Introduction
This Privacy Policy establishes the procedure and conditions for the collection, use, storage, disclosure, transfer, and other processing of Personal Data by the Company in connection with the provision of the Services.
This Privacy Policy sets out the categories of Personal Data processed by the Company, the purposes and legal grounds for such processing, the categories of recipients to whom such Personal Data may be disclosed, the retention periods applicable to such Personal Data, as well as the rights of Users in relation to the processing of their Personal Data.
References to "we", "our", "us", or the "Company" mean the Company acting as the controller of Personal Data. References to "you", "your", or the "User" mean an individual who accesses, uses, registers with, interacts with, or otherwise receives the Services. By accessing, using, registering with, or otherwise interacting with the Services, you acknowledge that you have read and understood this Privacy Policy.
Definitions
Company
Across The Award LLP, registration number OC445222, address: WC1N 3AX, Great Britain, London, 27 Old Gloucester Street, which provides the Services, operates the Site and the App.
Services
The digital services provided by the Company in the field of health and nutrition technology through the Site and/or the App, including user registration, completion of questionnaires, calculation of daily calorie intake and macronutrient targets, analysis of food images, provision of informational nutrition-related insights and recommendations in the context of the User's goals, and related functionality.
Site / Application / Account
Site means the Company's website including all webpages, interfaces, features, and related content. Application or App means the mobile application through which the User may access the Services. Account means the personal user account established within the Application.
Personal Data
Any information relating to an identified or identifiable User, including any information that directly or indirectly identifies the User or may reasonably be linked to the User.
Controller / Processor
Controller means the entity that determines the purposes and means of processing Personal Data. Processor means an entity that processes Personal Data on behalf of the Controller.
User Consent
Any freely given, specific, informed, and unambiguous indication of the User's wishes by which the User signifies agreement to the processing of Personal Data in accordance with this Privacy Policy.
Cookies
Small text files and similar technologies placed on or accessed through the User's device, browser, application, or system for the purpose of enabling, securing, analyzing, remembering, customizing, or improving the operation of the Site, the App, and the Services.
Content
Any information, materials, data, text, images, photographs, questionnaire responses, inputs, submissions, or other content uploaded, submitted, transmitted, generated, or otherwise made available by the User through the Site, the App, or the Services.
General Provisions
The Company provides the Services to Users located in different jurisdictions, including the United States of America, the European Economic Area, and the United Kingdom. Accordingly, the processing of Personal Data by the Company may be subject to the data protection and privacy laws applicable in the relevant jurisdiction.
For the purposes of Personal Data processed in connection with the operation of the Site, the App, and the provision of the Services, the Company acts as the Controller, unless expressly stated otherwise in this Privacy Policy. The Company may engage Processors and other service providers that process Personal Data on behalf of the Company and strictly in accordance with the Company's documented instructions, contractual restrictions, and applicable legal requirements.
Personal Data
The Company may receive the following Personal Data about Users:
- First name and last name, if provided by the User
- Email address, login, password and other registration data provided when creating the Account
- Age, sex, height, weight, and activity level, as provided through the Application
- Data contained in the questionnaire completed by the User after registration
- Photographs and other Content submitted through the Application
- Personal Data contained in messages, requests, inquiries, feedback, or other communications sent to the Company
Payment Data: Payment card data and other payment details are generally processed by the relevant third-party payment service provider. The Company does not directly process such payment data, except where necessary for verification, refunds, chargebacks, fraud prevention, or compliance.
Automatically Collected Data
When the User visits the Site, uses the Application, or receives the Services, the Company may automatically collect:
- IP address
- Time zone and language settings
- Browser type and version
- Operating system, device type, and application version
- Country or approximate location determined on the basis of the IP address
- Data relating to the User's visit including full URL information, routes to and from the Site, date and time of access, page or screen response time, loading errors, duration of visits, activity within the Site or Application
Sensitive Data
The Company does not collect or process sensitive Personal Data of Users, such as race or ethnic origin, political views, religious or philosophical beliefs, union membership, genetic or biometric data, health information, sexual life or sexual orientation.
Purposes of Use
The Company uses Personal Data to provide and improve the Services, create and manage the Account, calculate calorie intake and macronutrient targets, analyze food photographs, provide informational nutrition-related recommendations, communicate with the User, process payments, comply with applicable law, and prevent fraud and unauthorized access.
