Our Privacy Policy

Thank you for your interest in our company and application. Data protection and data security are very important to us. We would like to inform you about data collection, processing and use when using our application. As well as objection, revocation and other rights to which you are entitled as a person affected by data collection and use. 

Who we are

We are Hapcha (“we”, “our”, “us”) of 160 Kemp House, City Road, London, EC1V 2NX, United Kingdom with Company Number 13206264. We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact us via email at team@hapcha.com.

We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.

The Regulation

This Privacy Policy applies to our Hapcha App. If you live in the European Economic Area, Regulation (EU) 2016/679 (General Data Protection Regulation) is the European Regulation and in Austria, it is the Data Protection Act 2018.

The Supervisory Authority

The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

What is personal data?

Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Child Data

Hapcha is not intended for children under the age of 13 and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

What data do we collect?

We may collect data or ask you to provide certain data when you use our application and its functionality and this includes:

Data collected directly from you or your device relating to an identified or identifiable natural person (“Data Subject”) and may include direct identifiers and special category data such as username, password, apple id or google id, Full Name, e-mail address, weight, height, date of birth, gender, quantity of fluids drunk; and the food or calories you ate.

Data collected through indirect identifiers such as login account details, login password, payment details, or IP address.

Data collected is linked, for example if we have already collected some of your data, we will only ask you for the remaining data that is necessary to carry out the service contracted for.

How personal data is collected

We collect personal data in the following ways:

• Direct Interactions you may provide personal data when you download our application, request services, subscribe to our premium feature or use our feedback form or otherwise or correspond with us.
• Automated Technology we automatically collect personal data (technical and usage) when you interact with our application and we may also receive technical data about you if you download and install our application.

What are the purposes for processing?

• Provision of the app, its contents and functionality;
• Provision of contractual services, health and nutrition monitoring service and customer care;
• Answering contact enquiries and communication with users;
• Support your meal plan and monitoring;
• Participation in our Improvement Program (where consent is given in line with our Improvement Program policy);
• Marketing, advertising and market research; and
• Security measures.

On what grounds do we use Personal Data?

We use your Personal Data for the following purposes and on the following grounds:

On the basis of fulfilling our contract (when using our application or buying a premium feature)

On the basis of your consent (when you contact us)

On the basis of legal obligations (for obligations such as tax, accounting, anti-money laundering, or when a court or other authority asks us to)

On the basis of our legitimate interest (for communications about security, privacy and performance improvements of our services such as our Improvement Program. Or for establishing, exercising or defending our legal rights.)

Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.

When do we disclose your Personal Data?

We disclose your Personal Data in response to your business enquiry or your request for information within our Company in order to provide the best service possible and within our legitimate interest.

We may share your information with organisations that help us provide the services described in this Privacy Policy and who may process such data on our behalf and in accordance with this Privacy Policy, to support this application and our services. For example, with our legal and other professional advisors.

We may also share information with our secure payment gateway provider Apple Pay or Google Pay , and you may need to provide credit or debit card information directly to Apple in order to process payment details and authorise payment following a secure link. The information which you supply to in such cases is not within our control and is subject to Apple’s own Privacy Notice and Terms of Use or Google`s which you can find here and here.

In relation to information obtained about you from your use of our application, we may share a cookie identifier and IP data with analytics and advertising network services providers to assist us in the improvement and optimisation of our application.

Also, our application is using a number of Google`s Firebase features including Firestore, Cloud Functions, Cloud Storage, Firebase Authentication, Google Analytics for Firebase, Firebase Crashlytics and Firebase Performance Monitoring. The information which you supply to in such cases is not within our control and is subject to Google`s Firebase Privacy Policy.

We may disclose personal information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us. However, we are legally required to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers, for tax purposes.

Your Rights

You have the right to:

• information about the processing of your personal data
• obtain access to the personal data held about you
• ask for incorrect, inaccurate or incomplete personal data to be corrected
• request that personal data be erased when it’s no longer needed or if processing it is unlawful
• object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation
• request the restriction of the processing of your personal data in specific cases
• receive your personal data in a machine-readable format and send it to another controller (‘data portability’)
• request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision
• Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.

If you feel that your request is not satisfactorily resolved by us, you may approach your local data protection authority. The Information Commissioner`s Office (ICO) is the supervisory authority in the UK and relevant to us.

International transfers

Our main operations are based in the UK and your personal information is generally processed, stored and used within the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the UK and the EEA.

Where we need to transfer your data outside the UK or EEA we will use one of the following safeguards:

• The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
• Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.

How do we protect your Personal Data?

We protect your data using state of the art technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.

In more detail, access to our database is restricted and the user must be authorised, is challenged through a two-way authentication system and use an encrypted VPN. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.

The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on Google`s Firebase servers in the UK. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.

Economic Analyses and Market Research

In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the Hapcha application. The analyses are carried out for the purposes of business management evaluations, marketing and market research.

In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.

If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.

Tracers, Trackers or Beacons

This Application does not support tracers, trackers or beacons.

Location Data

At present we do not use location data, other than asking for your country when you sign up. This information is used to filter the food database to product available in your region and no live location data is collected.

Automated decision-making and profiling

When you click on the “Balance” button to balance your meals nutritionally, we securely and anonymously use the data you have provided about yourself and your food to perform the calculation. At present the option to have a human nutritionist balance your meals for you is not available.

Communication by mail, e-mail, fax or telephone

We use means of distance communication, such as post, telephone or e-mail, for business and marketing purposes. We process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.

The processing is based on Art. 6 para. 1 lit a, Art. 7 DSG, Art. 6 para. 1 lit f DSG in connection with legal requirements for advertising communications. Contact shall only be established with the consent of the contact partners or within the scope of the statutory permissions and the processed data shall be deleted as soon as they are not required and otherwise with objection/ revocation or discontinuation of the basis for authorisation or statutory archiving obligations.

Changes

This Privacy Policy and our commitment to protecting the privacy of your personal data can result in changes to this Privacy Policy. Please regularly review this Privacy Policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us using the following contact details.

Hapcha

160 Kemp House, City Road, London, EC1V 2NX, United Kingdom

Company Number 13206264

team@hapcha.com

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the ICO.