Privacy Policy

This privacy policy outlines how DEVTROX LTD, with company code 16214743, registration address 124 City Road, London, EC1V 2NX, office address at 124 City Road, London, EC1V 2NX ("Company", "we", "us" or "our"), handles your personal data when you interact with our website, mobile applications, social media channels, or utilize our services.

This policy addresses the following key areas:

a. How we use your data;

b. When we share your data with others;

c. How long we retain your data;

d. Our marketing practices;

e. Your rights concerning your personal data;

f. Our use of cookies;

g. Other important considerations.

For inquiries or to exercise your rights, please use the contact methods provided in the "Contact us" section.

You can also contact the Company's Data Protection Officer at hello@ketodietai.com for any privacy-related matters.

Unless otherwise specified, terms used in this policy have the same meaning as defined in the Company's General Terms and Conditions. This policy is an integral part of those terms.

In case of discrepancies between the English version and any translated versions of this policy, the English version shall prevail.

1. How we use your personal data?

1.1. This section provides the following details:

a. Categories of personal data we process;

b. Sources and specific categories of information we obtain from third parties;

c. Purposes for which we may process your personal data; and

d. Legal bases for processing.

1.2. We process your account information ("Account Data"), such as your name, email address, phone number and registration details including your purchase history. This information is obtained directly from you. We process Account Data to operate our website, provide our services, ensure website and service security, and communicate with you. The legal basis for this processing is the performance of our contract with you and/or steps taken at your request to enter into such a contract, as well as our legitimate interest in monitoring and improving our website and services.

1.3. We process information related to the provision of services to you ("Service Data"), including your contact details, bank account and transaction information, and other information you provide in relevant questionnaires (which may include sensitive health data if necessary for service delivery). Service Data is processed to provide services and maintain accurate transaction records. The legal basis for this processing is the performance of our contract with you and/or steps taken at your request to enter into such a contract, and our legitimate interest in proper website and business administration. For sensitive health data, the legal basis is your explicit consent.

1.4. We may process information you provide to subscribe to our email messages and newsletters ("Messaging Data"). Messaging Data is processed to send you relevant communications. The legal basis for this processing is your consent. If we have previously provided goods or services to you through our website or apps and you have not objected, we may also process Messaging Data based on our legitimate interest in maintaining and improving customer relationships.

1.5. We may process information related to any communication you send to us ("Correspondence Data"), including communication content and metadata. Correspondence Data is processed for communication purposes and record-keeping. The legal basis for this processing is our legitimate interest in proper website and business administration, ensuring consistent and high-quality consultation practices, and investigating disputes between you and our employees.

1.6. We may process information about your use of our website and/or apps and your device ("Device Data") when you browse our website or use our apps. Device Data may include your IP address, browser type and version, operating system, device type, screen resolution, and (if you agree to share it) your location data and information about your device's motion activity. We collect this data through cookies and similar technologies. Device Data is processed to enhance our apps and website, set default options, understand your usage patterns, and secure both the website and apps. The legal basis for this processing is our legitimate interest in proper website, app, and business management.

1.7. We may process any of your personal data identified in this notice as necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in administrative or out-of-court procedures. The legal basis for this processing is our legitimate interest in protecting and asserting our legal rights, your legal rights, and the legal rights of others.

1.8. We may process any of your personal data identified in this notice as necessary for obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interest in protecting our business from risks.

1.9. In addition to the specific purposes outlined in this section, we may process your personal data as necessary to comply with legal obligations, protect your vital interests, or protect the vital interests of another natural person.

1.10. If the purpose or legal basis for data processing activities changes, we will inform you and, if consent was the original legal basis, will re-obtain your consent.

1.11. We may aggregate, anonymize, or de-identify your personal data so that it cannot be used to identify you. Such data is no longer considered personal. We may use this data without restriction in any way permitted by law, including sharing it with partners or research institutions, using it in articles, blog posts, and scientific publications, aggregating statistics about certain activities, and using it to evaluate or modify our services.

1.12. We adhere to the principle of data minimization, processing only the personal data necessary for the intended purposes.

1.13. Personal data is stored on the servers of the Company or our contractors, who are bound by specific contractual clauses regarding personal data processing and confidentiality obligations.

1.14. We employ a range of technical and organizational measures to protect your personal data. Organizational security measures include restricting access to authorized personnel, confidentiality agreements, training programs, and the development and implementation of relevant policies and procedures. Technical measures include online security measures, data loss prevention, data alteration prevention, unauthorized access prevention, access control and authentication tools, and physical security measures.
2. When might we share your data with others?

