FatSecret Privacy Policy

You should not use the Services if you do not agree to the terms of this Privacy Policy. Your renewed or continued use of the Services represents your consent to our processing of your Personal Data (including Sensitive Data) in accordance with the terms of this Privacy Policy. If you have any questions concerning this Privacy Policy or wish to revoke your consent to our processing of your Personal Data, please email us at privacy@FatSecret.com.

  1. Introduction

    This Privacy Policy applies to all of the products and services offered by Secret Industries Pty Ltd (FatSecret) including through its mobile applications (the FatSecret App), websites and Platform (all together "FatSecret", "we", "us" or "our"). FatSecret is an online diet, nutrition and weight loss community service that allows users to set up unique user profiles, track their activity, food and weight and contribute information and content to help people achieve their diet, nutrition and weight goals (collectively, the Services). We also provide paid services (Premium Service) where users have access to further personalised educational content, meal plans and other features which are only accessible within the Premium Service. Where we use the term "Services" in this Privacy Policy it includes "Premium Services", where applicable.

    We understand the importance of protecting the privacy of your Personal Data and take appropriate reasonable steps to protect it. The purpose of this Privacy Policy is to explain what Personal Data we collect about you when you interact with FatSecret, including what Personal Data and other information we collect, how we use that information, with whom we share that information and what steps we take to protect that information.

    FatSecret servers are hosted in multiple locations, including Europe and the United States and if you are accessing FatSecret from outside the United States, please be advised that you may be transferring your Personal Data to the United States and that the United States may have data protection laws/standards that are different from where you live. Your continued use of FatSecret represents your consent to this transfer of information.

    Personal Data is information relating to you that can be used to identify you, directly or indirectly, alone or together with other information (particularly by reference to an identifier). For the purposes of this Privacy Policy, the term Personal Data encompasses the definition of "Personal Data" under the General Data Protection Regulation (EU) 2016/679 (GDPR) as well as the definitions of "personal data", "personal information" or other like terms applicable under the privacy laws where we carry on business. Unless specifically noted otherwise, when the term "Personal Data" is used in this Privacy Policy it includes "Sensitive Data".

    Sensitive Data is a category of Personal Data and encompasses the definition of "special categories of personal data" under the GDPR as well as the definitions of "sensitive data", "sensitive information" and other like terms applicable under the privacy laws where we carry on business. Generally, however, this is Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a person's sex life or sexual orientation.

    We collect, use, hold and disclose (i.e. process) Personal Data and Sensitive Data as outlined in this Privacy Policy to operate and improve the Services.

  2. How We Collect and Use Your Personal Data

    As a user of FatSecret or the Services you are required to register before you can use FatSecret (including the FatSecret App) and our Services. During registration, we collect (and if you proceed to register your consent to our collection of):

    • Your Personal Data such as name, age, height, gender, postcode and email address. We also collect information relating to your current and goal weight which, because of the inferences that can be made about you in combination with your age, gender and height, is considered health data and thus Sensitive Data. When using FatSecret, we may also collect additional information including but not limited to your dietary goals, dietary preferences, allergies and other health conditions affected by nutrition or diet, or requiring nutrition or dietary guidance

    • We collect the above Personal Data to customise, adapt and personalise your experience with the Services, to assess and improve our Services (such as the educational content) and maintain and analyse the functioning of the Service; and

    • when using FatSecret, behavioural data (i.e. what you do whilst using FatSecret, what you engage with) such as by monitoring your engagement with FatSecret, our Services and our communications. By collecting this Personal Data we can monitor and analyse your progress in respect of your health goals. This allows us to better customise/tailor your experience with the Services (and how we deliver the Services to you) and to continue improving FatSecret.

    As part of our Services, FatSecret will, from time to time, use your Personal Data to provide you with personalised educational content relating to food and nutrition information and other health updates and information. Where you opt in to receive direct marketing we will also use your Personal Data to provide you with personalised direct marketing. We explain our approach to and your rights in respect of Direct Marketing under Section 5 below.

    If you wish to stop us processing your behavioural data for non-marketing purposes, as above, you will need to stop using FatSecret and delete your account.

    We also collect your Personal Data (such as name, contact details (i.e. email address) and other Personal Data you provide) when you communicate with us or use your personal User Inbox within FatSecret. We use this Personal Data to communicate with you and populate your User Inbox with information related to your weight/health journey.