Physical Parameters & Related Data Notice
To the extent that the Company processes Personal Data relating to the User's physical parameters, nutrition-related information, activity level, and nutrition-related goals, such data may include the User's age, sex, height, weight, activity level, questionnaire responses, nutrition-related inputs, selected goals related to weight loss, weight gain, or weight maintenance, as well as other related Content submitted by the User through the Application.
Not Medical Data: The Company does not process such data as medical data, medical records, or clinical information and does not use such data for the purpose of establishing a diagnosis, prescribing or administering treatment, monitoring a disease or medical condition, assessing the User's state of health, or providing medical care in any form. The Services are of an exclusively informational and functional nature and do not constitute medical advice, medical diagnosis, medical treatment, or any other healthcare service.
Categories of Personal Data Processed
| Data Category | Data Type | Data Processing | Data Transfer | Purpose |
|---|---|---|---|---|
| Account & Registration | Name, email address, login and registration data | Collection, recording, storage, use, organization, access, deletion | Processors for account administration, authentication, hosting, technical support | Account creation and administration, access provisioning, communication |
| Questionnaire Data | Data provided in the post-registration questionnaire | Collection, recording, storage, use, analysis, organization, deletion | Processors for hosting, technical support, analytics | Provision of Services, personalization, generation of informational results |
| Physical Parameters | Age, sex, height, weight, activity level, nutrition goals | Collection, recording, storage, use, analysis, organization, deletion | Processors for hosting, technical support, analytics | Calorie/macronutrient calculations, personalization, nutrition recommendations |
| Content | Photographs and other Content submitted through the Application | Collection, recording, storage, use, analysis, organization, deletion | Processors for image processing, hosting, technical support, analytics | Content analysis, provision of Services, generation of informational results |
| Automatically Collected | IP address, device info, browser, location, usage data | Automatic collection, recording, storage, use, analysis, organization, deletion | Processors for hosting, analytics, security, technical support | Security, maintenance, support, improvement, technical administration |
| Payment-Related | Payment fact, date, amount, status, and method | Receipt, recording, storage, use, organization, deletion | Third-party payment system, payment service provider, subscription administrators | Payment confirmation, subscription administration, fraud prevention, compliance |
| Communication Data | Messages, requests, inquiries, feedback sent to the Company | Collection, recording, storage, use, organization, deletion | Processors for customer support, hosting, technical support | Communication, request processing, support, protection of Company's interests |
Transfer of Personal Data
The Company may transfer Personal Data to entities with which it cooperates in the implementation and provision of Services, including:
- Payment services — to receive payment for the Services, Personal Data may be transferred automatically
- Contractors and employees — including legal and tax consultants, and entities providing accounting, logistics, marketing, and IT services
- Counterparties — in connection with acquisition or merger, financing, corporate reorganization, joint venture, sale of assets, or bankruptcy
- Courts, law enforcement, and state bodies — in case of fulfilment of any legal obligations, including in accordance with a court order
- AI/ML and image processing service providers — for image analysis, text processing, result generation, and other technical functions necessary for the operation of the Services
- Payment service providers and app store platforms — including Google Play, Apple App Store, or other platforms involved in processing and administration of subscriptions, purchases, payments, renewals, refunds, chargebacks
- Hosting, infrastructure, communication, and support service providers — for hosting, cloud infrastructure, data storage, authentication, technical support, customer support, email communication, push notifications, analytics
- Legal, regulatory, and protection-related disclosures — to courts, law enforcement, regulators, public authorities, legal advisers, tax advisers, auditors, or other competent persons where required by law
- Corporate transactions — in connection with an actual or contemplated merger, acquisition, investment, financing, corporate reorganization, change of control, sale of assets, joint venture, dissolution, insolvency, or bankruptcy
Any transfer of Personal Data shall be carried out solely to the extent necessary for the purposes specified in this Privacy Policy, in accordance with the principles of lawfulness, necessity, proportionality, data minimization, and appropriate protection of Personal Data.
