Reverse Health
Privacy Policy for EU/EAA

Updated September 13, 2024

This privacy policy (the “Privacy Policy”) applies to the use of reverse.health or iterations thereof (including, without limitation, reverse.health/tour/nutrition-keto (“RH Keto”), join.reverse.health, latam.reverse.health, br.reverse.health, uk.reverse.health, eu.reverse.health, au.reverse.health, ca.reverse.health, nz.reverse.health and sa.reverse.health) (collectively the “Site”) and Reverse Health Mobile Application (the “Application”). The Site and the Application, collectively referred as the “Platform” within the Privacy Policy, are owned and operated by Reverse Health, SIA, a Latvian Limited Liability Company with Legal Address of Liepāja, Rietumkrasta iela 2 - 9, LV-3416 (“Reverse Health” or “Company”).  The Company is referred hereto as “REVERSE HEALTH”, “we” or “us” and “you” or “user” means you as a user of the Platform.

Please read the Privacy Policy carefully before you start to use the Platform. By using the Platform or opening an account you accept and agree on behalf of yourself or any other entity (if applicable), to be bound and abide by this Privacy Policy and our Terms of Service. This Privacy Policy only applies to users located within the European Economic Area (EEA) or the European Union (EU), who are subject to separate privacy policies in compliance with GDPR. If you are located outside the European Economic Area (EEA) or the European Union (EU), please click here to read the privacy policy applicable to your region.

By using this Platform, you represent and warrant that you are of legal age to form a binding contract and meet all of the foregoing requirements. If you do not meet all of these requirements, you must not access or use the Platform.

This Privacy Policy applies to our Platform and our products, offers, features, tools or resources offered therein (collectively, “Digital Products”). The entity responsible for processing your personal data collected through our Digital Products in accordance with Art. 4(7) of the GDPR is Reverse Health, SIA, Liepāja, Rietumkrasta iela 2 - 9, LV-3416.

  1. DATA WE COLLECT AND HOW WE USE YOUR DATA

    1.

    Personal data we collect

    Personal Data is information that identifies you or can be used to identify or contact you (“Personal Data”). This Personal Data may include your name, postal or e-mail address, telephone number, date of birth and billing and credit card information. Personal Data may also include some health-related data, such as your weight history.

    We collect Personal Data from you when you use our Platform or when you register with our Digital Products, as described in more detail in this Privacy Policy. In all these cases, we will only process Personal Data that you provide directly to us or that we automatically collect from you, as specified in this Privacy Policy. Except as otherwise defined in this Privacy Policy, or unless otherwise authorized by you to do so, we will not use or share your Personal Data other than as set out in this Privacy Policy.

    2.

    How we collect and use your Personal Data

    In the next section, you will find information on how we collect your Personal Data, the purposes for which we process it, the legal bases on which we rely to do so and how long we keep your data.  A legal basis for the processing of your data will exist when one or more of the following conditions apply:

    • Consent: You have given us your consent to use your information, which consent may be revoked at any time, in accordance with Art. 6(1)(a) of the GDPR.
    • Contract: You have concluded/are about to enter into an agreement with us and your information is necessary to provide you with the products or services requested, in accordance with Art. 6(1)(b) of the GDPR.
    • Legal obligation: We may be required to process your information in order to fulfil certain legal obligations, in accordance with Art. 6(1)(c) of the GDPR.
    • Legitimate interest: We may use your information because we or a third party have a legitimate interest in doing so. This will only be the case if we believe that our use of your data does not have a significant impact on your privacy or that you expect it, or that there is a compelling reason to do so, in accordance with Art. 6(1)(f) of the GDPR.
    a)

    When you become a Reverse Health Member/Customer

    Data Collected:  We collect your name, email address, telephone number, postal address, and payment information. We also collect information about your health, such as your weight history or other relevant information according to your specific needs.
    Use and Legal Basis:  This data is used to create your Reverse Health member profile and provide you with the requested Reverse Health services. We will send you emails to provide you with service announcements, updates, and other important information about your membership in Reverse Health. The legal basis is the contract between us and the fact that your information is necessary to provide you with the requested products or services. The legal basis for the processing of health information is your prior consent which may be withdrawn at any time. The exception to process health data is also consent (Article 9(2)(a) of the GDPR).
    Data retention: As a member, your account data is stored during the period of your membership and for a period of 5 years following the conclusion of your membership.

    b)

