of the user interface, the country, and settings regarding character classification, keyboard layout, number, currency, date, and time formats.
We record these data for the purpose of improving and personalizing our services based on our legitimate interest according to point (f) of Art. 6 (1) GDPR.
3.3.4 Data recorded during the use of the Fimbl app
When the Fimbl app is used, Fimbl also records:
- the current IP address,
- the version of the app in use,
- the current time zone.
We record these data for the purpose of improving and personalizing our services based on our legitimate interest according to point (f) of Art. 6 (1) GDPR.
3.3.5 Contractual relationship
If a contractual relationship is to be established, designed, or amended between the user and Fimbl, Fimbl stores the user’s personal data based on point (b) of Art. 6 (1) GDPR to the extent that this is needed for the performance of the contract. Through in-app purchasing, the user has the option to subscribe to the Fimbl PRO version of the app. If you decide to subscribe to the PRO version, the order button will lead you directly to either the Apple App Store or the Google Play Store depending on which operating system you use.
In this context, we will transmit the starting date and the end date and, if applicable, the termination date of the subscription and the reason for the termination (for example, withdrawal). The data for processing the payment is collected directly by the app stores.
For the privacy policies of the app stores, please go to:
- Apple App Store: https://www.apple.com/de/privacy
- Google Play Store: https://policies.google.com/privacy
4 Use by children
Fimbl is aware of the additional measures that are required to protect the privacy of children. People under 16 may not open accounts unless one parent has agreed in accordance with the applicable law. If we discover that we have recorded personal data of a child below the minimum age without its parent’s consent, we will take measures to immediately erase such data. Parents who believe that their child has made personal data available to us and who wish to have such data erased should please contact us under the details stated in item 1.
5 Use of web analysis, remarketing, and retargeting tools
Based on our legitimate interests in accordance with point (f) of Article 6 (1) of the General Data Protection Regulation (GDPR), we use various tools or plugins to conduct web analysis, remarketing, and retargeting in order to optimize our online offering and to be able to compile more relevant offers for you.
These services use cookies, forward the IP address and/or record and analyze various types of data, including the number of website visitors, duration of the visit, average page loading time, and origin of the visitors.
5.1 Google Analytics
We use Google Analytics, a web analysis service offered by Google. Google Analytics uses cookies that help to analyze how visitors use the website. The information generated by the cookie about the way you use the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. Fimbl has activated IP anonymization by adding the code gat._anonymizeIp(); on the websites, meaning that Google will shorten your IP address within a member state of the EU or another state party to the Agreement on the European Economic Area beforehand (this procedure is called IP masking). Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. Google will use this information on our behalf for the purpose of evaluating the way you use the website, compiling reports on website activity for Fimbl, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Google offers an add-on for web browsers that serves to prevent data collection by Google Analytics and data processing by Google. The add-on can be downloaded and installed at your own risk from: https://tools.google.com/dlpage/gaoptout.
More information is available at:
http://www.google.com/intl/de/analytics/privacyoverview.html
(general information on Google Analytics and data protection).
Google is certified under the Privacy Shield Framework, thus guaranteeing that the European data protection law will be complied with:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
5.2 Firebase Analytics
We use Firebase Analytics for the Fimbl App. Firebase Analytics is a service offered by Google Inc. located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The Firebase Analytics service helps to determine the interactions of App users by recording, for example, the first time the App is opened, deinstallations, updates, system crashes, and how often the App is used. The service also records and analyzes certain user interests. The information processed via Google Firebase may also be used together with other Google services, such as Google Analytics and the Google marketing services. The tool uses identifiers such as the Android Advertising ID or the Advertising Identifier for iOS and cookie-like technologies to identify the users’ mobile devices.
For more information on Google’s use of data for marketing purposes, please go to https://www.google.com/policies/technologies/ads. The Google Privacy Policy is available at https://www.google.de/policies/privacy. Users who wish to object to interest-based marketing by the Google marketing services can use the settings and opt-out options offered by Google at http://www.google.com/ads/preferences.
Google is certified under the Privacy Shield Framework, thus guaranteeing that the European data protection law will be complied with:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
5.3 Crashlytics
The Fimbl App further uses the Crashlytics analysis programme offered by Fabric, a company belonging to Google Inc. domiciled in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Crashlytics provides us with information on unforeseen system crashes and other malfunctions, thus serving our legitimate interest to constantly improve the App and eliminate faults. When a fault occurs, the analysis programme records and transmits information on the device in use, the operating system, the version and functionality of the App, time of the crash and the anonymised IP address of the requesting device. For more information, go to the information provided by Crashlytics at https://try.crashlytics.com/terms/privacy-policy.pdf. The Google Privacy Policy is available at https://www.google.de/policies/privacy.
Google is certified under the Privacy Shield Framework, thus guaranteeing that the European data protection law will be complied with:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
6 Social Media plugins
Based on our legitimate interests in accordance with point (f) of Article 6 (1) of the General Data Protection Regulation (GDPR), we use various Social Media plugins to conduct web analysis, remarketing, and retargeting in order to optimize our online offering and to be able to compile more relevant offers for you.