User Consent
The User provides voluntary, informed, specific, and unambiguous User Consent to the processing of Personal Data by performing one or more of the following actions:
- Creating an Account within the Application or otherwise submitting registration data
- Completing and submitting the questionnaire within the Application
- Uploading photographs, providing Content, or otherwise submitting Personal Data
- Checking the relevant checkbox or clicking the relevant button confirming acceptance of this Privacy Policy
- Granting access permissions to the Application, including permissions relating to the camera, photographs, notifications, or other functionality of the User's device
- Using the Site, the Application, or the Services after being provided with access to this Privacy Policy
By providing User Consent, the User confirms that Personal Data may be processed for registration, identification, Account administration, calorie and macronutrient calculations, analysis of photographs and Content, and generation of informational nutrition-related results and recommendations. Personal Data may be transferred to Third Parties as set forth in this Privacy Policy.
Storage & Protection
The Company implements appropriate technical, organizational, and legal measures aimed at ensuring the confidentiality, integrity, availability, and protection of Personal Data. Such measures may include access control, internal restrictions on access to Personal Data, secure storage, encryption, pseudonymization, security monitoring, backup procedures, and regular review of the effectiveness of the measures applied.
The Company shall store Personal Data only for the period necessary to achieve the purposes for which such Personal Data were collected and processed, unless a longer retention period is required or permitted under applicable law.
Retention Period: The Company may retain Personal Data for a period of 3 (three) years following the termination of the relationship with the User where such retention is necessary for internal record-keeping, compliance with applicable law, accounting and tax purposes, fraud prevention, dispute resolution, or protection of the Company's rights and legitimate interests.
Legal Grounds for Processing
The Company processes Personal Data on one or more of the following legal grounds, to the extent applicable in the relevant jurisdiction:
- User Consent — where the User has provided Consent to the processing of Personal Data for one or more specific purposes
- Performance of a contract — where processing is necessary for the creation and administration of the Account, provision of access to the Application, operation of the Services, processing of the questionnaire, calculation of calorie and macronutrient targets, analysis of photographs, and provision of informational nutrition-related results
- Compliance with a legal obligation — including obligations arising under applicable data protection, privacy, accounting, tax, financial reporting, consumer protection, and other legislation
- Legitimate interests of the Company — where processing is necessary for operation, maintenance, support, protection, security, technical administration, and improvement of the Services; prevention of fraud, unauthorized access, misuse; handling of requests, complaints, disputes, refunds, chargebacks; and establishment, exercise, or defence of the Company's rights
- Any other legal ground permitted or required under applicable law
Where the processing of Personal Data is based on User Consent, the User shall have the right to withdraw such consent at any time by contacting the Company at: admin@acrosstheaward.com. Withdrawal shall not affect the lawfulness of processing carried out prior to such withdrawal.
User Rights — European Economic Area
This section governs the processing of Personal Data belonging to Users who are residents of the EEA, in accordance with the provisions of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).
Contact us directly to access the Personal Data we hold about you, as well as any additional information provided for in Article 15 GDPR.
Request permanent deletion of your Personal Data in accordance with Article 17 GDPR, unless legal exceptions apply.
Receive your Personal Data in a structured, commonly used, and machine-readable format and transmit it to another controller.
Request the update, correction, or completion of inaccurate or incomplete Personal Data at any time.
Object at any time to the processing of your Personal Data on grounds relating to your particular situation.
The right not to be subject to a decision based solely on automated processing, including profiling, if such a decision produces legal effects concerning you.
User Rights — United States
This section applies to Users who are residents of the United States of America. Within the framework of applicable legislation, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), Users have the following rights:
- Right of access — request which Personal Data is stored by the Service, as well as the purpose of its processing, its source, and the categories of third parties to whom it may have been disclosed
- Right to deletion — request full deletion of Personal Data, except in cases where its retention is necessary under applicable law
- Right to rectification — update, change, or supplement inaccurate or incomplete Personal Data stored by the Service
- Right to data portability — receive a copy of Personal Data in a commonly used machine-readable format and transfer it to another service provider
- Right to object — object at any time to the processing of Personal Data, including for marketing or analytical purposes
- Right to withdraw Consent — withdraw previously given Consent to the processing of Personal Data; in such a case, the Service reserves the right to discontinue the provision of Services
Submission of Requests
A User in any jurisdiction has the right to submit a written request to the Company if they believe that their rights have been violated, by writing to: admin@acrosstheaward.com.
