totum.fit™ Privacy Policy
Latest update: September 26, 2024
We are delighted that you, the User (“you” or “your”) of any of our Services, have chosen totum.fit™ to help you with your health and fitness path. This Privacy Policy is for and applies to all users of totum.fit services, including without limitation the totum.fit mobile application (the “App”) and the www.totum.fit website (the "Site"). totum.fit, its subsidiaries, affiliates, and any successors (“totum.fit,” “we”, “us”, or “our” in this policy), offers a variety of content and services including through the Site or App (collectively, the “Services”). Please note that we reserve the right, at our sole discretion, to change, modify, add, or remove portions of this Privacy Policy at any time subject to applicable law. Your continued use of our Services following the posting of changes will mean that you accept and agree to the changes.
Please read this privacy policy and OUR terms of service carefully before using the services. if you do not agree TO EITHER THE PRIVACY POLICY OR THEIR TERMS OF SERVICE, do not use these services.
This Privacy Policy explains how we collect, use, share, and transfer your personal data when you use the Services or otherwise interact with us. This Privacy Policy also explains your data privacy rights.
totum.fit collects personal information from you when you use our Services or interact with us, such as by email or phone. This Privacy Policy contains specific sections for users in the European Union and Australia as well as for consumers in California, Colorado, Connecticut, Utah, and Virginia. You may be subject to different protection standards based upon your residence. The Site, and all content it contains, is the property of totum.fit and its licensors.
Personal Data is any information about you by which you can be identified or be identifiable. totum.fit collects certain Personal Data, either by itself or through third parties. Much of this is information you provide us to make use of our Services. This can include information such as your name, user name, date of birth, biological sex, , email address, mailing address, country, phone number, language, usage data, device serial number and IP address, photos or video you upload to the Services, unique device identifiers for advertising, geographic location information, language, or certain financial information if you decide to purchase products or credits. You may also submit information about yourself, such as your body measurements (ex. height and weight), heart rate, sleep data, or other information collected by third party portals, wearable devices, or your training coach that is shared with us. “Personal Data” in this policy also references “personal information” as defined by Australian or California law.
Other information you share with us that cannot be readily used to identify you or make you identifiable may be stored on our system as well as non-Personal Data. Examples include recipes or food sources you share with us, images or video you share with us that do not include you, food or water intake information, calories burned, or workout information. Aggregated data is not considered Personal Data for the purposes of this Privacy Policy. Non-Personal Data is protected on our systems as well, but receives less protection than Personal Data does.
We may also link to third parties on our Services or use or store data that comes from third-party systems, such as your wearable device provider. Our Privacy Policy does not apply to how third parties define personal data or how they use it. We encourage you to read their privacy policies as well and to learn your privacy rights before interacting with these other services.
Owner and Data Controller
Smarty Co., 120 Vantis Drive, Suite 300
Aliso Viejo, California, USA 92656
Owner contact email: privacy@totum.fit
Types of Personal Data collected
We may collect your Personal Data when you use our Services, visit the Site, when provided by you or a coach, when you direct a wearable device to provide information to our Services, or when you interact with us. We may collect Personal Data in the following ways:
- Directly from you. This may be when you sign up for our Services, when you or your fitness coach use our App, if you make a purchase from us, if you sign up for newsletters and non-mandatory updates, provide information needed to access our Services or validate your identity, or information received from a wearable device.
- Generated about you. We may gather information about you or the devices you use to access our Services or provide information to our services. These may include technical information about the personal device(s) you use to interact with our Services, your preferences when using the Services, or account authentication information.
- Generated by third parties. We may receive information from your coach or wearable devices, information for processing payments or combatting fraud, or interactions with social media accounts.
Specific Personal Data we may collect can include, without limitation:
- When you register an account with our Services, we may require you submit your name, email address, phone number, birth date, and gender. You may provide other Personal Data if you provide us with photographs or access to your photo or video libraries or wearable devices. You may also provide Personal Data to improve your experience with our Services such as body measurements, location information, and certain other health or fitness information.