6.1 Facebook
We use the Social Media plugin of Facebook.com, which is operated by Facebook Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These plugins may include interactive elements or content (such as videos, graphics, or text) and are marked with one of the Facebook logos (a white “f” in a blue tile, the words “Like,” or the “thumbs up” sign) or are labeled “Facebook Social Plugin.” For a list and illustrations of the Facebook Social Plugins, please visit: https://developers.facebook.com/docs/plugins
When a user accesses a feature on this website that contains one of these plugins, a direct connection is established with the Facebook servers. Facebook transmits the plugin content directly to the user’s device, which is then incorporated into the online offering. In this process, data may be used to create user profiles. We have no influence on the scope of data collected by Facebook using this plugin. The information we provide to users is based on what we know.
When a plugin is incorporated, Facebook receives the information that a user has accessed the corresponding page of the website. If the user is logged into Facebook, Facebook can associate the website visit with the user’s Facebook account. When a user interacts with a plugin, for example by clicking the Like button or leaving a comment, the user’s device transmits the corresponding information directly to Facebook, where it is stored. Facebook may even obtain and store the IP addresses of users who are not registered with Facebook.
The Facebook privacy policy is available at: https://www.facebook.com/about/privacy. It provides more information on the purpose and scope of data collection, further data processing and use of data by Facebook, as well as the corresponding rights and settings options to protect your privacy.
Users who are registered with Facebook but do not want Facebook to collect data about them through this website and combine such data with their membership data stored by Facebook should log out of Facebook before using our website and delete their cookies. Additional settings as well as the option to object to the use of data for marketing purposes can be found in the Facebook user settings: https://www.facebook.com/settings?tab=ads or at http://www.aboutads.info/choices for the US and http://www.youronlinechoices.com for the EU.
These settings are platform-independent, meaning they apply to all devices, whether desktop computers or mobile devices.
Facebook is certified under the Privacy Shield Framework, thus ensuring compliance with European data protection laws: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
6.2 Instagram
Our website may contain features and content of the Instagram service, which is operated by Instagram Inc., located at 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as pictures, videos, or text, as well as buttons that users can use to indicate that they like the content or the authors of the content, or to subscribe to our posts.
Instagram can associate the clicking of the aforementioned content or functions with the profiles of registered Instagram users.
For Instagram’s privacy policy, please visit: http://instagram.com/about/legal/privacy
7 Erasure of your data
Fimbl stores personal data concerning users as long as the App is used. When the user account is deleted, we will permanently and irrevocably erase the email address, first name, surname, profile image, and links to third party providers.
8 Your rights
Please do not hesitate to contact us using the contact details in item 1 at any time if you have questions regarding your rights and other topics surrounding personal data.
You have the following rights:
8.1 Right of access
You have the right to request, free of charge at any time, information about the personal data concerning you that is stored by Fimbl, the origin and recipients of such data, the purpose of data processing, the planned duration of data storage, and a copy of the personal data that is being processed (Art. 15 GDPR).
8.2 Right to rectification
You also have the right to obtain without undue delay the rectification of inaccurate personal data and to have incomplete personal data completed (Art. 16 GDPR).
8.3 Right to withdraw consent
You have the right to withdraw, without stating reasons, your consent to data processing at any time with effect to future processing (Art. 7 (3) GDPR).
8.4 Right to erasure
You have the right to obtain erasure of personal data concerning you without undue delay if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or if you withdraw your consent to lawful processing and there are no other legal grounds for the processing. If you object to data processing and there are no overriding legitimate grounds for the processing, your data will also be erased. Finally, your data will be erased if processing is unlawful for any other statutory reasons (Art. 17 GDPR).
8.5 Right to restriction of processing
You have the right to request that Fimbl restrict the processing of your personal data (Art. 18 GDPR) if you contest the accuracy of the data for a period of time that allows us to review its accuracy. Processing may also be restricted if it is unlawful, but you object to the erasure of your personal data and instead request that the processing be restricted, or if we no longer need the personal data for the relevant purposes but need it for the establishment, exercise, or defense of legal claims. Additionally, processing may be restricted if you have previously objected to the processing, but it is not yet clear whether Fimbl has legitimate grounds to continue storing your personal data that override your interests.
8.6 Right to data portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller (Art. 20 GDPR) if the processing is based on your consent and the data is processed automatically.
8.7 Right to object
You have the right to object at any time to the processing of your personal data, including the creation of user profiles (Art. 21 GDPR). If the processing of your personal data is based on your consent, you may object at any time. Your personal data will no longer be processed if Fimbl does not have compelling legitimate grounds that override your interests, rights, and freedoms. If your personal data is processed for direct marketing purposes, you have the right to object to that processing at any time.
8.8 Right to lodge a complaint
You have the right to file a complaint with a supervisory authority (Art. 77 GDPR).
9 Validity and updates
This Privacy Policy is currently in effect and was last updated on January 5 2023. As Fimbl’s website continues to develop, it may be necessary to update this Privacy Policy. We reserve the right to make changes to this Privacy Policy at any time in the future.”