    When you purchase products from our Platform

    Data Collected:  We collect your name, email address, delivery information, payment information, and (optional) your telephone number.
    Use and Legal Basis:  This data is used to process your order and deliver your products. We will use your name and email address to send you an order confirmation and a shipping notice by email. We will also use your payment information to process the payment for your order and your postal address and other contact details to ship your order. The legal basis is the contract between us and the fact that your information is required for us to provide you with the purchased products or services.
    Data retention: As a website customer (e-commerce), your purchase data is stored during the period of your membership and for a period of 5 years thereafter (if applicable) or as required by applicable law.

    c)

    When you subscribe to our other marketing communications

    Data Collected:  We collect your name, email address, and marketing preferences.
    Use and Legal Basis:  This information is used to disseminate Reverse Health promotional newsletters and to inform you about offers, products, events, and surveys by email and social media platforms. The legal basis is your consent, which you can withdraw at any time.
    Data retention: As a subscriber, your data and preferences are stored until you withdraw your consent.

    d)

    When you visit our Site

    Data Collected:  We collect your IP address, the type of your browser, your operating system, your error logs, and other similar information about your visit to our Site. We can also collect additional information from cookies, trackers, web beacons, and other unique identifiers.
    Use and Legal Basis:  Our cookie banner allows you to allow us to collect this data or not. See the section on Cookies Policy. The data is used to store your website preferences, language, cookie choices. It also makes it easier to use the site and can help us deliver personalized advertisements according to your preferences. The legal basis is your consent for us to collect this data.
    Data retention: The time taken to store data obtained through cookies may vary depending on the type of cookie installed. See our Cookies Policy for more information.

    e)

    When you join our Reverse Health community groups (Reverse Health Facebook forums)

    Data Collected:  We collect your username, login information, and any other information, including videos, photos, which you decide to share on these platforms.
    Use and Legal Basis: If you use the Public Profile feature in our community, we cannot control how other users use your data. We cannot prevent the reception of unwanted messages from other users. This data is used to provide you with the requested community services. The legal basis is your consent, which you can withdraw at any time.
    Data retention: As a member, your account data is stored during the membership period and for a period of 5 years thereafter. Your posts will be permanent unless you delete them.

    f)

    When you download the Reverse Health Application

    Data Collected:  We collect information about your use of the Application, your food tracking, the weight tracking, or the dates on which you last used certain features. We also collect information about your device (such as IP address, the specific type of operating system and hardware you have and the amount of free and total memory) and the files of the Application on your device.
    Use and Legal Basis:  We collect information about your use of the Application. This information is used for several purposes, including:

    Device Support and Application Maintenance:
     Ensuring Compatibility: To ensure that your mobile device is compatible with the Application and has sufficient space to run it smoothly.
    ⦁ Version Verification: To confirm which version of the Application is installed on your device, ensuring you have the latest features and security updates.
    ⦁ Bug Fixing and Troubleshooting: To identify and fix bugs or issues users may encounter.
    The legal basis for processing your information in this context is the contract between us, as your data is necessary to provide you with the requested products or services. In certain cases, we may ask for your consent, for example, to access certain files on your device.
    Product Improvement:
     User Interaction Analysis: To analyze how users interact with our Application, allowing us to identify areas for improvement.
    ⦁ Feature Enhancement: To enhance existing features and develop new ones based on user feedback and usage patterns.
    The legal basis for processing your information for product improvement is our legitimate interest in enhancing our products and services to better meet user needs.
    Data retention: As a member, your account data is stored during the membership period and for a period of 5 years thereafter.

    g)

    When you contact our customer service

    Data Collected:  We process your Reverse Health account information.
    Use and Legal Basis: The legal basis is our legitimate interest in improving customer service and for staff training purposes or your consent if necessary.
    Data retention: As a member, your account data is stored during the membership period and for a period of 5 years thereafter. Recorded calls shall be kept for 3 months from the time of collection of the call data unless otherwise required due to a legal obligation.

    h)

    When you answer our surveys, questionnaires, self-assessment tests, or evaluate our products or services

    Data Collected:  We process your name, email address, opinions on the location of events, general feedback and reviews, and other information that you voluntarily provide.
    Use and Legal Basis:  When we use this data to promote our services or products, or to improve our offerings based on your feedback and reviews, the legal basis for the processing will be your consent that you can withdraw at any time.
    Data retention: As a member, your account data, including any feedback and reviews you provide, is stored during the membership period and for a period of 5 years thereafter.

    i)

    When you take part in the offers of our Partners or Affiliates

    Data Collected:  We process your Reverse Health program and account information.
    Use and Legal Basis:  Please note that these partners are responsible for their own data protection practices. Some joint partnerships or programs will require us to share your Reverse Health program information with the partner in order to facilitate these partnerships. The legal basis for this treatment is the performance of a contract with the partner if any or your consent if required.
    Data retention: As a member, your account data is stored during the membership period and for a period of 5 years thereafter.

