Legal Opinion

Simple Technologies

Mr. Frednik Lamar 28.06.2023

Fitbase

New York

Subject: Legal Opinion on the queries and information regarding the preparation of privacy policy
of Fitbase.

Reference: E-mail dated 21.06.2023.

Background

Fitbase, a weight management application based in New York, has sought the assistance of a
Simple Technologies to revamp their existing Privacy Policy. As part of their request, Fitbase has
provided the Privacy Policy of Fitbase, a major competitor in the same industry, to serve as a
reference point for their own policy update.

Fitbase recognizes the importance of protecting the privacy and personal information of its users.
Given the evolving legal landscape and the growing concern regarding data privacy, Fitbase
intends to ensure that their Privacy Policy is in compliance with applicable laws and regulations,
while also meeting the expectations of their users.

They seek guidance on the legal obligations and best practices related to user consent, data access,
rectification, erasure, and data portability. Fitbase wants to ensure that their users have control over
their personal information and are aware of their rights in relation to their data.
 The Simple Technologies’ role is to provide expert advice and draft a comprehensive Privacy
Policy that meets Fitbase's specific needs, addresses any gaps in their existing policy, and aligns
with applicable laws and regulations. The Simple Technology will also provide guidance on
consumer rights related to personal information and outline best practices to ensure compliance
and transparency.

Query No.1

 The querist seeks to know the questions need to be included in the privacy policy to derive
the essential information to be disclosed to the consumers of Smart vision.

Response No.1

It is advised to the Querist to answer the following questions in a detailed and thorough manner so
that it is ensured that the privacy policy is in proper compliance and follows

a) What types of personal information does Fitbase collect from its users? Please provide the
purpose for which this information is collected.
b) How does Fitbase collect personal information? Are there any automated means of data
collection, such as cookies or tracking technologies, employed by the application?
c) What is the purpose of collecting personal information from users? How does Fitbase use
this information to provide its weight management services?
d) Does Fitbase share personal information with third parties? If so, what types of third parties
are involved and for what purposes? Are there any data sharing agreements or partnerships
in place?
e) How long does Fitbase retain users' personal information? Are there any specific data
retention policies or timeframes in place?
 f) What security measures does Fitbase have in place to protect users' personal information
from unauthorized access, use, or disclosure? Are there any industry standards that Fitbase
follows regarding such practices?
g) Does Fitbase transfer personal information to other countries or jurisdictions? If yes, what
measures are taken to ensure that the transferred data is adequately protected in accordance
with applicable privacy laws?
h) What rights do users have regarding their personal information collected by Fitbase?
Specifically, what options do users have to access, rectify, delete, or export their data? How
can users exercise these rights

Query No.2

The querist seeks to checklist of the information that is required by the Fitbase for compliance of
the required norms and regulations of GDPR in the privacy policy.

Response no.2

The checklist of the information that is required to be disclose by the Fitbase for compliance of
the required norms and regulations of GDPR are as follows:

 Transparency: Data controllers must provide concise, transparent, and easily accessible
information to data subjects about the processing of their personal data.

 Categories of Personal Data: Specify the categories of personal data being processed, such as
name, contact information, or financial data.

 Information: When collecting personal data directly from data subjects, the controller must
provide information such as the identity of the controller, the purposes of processing, the
recipients of data, and the data subject's rights.
 Privacy Notices: Controllers should provide privacy notices that are clear, concise, and written
in plain language. The notices must include the necessary information related to the processing
of personal data.

 Timing of Information: The controller should provide the information at the time the data is
collected or within a reasonable period, depending on whether the data was obtained from the
data subject directly or from another source.

 Data Subject Rights: Inform data subjects about their rights, including the right to access, rectify,
erase, restrict processing, data portability, and object to processing. Explain how they can exercise
these rights.

 Exemptions and Restrictions: The controller should explain any exemptions or restrictions on
data subject rights, as permitted by law.

 Communication of Information: The information should be provided in a concise, transparent,

intelligible, and easily accessible form, using clear and plain language.

 Free of Charge: The provision of information should generally be free of charge. However, a
reasonable fee may be charged for excessive or repetitive requests.

 Method of Communication: The controller should provide the information in writing, or by

other means, including electronically when appropriate, based on the data subject's preference.
 Verification of Identity: Controllers may request additional information necessary to verify the
identity of the data subject, especially when responding to access requests.

 Record Keeping: Controllers must maintain a record of any requests and actions taken in
response to data subjects' requests, including the reasons for any refusal.

 Identity of the Controller: Clearly state the identity and contact details of the controller, as well
as the contact details of the Data Protection Officer (DPO), if applicable.

 Purposes of Processing: Explain the purposes for which the personal data is being processed,
including any legitimate interests pursued by the controller or third parties.

 Legal Basis: Specify the legal basis for the processing, such as consent, contractual necessity,
compliance with legal obligations, protection of vital interests, performance of a task carried out
in the public interest or in the exercise of official authority, or legitimate interests.

