Privacy & Cookies Policy for International Users

At JAST Fitness Inc., your privacy and the security of your personal data are of utmost importance to us. This Privacy & Cookies Policy details how we collect, use, store, and share your personal data when you interact with our services, including our website and mobile application. Our practices comply with international privacy laws, such as the General Data Protection Regulation (GDPR) for users in the European Union, the California Consumer Privacy Act (CCPA) for users in the U.S., and Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users. This policy aims to inform users of their rights and our responsibilities as a data controller and processor.

By using our services, you consent to the terms outlined in this Privacy & Cookies Policy.

1. Scope and Definitions

•Personal Data: Any information related to an identifiable individual (e.g., name, address, IP address).
•Controller: Jast fitness Inc. determines the purpose and means of processing personal data.
•Processor: Any third party engaged by JAST to process data on our behalf (e.g., cloud service providers).
•Cookies: Small files stored on users' devices to track behavior and enhance user experience.

1. Scope and Definitions

•Personal Data: Any information related to an identifiable individual (e.g., name, address, IP address).
•Controller: Jast fitness Inc. determines the purpose and means of processing personal data.
•Processor: Any third party engaged by JAST to process data on our behalf (e.g., cloud service providers).
•Cookies: Small files stored on users' devices to track behavior and enhance user experience.

2. Information We Collect

We collect the following types of data from users:

A) Mandatory Data:

1. Name and surname
2. Date of birth
3. Gender
4. Address (including country, city, postal code)
5. Identity verification documents (e.g., passport, national ID)
6. Height and weight
7. Photos (front, side, and back) for body composition analysis

B) Optional Data:

1. Health-related data (e.g., body fat, muscle percentage, medical records)
2. Preferences regarding dietary restrictions and intolerances
3. Drug or supplement use history
4. Exercise-related injuries or conditions (e.g., musculoskeletal issues)

C) Automatic Data:

1.IP address, device type, operating system, browser type
2.Interaction with our website and app (via cookies)
3.Location data (if enabled)

Legal Basis for Processing:

The collection and processing of your data are based on:

1.Consent: Users explicitly consent to the processing of personal data for specific purposes (e.g., account creation, fitness plan customization).
2.Contractual necessity: Data is required to provide our services (e.g., delivering fitness plans, setting up coaching interactions).
3.Legal obligations: Compliance with regulations, such as tax and accounting laws.

2. Information We Collect

We collect the following types of data from users:

A) Mandatory Data:

1. Name and surname
2. Date of birth
3. Gender
4. Address (including country, city, postal code)
5. Identity verification documents (e.g., passport, national ID)
6. Height and weight
7. Photos (front, side, and back) for body composition analysis

B) Optional Data:

1. Health-related data (e.g., body fat, muscle percentage, medical records)
2. Preferences regarding dietary restrictions and intolerances
3. Drug or supplement use history
4. Exercise-related injuries or conditions (e.g., musculoskeletal issues)

C) Automatic Data:

1.IP address, device type, operating system, browser type
2.Interaction with our website and app (via cookies)
3.Location data (if enabled)

Legal Basis for Processing:

The collection and processing of your data are based on:

1.Consent: Users explicitly consent to the processing of personal data for specific purposes (e.g., account creation, fitness plan customization).
2.Contractual necessity: Data is required to provide our services (e.g., delivering fitness plans, setting up coaching interactions).
3.Legal obligations: Compliance with regulations, such as tax and accounting laws.

3. How We Use Your Data

The data we collect is used for the following purposes:

1. Service Provision: We use your personal data to create personalized fitness, nutrition, and corrective exercise plans.
2. Account Management: Your data is essential for account setup, plan customization, and billing.
3. Service Improvements: We analyze user behavior to optimize service delivery and improve user experiences using analytics tools (e.g., Google Analytics).
4. Legal Compliance: To comply with local and international laws, including taxation and audit requirements.
5. Communication: To send service-related updates and marketing communications (with explicit user consent).

3. How We Use Your Data

The data we collect is used for the following purposes:

1. Service Provision: We use your personal data to create personalized fitness, nutrition, and corrective exercise plans.
2. Account Management: Your data is essential for account setup, plan customization, and billing.
3. Service Improvements: We analyze user behavior to optimize service delivery and improve user experiences using analytics tools (e.g., Google Analytics).
4. Legal Compliance: To comply with local and international laws, including taxation and audit requirements.
5. Communication: To send service-related updates and marketing communications (with explicit user consent).

4. International Data Transfers

JAST operates globally, which may involve transferring your data across borders. This includes the United States, Canada, and the European Union. We take measures to ensure your data is protected when transferred internationally, in accordance with:

●GDPR: We implement Standard Contractual Clauses (SCCs) or equivalent safeguards for EU users.
●PIPEDA: For Canadian users, we follow strict guidelines for data transfers outside of Canada.
●CCPA: U.S. users are protected through CCPA-compliant mechanisms.

4. International Data Transfers

●GDPR: We implement Standard Contractual Clauses (SCCs) or equivalent safeguards for EU users.
●PIPEDA: For Canadian users, we follow strict guidelines for data transfers outside of Canada.
●CCPA: U.S. users are protected through CCPA-compliant mechanisms.

5. Data Sharing with Third Parties

We may share personal data with:

1. Service Providers: For hosting, analytics, and payment processing (e.g., cloud service providers, analytics tools).
2. Legal Authorities: In compliance with legal obligations or court orders.
3. Business Partners: Only with user consent for joint projects or service provision.

