CaloScanAI Privacy Policy

Effective Date: December 01, 2023

IMPORTANT NOTICE

At CaloScanAI, our mission is to assist you on your journey of wellness, and we want you to understand how we collect and use the data you provide us along this journey. CaloScanAI encompasses the CaloScanAI.com website (“Website”) and the CaloScanAI mobile applications (“Mobile Apps”) (collectively referred to as “Services” in this Privacy Policy). We encourage you to read this Privacy Policy as well as our Terms of Use and Conditions (collectively referred to as our “Terms”).

By using the Services, you consent to our collection, use, and transfer of your personal data for processing in the United States as outlined in this Privacy Policy.

CaloScanAI and all related services and systems, including registration, are hosted on servers in the United States. If you are accessing our Services from outside the United States, please be aware that the information we collect, including cookies and device data, will be processed and stored in the United States, a jurisdiction that adheres to data protection and privacy laws and principles, including your rights as a data subject that may not offer the same level of protection as the country/region of your residence or citizenship. By providing information to us through our Services, you consent to the transfer of information to the United States and its processing therein, unless otherwise stated in this Privacy Policy, we take this consent as the legal basis for our data transfer. As part of account creation, you may be asked to give explicit consent to this data transfer.

Please read this Privacy Policy carefully, as accessing and using the Services signifies that you have read, understood, and agreed to all terms within this Privacy Policy. If you do not agree to any part of this Privacy Policy or our Terms, please do not access or continue to use any of the Services or otherwise submit your personal data to us.

Attention Residents of the European Union: To comply with the European General Data Protection Regulation (GDPR) requirements for our European consumers and users, this Privacy Policy outlines the legal bases on which we process your personal data and provides other information required by the GDPR. More country/region-specific information for European consumers and users is outlined in the specific location disclosures section.

Details Regarding Your Personal Data

This Privacy Policy applies to data concerning you, your devices, and your interactions with our Services.

Definition of Personal Data:“Personal Data” refers to information that can identify you, either alone or in combination with other information. It includes identifiable details such as your full name, email address, phone number, device IDs, cookie and network identifiers, and Fitness and Wellness Data.

Personal Data Handling:CaloScanAI is responsible for the collection, usage, disclosure, and processing of Personal Data as outlined in this Privacy Policy. This includes operation and enhancement of our Services and business, advertising, marketing, and providing innovative fitness and wellness services.

Anonymous Data Generation:We may produce de-identified or anonymous data from Personal Data by removing identifiable elements, like your name or email address, through methods such as obfuscation. The use of such anonymized data is beyond the scope of this Privacy Policy.

How We Collect and Use Personal Data

CaloScanAI values user privacy across all its offerings. This Privacy Policy is relevant to all products, services, and websites provided by CaloScanAI. Where specific details are required, additional privacy notices explain personal information processing in particular services. This document details the nature of the information CaloScanAI collects about you and your use of our services. We strongly recommend thoroughly reviewing this Privacy Policy.

By engaging with CaloScanAI and our websites, you agree to this Privacy Policy. If you find the terms unacceptable, please do not use our website. Continued use following changes to this policy signifies acceptance of those changes.

Core Mission and Data Transparency

CaloScanAI aims to assist in your fitness and wellness journey with clear communication about data collection and usage. This includes our mobile applications and other services collectively termed “Services”. We urge you to read this Privacy Policy and our Terms of use.

Data Hosting and International Users

Our services are hosted in the United States. Users accessing our Services from outside the U.S. should note that collected data, including cookies and device data, will be processed and stored in the U.S., where privacy laws may differ from those in your region. By using our Services, you consent to this data transfer and processing in the U.S. Explicit consent for data transfer may be sought during account creation.

Policy Acceptance

Please read this Privacy Policy carefully, as using our Services indicates agreement with all terms. Discontinue use if you disagree with any part of this policy.