- When you connect a wearable device with our Services, we may receive Personal Data from the device such as health and fitness information, an IP address, geolocation data, other technical identifiers for your device, information on how you interact with our Services, or your browsing history of content from our Services.
- When you use the App, we may use personal data based on the content you viewed. Information on bugs and crashes is also sent to us when you use our Apps. A list of the articles that you have recently viewed is also cached in the local storage on your device. You can delete this reading history in the App’s settings. You can choose to receive notifications on your device via the App, which you can manage in the App’s settings.
- If you register or sign in to the Services using an identification from Apple or Google, you give Apple or Google permission to share your Personal Data with us. This may include your first and last name, your email address, and any health information stored or disclosed in your account that you choose to share with our Services. You may be able to avoid disclosing your personal email by having Apple or Google create a random email address so your personal email can stay private. This email address you provide will be linked to your account on the Services and will be used to retrieve your content.
- If you make a purchase, we may require identification information and your payment processor may provide us with information such as your name, address, and certain payment details
- If you refer to us our Services or share your results through a social media site, we may collect the social media handles you disclose.
- When you upload generally-accessible information onto our Services on a discussion board or provide recipes or workouts, any Personal Data you post, including your username and other information about yourself, may be publicly accessible. This Personal Data can be viewed online and collected by other people. We are not responsible for the way these other people use your Personal Data. When contributing to a discussion, we strongly recommend you avoid sharing any Personal Data, including information that can be used to identify you directly such as your name, age, address, image, or employer. We are not responsible for the privacy of any information that you choose to post in our online community or other public pages of the Services.
We will not collect special categories of data from you such as personal data concerning your race, political opinions, religion, organizational affiliation, or sexual orientation unless you choose to provide that type of personal data to us.
Personal Data may be freely provided by a User, or, in case of usage data, collected automatically when using totum.fit.
Most data requested by totum.fit is mandatory, so failure to provide this data may make it impossible for totum.fit to provide its Services. In cases where totum.fit specifically states that some data is not mandatory, Users are free not to communicate this data without consequences to the availability or the functioning of the Services.
Users who are uncertain about which Personal Data is mandatory are welcome to contact us.
Any use of Cookies – or of other tracking tools — by totum.fit or by totum.fits of third-party services used by totum.fit serves the purpose of providing the Services required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.
Users are responsible for any third-party Personal Data obtained, published, or shared through totum.fit.
How we collect Personal Data
We collect personal data when you (or a coach acting on your behalf):
- Create an account on our Services
- Download the App
- Access and interact with any of our Services (including the Site or App).
- Purchase any other products or services for yourself or others from us.
- Manage your account settings (e.g. notification, preferences).
- Take part in any events we hold, whether in person or online.
- Participate in our online community, including providing recipes or workout information.
- Sign up for marketing communications.
- Use a mobile or wearable device to access our Services.
- Contact us via email, social media, our App or similar technologies or when you mention us on social media.
- Send money to us
- Test our products, participate in focus groups or provide us with feedback.
We also collect personal data through cookies and other similar technologies. Please refer to our Cookie Policy. for more details on how we use cookies.
Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the preferences or settings page of your web browser. While we do not currently support Do Not Track signals, we treat the data of everyone who comes to our Site in accordance with this Privacy Policy, whatever their Do Not Track setting.
We may combine Personal Data you provide us with Personal Data or other data we receive from outside sources. This may include information from your fitness coach, technical data such as regional information so we can adjust the Services to provide measurements in your preferred units, health or fitness data from your wearable device, processing payments, information that improves the accuracy and usefulness of our Services and communications with you (including marketing communications).
We may also use Personal Data based on the content you view on our Services to make other content we provide more relevant for you. This may include combining information about you with demographic information received from outside sources such as social media platforms. If you interact with a fitness coach through our Services or sign up for one of our events, we may also share this information with the coach or event holder respectively.
We do not intend any of our Services be used by anyone under the age of eighteen years old, so we do not intentionally or knowingly collect Personal Data from anyone under the age of majority in their country or who require permission of their legal guardian to use our Services or allow us to make use of their Personal Data.