Data shared with third parties is limited to the necessary information required for service delivery and is protected under Data Processing Agreements (DPAs), ensuring compliance with privacy regulations.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

GDPR (European Union):

1. Right of Access: Request a copy of your personal data.
2. Right to Rectification: Correct inaccurate or incomplete data.
3. Right to Erasure: Request the deletion of your data ("Right to be Forgotten").
4. Right to Restriction of Processing: Limit how we process your data in specific situations.
5. Right to Object: Object to the processing of your data for marketing purposes.
6. Right to Withdraw Consent: Withdraw your consent for data processing at any time.

CCPA (California, U.S.):

1. Right to Know: Learn what data we collect, how it's used, and with whom it’s shared.
2. Right to Delete: Request the deletion of personal data.
3. Right to Opt-Out: Decline the sale of personal data.
4. Right to Non-Discrimination: Exercise your privacy rights without discrimination.

PIPEDA (Canada):

1. Right of Access: Request access to personal data.
2. Right to Challenge: Contest the accuracy and completeness of your personal data.
3. Right to Withdraw Consent: Withdraw consent for data processing.

To exercise these rights, users can contact our Data Protection Officer (DPO) at privacy@jast.fit. We will respond to requests within 30 days as required by law.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

GDPR (European Union):

1. Right of Access: Request a copy of your personal data.
2. Right to Rectification: Correct inaccurate or incomplete data.
3. Right to Erasure: Request the deletion of your data ("Right to be Forgotten").
4. Right to Restriction of Processing: Limit how we process your data in specific situations.
5. Right to Object: Object to the processing of your data for marketing purposes.
6. Right to Withdraw Consent: Withdraw your consent for data processing at any time.

CCPA (California, U.S.):

1. Right to Know: Learn what data we collect, how it's used, and with whom it’s shared.
2. Right to Delete: Request the deletion of personal data.
3. Right to Opt-Out: Decline the sale of personal data.
4. Right to Non-Discrimination: Exercise your privacy rights without discrimination.

PIPEDA (Canada):

1. Right of Access: Request access to personal data.
2. Right to Challenge: Contest the accuracy and completeness of your personal data.
3. Right to Withdraw Consent: Withdraw consent for data processing.

To exercise these rights, users can contact our Data Protection Officer (DPO) at privacy@jast.fit. We will respond to requests within 30 days as required by law.

7. Children’s Privacy

In compliance with COPPA (Children's Online Privacy Protection Act) for U.S. users and GDPR for EU users, we do not knowingly collect personal data from children under the age of 13 (U.S.) or 16 (EU) without verified parental consent. If such data is collected inadvertently, it will be deleted immediately.

7. Children’s Privacy

8. Data Retention and Deletion

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Users can request account deletion, after which all data will be permanently deleted within 60 days in accordance with our Data Deletion Policy.

8. Data Retention and Deletion

9. Security Measures

We implement robust technical and organizational measures to protect personal data from unauthorized access, use, or disclosure. These measures include:

Data encryption: At rest and in transit.
Access control: Only authorized personnel have access to sensitive data.
Security audits: Regular internal audits to ensure compliance with security policies.
Breach notification: In case of a data breach, affected users will be notified as required by GDPR (Article 33) and local laws.

9. Security Measures

We implement robust technical and organizational measures to protect personal data from unauthorized access, use, or disclosure. These measures include:

Data encryption: At rest and in transit.
Access control: Only authorized personnel have access to sensitive data.
Security audits: Regular internal audits to ensure compliance with security policies.
Breach notification: In case of a data breach, affected users will be notified as required by GDPR (Article 33) and local laws.

10. Cookies and Tracking Technologies

We use cookies to enhance user experience and for analytics purposes. Our use of cookies complies with the ePrivacy Directive and other applicable laws.

Types of Cookies:

●Essential Cookies: Necessary for the basic functionality of the website.
●Analytics Cookies: Used to collect data on user behavior to improve services.
●Marketing Cookies: Used for targeted advertising.

●Cookie Preferences: Users can manage their cookie preferences via browser settings or opt-out tools like Google Analytics Opt-Out.

10. Cookies and Tracking Technologies

We use cookies to enhance user experience and for analytics purposes. Our use of cookies complies with the ePrivacy Directive and other applicable laws.

Types of Cookies:

●Essential Cookies: Necessary for the basic functionality of the website.
●Analytics Cookies: Used to collect data on user behavior to improve services.
●Marketing Cookies: Used for targeted advertising.

●Cookie Preferences: Users can manage their cookie preferences via browser settings or opt-out tools like Google Analytics Opt-Out.

11. Changes to This Policy

We may update this policy as required by changes in law or internal practices. Any changes will be communicated to users through email or in-app notifications at least 30 days before the changes take effect. Continued use of the service after the notice period constitutes acceptance of the revised policy.

11. Changes to This Policy

12. Contact Information

For inquiries about this policy or to exercise your rights, please contact:

Data Protection Officer (DPO)
Email: privacy@jast.fit Address: JAST Fitness Inc., 5 Wellesley St. W, Toronto, ON M4Y 1E8, Canada Effective Date: 2024-04-15
Last Updated: 2024-09-14

12. Contact Information

For inquiries about this policy or to exercise your rights, please contact:

Data Protection Officer (DPO)
Email: privacy@jast.fit Address: JAST Fitness Inc., 5 Wellesley St. W, Toronto, ON M4Y 1E8, Canada Effective Date: 2024-04-15
Last Updated: 2024-09-14

Privacy & Cookies Policy for International Users

Credits & Licenses