The User's request must contain accurate information about the requirements for the Company. We will not be able to respond to your request or provide you with Personal Data unless we can verify your identity and confirm that the Personal Data belongs to you.
The Company must respond to the request or fulfil the conditions set forth in the request within 21 (twenty-one) business days from the moment of its receipt.
Responsibility
The Services are not medical services and do not constitute medical advice, medical diagnosis, medical treatment, medical monitoring, or any other form of medical or healthcare service.
The Company shall not be responsible for
- The use by the User of the Services as a substitute for professional medical consultation or healthcare service
- Any decisions, actions, or omissions of the User based on informational results, calculations, outputs, insights, or recommendations made available through the Services
- The processing of Personal Data by Third Parties acting outside the scope of the Company's control
- The content, privacy practices, security measures, or data processing activities of any Third-Party website, platform, product, or service to which the Services may contain links
- Any consequences arising from inaccurate, incomplete, outdated, excessive, misleading, or unlawfully provided Personal Data or Content submitted by the User
- Any loss, unauthorized access, alteration, disclosure, destruction, or other adverse consequence caused by failures of telecommunications networks, Internet disruptions, malicious software, cyberattacks, or other circumstances beyond the reasonable control of the Company, provided that the Company has implemented the measures required under applicable law
The User shall be responsible for
- The accuracy, completeness, relevance, and lawfulness of the Personal Data and other Content submitted by the User
- The lawfulness of the disclosure of any Personal Data relating to any third person contained in the Content or otherwise submitted by the User
- The independent review of the terms, privacy policies, and other legal documentation of Third-Party websites, platforms, products, and services
- The User's own decisions regarding the use or non-use of any informational results, calculations, outputs, insights, or recommendations made available through the Services
Nothing in this Privacy Policy shall exclude or limit the Company's liability to the extent such exclusion or limitation is prohibited under applicable law.
Cookies
The Site and the Application may use Cookies, web beacons, pixels, tags, SDKs, and other similar technologies that allow the Company to collect, receive, record, and analyze information relating to the User's interaction with the Site, the Application, and the Services.
Such technologies may be used for the purposes of authentication and identification of the User, maintenance of the User's session, storage of preferences and settings, ensuring proper operation and functionality, analysis of use and performance measurement, technical administration, security, prevention of unauthorized access or misuse, and collection of statistical and analytical information.
The Company may use first-party Cookies and third-party Cookies, including those provided by Google Analytics, Meta, Facebook, and other similar analytics, advertising, performance measurement, and technical service providers.
The User may manage, restrict, block, or disable Cookies through the settings of the browser, device, operating system, or where available through the settings of the Site or the Application. Restriction or disabling of Cookies may affect the availability, functionality, or proper operation of certain parts of the Services.
Minors
The Site, the Application, and the Services are intended solely for individuals who have reached the age of majority under the laws applicable to such individual in the relevant jurisdiction. The Company does not knowingly collect, receive, or otherwise process Personal Data of minors.
Where the Company becomes aware that a person who has not reached the age of majority has accessed, used, or received the Services, or has provided Personal Data, the Company shall have the right to suspend or terminate such person's access and to delete the relevant Personal Data, unless required to retain such Personal Data under applicable law.
Any person who becomes aware that a minor has provided Personal Data to the Company or has used the Services may notify the Company at: admin@acrosstheaward.com.
Policy Changes
The Company reserves the right to amend, update, supplement, or otherwise modify this Privacy Policy at any time, including where such modification is necessary in connection with changes to the Site, the Application, the Services, the manner in which Personal Data are processed, the Company's internal processes, applicable law, or the requirements of a competent authority.
The Company shall publish the current version of this Privacy Policy on the Site, in the Application, or otherwise make it available to the User by appropriate means. Continued access to or use of the Services after the publication of the updated version of this Privacy Policy shall constitute acknowledgment by the User of the updated version, unless otherwise required by applicable law.
Contact
The User has the right to contact the Company support service to ensure their rights in accordance with the terms of this Privacy Policy, or in case of violation of their rights, or to leave feedback or ask a question.
Across The Award LLP
Registration number: OC445222
Address: 27 Old Gloucester Street, London WC1N 3AX, Great Britain
Email: admin@acrosstheaward.com