  2. COOKIES

    We use cookies and similar technologies such as pixels, tags, web beacons and other identifiers to help us customize our Site and Digital Products according to your needs, remember your preferences, understand how individuals use our Site and digital products and customize our marketing communication. You can adjust your cookie settings on our cookie banner at any time by clicking on the "Cookie management" link at the bottom of the site.  For more information on how we use cookies, please read our Cookie Policy.

  3. HOW WE SHARE AND DISPLAY PERSONAL DATA

    We will not share, sell, transfer or disseminate your Personal Data to third parties, unless required by law in accordance with Art. 6(1)(c) GDPR, unless this is necessary for the purposes of your contract in accordance with Art. 6(1)(b) of the GDPR, unless the third party acts as a data subcontractor on our behalf in accordance with Art. 28 of the GDPR, in accordance with Art. 26 of the GDPR, or if you have given us your express consent in accordance with Art. 6(1)(a) of the GDPR.

    We share some of your Personal Data with our affiliates, including Reverse Group, Inc., which are located in the United States, for the provision of IT tools and payment-related services.

    We also use third-party service providers who offer or perform services on our behalf and share your Personal Data with these providers to the extent necessary to enable them to perform their services on our behalf.

    • Processing of payments: We use payment service providers to charge you goods and services and for the processing of credit cards;
    • Processing of inquiries and disputes: We also use third-party service providers who offer or perform services on our behalf and share your Personal Data with these providers to the extent necessary to enable them to perform their services on our behalf.  For example, we may share your personal data, including personally identifiable data, in order to respond to inquiries or disputes filed by you or other parties with application platforms (including, without limitation, the Apple® App Store) and payment processors;
    • Execution of orders: We use several shipping and delivery companies to execute orders according to the product and location;
    • Cloud provider: for our CRM system and an external provider for hosting our website;
    • Marketing and advertising: We may use identity facilitators to help us recognize our consumers on our websites, partners’ websites and shops; we may also use digital agencies to manage our social networks and other advertising campaigns.

    The privacy policies of the above-mentioned entities are available on their business websites. Reverse Health is not responsible for the policies of third-party providers.

    Please note that with regard to transfers of personal data outside the EU or the European Economic Area (EEA), there is a risk that local authorities will be able to access the data for security and supervisory purposes without informing you or allowing you to initiate legal procedures. Please refer to the below section on “Data Transfers” for additional information.

  4. THIRD-PARTY ADVERTISING AND MARKETING

    We may share your e-mail address and other identifiers such as your name, location, telephone number and browsing behaviour with our marketing partners, publishers and other third-party service providers to help us target advertisements on their websites, applications or social networks. We use this service to reach new target groups that are similar to our existing customers based on their characteristics and other identifiers.

    We and our partners compare demographic information, including interests and social connections, with segment groups based on an advanced automated matching technique of similarities in their profiles. This process can be done in real time and the pairing can be done independently of the device you are using. In particular, we can use personalised Facebook and Google audiences that match Personal Data with the user data of the platform that it already controls to target advertisements.

    You can activate and disable these custom audiences, pixels and similar technologies via the cookie banner on our website. In addition, you can also use browser-based ad blockers to prevent Facebook from tracing your data.

    Reverse Health has no influence on advanced matching processes or on data that are evaluated by the third party for the purpose of creating reference groups.

  5. DATA TRANSFER

    We may share your personal information as described above with companies located outside the European Economic Area. In order to provide adequate protection for your Personal Data in this context, we will require that all such transfers are covered by an appropriate legal transfer mechanism, such as the standard contractual clauses adopted by the European Commission in accordance with Art. 46(2)(c) of the GDPR.

    Please note that the use of third-party content and functions may result in the processing of your data outside the EU or EEA. In some countries, there is a risk that authorities will be able to access the data for security and surveillance purposes without informing you or allowing you to initiate legal proceedings.

    Any sharing of your Personal Data with affiliate entities or with service providers will be in accordance with applicable data protection legislation and will be limited to what is necessary. We have carefully selected these companies and we are constantly making sure that they comply with our instructions. Such companies are contractually required not to use your Personal Data for purposes other than those described in this Privacy Policy. The legal basis on which we rely to share your Personal Data with these companies is a contract based on Art. 28(1) of the GDPR or Art. 26(1) of the GDPR or our legitimate interest in using these companies to provide the services described above (Art. 6(1)(f) of the GDPR).