How we use your Personal Data
We use Personal Data collected through our Services, including the Site and the App when we have a valid reason and the legal grounds to do so. We determine the legal grounds based on our purpose collecting Personal Data.
We have put in place contractual and other organizational safeguards with our business partners to help protect your Personal Data.
Our legal grounds for using Personal Data may be one or more of the following:
- Consent: We may use Personal Data because we have asked for your consent. You can withdraw your consent for us to use your Personal Data at any time.
- Contracts: We may use Personal Data to fulfill a contract with you, such as providing our Services. If you purchase something from our store, for example, we may use Personal Data for processing your order, securing payment through our payment processor, or delivering your order.
- Compliance: We may use Personal Data based on our legal obligations. This includes compliance matters or responding to requests or inquiries from law enforcement, judicial, or government officials.
- Legitimate Interest: We may process Personal Data where it is necessary for our legitimate interests in a way that might be expected as part of providing the Services and in a way which does not materially impact your rights and freedoms. For example, we have a legitimate interest in promoting our Services, improving our Services by monitoring how they are used and optimizing them, and verifying the identify of a user before enabling them to make changes to Personal Data or other information in a profile. This means we may collect analytics information using common information gathering tools such as cookies, log files, or web beacons.
In addition to the above, we also rely on the legitimate interests below to use Personal Data:
- For internal administrative purposes related to our Services. This may include responding to questions or complaints, providing troubleshooting assistance, record keeping, accounting, etc.
- For security and fraud prevention.
- For legal compliance
- To inform you of any changes to our services, such as updates to our terms and conditions.
- To inform you of any changes to our services, such as updates to our terms and conditions.
- To let you to share content from our Services with others using social media or email.
- To contact you directly if you contact us or engage with us over social media.
| Information Collected | Use |
|---|---|
| Personal Contact Information |
We may use this information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services. We may also use Personal Information for limited marketing purposes, namely, to contact you to further discuss your interest in the Services, and to send you information regarding information about us or our partners. In addition, when you sign up for coaching with a personal trainer, we may share your full name, e-mail address, account information, and other health or fitness information with the coach you selected. |
| Billing Information | We may use credit card or bank account information to manage your account, to provide the Services, to check the financial qualifications of prospective customers, or to collect payment for the Services. We may use a third-party service provider to manage payments processing. If we do so, such a service provider will not be permitted to store, retain, or use billing information except for the sole purpose of payments processing on our behalf. |
| User Content, Diagnostic Information and Login Information | We use this information to administer and improve our Services for you and other users. User content provided to us, such as recipes or workouts, may be made available to other users. User content provided on forums through our Services or on social media websites may be used for business, marketing, compliance, or other legitimate business interests. |
| Analytics Information | We use analytics information to provide and improve our Services to you. We may also use analytics information in a de-identified, anonymized way, such as, in conjunction with an analytics service such as Google Analytics or Facebook Analytics, to monitor and analyze use of the Services, for the Services’ technical administration, to modify the Services, to increase the Services’ functionality and user-friendliness for all users, or to verify users have the authorization needed for the Services to process their requests. |
| Geo-Location Information | We may use this information for the purpose of administering and improving our Services to you. |
When you use our App, we may request permissions to access particular functions of your mobile or wearable device. When we ask for permissions depends on the operating system of your mobile or wearable device, but can include:
- When you decide to store content including Personal Data, images, videos, or other media from our Services on your mobile or wearable device to read or use when offline.
- Asking permission to access your Personal Data, including health information or related information on your mobile or wearable device. This allows us to provide the Services and match your account to your mobile or wearable device.
- If you decide to submit content to us, such as images, videos, recipes, or food labels, we will ask permission to access your camera, pictures, video, or health data respectively.
When you create an account on our Services, you will be able to create your own user profile. You can use your profile and the settings to review and update your Personal Data and other information available through the Services. Your responses to our email communications may also adjust your preferences for receiving marketing or other communications from us.