2.1. We may share your personal data with any member of our corporate group (which includes our subsidiaries, parent company, and its subsidiaries) when necessary to fulfill the purposes outlined in this notice. This could involve internal administrative needs, as well as sharing IT, payment, marketing services, or data center functions within the group.

2.2. Your personal data may be shared with our insurers and/or professional advisors when necessary for the purposes of securing or maintaining insurance, managing risks, seeking professional advice, or for the initiation, exercise, or defense of legal claims, whether through court proceedings or in administrative or out-of-court procedures.

2.3. We may share your personal information with our anti-fraud, risk, and compliance service providers when necessary to protect your data and meet our legal obligations.

2.4. We may disclose your personal data to our payment service providers. However, we will only provide service data to these providers to the extent necessary for processing payments, transferring funds, and resolving any issues or inquiries related to these transactions.

2.5. We may share your personal data with other service providers when required to deliver specific services, such as providers for server maintenance, email services, data analysis or marketing services, call centers, customer satisfaction surveys, or market research. We ensure that these third-party service providers implement appropriate organizational and technical safeguards to protect your data’s security and privacy.

2.6. Beyond the specific instances listed in this section, we may disclose your personal data if required to comply with legal obligations or to protect your vital interests or the vital interests of another individual.

2.7. The entities mentioned in this section may be located outside of United Kingdom, the European Union, and the European Economic Area. If we transfer your personal data to such entities, we will take the necessary legal measures to ensure your privacy is properly protected. This may include, when appropriate, entering into standard contractual clauses for data transfer. For more information on these safeguards, feel free to contact us via email at hello@ketodietai.com.

3. For how long do we keep your data?

3.1. We will only store your personal data for as long as it is necessary to fulfill the purpose or purposes for which it was collected. In any case, it will not be retained for longer than the following periods:

a. Account-related data will be kept for a maximum of 5 (five) years after your most recent account update;

b. Service-related data will be kept for no more than 5 (five) years after the conclusion of the services provided;

c. Messaging data will be stored for a maximum of 2 (two) years after consent is given, or if the messages are sent to existing clients to enhance and maintain customer relationships, for no longer than 2 (two) years after the end of the respective services, unless you revoke your consent earlier or object to the processing;

d. Correspondence-related data will be retained for no more than 6 (six) months after the conclusion of the communication.

3.2. In some situations, it may not be possible to define specific retention periods for your personal data in advance. For example, device data will be stored for as long as necessary for the relevant processing purposes.

3.3. Once the applicable retention period ends, or if you request it, your personal data will be securely destroyed, either by overwriting or through physical destruction methods, when applicable.

3.4. Notwithstanding the other provisions in this section, we may retain your personal data if it is necessary to comply with a legal obligation we are bound by, or to protect your vital interests or those of another individual.

4. Marketing communications

4.1. If you give your consent, we may reach out to you by email or phone to share updates about our activities. Additionally, if we have previously provided services to you and you haven't objected, we may send you information about other products from our company or its subsidiaries that could interest you, including other related details via email or phone, based on the information you've provided to us.

4.2. If we contact you by phone as outlined in section 4.1, SMS/text messages will be sent through your mobile provider to the phone number you've given us. These messages may be delivered using an automatic dialing system or other technologies. The frequency of messages may vary, and message/data charges may apply.

4.3. You have the right to opt out of receiving marketing communications at any time. You can do this by clicking the unsubscribe link in any of our marketing messages or by contacting us through the channels available on our website. If you're receiving both email and phone marketing communications as described in section 4.1 and wish to opt out, you will need to unsubscribe from both separately by following the link in the relevant message or by reaching out to us through our website.

4.4. Once you have completed the opt-out process, we will update your profile to ensure that you no longer receive marketing communications from us.

4.5. Please note that as our business includes a network of interconnected services, it may take a few days for all systems to be fully updated. During this time, you may still receive marketing communications while we process your request.

4.6. Opting out of marketing communications will not prevent you from receiving communications related directly to the services we've provided.

5. AI Tools

5.1. We may employ AI-driven chatbots to provide chat functionality and other customer support solutions powered by third-party AI tools when you reach out to us through the in-app chatbot, our customer support email, or other communication channels.

5.1.1. The AI chatbots we use are powered by third-party service providers whose technology provide necessary functionalities and enhances the functionality of our app.

5.1.2. During interactions with AI-based chatbots, certain data may be collected or used, such as profile details, user queries, conversations, and any other information you voluntarily provide or that is necessary to address your inquiry. This data may be processed to deliver customized responses to your questions.

5.1.3. The specific information processed by the AI tools will depend on the nature of your request and the data you provide within it. Both personal and non-personal information shared by you may be processed. This can include health-related details, symptoms, profile information, or any other relevant information you disclose or that is necessary for processing your request.