    We may also be required to disclose your Personal Data to government authorities or law enforcement authorities in response to a legitimate request from a public authority or whether we must do so in order to comply with a legal obligation, including to meet national security or law enforcement requirements in accordance with Art. 6(1)(c) of the GDPR. We may also disclose your information in order to serve our legitimate interest in enforcing or enforcing our terms and conditions or responding to claims, protecting our rights or the rights of a third party, protecting the security of persons or preventing illegal activities (including for the purpose of fraud protection and credit risk reduction) in accordance with Art. 6(1)(f) of the GDPR.

    If the data protection legislation so requires, we will seek your consent before sharing your Personal Data with other companies. In these cases, the legal basis is Art. 6(1)(a) of the GDPR.

  6. WHAT ARE MY RIGHTS?

    • Right of access (Art. 15 of the GDPR): You have the right to request confirmation of the processing of your Personal Data and, where appropriate, to request access to the Personal Data we hold about you.
    • Right of rectification (Art. 16 of the GDPR): You have the right to request the correction of inaccurate Personal Data.
    • Right of erasure (Art. 17 of the GDPR): You have the right to request the erasure of the Personal Data without undue delay in certain circumstances, e.g. if your Personal Data is no longer necessary for the purposes for which it was collected or if you withdraw the consent on which our processing is based in Art. 6(1)(a) of the GDPR and where there is no other legal ground for processing.
    • Right to restriction of treatment (art. 18 of the GDPR): You have the right to ask us to restrict the processing of your Personal Data in certain circumstances, e.g. if you consider that the Personal Data we process about you are incorrect or illegal.
    • Right to data portability (Art. 20 of the GDPR): In certain circumstances, you have the right to receive your Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit this information to another controller without hindrance or to ask us to do so.
    • Right of object (Art. 21 of the GDPR): You have the right to object to the processing of your Personal Data in certain circumstances, in particular if we deal with it on the basis of the legal basis for our legitimate interests (Art. 6(1)(f) of the GDPR) or if we use them for marketing purposes.

    You have the right to object to the processing of your Personal Data in certain circumstances, in particular if we deal with it on the basis of the legal basis for our legitimate interests (Art. 6(1)(f) of the GDPR) or if we use them for marketing purposes.

    You can assert the above-mentioned rights by contacting us via the contact details below.

  7. RIGHT TO INTRODUCE CLAIMS WITH THE AUTHORITY TO THE DATA PROTECTION

    You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State where you have your habitual residence, place of work or the place of alleged breach, if you consider that our processing of your Personal Data violates the current data protection legislation.  Information about, and contact details for, EU National Data Protection Authorities can be found at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

  8. AUTOMATED  DECISION-MAKING

    We engage in automated decision-making in certain instances.  For example, we use automated processes to analyze Personal Data, such as your reported age, sex, and health information, to predict your interest in particular diet plans and other services we offer. If applicable, we provide information about the logic involved in these processes, as well as the significance and potential consequences for you. You have the right to object to profiling and automated decision-making.

  9. WHO DO I CONTACT WITH QUESTIONS ABOUT THIS PRIVACY POLICY OR MY RIGHTS?  

    If you have any questions about our Privacy Policy, your data protection rights or you feel that we do not comply with the terms of our Published Privacy Policy or the applicable data protection legislation, please contact our Data Protection Officer at pault@reversegroup.io.

  10. ADDITIONAL DISCLOSURES  

    For users in the United Kingdom, our data processing practices comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) as it applies to the UK. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

    Residents of Spain: Users in Spain are also protected under the Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales (Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights).

    Residents of Ireland: In compliance with the Data Protection Acts 1988 and 2003 and the General Data Protection Regulation (GDPR), Irish users have the right to make a complaint to the Data Protection Commissioner if they believe the data protection rights have been infringed.

    Residents of Portugal: We comply with the Lei n.º 58/2019, de 8 de agosto (Law No. 58/2019 of August 8), which regulates the processing of personal data. Portuguese users have the right to object to the processing of their Personal Data.

    Netherlands Residents: For users in the Netherlands, we adhere to the Algemene verordening gegevensbescherming (General Data Protection Regulation or GDPR) and other applicable data protection laws.

  11. MODIFICATIONS

    This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy, we will update the “Effective Date” at the top of this Privacy Policy. In the event that we make significant changes to the Privacy Policy, we will provide you with notification that this Privacy Policy has been amended.