We may share your Personal Data with outside organizations (third-parties) that are not directly linked to us. Some examples include:
Service providers - We share Personal Data with outside companies that provide services on our behalf. We may do this to perform a contract we have entered into with you, where it is within our legitimate interests to do so, or with your consent. Examples of when we may share your data with service providers include sharing with:
- Online payments processors who process credit or debit card transactions on our behalf.
- Fraud management providers that help us to identify and prevent online fraud.
- Internet and cloud hosting services providers, such as Amazon Web Services.
- Animation service providers, such as Unity Software, Inc.
- Communications services providers.
- Error tracking software providers to help us diagnose and fix errors and optimize the performance of our Services.
- Service providers that help us carry out analytics, facilitate audience creation, segmentation and to measure our audience engagement.
- Service providers that help provide us with insights and analytics that help us to improve our products and services. For example, we may use Google Analytics and/or Mixpanel to understand how visitors engage with our Site or App.
- Service providers that help provide online identity verification and access management services.
Agencies and authorities if required by law - We may disclose Personal Data to any law enforcement agency, court, regulator, or government authority. We may also disclose Personal Data in connection with any legal action if we are requested to do so or to protect our rights or the rights of anyone else. If we have your contact details, we will take reasonable steps to attempt to notify you prior to disclosing your data unless (i) prohibited by applicable law from doing so, or (ii) there are clear indications of unlawful conduct in connection with your use of our Services.
Vendors, event sponsors, and partners - We may share Personal Data with your fitness coach with your permission. If we hold events, we may share Personal Data with event sponsors or partners for marketing purposes, with your permission. We may also share Personal Data with these sponsors and partners for event administration purposes.
Social media -We may share Personal Data with other companies when our Services use social media plug-ins to enable content sharing on social media platforms. These other companies may receive and use Personal Data about your use of our Services. If you use our Services, including our Site or App, these companies may connect Personal Data or other data they collect about you with your account profile on their platform. We encourage you to consult the privacy policies provided by these social media platform providers to understand how they may use your Personal Data.
Acquisitions/Divestitures - If a company buys our company or if we transfer a substantial portion of our assets and business to another company, this transfer may include your Personal Data. If any such sale or transfer takes place, we will make efforts to notify you and to encourage the receiving company uses your Personal Data based on this privacy policy until you have agreed to the terms of their own privacy policy.
The security of your Personal Data is important to us. We use commercially reasonable efforts to store and maintain your Personal Data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Data that you provide to us.
You are also responsible for helping to protect the security of your Personal Data. For instance, never give out your password to others. You must safeguard your user name, password, and personal credentials when you are using the Services so that other people will not have access to your Personal Data. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services, including mobile devices, wearables, and their broadcast settings.
If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on our Site if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. Unfortunately, sending any information, including Personal Data, via the internet is not completely secure. We cannot guarantee the security of any Personal Data sent to our Services, particularly while still in transit. Please understand that all data you provide to us, including Personal Data, is done so at your own risk.
Processing Personal Data
Depending on where you live, we may share your Personal Data within the United States, United Kingdom, or Australia. We may share it in order to perform a contract with you, for administrative purposes, or when we have a legitimate interest in doing so. Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction. Data protection laws in these places may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we may transfer some data, including Personal Data, to the United States and process it there for certain purposes such as responding to your inquiries. Your consent to this Privacy Policy followed by your submission of Personal Data represents your agreement to that transfer.
We take security measures to prevent unauthorized access, disclosure, modification, or destruction of data. We process data following organizational procedures related to the purposes indicated. In addition to totum.fit, Personal Data may be accessible to third party contractors to help us provide or improve the Services. They may assist with the operation of totum.fit (administration, sales, marketing, legal, system administration) or provide outside services such as technical service providers, mail carriers, hosting providers, information technology companies that we appoint as data processors. These third parties may have access to databases of user information or registered member information, including Personal Data solely for the purpose of helping us to provide or improve the Services. These third parties will be subject to contractual restrictions prohibiting them from using Personal Data about our members for any other purpose.
