1. Personal data that we collect
1.1 Personal data that you provide:
- Your account details. This includes your name, email, your age, account credentials, subscription details, transaction history.
- Communication information. If you communicate with us, we collect your name, contact information, and contents of any messages you send.
- Social Media Information. We have pages on social media sites like Instagram. When you interact with our social media pages, we will collect the personal data that you choose to provide to us. Additionally, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.
- Other data that you choose to provide, including your health and wellbeing data. This may include information about your goal of using Zing application, your gender, physical parameters, information about your workout habits, or any injuries you may have.
1.2 Personal data that we receive automatically from your use of the Services:
- Log data. It means the information that your browser automatically sends whenever you use our website, or whenever you access Zing Coach application. It includes the IP address, browser type, date and time of your access.
- Usage details. It includes the features you use and your actions within the Services, as well as your time zone, country, dates and times of access, operating system information.
- Device information. It includes model and type of your device, unique device identifiers, and operating system information.
- Your movements during the workout. This means that we mark your image with certain dots to give you feedback about your results during the workout. These data are processed on your device. After the workout, we store the information about the marked dots to our servers to analyze if the technology works well and if the users fit into the screen. To avoid any doubt, we do not get access to the actual videos of your workout, but just to the dots marking your movements. These dots may be considered biometric data in some jurisdictions. We will destroy these data as soon as the purpose of data collection is satisfied.
- Your body composition information. When you request a body composition report, we analyze the photos of your body that you choose to upload, including the information we get from the analysis, like your body position, orientation, topology, and other elements of the photo. We use this information only for the purpose of the body composition report and delete the photos and the information right after we generate the body composition report. Upon your explicit consent, however, we may store your photos and the information we get from the photos for up to one month and use them to improve our body composition function.
- Details about your in-app purchases. This may include, for example, details of the time you made certain purchases and your subscription details.
- Analytics. We may use analytics service providers that help us analyze how users interact with the Services to enhance your experience.
1.3 Purposes of processing
We process your personal data for the following purposes:
- To provide you with Zing Coach services (including to create or adjust a personalized workout plan for you). This also includes a personalized AI coach communication with you, which is powered by GPT API (by OpenAI).
- To provide you with body composition reports.
- To administer, maintain, improve and/or analyze our Services.
- To develop new features.
- To prevent misuse of our Services and to ensure the security of our IT systems, architecture, and networks.
- To check if your age allows you to use Zing Coach application.
- To monitor aggregated metrics such as total number of users, traffic, and demographic patterns.
- To provide you with support and respond to your inquiries.
- To send you service emails, including security alerts or transaction confirmations.
- Upon your consent, where required, to find audiences similar to our users. For this processing we may share, among others, details of your Zing Coach application use (e.g., the fact that you work out with Zing Coach application), your device information, and details of your subscription purchase with our third-party advertising partners like AppsFlyer.
- To enforce our rights and to defend from possible claims
- To anonymize your personal data.
Aggregated or de-identified information. We may aggregate or de-identify your personal data to conduct research, or to analyze general behavior of the users to generate general user statistics that can be shared with third parties, published, or otherwise made generally available.
1.4 Legal basis for processing (for EEA, UK or Swiss users)
Our legal bases include:
- Performance of a contract with you when we provide, maintain, and improve our Services. This may include processing of your account details, the data you choose to provide (incl. your health and wellbeing data), data about your movements during workout, log data and device information.
- Our legitimate interests in protection our Services from abuse, fraud, or security risks, or when we develop, improve, or promote our Services. This may include processing of your account details, the data you choose to provide (incl. your health and wellbeing data), social media information, log data, use data, and device information.
- Your consent when we ask for your consent to process your personal data for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
- Compliance with our legal obligations when we use your personal data to comply with applicable law or when we protect our or our affiliates’ or users’ rights or safety.
2. Personal data retention
We retain your personal data for as long as your account is active or for as long as it is necessary for the purposes of its collection and processing (e.g., for resolving disputes, for safety and security reasons, or for complying with our legal obligations).
If you choose to deactivate your account, we retain your personal data for no long than one month in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, and/or to enforce our agreements.
We may also anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, as well as for the purpose of Services improvement and development. In this case, we may use this information indefinitely without further notice to you.
3. What are your data protection rights?
We want to make sure that you are fully aware of all your data protection rights and the ways you can exercise them. These rights may differ across countries:
If you are EEA or UK resident, you have the right to:
3.1 Access your personal data. You can ask us for confirmation that we process your personal data with the information related to its processing.
3.2 Ask to transfer your personal data. You can request that we provide you with your personal data that we collect on the basis of your consent in a structured, commonly-used and machine-readable format. Apart from that, you can ask us to give those data to another party directly, where it’s technically feasible.
3.3 Request correction of your personal data. You can ask us to correct your personal data if you believe that it is inaccurate.
3.4 Request deletion of your personal data. You may ask us to delete your personal data upon your withdrawal of the consent to processing, or if you believe that such processing is unlawful, or if your personal data must be deleted for compliance with a legal obligation under the EU, EU member state or UK law. Please note that deletion of your personal data may affect your use of our Services.
3.5 Request restriction of your personal data processing. You can request a restriction of your personal data processing if you contest the accuracy of your personal data (which inaccuracy is verified by us).