    Where you have opted in to receive direct marketing we will also send our direct marketing, promotions and/or other events we think might interest you to you via your User Inbox and also measure the effectiveness of those and other communications (see Section 5 as regards direct marketing).

    If you register for our Premium Service we may additionally collect payment details (including credit card and debit card details) to fulfil your purchase, process your payments and provide you with any necessary customer support.

    FatSecret may also access and process your Sensitive Data (i.e. health data) through integration with other services such as Apple's HealthKit API's and Google's Health Connect and Fit APIs (all together "Health Data Services") where you have requested or opted in to us doing so. We will not use or disclose any Sensitive Data gained through Health Data Services to third parties for advertising, marketing or other use-based data mining purposes other than for improving health or for the purpose of health research and will not disclose any of this Sensitive Data to a third party without your express consent. The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.

    FatSecret (and our advertisements or email messages) may contain "cookies" and other technologies such as pixel tags. Other technical information we collect include your IP address, ISP, browser type, operating system, language and general user activity on FatSecret. These technologies help us better customise the Services and to facilitate and measure the effectiveness of advertisements or messages. We do not link the information stored in cookies to any Personal Data you have submitted. While most browsers accept cookies automatically, you may also adjust your browser settings to delete or disable cookies. We do not respect do not track browser requests.

  3. Legal Basis for Processing Your Personal Data

    For Personal Data subject to the GDPR, we only process your Personal Data where we have a lawful basis for doing so, including one or more of the following:

    1. User consent: this refers to where you have given us explicit permission to process Personal Data and/or Sensitive Data for a given purpose. When we rely on consent we seek such consent at the time we collect your Personal Data and/or Sensitive Data (such as when you register for FatSecret and/or consent to direct marketing). We require you to indicate your consent by an explicit affirmative action by, for example in the FatSecret App or website, clicking the "Yes, I agree" button. This is the basis on which we process your Sensitive Data and, in most cases, your other Personal Data.

    2. For our legitimate business purposes: in certain situations (such as when not processing Sensitive Data) we will have a legitimate interest to process your Personal Data. We may rely on this when we manage your enquiries, requests and complaints, undertake general administrative tasks in connection with our Services, provide you with information about our Services, improve, maintain, and analyse our Service or otherwise detect fraud.

    3. For contractual necessity: we may process your Personal Data to meet our contractual obligations. For example, when you purchase our Premium Service we may need to process your payment information to fulfill your subscription.

    4. For compliance with a legal obligation: we must process Personal Data in order to comply with laws, regulations, court orders or other legal obligations (such as assisting with an investigation).

  4. How or To Whom We Disclose Your Personal Data

    Except as expressly noted in this Privacy Policy, we do not share your Personal Data with any third parties without your express consent. We do share your Personal Data as follows:

    • to service providers (such as those that provide services relating to information technology, customer support, sales, marketing, payments, data/market analysis, and surveys) and other vendors to provide, improve and otherwise customise our Services;

    • if we are permitted or required to do so by applicable law or we have a good faith belief that sharing information is necessary to comply with any applicable law; and/or

    • when otherwise authorised by you to do so whether at the time you supply the Personal Data or subsequently.

  5. How or To Whom We Disclose Your Personal Data

    Where you have opted in to receive direct marketing we will use your Personal Data to provide you personalised information about other features, products or services we think you might be interested in. This may include details relating to current promotions, special offers and our Premium Service or promotions/offers relating to our Premium Service and/or other materials so that we can undertake market research into nutrition and health services and products. We will use your behavioural data to assess what products and services you may be interested in and which we will directly market to you.

    We will share our direct marketing with you using a variety of channels, such as your User Inbox, email or by telephone, unless you have specifically requested us to only use one specific channel for marketing. We may also collect and use your demographic and other Personal Data for market research, statistical, advertising and promotional purposes.

    All direct marketing emails, User Inbox messages and SMS messages will include instructions for opting-out of direct marketing communications. If at any time you no longer wish to receive direct marketing from us, please follow the unsubscribe opt-out options available in each email or SMS marketing, User Inbox message or write to us at our "Contact Details" in Section 12.

    Please note that, regardless of your communication (and specifically email) settings for direct marketing, we may still send you communications (including by email) relating to:

    • the performance of our Services, such as revisions to this Privacy Policy or other formal communications relating to Services you have purchased or use;

    • educational materials we deem relevant to your goals and progress; and/or

    • your requests for technical support or other questions or complaints about the Services.