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
Personal Data concerning the User may be collected to allow totum.fit to provide its Services, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, or any of the following reasons: displaying content from external platforms, advertising, Personal Data transfer outside the EU, hosting and backend infrastructure, analytics, contacting a User, infrastructure monitoring, managing contacts, sending messages, managing landing and invitation pages, displaying external content, traffic optimization and distribution, Services and hosting, unsolicited messaging protection, analytics, managing payments, or collecting user preferences.
Personal Data Retention
We will keep your Personal Data for as long as we deem it helpful for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for other legitimate business purposes, such as analysis of aggregated, de-identified data, or account recovery. All retained Personal Data will remain subject to the terms of this Privacy Policy. Please note that if you request that your Personal Data be removed from our databases, it may not be possible to completely delete all of your Personal Data due to technological, legal, or contractual constraints.
Amendment of this Privacy Policy
We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective thirty days from their posting on our Site, App, or via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you save a copy of this Privacy Policy for your reference and revisit this webpage from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.
If applicable law requires your opt-in consent to any particular amendment to this Privacy Policy, the amendment will not apply to your Personal Date until we receive such consent from you. To the extent we cannot provide some or all of the Services without your consent to such amendment to the Privacy Policy, your decision not to consent may result in our having to limit your ability to use certain aspects of the Services.
Cookie Policy
What are cookies?
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.
What are cookies used for?
There are generally four categories of cookies: “Strictly Necessary,” “Performance,” “Functionality,” and “Targeting.” We routinely use all four categories of cookies on the Service. You can find out more about each cookie category below.
What types of cookies do we use?
There are generally four categories of cookies: “Strictly Necessary,” “Performance,” “Functionality,” and “Targeting.” We routinely use all four categories of cookies on the Service. You can find out more about each cookie category below.
Strictly Necessary Cookies. These cookies are essential, as they enable you to move around the Service and use its features, such as accessing logged in or secure areas. Because these cookies are essential, they cannot be disabled.
Performance Cookies. These cookies collect information about how you have used the Service, for example, information related to the unique username you have provided, so that less strain is placed on our backend infrastructure. These cookies may also be used to allow us to know that you have logged in so that we can serve you fresher content than a user who has never logged in. We also use cookies to track aggregate Service usage in an anonymized fashion and experiment with new features and changes on the Service. The information collected is used to improve how the Service works.
Functionality Cookies. These cookies allow us to remember how you’re logged in, whether you chose to no longer see advertisements, when you logged in or out, and the state or history of Service tools you’ve used. These cookies also allow us to tailor the Service to provide enhanced features and content for you and to remember how you’ve customized the Service in other ways. The information these cookies collect are anonymous, and they are not used to track your browsing activity on other sites or services.
Targeting Cookies. Us, our advertising partners or other third-party partners may use these types of cookies to deliver advertising that is relevant to your interests. These cookies can remember that your device has visited a site or service, and may also be able to track your device’s browsing activity on other sites or services other than ours. This information may be shared with organizations outside of ours, such as advertisers and/or advertising networks to deliver the advertising, and to help measure the effectiveness of an advertising campaign, or other business partners for the purpose of providing aggregate Service usage statistics and aggregate Service testing.
How long will cookies stay on my device?
The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.
How to control and review cookies?
If you do not want to receive cookies, you can change your browser settings on your computer or other device you’re using to access our Services. If you use our Services without changing your browser settings, we’ll assume that you’re happy to receive all cookies on our website. Most browsers also provide functionality that lets you review and erase cookies. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.
Information for Users in the European Union
This section applies to all Users in the European Union, as defined by the General Data Protection Regulation (the “GDPR”), and, for such Users, supersedes any other possibly divergent or conflicting information contained in the Privacy Policy. Further details regarding the categories of Personal Data processed, the purposes of processing, the categories of recipients of the Personal Data, if any, and further information about Personal Data can be found in the section titled “Detailed information on the processing of Personal Data” within this document.
Legal basis for data processing
totum.fit may process Personal Data relating to a user if one of the following applies:
A user gave us their consent for one or more of the specific processing purposes;
Processing data is necessary for the performance of an agreement with the User or for any pre-contractual obligations;
Processing is necessary for compliance with a legal obligation, pursuant to the request of law enforcement, a judicial order, or the request of an administrative body as specified above;
Processing is related to a task that is carried out in the public interest or in exercising official authority vested in totum.fit;
Processing is necessary for the purposes of the legitimate interests pursued by totum.fit or by a third party.