EU Resident Attention

To align with GDPR, this policy outlines the legal bases for processing the Personal Data of our European consumers and users. Specific information for European users is detailed in the location-specific disclosures section.

Data Controller Role of CaloScanAI

Responsibility as Data Controller

CaloScanAI, in its capacity as the Data Controller, processes your Personal Data in accordance with this Privacy Policy. For queries or concerns about the processing of your Personal Data, or questions about this Privacy Policy, please consult our location-specific disclosures for appropriate contact details.

EU Residents Note

Additional information on the Legal Basis for processing is detailed in the EEA location-specific disclosures.

Personal Data Processing Purposes

CaloScanAI processes your Personal Data for various purposes outlined in this Privacy Policy. In certain instances, separate consent is not required, including:

For Performance of a Contract

Fulfilling our contractual obligations to you, such as account registration, processing purchases via the Services, addressing Service-related issues, integrating with wearables or other connected devices, providing geographically relevant Services, enabling social connections on platforms, sharing content, inviting friends, customizing Services, and aggregating data for Service performance.

To Meet Legal Obligations

Complying with legal, regulatory, court orders, or aiding in investigations.

For Legitimate Interests

Operating our business and providing Services, beyond contractual obligations, under CaloScanAI's legitimate interests as per applicable law. This is subject to the protection of your fundamental rights and freedoms regarding Personal Data.

Communication

Engaging in necessary communication related to the Services, including important notices, requests, inquiries, and complaints. Essential communications are sent even if you opt-out of other CaloScanAI emails.

Responding to Requests

Addressing technical support, online services, product inquiries, and other initiated communications.

Promotional Messages

Providing promotional messages and personalized marketing.

Surveys

Conducting surveys linked to our Services.

Compliance and Public Safety

Assisting in illegal or wrongful activity investigations, fraud prevention, rights and property protection, and ensuring public safety.

Improvement and Development

Enhancing and improving Services and user experience.

Enforcing Terms and Policies

Implementing our Terms, this Privacy Policy, or agreements with third parties.

Mergers or Acquisitions

Supporting business reorganizations, sales, or asset disposals.

Consent as Basis for Processing

We may seek your consent for processing your Personal Data. Consent can be indicated by actions like ticking a box when providing Personal Data through our Services or during registration. The requirement for consent varies globally.

CaloScanAI Marketing and Communication

Consent may be requested to contact you regarding offers, products, promotions, or services.

Collecting Device Data

Consent might be required to collect mobile device IDs, advertising IDs, and sensor data.

Processing Sensitive Personal Data

Consent may be required for processing sensitive data like Fitness and Wellness Data.

Research Purposes

Consent might be sought for using your Personal Data for research.

Data Transfer

Consent might be requested for transferring data to the United States and other regions.

Automated Processing

We may use automated processing for our Services, and consent will be sought for significant processing related to sensitive Personal Data.

Preference Management and Consent Withdrawal

You can withdraw your consent at any time and manage preferences for website and online data collection, advertising, communication settings, and app preferences.

Cookie Use and Controls

Cookies are used for various purposes including personalization, security, and advertising. You can manage cookie preferences, including blocking and controlling cookies through our settings. Blocking all cookies may affect website functionality.

IP Address and Beacon Use

You can choose not to use IP addresses for advertising or analytics purposes and control the use of web pixels or beacons through cookie settings.

Mobile Device Data Use

We use mobile device data for necessary purposes, improvement, personalization, and advertising. You can withdraw your consent for using device IDs for analytics and advertising.

Mobile Device ID Withdrawal for Analytics and Advertising

To withdraw your consent for the use of your mobile device IDs for analytics and advertising, activate the “Limit Ad Tracking,” “Opt out of Ads Personalization,” or an equivalent setting on your device. This action sends a signal to CaloScanAI and third parties, indicating your preference not to have your Device IDs used for advertising or analytics purposes. We comply with this signal and require our third-party partners to do the same.

Changing App Personalization Settings

You can adjust the personalization settings within our App. To reset these preferences to default, delete and reinstall the App.

