Last Updated: April 9, 2020
If you are visiting us from the European Union, European Economic Area, or the United Kingdom, please be sure to read the section entitled “Additional Information for Users in the European Economic Area and United Kingdom” for information on how we comply with privacy laws applicable to you.
2. Collection of Information.
When registering to use the Services, we may require you to provide certain personally identifiable information (these are referred to below as your “Personal Contact Information”). The Personal Contact Information that we require you to provide in order to access the Services may include, but is not limited to, the following:
- First Name
- Last Name
When using the Services, you may also voluntarily provide us with personally identifiable information, such as your name, address, profile picture, and phone number. This information is also referred to as Personal Contact Information.
In addition, when using the Services, you will have the opportunity to scan in food products with your camera. This information is stored together with your Personal Contact Information and is also referred to as Personal Contact Information. While you are not required to provide this food product information to use the Services, your choice to not provide such data limits the extent to which you can access the full functionality of the Services.
When purchasing the Services, we will require you to provide financial and billing information, such as billing name and address, and credit card number (“Billing Information”). Your Personal Contact Information and your Billing Information, together with any other information we gather through the Services that may be used to identify, contact, or locate you individually, are collectively referred to herein as your “Personal Information.”
Data, Diagnostic & Login Information
You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as “Data”). Certain Data can be uploaded by allowing the Services to scan in food product data through use of the camera on your mobile device. Providing us with permissions so that the Services can access food data with your mobile device camera is optional. Some of Data may be stored and maintained on our servers. If you run into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process (“Login Information”).
Usage and Analytics Information
As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, and Web beacons. Such Information may include standard information regarding your mobile device, browser type, browser language, Operating System, Internet Protocol (“IP”) address, and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services. Collectively, this information is referred to as “Usage and Analytics Information.”
We do not use GPS technology to collect any information regarding your precise real-time geo-location while using the Services. However, we may use elements of your Usage and Analytics Information (such as your IP address) to determine your generalized location. This information is referred to as “Generalized Geo-Location Information.”
3. Use of Information.
We use the information we collect in the following ways:
|Personal Contact Information||We use this information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or request feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services. We may also use Personal Contact Information for limited marketing purposes, namely, to contact you to further discuss your interest in the Services, and to send you information about us or our partners.|
|Billing Information||We use Billing Information to manage your account, to provide the Services, and to check the financial qualifications of prospective customers and to collect payment for the Services. We may use a third-party service provider to manage credit card processing. If we do so, such a service provider will not be permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on our behalf. |
|Data, Diagnostic Information and Login Information||We use this information for the purpose of administering and improving our Services to you. We may also use this information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, and to increase the Services’ functionality and user-friendliness|
|Usage and Analytics Information||We may use your Usage and Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.|
|Generalized Geo-Location Information||We may use this information for the purpose of administering and improving our Services to you, such as by providing you with relevant advertisements and promotions. We may also use your Generalized Geo-Location Information in an anonymized manner in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, and to increase the Services’ functionality and user-friendliness.|
4. Disclosures & Transfers.
From time to time we may employ third parties to help us provide and/or improve the Services. These third parties may have limited access to databases of user information or registered member information solely for the purpose of helping us to provide and/or improve the Services and they will be subject to contractual restrictions prohibiting them from using the information about our users for any other purpose. Such agents or third parties do not have any rights to use Personal Information beyond what is absolutely necessary to assist us.
We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.
5. Non-US Users.
These Services are hosted in the United States and are intended primarily for visitors located within the United States. If you choose to use the Services from other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you may be transferring your Personal Information outside of those regions to the United States for storage and processing. By providing your Personal Information through the Services, you consent to such transfer, storage, and processing. The foregoing is subject to exceptions as set forth in the section entitled “Additional Information for Users in the European Economic Area and United Kingdom.”
The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.
7. Sharing Information with Third Parties.
10. Access and Accuracy.
You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.
We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: firstname.lastname@example.org.
11. Service Providers.
We may employ third-party companies and individuals to facilitate our Services (“Service Providers“), to provide the Services on our behalf, to perform Service-related services or to assist us in analyzing how our Services is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
A list of our current Service Providers can be found below (the “Service Provider List”). The Service Provider List may be updated from time-to-time, as Service Providers are added and removed.
We may use third-party Service Providers to monitor and analyze the use of our Services.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
We use Amplitude to provide user analytics. For more information on what type of information Amplitude collects and their privacy practices, please visit: https://amplitude.com/privacy.
Google Cloud Storage
We use Google Cloud Storage for web and mobile application infrastructure. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
We use Segment to distribute data we send to other service providers. For more information on what type of information Segment collects and their privacy practices, please visit https://segment.com/docs/legal/privacy/
Please note that we are not a health care provider, and are therefore not an entity that is covered by the Health Insurance Portability and Accountability Act (“HIPAA”). The HIPAA privacy rules apply to health plans, health care clearinghouses, to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA and their service providers. This means that the information that you provide to us is not protected by the HIPAA privacy rules and regulations.
12. Contact Us.
You can help by keeping us informed of any changes such as a change of email address or telephone number. If you would like to access your information, if you have any questions, comments or suggestions, if you find any errors in our information about you, or if you have a complaint concerning our compliance with applicable privacy laws, please contact us at email@example.com or by mail at:
PO Box 338
29 Orinda Way
Orinda, CA 94563
ADDITIONAL INFORMATION FOR USERS IN THE EUROPEAN ECONOMIC AREA AND THE UNITED KINGDOM
Spoonful Inc. is the controller of your personal information for purposes of European data protection legislation.
Lawful Basis for Data Processing
We will only collect, store, and process your personal information where a lawful basis for such processing exists, which will typically fall under one of the following scenarios:
- Processing is necessary for the performance of a contract to which you, the Data Subject, are party;
- Processing is necessary for compliance with a legal obligation to which we as a Controller is subject;
- Processing is necessary for the purposes of the legitimate interests pursued by us as the Controller, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you, the Data Subject, which require protection of your personal information. The legitimate interests that underlie our processing of personal data include research and development, marketing and promoting the Services, and protecting our legal rights and interests.
Use for new purposes
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, we keep account information for as long as the account is active, and for a reasonable period thereafter to ease reactivation if you choose to reactivate your account. If the Services are made available to you through an organization, e.g., your employer, we retain your information as long as required by the administrator of your account on their behalf.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- “Opt-out”. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
- “Access”. Provide you with information about our processing of your personal information and give you access to your personal information.
- “Correct”. Update or correct inaccuracies in your personal information.
- “Delete”. Delete your personal information.
- “Transfer”. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- “Object”. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
- “Withdraw Consent”. If our processing is based on your consent, you have the right to withdraw such consent at any time.
Cross-Border Data Transfer
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit allaboutcookies.org.
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
- Analytics and Functionality – Cookies allow a site or service to know if your computer or device has visited that site or service before. Cookies can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.