In any case, totum.fit can help clarify the legal basis that applies to the information being processed.
Further information about retention time
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
Personal Data collected for purposes related to the performance of a contract between totum.fit and the User shall be retained until such contract has been fully performed.
Personal Data collected for the purposes of totum.fit’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by totum.fit at the relevant sections of the Privacy Policy or by contacting us.
totum.fit may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. totum.fit may be required to retain Personal Data for a longer time to fulfil a legal obligation or pursuant to a request by a law enforcement, judicial, or other government actor as described earlier in this Privacy Policy.
We take commercially reasonable actions to delete Personal Data after the retention period expires. Rights to erasure, rectification, and data portability expire along with expiration of the retention period. If Personal Data resides on backup drives or is otherwise not immediately accessible to totum.fit, we will endeavor to delete it if this other media is accessed.
European Union User Rights Under the GDPR
Users may exercise certain rights regarding Personal Data processed by totum.fit.
In particular, Users have the right to do the following, to the extent permitted by law:
Withdraw their consent at any time. Users have the right to withdraw consent to processing their Personal Data where they have previously given it, unless an exemption applies such as completion of a contract as discussed above.
Object to processing of their Personal Data. Users have the right to object to the processing of their Personal Data if the processing is carried out on a legal basis other than consent.
Access their Data. Users have the right to learn if totum.fit is processing their Personal Data. Users may also obtain disclosures regarding certain aspects of totum.fit’s processing activities and obtain a copy of their Personal Data undergoing processing.
Verify and seek rectification. Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected. Please note that this process may require the user to provide totum.fit with additional Personal Data to verify the User’s identity.
Restrict the processing of their Personal Data. Users have the right to restrict the processing of their Personal Data. In this case, totum.fit will not process their Data for any purpose other than storing it or fulfilling compliance or contractual obligations.
Have their Personal Data deleted or otherwise removed. Users have the right to obtain the erasure of their Personal Data from totum.fit unless an exception applies.
Receive their Personal Data and have it transferred to another controller. Users have the right to receive their Personal Data in a structured, commonly used, and machine-readable format. If technically feasible, Users may have their Personal Data transmitted to another controller.
Lodge a complaint. Users have the right to bring a claim before a data protection authority of competent jurisdiction.
Learn more. Users can learn about the legal basis for their Personal Data transfers abroad, including to any international organization governed by public international law or set up by two or more countries. They may also learn more information about the security measures totum.fit takes to protect their Personal Data.
Details about your right to object to totum.fit processing your Personal Data
Where totum.fit processes Personal Data based on its legitimate interests, a public interest, or in the exercise of an official authority vested in totum.fit, a User may object to this processing by providing totum.fit in writing the grounds related to their particular situation to justify their objection to this processing.
Users may at any time object to their Personal Data being processed for direct marketing purposes, without cost to themselves or need for an explanation. In these circumstances, the User’s Personal Data will no longer be processed for such purposes.
How to exercise these rights
Users can exercise any of their rights under the GDPR by contacting totum.fit through the contact information provided in this Privacy Policy. totum.fit should respond to these requests within the timeframes mandated by applicable law. Users may need to provide Personal Data to totum.fit upon request to verify their identity. totum.fit will take commercially reasonable efforts to notify recipients of your Personal Data of your request for it to be changed, erased, or restricted in how it is processed.
Personal Data transfers outside of the European Union
Data transfer to countries that guarantee European standards
totum.fit may transfer Personal Data from the European Union to another country based on an adequacy decision of the European Commission.
The European Commission adopts adequacy decisions for specific countries whenever it considers that country to possess and provide Personal Data protection standards comparable to those set forth by European Union data protection legislation. Users can find an updated list of all adequacy decisions issued on the European Commission's website.