Changing Communication Preferences

For email communications, you can unsubscribe at any time using the link in our emails. Unsubscribing from “all emails” excludes strictly necessary communications related to the Services or transactions.

For mobile push notifications, modify the settings within the App. Further information on updating push notification settings for our Services can be found on our website or through your mobile device settings.

Transfers of Personal Data to Other Countries

Personal Data processed by CaloScanAI, including registration and related systems, is stored on servers in the United States. If accessing our Services from outside the United States, be aware that your Personal Data will be processed and stored in the U.S., where data protection and privacy laws may differ from those in your country/region. By using our Services and providing Personal Data, you consent to this transfer, storage, and processing in the U.S. We will seek explicit consent as required by this Privacy Policy for such data transfers.

Data Retention

We retain your Personal Data as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Personal Data no longer needed for these purposes will be deleted from our systems. Upon request, we will also delete your Personal Data, following procedures outlined in our support resources.

Security Measures

We implement technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and accidental loss, destruction, or damage. However, we cannot guarantee complete security for data storage and transmission.

Links to Other Websites

Our Privacy Policy does not apply to third-party websites linked from our Services. We are not responsible for the content or privacy practices of these third-party sites. We encourage reviewing their privacy policies.

Children's Privacy

We do not knowingly collect Personal Data from individuals under 18 without parental consent. If a child has provided us with Personal Data without such consent, please contact our support team for data removal and account cancellation.

Contacting Us

For any questions, comments, or concerns about our handling of Personal Data, contact us via our support team or email: AIcaloriecare@gmail.com**.** Data Protection Officers in specific regions can be contacted through our location-specific disclosures.

Third Party Data Collection – Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.

Analytics

We disclose your Personal Data as described below and as described elsewhere in this Privacy Policy.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising

network.

You may opt-out of certain Google Analytics features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy:

https://policies.google.com/privacy?hl=en

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Facebook Analytics

Facebook Analytics is an analytics service provided by Facebook Inc. You may opt out of providing data to Facebook Analytics in your application settings. Full instructions can be found at this support article.

We encourage you to review Facebook’s data policy.

https://www.facebook.com/privacy/explanationj

For more information on general policies please review Facebook’s Policy Page.

https://www.facebook.com/policies

Firebase

Firebase is an analytics service provided by Google Inc.

You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy:

https://policies.google.com/privacy?hl=en

We also encourage you to review Google's policy for safeguarding your data:

https://support.google.com/analytics/answer/6004245

For more information on what type of information Firebase collects, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

KochavaAnalytics

Kochava is an analytics service provided by Kochava Inc.

To manage your preferences for Kochava's data collection, you can utilize options available on your mobile device, such as adjusting your device advertising settings. Detailed guidance on opting out and managing your data with Kochava can be found in their Privacy Policy: https://www.kochava.com/legal/website-visitor-privacy-policy/?int-link=menu-website-privacy

Umeng

Umeng is a comprehensive analytics service provided by Alibaba Group.

To adjust your preferences or opt out of certain Umeng features, you can follow the guidelines provided in Umeng's Privacy Policy: Umeng Privacy Policy.

For additional information on how Umeng processes and uses collected data, please refer to their detailed privacy policy.

https://www.umeng.com/policy

Advertising

We may use third-party Service Providers to show advertisements to you to help support and maintain our Service.

Google AdSense & DoubleClick Cookie

Google, as a third-party vendor, uses cookies to serve ads on our Service. Google's use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Service or other websites on the Internet.

You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences/

AdMob by Google

AdMob by Google is provided by Google Inc.