  6. How Long We Retain Your Personal Data

    We retain your Personal Data for as long as you maintain your account with us or as otherwise necessary to provide you the Services. We may also retain your Personal Data as required to comply with our legal obligations.

    We will delete your Personal Data on receiving a request by you to delete your account so long as we are no longer required to process your Personal Data for the purposes set out in this Privacy Policy (i.e. you delete your account and there is no other purpose that requires us to retain your Personal Data) or to keep it by law.

    Your Personal Data may remain on our backup/disaster recovery systems. However, this Personal Data will be completely and irredeemably destroyed or deidentified within 6 months after you delete your account.

  7. Your Rights

    We endeavour to keep your Personal Data accurate and up to date and retain it in accordance with your directions and request your assistance to do so by letting us know of any changes. In respect of your Personal Data that we hold you can exercise your rights (detailed below) by contacting us via our 'Contact Details' below.

    We will respond to your requests as soon as practicable (and after verifying your identity if necessary) and, in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes to comply with legal requirements and/or to complete any transactions that you began prior to requesting such change or deletion.

    Your rights include:

    • the right to access your Personal Data we hold. You may also seek confirmation that we are processing your Personal Data and access your Personal Data and information related to that processing (e.g. such as the purpose or categories of that processing);

    • where we process your Personal Data only with your consent, the right to withdraw your consent to such processing at any time;

    • the right to rectify or correct your Personal Data where that Personal Data is incomplete or contains any inaccuracies;

    • the right to restrict our processing or to object to our processing of your Personal Data;

    • the right to request us to transfer your Personal Data to a third party in a structured, standardised and machine-readable format;

    • the right to object to and opt-out of receiving direct marketing at any time;

    • the right to request (subject only to our legal obligations to retain it) we erase (i.e. forget) your Personal Data where that Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, where you withdraw consent or otherwise object to the processing of your Personal Data; and

    • the right to lodge a complaint with a supervisory authority (For example, the Information Commissioner's Office in the United Kingdom or the Office of the Australian Information Commissioner in Australia).

  8. Information Security

    FatSecret takes reasonable steps to ensure the security of your Personal Data. For example, we take reasonable security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of user Personal Data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store Personal Data.

    We also restrict access to your Personal Data to our employees, contractors and agents who require access to that Personal Data in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

  9. Children

    We do not knowingly collect Personal Data from children under 13 years of age without parental consent. If you become aware that a child under the age of 13 has provided us with Personal Data without parental consent, please contact us immediately by our contact details below. If we become aware that an individual under the age of 13 has provided us with Personal Data, we will take steps to remove that Personal Data and cancel that individual’s account as soon as possible.

  10. Links

    FatSecret may contain links to other sites. We are not responsible for and do not control the privacy policies and/or practices on other sites and only provide you such links for your convenience. We encourage you to review the relevant privacy policies and information collection practices on those other sites as those sites will not be subject to this Privacy Policy. This Privacy Policy only governs information processed by us, including via FatSecret.

  11. Changes to FatSecret Privacy Policy

    In order to provide and improve our Services and provide you the best possible experience it may be necessary to update and/or change this Privacy Policy from time to time. In those circumstances, we will notify you by posting the revised Privacy Policy on our website. We will notify you in respect of any significant revisions that materially change the way in which we use or share Personal Data previously collected from you and, where required by law, provide you the opportunity to read the revised policy so that you may decide whether you wish to continue to use the Services.

  12. Contact Details

    If you have any questions about this Privacy Policy, wish to exercise any of your rights (see Section 7), stop direct marketing or complain if you believe we have breached this Privacy Policy or any privacy law, please contact us at:
    Email: privacy@FatSecret.com
    Company Name: Secret Industries Pty Ltd (FatSecret)
    Company Address: Level 1, 1B Cromwell Street, Caulfield North, 3161, Victoria, Australia

    If you have any concerns, complaints or questions relating to your privacy we encourage you to contact us directly (at the above email address) and allow us the opportunity to assist you. Nevertheless, you have the right to escalate your concerns/lodge a complaint with your local data protection supervisory authority (e.g. the Information Commissioner's Office in the United Kingdom or the Office of the Australian Information Commissioner in Australia) if you believe our processing of your Personal Data infringes any privacy/data protection laws.