5.1.4. By interacting with our in-app chatbot or contacting us through customer support channels, you consent to the processing of any personal data, including health-related personal data, contained in your inquiry via AI-powered tools. The processing of personal data through AI is strictly for improving our application functionality, enhancing user experience, and providing effective customer support. Your information will not be used for purposes unrelated to these without your consent. We are dedicated to safeguarding the confidentiality and security of your personal data.

5.1.5. Data collected by the AI chatbots may be shared with third-party providers that power the chatbot. We ensure that these third-party providers comply with data protection laws and maintain the confidentiality and security of the information shared with them.

5.1.6. AI-powered chatbots do not handle subscription management requests or data subject rights requests, as outlined in this Privacy Policy. If you have such requests, please reach out to our customer support team directly.

5.1.7. The data processed through chatbot interactions will be retained for a period of up to 3 months from the latest consent renewal to ensure continued functionality and personalization of your experience with the chatbot.

6. Your Rights

6.1. This section outlines the rights you have under data protection laws. Some of these rights can be complex, so we provide a summary of the main aspects. For a full understanding, we recommend reading the relevant laws, particularly the General Data Protection Regulation (EU) 2016/679, along with guidance from regulatory authorities.

6.2. Your key rights under data protection law include:

a. the right to access your data;

b. the right to correct inaccurate data;

c. the right to request the deletion of your personal data;

d. the right to limit the processing of your data;

e. the right to object to the processing of your data;

f. the right to data portability;

g. the right to file a complaint with a supervisory authority;

h. the right to withdraw consent; and

i. the right not to be subjected to decisions based solely on automated processing, including profiling.

6.3. The right to access your data. You have the right to know whether we process your personal data and, if so, to access it along with certain additional details. This includes information on the purpose of processing, the types of data involved, and who receives the data. We will provide you with a copy of your personal data, free of charge for the first request, though additional copies may incur a reasonable fee.

6.4. The right to rectification. You have the right to correct any inaccurate personal data we hold about you and, where necessary, to complete any incomplete data.

6.5. In certain situations, you may have the right to request the deletion of your personal data. These situations include: (i) when the data is no longer necessary for the purpose it was collected or processed; (ii) if you withdraw consent and no other legal basis for processing exists; (iii) if you object to processing under applicable data protection laws; (iv) for direct marketing purposes; or (v) if the data was unlawfully processed. However, there are exceptions to this right, such as when processing is required: (i) to exercise freedom of expression and information; (ii) to comply with a legal obligation; or (iii) for the establishment, exercise, or defense of legal claims.

6.6. In certain circumstances, you may have the right to limit the processing of your personal data. This can occur when: (i) you challenge the accuracy of your data; (ii) processing is unlawful but you oppose deletion; (iii) we no longer need the data for our purposes, but you require it for legal claims; or (iv) you have objected to processing, pending verification of the objection. When processing is restricted, we may continue to store the data, but further processing will only occur: (i) with your consent; (ii) for legal claims; (iii) to protect the rights of others; or (iv) for reasons of public interest.

6.7. You have the right to object to our processing of your personal data based on your particular circumstances, but only if the processing is necessary for: a task carried out in the public interest or for legitimate interests pursued by us or a third party. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your rights and freedoms, or if the processing is necessary for legal claims.

6.8. You also have the right to object to our processing of your data for direct marketing purposes (including profiling for such purposes). If you do so, we will stop using your data for marketing.

6.9. You have the right to object to the processing of your data for scientific, historical, or statistical research, based on your particular situation, unless the processing is essential for a public interest task.

6.10. The right to data portability. If the legal basis for processing your data is:

a. consent; or

b. the performance of a contract or steps taken at your request before entering into a contract, you have the right to receive your personal data from us in a structured, commonly used, and machine-readable format. However, this right does not apply if it would negatively impact the rights and freedoms of others.

6.11. If you believe our processing of your personal data violates data protection laws, you have the right to file a complaint with a data protection supervisory authority. You may do so in your EU member state of residence, your place of work, or where the alleged infringement occurred. --

6.12. If our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the legality of the processing before the withdrawal.

6.13. You have the right not to be subjected to decisions based solely on automated processing, including profiling, if such decisions produce legal effects or significantly affect you. However, there are exceptions, such as when the decision is: (i) necessary for the performance of a contract between you and us; (ii) authorized by EU or national law, which also provides safeguards for your rights; or (iii) based on your explicit consent.