You can opt-out from the AdMob by Google service by following the instructions described by Google:

https://support.google.com/ads/answer/2662922?hl=en

For more information on how Google uses the collected information, please visit the "How Google uses data when you use our partners' sites or app" page: http://www.google.com/policies/privacy/partners/ or visit the Privacy Policy of Google:

http://www.google.com/policies/privacy/

Behavioral Remarketing

Azumio Inc. uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

Google Ads (AdWords)

Google Ads (AdWords) remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on:

https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web pagolicies.google.com/privacy?hl=en

Facebook

Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page:

https://www.facebook.com/help/164968693837950

To opt-out from Facebook's interest-based ads, follow these instructions from Facebook:

https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy:

https://www.facebook.com/privacy/explanation

Pinterest remarketing service is provided by Pinterest Inc.

You can opt-out from Pinterest's interest-based ads by enabling the "Do Not Track" functionality of your web browser or by following Pinterest instructions: http://help.pinterest.com/en/articles/personalization-and-data

You can learn more about the privacy practices and policies of Pinterest by visiting their Privacy Policy page: https://about.pinterest.com/en/privacy-policy

TikTok Ads

TikTok Ads is an advertising service provided by TikTok Inc.

To opt out of TikTok Ads, follow the instructions provided by TikTok in their support guide: TikTok Ads Opt-out Instructions.

For detailed information on TikTok's data use practices, refer to their Privacy Policy: https://www.tiktok.com/legal/page/us/privacy-policy/en

Kochava

Kochava is an analytics and advertising service provided by Kochava Inc.

You can manage your ad preferences and opt out of specific features through your mobile device settings or as outlined in Kochava's Privacy Policy: Kochava Privacy Policy.

For more information about how Kochava uses collected data, please visit their detailed privacy policy.https://www.kochava.com/legal/website-visitor-privacy-policy/?int-link=menu-website-privacy

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Apple Store In-App Payments

Their Privacy Policy can be viewed at https://www.apple.com/legal/privacy/en-ww/

Google Play In-App Payments

Their Privacy Policy can be viewed at https://www.google.com/policies/privacy/

Stripe

Their Privacy Policy can be viewed at https://stripe.com/us/privacy

PayPal / Braintree

Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full

Location-Specific Disclosures

Residents of Argentina

You have the right to access your Personal Data, at intervals no shorter than six months entirely free of charge (unless there is proof of a legitimate interest in access in shorter periods, as established in Section 14, Sub-section 3 of Act No. 25,326).

We encourage you to contact us directly and allow us to work with you to address your concerns. Nevertheless, you have the right to lodge a complaint to the Agency of Access to Public Information, in its function of controlling agency responsible for enforcing Act No. 25,326.

Residents of Australia

CaloScanAI takes steps to keep your Personal Data accurate and up to date. If you reside in Australia, you may request access to or correction of the Personal Data that we have collected about you. To access your Personal Data, please contact us through our support team or at the address listed above. We may charge for this service and will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.

If you have any complaints regarding how we handle your Personal Data, please contact our support team or write to us at the address above with a detailed description of the complaint.

Residents of Brazil

Legal Basis for Processing

We may rely on consent and/or another valid legal bases to process your Personal Data. Such legal bases may include: the legitimate interest of the controller or third parties; for compliance with a legal or regulatory obligation by the data controller; for the execution of a contract; for regular exercise of rights in court, administrative or arbitration proceedings.

How to Exercise Your Rights

CaloScanAI takes steps to keep your Personal Data accurate and up to date. If you reside in Brazil, according to the LGPD, you have certain rights to the Personal Data that we have collected about you. To exercise your rights to your Personal Data, at any time, please contact us through our support team or at the address listed above. Your request will be fulfilled at no cost, and we will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.

You have the following rights

Right to confirmation of the existence of the Processing of Personal Data: You have the right to ask us for confirmation on whether we are processing your Personal Data.

Right of access to your Personal Data: You have the right to request access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved) subject to commercial and industrial secrecy.

Right to correction of incomplete, inaccurate or out-of-date data: You have the right to have your Personal Data corrected, as permitted by law.

Right to anonymization, blocking or deletion of unnecessary or excessive data or data processed unlawfully. Anonymization refers to the use of reasonable and available technical means at the time of the processing, whereby the data loses the possibility of direct or indirect association with you.