3.6 Object to processing of your personal data. You can object to the processing of your personal data where we rely on legitimate interests as the legal basis for processing.
3.7 Withdraw your consent to personal data processing where we rely on the consent as the legal basis for processing.
3.8 Lodge a complaint with data protection authority. You have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authorities here, and the UK’s supervisory authority (ICO) here.
If you are resident of California, Virginia, Colorado, Utah, or Connecticut, you have the right to:
3.9 Request the categories of personal data collected about you. We will provide, where relevant and required by law, the types of data we collect.
3.10 Request the categories of sources from which your personal data is collected. We will provide, where relevant and required by law, the types of tools and organizations we use to collect data.
3.11 Request the commercial purpose for collecting your personal data. We will provide, where relevant and required by law, the purposes to collect data.
3.12 Request the categories of third parties to whom personal data is disclosed, and the categories of personal data disclosed. We will provide, where relevant and required by law, information regarding the other organizations that may receive your personal data.
3.13 Request the specific pieces of personal data collected about you. We will provide, where relevant and required by law, your personal data.
3.14 Request that personal data collected about you be deleted. We may keep personal data for legal reasons but will accommodate deletion requests when required. Please be aware that erasing some personal data may affect your ability to use our Services.
3.15 Request that your inaccurate personal data be corrected. If you believe your personal data is not correct you may provide personal data to replace the erroneous data.
3.16 Request that we do not sell or share your personal data. Each state may interpret a “sale” of personal data differently, however, if you are a resident of the states above or Nevada and request that your personal data not be sold, we will honor that request. Individuals in California may request their information not be shared with any third party.
How to exercise the rights:
If you wish to exercise any of your rights, please contact us at email@example.com and describe your request. No formal language is needed here, just a plain request and description of the circumstances if needed. If you make a request, we will act on it within one month. If we need any more time to help you exercise any of your rights, we will let you know.
If your request is vague or unclear, we may engage into a conversation with you to understand your request better. We may also refuse to act on manifestly unfounded and excessive requests.
We can ask you to prove your identity while exercising your data protection rights. This is made to ensure that you are indeed entitled to receive certain information and that no rights of third parties are violated by your request.
If we can’t verify your request, we will not act on your request. You may submit a request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may be required to independently verify your identity.
4. Security measures
We take the protection of your personal data very seriously and take all reasonable and appropriate measures to protect them from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. Among others, we utilize the following information security measures to protect your personal data:
a. Encryption of your personal data in transit and in rest.
b. Systematic vulnerability scanning and penetration testing.
c. Protection of data integrity.
d. Organizational and legal measures. For example, our employees have different levels of access to your personal data and only those in charge of data management get access to your personal data and only for limited purposes required for the operation of the application. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your personal data.
Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the Services, or that your information won’t be intercepted while being transmitted to us. In case your personal data got compromised due to a security breach, we will act promptly to identify the cause and take all reasonable steps to remedy the breach. We will inform you of the incident, if necessary, in connection with the applicable legislation. If you want to report a security incident related to our Services, please contact us at firstname.lastname@example.org.
5. Children’s privacy
We are committed to protecting the privacy of children. We do not knowingly collect personal data of any person under the age of 13 (of 16 years old for the residents of the European Union). If you are aware of anyone under 13 (or 16 years old for the residents of the European Union) using the Services, please contact us at email@example.com and we will take required steps to delete such information and (or) delete the account.
6. Sharing of your personal data
We may use external service providers to process your personal data on our behalf. When we do so, we have appropriate agreements in place to protect such data. In the case of international transfers, we always make sure that additional safeguard mechanisms are in place (for example, by adding Standard Contractual Clauses).
Currently we share your personal data with the following service providers:
- Infrastructure & security – AWS (Amazon Web Services, Inc.)
- Infrastructure & security – Auth0 (Auth0, Inc.)
- Email & in-app communication – TypeForm – based in Spain.
- Email & in-app communication – SurveyMonkey (SurveyMonkey, Inc.)
- Push messages – Braze
- Chat personalization - OpenAI LLC (USA)
- Analytical tools – Amplitude (Amplitude, Inc.)
- Analytical tools – AppsFlyer
- Analytical tools – Firebase
- Analytical tools – Palta Brain (Palta Software Ltd) – based in Cyprus.
- Customer support – Zendesk (Zendesk, Inc.)
- Payments – Apple (Apple, Inc.)
- Payments - Adyen N. V. (the Netherlands)
- Payments - Stripe, Inc. (USA)
- Payments - Verify, Inc. (USA)
- Subscriptions management – RevenueCat (RevenitCat, Inc.)
- Affiliates - Palta People Ltd. (Cyprus) – technical maintenance and user support.
- Affiliates - Palta UK Ltd. (UK) – technical maintenance and customer support.
- Affiliates - Palta Poland sp. z o. o. (Poland) - technical maintenance and user support.
- Affiliates - Palta Software Ltd (Cyprus) – analytics.
Zing Coach, Inc.
Address: 1209 Orange Street, Wilmington, County of New Castle, DE 19801, USA
Address: Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus
Palta UK Ltd
Address: Sterling House Fulbourne ROA, Walthamstow, London, E17 4EE