 Recipients of Data: Provide information about any recipients or categories of recipients to whom
the personal data may be disclosed, including any transfers of data to third countries or
international organizations.

 Automated Decision-Making and Profiling: If the controller uses automated decision-making

or profiling, including profiling for marketing purposes, explain the logic involved and the
potential consequences for the data subject.

 Source of Data: If the personal data was not obtained directly from the data subject, provide
information about the source of the data.
 Data Protection Measures: Describe the measures taken to ensure the security and
confidentiality of the personal data.

 Complaints: Inform data subjects about their right to lodge a complaint with a supervisory
authority and provide the contact details of the relevant authority.

 Voluntary or Mandatory Provision: Indicate whether the provision of personal data is a

statutory or contractual requirement, or if it is voluntary, as well as the consequences of not
providing the data.

 Updates and Changes: State whether the information provided is subject to change and, if so,
how data subjects will be informed about such changes.

Exceptions: In certain circumstances, the controller may refuse to act on a data subject's request,
provided that the refusal is justified and in accordance with the applicable legal requirements.

Conclusion

Based on the provided scenario, it is clear that Fitbase, a weight management application based in
New York, is seeking to revamp their Privacy Policy. As a legal freelancer, I have reviewed the
Privacy Policy of their major competitor, Fitbase, in order to draft a revised Privacy Policy for
Fitbase. In addition to this task, Fitbase has also raised queries regarding the rights of consumers
and the collection and processing of personal information.
In order to ensure compliance with applicable laws and regulations, it is crucial for Fitbase to
prioritize the protection of user privacy and the proper handling of personal information. The
revised Privacy Policy should aim to be transparent, concise, and easily understandable for users.

Regarding the rights of consumers, Fitbase should incorporate provisions that align with relevant
privacy laws, such as the General Data Protection Regulation (GDPR) if it collects personal data
from individuals in the European Union. These provisions should include:

1. Right to access: Users should have the right to request access to the personal information
collected about them by Fitbase and obtain information about how it is being processed.

2. Right to rectification: Users should have the right to request the correction or amendment of
any inaccurate or incomplete personal information held by Fitbase.

3. Right to erasure: Users should have the right to request the deletion of their personal
information under certain circumstances, such as when the data is no longer necessary for the
purposes for which it was collected or if the user withdraws consent.

4. Right to object: Users should have the right to object to the processing of their personal
information, including direct marketing activities.

5. Right to data portability: Users should have the right to receive their personal information in
a structured, commonly used, and machine-readable format, and have the right to transmit that
data to another controller if technically feasible.
6. Right to withdraw consent: Users should have the right to withdraw their consent for the
collection and processing of their personal information at any time.

Furthermore, Fitbase should clearly outline the types of personal information it collects, the
purposes for which it collects and processes such information, and any third parties with whom
the data may be shared. It should also provide details on the security measures implemented to
protect the personal information.

In conclusion, it is imperative for Fitbase to revamp its Privacy Policy to ensure compliance with
applicable privacy laws and regulations and to provide users with a clear understanding of how
their personal information is collected, used, and protected. By incorporating provisions that
respect consumer rights and privacy, Fitbase can foster trust and confidence among its users while
maintaining its competitive edge in the weight management application market.

Assumptions:

1. The information provided by Fitbase regarding their current practices, data collection, and
processing is accurate and complete.

2. Fitbase operates primarily in compliance with relevant privacy laws and regulations, including
but not limited to the laws of the United States and the European Union if applicable.

3. Fitbase will collaborate and provide necessary information and feedback throughout the process
of drafting and revising their Privacy Policy.

Disclaimer:

1. This legal opinion is based on the information provided by Fitbase and the Privacy Policy of
their competitor, Fitbase. It does not constitute legal advice specific to Fitbase's unique
circumstances, and it should not be relied upon as a substitute for obtaining professional legal
counsel.
2. Laws and regulations related to privacy and data protection are subject to change, and it is the
responsibility of Fitbase to remain up to date with any updates or amendments that may impact
their obligations.

3. The legal opinion provided does not cover any other legal issues that may be relevant to Fitbase's
operations, such as intellectual property, contracts, or employment matters. Separate legal advice
should be sought for such matters.

4. The freelancer providing this opinion assumes no liability for any actions taken or not taken by
Fitbase based on this opinion or any consequences thereof. Fitbase should exercise their own
judgment and seek legal guidance as needed.
 Privacy Policy
Last Updated: 21.09.2023

1. Introduc�on

At Fitbase, we are committed to protecting your privacy and ensuring the security of your
personal information. This Privacy Policy outlines how we collect, use, and safeguard your
information when you use our weight management application, Fitbase. By accessing or using
Fitbase, you consent to the practices described in this Privacy Policy.

This policy describes the types of information we may collect from you or that you may provide
when you visit the website [www.Fitbase.com] (our "Website") and our practices for collecting,
using, maintaining, protecting and disclosing that information.