Right to data portability: You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible, except for the data that has already been anonymized by us.

Right to erasure: You have the right to ask us to delete your Personal Data, as permitted by law. This right may be exercised when you withdraw your consent on which processing is based. Note that we may retain a limited amount of data for a period of time - including, in situations that the storage of the information is authorized by law and or required by law.

Right to information about public and private entities with which CaloScanAI has shared data through communication, dissemination, international transfer, interconnection of personal data or shared processing of banks of personal data by them.

Right to information about the possibility of denying consent and the consequences of such denial;

Right to withdraw consent: You have the right to withdraw your consent to our processing of your Personal Data, as permitted by law, and where the basis for processing was based on your consent.

Right to object: When the legal basis for processing your data is anything other than consent, you can object to the processing when it is not in compliance with the law.

Right to review automated processing decisions: You have the right to review decisions taken solely on the bases of automated processing of personal data that affects your interests. This includes decisions intended to define your personal, professional, consumer or credit profile.

Changes to this Privacy Policy.

In order to enhance our Services it might be necessary to change this Privacy Policy from time to time. We therefore reserve the right to modify this Privacy Policy in accordance with the applicable data protection laws. Please visit our Website from time to time for information on updates to this Privacy Policy.

Residents of Colombia

How to Exercise Your Rights

You have certain rights to the Personal Data that we have collected about you. To exercise your rights to your Personal Data, please contact us through our support team or at the address listed below. We will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.

Right to access your Personal Data: You have the right to access, free of charge, your Personal Data being processed by us.

Right to know, update, and rectify your Personal Data: You have the right to correct your Personal Data, as permitted by law.

Right to request proof of your consent: You have the right to request proof of the consent granted to us for the processing of your Personal Data, where consent was required to process the information.

Right to withdraw your consent or to request the suppression of your Personal Data: You have the right to withdraw your consent or request that we suppress your Personal Data, as permitted by law.

Right to file complaints: You have the right to file complaints before the Superintendence of Industry and Trade for any kind of infringement to privacy laws.

Additional Use of Personal Data

Additional use of your Personal Data that is not described in this Privacy Policy will only take place as required by statute or when we have obtained your prior, explicit and informed consent.

How to Contact Us or Our Privacy Office

If you have any questions, comments, or concerns about how we handle your Personal Data, then you may contact us through our support team or write to us.

Residents of the European Economic Area and the United Kingdom

If You Elect Not to Provide Personal Data

You may choose not to provide CaloScanAI with your Personal Data. However, if you choose not to provide your Personal Data, you may not be able to enjoy the full range of Services.

How to Exercise Your Rights

CaloScanAI takes steps to keep your Personal Data accurate and up to date. If you reside in the European Economic Area, you have certain rights to the Personal Data that we have collected about you. To exercise your rights to your Personal Data, please contact us through our support team or at AIcaloriecare@gmail.com Subject to applicable law and in exceptional circumstances only, we may charge for this service and we will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.

You have the following rights:

Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved).

Right to correction (Art. 16 GDPR): You have the right to have your Personal Data corrected if it is inaccurate and to have incomplete Personal Data about you completed, as permitted by law.

Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data, as permitted by law. This right may be exercised among other things: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing; (iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or (iv) when your Personal Data has been unlawfully processed.

Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing under limited circumstances, including: (i) when the accuracy of your Personal Data is contested; (ii) when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; or (iii) when you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of CaloScanAI override your grounds.

Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible and as permitted by law.

Right to object (art.21 GDPR): You have the right to object to our processing of your Personal Data, as permitted by law. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on those provisions. After which, we will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Furthermore, you have the right to object at any time to processing of Personal Data for direct marketing purposes.