Data transfer abroad based on standard contractual clauses
totum.fit may transfer Personal Data from the European Union to other countries using “standard contractual clauses” provided by the European Commission. These clauses require the Personal Data recipients to commit to process Personal Data in compliance with European Union data protection standards. Please contact us if you would like additional information.
Further information for California Users
This section applies to all Users that qualify as California consumers Users (“you”, “your”, “yours”), as defined by the California Consumer Protection Act and modified by the California Privacy Rights Act and later regulations. For such Users, this supersedes any other possibly divergent or conflicting information contained in the Privacy Policy. This statement is provided by the business running totum.fit and, where applicable, totum.fit’s parent company, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”). This part of the Privacy Policy uses the terms “Personal Information” and “Sensitive Personal Information”) as defined in the California Consumer Privacy Act (CCPA).
Personal Information we collect
We may collect the following Personal Information categories of about you: personal identifiers, customer records information, protected classification characteristics, commercial information, biometric information, internet information, geolocation data, audio/visual/electronic/thermal information, or inferences.
We may receive some Sensitive Personal Information from you through our payment processor if you make a purchase through our Services.
We do not intend to collect additional categories of personal information without notifying you.
You have the right to limit the use or disclosure of your Sensitive Personal Information and how you can exercise it
You have the right to request that we limit the use or disclosure of your Sensitive Personal Information to only that which is necessary to provide our Services as is reasonably expected by an average consumer.
We may use your Sensitive Personal Information for specific purposes permitted by law including, without limitation, helping ensure security and integrity; verifying or maintain the quality or safety of our services, or as authorized by the relevant regulations. Outside these specific purposes, you may freely request at any time that we do not use or disclose your Sensitive Personal Information. We will respond to your request to stop using your Sensitive Personal Information within statutory time frames and will instruct our service providers and contractors to do the same so long as you can provide the information we require to process your request. Any Personal Information we collect from you in connection with your request is for verification purposes and solely used to comply with the request. To make such a request, please contact us using the contact information provided in this Privacy Policy. You may also use the privacy choice settings available on our App or Site. Once you have exercised this right, we are required to wait at least twelve months before asking whether you changed your mind.
Purposes for using your Personal Information
We may use your Personal Information to allow the operational functioning of totum.fit Services and features thereof (“business purposes”). In such cases, your Personal Information will be processed in a fashion necessary and proportionate to the business purpose for which it was collected, within the limits of compatible operational purposes. We may also use your Personal Information for other reasons such as for commercial purposes, for legal or compliance purposes, for asserting our or a User’s rights or interests before competent authorities, or if we may suffer injury.
Personal Information retention
Unless stated otherwise, we will not retain your personal information for longer than is reasonably necessary for the purposes that we had for collecting it..
Information collection sources
We collect the above-mentioned categories of personal information, either directly or indirectly, from you when you use totum.fit.
For example, you directly provide your Personal Information when you submit requests via any forms on totum.fit. You also provide Personal Information indirectly when you navigate the totum.fit Services, as Personal Information about you is automatically observed and collected.
We may collect your Personal Information from third parties that work with us in connection with the Service or with the functioning of the Services.
How we use the information we collect: disclosing your Personal Information to third parties for a business purpose:
For our purposes, the word “third party” means a person who is not any of the following: a service provider or a contractor, as defined by the CCPA.
We may disclose your Personal Information to the third parties listed in detail in this Privacy Policy. These third parties are grouped and categorized in accordance with the different purposes of processing.
The word “sharing” here means any “sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged”, as defined by the CCPA.
Please note that the exchange of Personal Information with a service provider pursuant to a written contract that meets the requirements set by the CCPA, does not constitute a sale or sharing of your Personal Information.
We do not sell any Personal Information, including health-related data, to any third parties.
We may share your Personal Information with third parties for the sole purpose of data analysis and fraud prevention. The data will never be sold or used by any third party for profiling, targeting, or any similar purpose outside of the totum.fit app.
You have the right to opt out of the sharing of your Personal Information. This means that whenever you provide us with an acceptable request for us to stop sharing your Personal Information, we will confirm and then follow your request.
Such requests can be made freely and at any time.