6.14. You may exercise the rights outlined above, or any others provided in this policy, by contacting us via email at hello@ketodietai.com. We aim to respond to requests within one month, although this may be extended by up to two months for complex or multiple requests. If there is an extension, we will inform you.

7. About Cookies

7.1. When you visit our website for the first time, we will ask for your consent to use cookies in accordance with the terms outlined in this notice.

7.2. Cookies are small text files containing an identifier that a web server sends to your browser, where it is stored. The identifier is then sent back to the server each time your browser requests a page.

7.3. Cookies generally do not contain any personally identifiable information. However, any personal data we store about you may be linked to the information collected by and stored in cookies.

8. Cookies We Use

8.1. On our website, we use three main types of cookies for the following purposes:

a. Essential cookies – these are necessary for the proper functioning of the website, ensuring the security of customers and their data, and enabling the delivery of high-quality services;

b. Performance cookies – these help improve the user experience on the website, monitor system usage, and enhance the quality of services based on this analysis;

c. Advertising cookies – these are used to track user behavior online and optimize marketing campaigns based on this data.

9. Cookies Used by Our Service Providers

9.1. Our service providers may also place cookies on your device, and these cookies could be stored on your computer when you visit our website.

9.2. We may utilize the following cookies:

a. Google Analytics cookies – these cookies help us monitor website traffic and analyze errors, as well as measure bandwidth. You can review the privacy policy of Google Analytics here;

b. YouTube cookies – used to display content hosted on YouTube within our website. These cookies help maintain a consistent and dynamic website experience. You can view YouTube’s privacy policy here;

c. Twitter cookies – used to display content shared on Twitter within our website. These cookies help keep the website dynamic and informative. You can view Twitter’s privacy policy here;

d. Google Maps cookies – if permitted by the user, these cookies help determine the user's location. They assist in tailoring the website to the user’s location and enhancing their experience. You can check the privacy policy of Google Maps here;

e. DoubleClick cookies – used to manage ad display on our website. These cookies help differentiate users who have already used our services, allowing us to limit or stop showing ads to them. You can read DoubleClick’s privacy policy here;

f. Facebook cookies – help manage the visibility of ads to our users. These cookies allow us to identify users who have already used our services and minimize or cease showing ads to them. You can check Facebook’s privacy policy here;

g. Google Tag Manager cookies – assist in managing advertising cookies. These cookies ensure that ads are properly displayed to users. You can view Google Tag Manager’s privacy policy here;

h. Hotjar cookies – track how users interact with our website. These cookies help us analyze website performance and identify areas for improvement. You can view Hotjar’s privacy policy here;

i. Visual Website Optimiser cookies – gather information about how visitors engage with website pages. You can check the privacy policy of Visual Website Optimiser here.

10. Managing Cookies

10.1. Most web browsers give you the option to refuse cookies and delete them. The specific steps to do this may vary depending on the browser and its version. However, you can find the most current instructions for blocking and deleting cookies on the support page of the respective browser, such as Chrome, Firefox, Internet Explorer, or Safari.

10.2. Disabling all cookies may negatively affect the functionality of many websites.

10.3. If you choose to block cookies, you may not be able to access all the features of our website.

11. Third-Party Websites

Our website may contain links to partner sites, information sources, and related websites. Please be aware that once you click on these links and visit a third-party website, they will have their own privacy policies. We do not take responsibility for these external privacy policies. We recommend reviewing the privacy policies of these websites before sharing any personal information with them.

12. Children's Personal Data

12.1. Our website and services are intended for individuals aged 18 and above.

12.2. If we discover that we have personal data of someone under the age of 18 in our records, and we have not obtained consent from their parent or legal guardian, we will promptly remove that personal data from our systems.

13. California Privacy Addendum

If you are a resident or consumer in California, you may have additional rights and information available to you under the California Consumer Privacy Act (CCPA), in addition to the details provided in this privacy policy:

We do not knowingly sell personal information or share it with third parties for direct marketing purposes. However, if we do so in the future, we will notify you and give you the option to opt out of the "sale" of your personal data;

a. Any personal information we collect or process on your behalf will only be used, retained, or disclosed for the purposes described in this privacy policy. If this changes, we will inform you;

b. You have the right to exercise your privacy rights without facing any discrimination.

We currently do not recognize or respond to browser-based Do Not Track signals. You can find instructions for enabling Do Not Track on these browsers: Chrome, Firefox, Internet Explorer, Edge, Safari, and Opera.

14. Updating Your Data

If any of the personal information we hold about you needs to be updated or corrected, please let us know.

15. Changes to This Notice

Any updates to this privacy notice will be posted on our website. In the case of significant changes, we may notify you by email or another suitable method, as we see fit in the circumstances.