How we may disclose your Personal Data

The GDPR and national laws of European Union member states implementing the GDPR permit the sharing of Personal Data relating to users who are residents of the European Economic Area with third parties only under certain circumstances. If you reside in the European Economic Area, we will only share your Personal Data as described in our Privacy Policy under the heading “How We Disclose Personal Data” if we are permitted to do so under applicable European and national data protection laws and regulations.

Health Data

Some Fitness and Wellness Data that we collect may be considered personal health data under the GDPR as interpreted by the European data protection supervisory authorities if recorded over a longer period of time. We process this type of data to provide you with additional information that you can incorporate into your evaluation of your progress toward your fitness and wellness objectives; it should not, however, be considered professional medical advice and is not intended to be used for diagnostic purposes.

Transfers of Your Personal Data to Other Countries

The Personal Data CaloScanAI processes, and all associated Services and systems, including registration, are housed on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States (the data protection and privacy laws in the United States may offer a lower level of protections than in your country/region).

In order to use our Services, we may require you to agree to the transfer, storage, and/or processing of your Personal Data in the United States. In other situations where Personal Data is transferred outside of the European Economic Area (the EEA) or the United Kingdom, CaloScanAI leverages other mechanisms for international data transfer including the European Commission-approved standard contractual clauses and consent.

Marketing Communications

Where we are legally required to do so, we ask you for your prior consent before providing you with promotional materials or information. You may revoke your consent at any time (this will not affect the processing of your Personal Data undertaken until the revocation). If you want to stop receiving promotional materials, etc., you can do so at any time as outlined in the change consent settings for communication preferences section.

Legal Basis for Processing Under the GDPR

In this section we provide information on the legal basis for our processing of your Personal Data as required by Art. 13 and 14 of the GDPR:

When you register for an account or interact with our Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.

When you input Fitness and Wellness Data within our Services: For sensitive data (including health data and biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.

When you use or interact with a wearable or other connected device.

For sensitive data (including health data and biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.

For non-sensitive Personal Data which we need in order to perform the Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.

With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance our Services.

For sensitive data (including health data and biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.

For non-sensitive Personal Data which we need in order to perform the Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.

With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance our Services.

When you communicate with us or sign up for promotional materials, we process your Personal Data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages. Where we are required under applicable local law to obtain your consent for sending you marketing information, the legal basis is your consent, Art. 6(1)(a) GDPR.

When you participate in special activities, offers, or programs.

For sensitive data (health data) (including health data or biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.

For non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages or to allow you to participate in our special activities, offers or programs or obtain prior consent, Art. 6 (1) (a) GDPR, if required by applicable law.

When you engage with our online communities or advertising and we actively collect your Personal Data in this context, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages.

When you access third party products and services and we obtain Personal Data about you from such third party sources:

For Personal Data that we need in order to perform the Services (e.g., if you pay for third party products through our Services), such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.

With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to improve our Services.

When you connect with us through social media:

Where we collect your consent in such case, for instance for marketing purposes, we process your Personal Data on the basis of your prior consent, Art. 6 (1) (a) GDPR.

Where we do not collect your consent in such case, we process your Personal Data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use the full range of our Services (Art. 6 (1) (f) GDPR).

When we collect data from third parties or publicly-available sources:

For Personal Data which we need in order to perform the Services (e.g., for email verification purposes), such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.

With regard to other Personal Data, we process your Personal Data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use our Services more

efficiently.

When we leverage and/or collect cookies, device IDs, data from the environment, and other tracking technologies, we process your Personal Data on the basis of your consent, Art. 6 (1) (a) GDPR, and based on our legitimate interest, Art. 6 (1) (f) GDPR, to the extent permitted by applicable law.

When we use coarse location and data from sensors, we process such data for strictly necessary purposes in order to perform our Services, Art. 6 (1) (b) GDPR); and for our legitimate interest in marketing and improving our Services, Art. 6 (1) (f) GDPR).

When we aggregate or centralize data, such processing is either necessary for the performance of our Services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better or customized Services and marketing.

When you sign up for our Services that consist of social sharing and communication with others (including linking you to friends across platforms):