To fully exercise your right to opt-out you can contact us at any time using the contact details provided in this document.
If you want to submit requests to opt out of the sharing of Personal Information via a user-enabled global privacy control, like the Global Privacy Control (“GPC”), you are free to do so and we will abide by such request in a frictionless manner (as defined in the CPRA regulations). The GPC consists of a setting or extension in the browser or mobile device and acts as a mechanism that websites can use to indicate they support the GPC signal. If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available at https://globalprivacycontrol.org/ .
We use any Personal Information collected from you in connection with the submission of your opt-out request solely for the purposes of complying with the opt-out request.
Once you have opted out, we are required to wait at least twelve months before asking whether you have changed your mind.
Your privacy rights under the California Consumer Privacy Act and how to exercise them
The right to access Personal Information: the right to know and to portability
You have the right to request that we disclose to you:
the categories of Personal Information that we collect about you;
the sources from which the Personal Information is collected;
the purposes for which we use your Personal Information;
to whom we disclose such Personal Information;
the specific pieces of Personal Information we have collected about you.
You have the right to know what Personal Information is shared and to whom. In particular, you have the right to request two separate lists from us where we disclose:
the categories of Personal Information that we shared about you and the categories of third parties to whom the Personal Information was shared;
the categories of Personal Information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
The disclosure described above will be limited to the personal information collected or used over the past twelve months.
If we deliver our response electronically, the information enclosed will be "portable", i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance — provided that this is technically feasible.
The right to request the deletion of your Personal Information
You have the right to request that we delete any of your Personal Information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used to identify and repair errors on totum.fit, to detect security incidents, protect against fraudulent or illegal activities, to exercise certain rights etc.).
If no legal exception applies, as a result of exercising your right, we will delete your Personal Information and notify any of our service providers and all third parties to whom we have shared the Personal Information to do so — provided that this is technically feasible and doesn’t involve disproportionate effort.
The right to correct inaccurate Personal Information
You have the right to request that we correct any inaccurate Personal Information we maintain about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.
The right to opt out of sharing of Personal Information and to limit the use of your sensitive Personal Information
You have the right to opt out of the sharing of your Personal Information. You also have the right to request that we limit our use or disclosure of your sensitive Personal Information.
The right of no retaliation following opt-out or exercise of other rights (the right to non-discrimination)
We will not discriminate against you for exercising your rights under the CCPA. This means that we will not discriminate against you, including, but not limited to, by denying goods or services, charging you a different price, or providing a different level or quality of goods or services just because you exercised your consumer privacy rights.
However, if you refuse to provide your Personal Information to us or ask us to delete or stop sharing your Personal Information, and that Personal Information or sharing of it is necessary for us to provide you with goods or services, you understand and agree that we may not be able to complete that transaction or that the Services you receive will be impaired by this lack of Personal Information. For example, if you request we remove information about your body measurements, we can no longer provide Services that rely on these measurements.
How to exercise your rights
To exercise the rights described above, you need to submit your verifiable request to us by contacting us via the details provided in this Privacy Policy.
For us to respond to your request, it’s necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:
provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information, or an authorized representative (noting we or a vendor may require Personal Information to verify your identity);
describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We may not respond to any request if we are unable to verify your identity and therefore confirm the Personal Information in our possession actually relates to you.
Making a verifiable consumer request does not require you to create an account with us. We will use any Personal Information collected from you in connection with the verification of your request solely for the purposes of verification and shall not further disclose the Personal Information, retain it longer than necessary for verification purposes, or use it for unrelated purposes.
If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.
You can submit a maximum number of two requests over a twelve-month period.
How and when we are expected to handle your request
We will confirm receipt of your verifiable request within ten days and provide information about how we will process your request.
We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fulfill your request.
Our disclosure(s) cover the preceding twelve-month period. You have the right to request that we disclose information beyond the twelve-month period for information we received after January 1, 2022, and we will provide them to you unless doing so proves impossible or would involve a disproportionate effort.
Should we deny your request, we will explain to you the reasons behind our denial.
We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.
© 2024 totum.fit or its affiliated companies. All rights reserved.