Please read this policy carefully to understand our policies and practices regarding your
information and how we will treat it. If you do not agree with our policies and practices, your
choice is to not use our Website. By accessing or using this Website, you agree to this privacy
policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your
continued use of this Website after we make changes is deemed to be acceptance of those
changes, so please check the policy periodically for updates.

2. Informa�on We Collect

The information we collect depends on how you interact with us, the services you use, and the
choices you make. We collect information about you from different sources and in various ways
when you use our services, including information you provide directly, information collected
automatically, information from third-party data sources, and data we infer or generate from
other data.
Information you provide: When you sign up for or use Fitbase, you share certain information,
such as:

a) Common personal information and identifiers: We collect name, postal address, email
address, telephone number, [ social security number] [ or [OTHER PERSONAL
INFORMATION CATEGORY COLLECTED]/any other identifier by which you may be
contacted online or offline] ("Personal Information"); or any other personal information
required by Fitbase to improve customer services.
b) Demographic data: In some cases, we request that you provide or you may offer age,
gender, marital status, and similar demographic details.
c) Payment information: If you make a purchase or other financial transaction, we collect
credit card numbers, financial account information, and other payment details.
d) Contents and files: We collect the photos, documents, or other files you upload to Fitbase;
and if you send us email messages or communications, we collect and retain those
communications.
e) Location Information:
With your consent, we may collect and process information about your location through
GPS, Wi-Fi, or similar technologies. This information is used to provide location-based
services, such as local fitness classes or nearby healthy food options.

f) Sensitive Personal Information:

i. Account access information: We collect information such as a username or account
number in combination with a password, security or access code, or other credential that
allows access to an account.
ii. Contents of communications: We collect the contents of messages you send in chats and
message boards in our apps.
iii. Health data: We collect and analyze information concerning your health, such as weight,
mental state, sleep and exercise habits, and food intake.
 iv. Sensitive demographic data: We collect information about racial or ethnic origin,
religion, or philosophical beliefs that you may provide or we infer throughout the
program in order to better support you.
g) Technical information collected automatically:
When you use our website or mobile application, certain internet and electronic network
activity information gets created and logged automatically. Here are some of the types of
information we collect:

i. Log data: When you use Fitbase, our servers record information (“log data”), including
information that your browser automatically sends whenever you visit a website, or that
your mobile app automatically sends when you’re using it. This log data includes your IP
address, browser type and settings, and the date and time you used Fitbase.

ii. Geolocation data: Depending on your device and app settings, we collect geolocation
data when you use our apps or online services. For example, we may infer your general
geographic location (such as city, state, and country) based on your IP address.

iii. Cookie data: We and our partners also use cookies, web beacons, mobile analytics and
advertising device IDs, and similar technologies. We and our partners use these
technologies in websites, apps, and online services to collect personal data (such as the
pages you visit, the links you click on, and similar usage information, identifiers, and
device information) when you use our services, including personal data about your online
activities over time and across different websites, apps, or online services. For more
information on our use of cookies, please see our Cookie Policy.

iv. Device information: In addition to log data, we collect information about the device
you’re using Fitbase on, including the type of device, operating system, settings, unique
device identifiers, and crash data.
v. Usage data and customization: When you’re on Fitbase, we use your activity—such as
the foods you typically log— to customize your experience. We also automatically log
your other activity on our websites, apps, and connected products, including the URL of
 the website from which you came to our sites, pages you viewed, how long you spent on
a page, access times, and other details about your use of and actions on our website.

vi. Sensor data: We may also receive data from third party sensors you choose to connect;
for example, you can choose to connect your Apple Watch Health App with Fitbase so we
can receive and help you track your step and exercise data.

[We do not collect personal information automatically, but we may tie this information to
personal information about you that we collect from other sources or you provide to us.]

3. How We Use Your Informa�on

We use the information we collect for the following purposes:

3.1 Providing and Personalizing Services

a) Creating and Managing Your Account: We collect information to create and manage
your account, enabling you to access our services and customize your experience.

b) Personalized Fitness and Nutrition Recommendations: We use the information you

provide to offer personalized fitness and nutrition recommendations tailored to your
specific needs and goals.

c) Tracking Progress and Goals: We utilize the data collected to track your progress and
help you achieve your desired fitness and health goals.
 d) Communication and Support: We use your information to communicate with you,
respond to your inquiries, and provide customer support as needed.

e) Payment Processing and Order Fulfillment: Your information is used to process

payments securely and fulfill any orders you place with us.

3.2 Improving Fitbase

a) Performance and Functionality Analysis: We collect data to analyze and improve the
performance and functionality of Fitbase, ensuring a seamless user experience.

b) Usage Monitoring: We monitor usage patterns and trends to understand how our users
interact with Fitbase and make necessary improvements.

c) Research and Development: We conduct research and development activities to innovate

and create new features and services for Fitbase.

d) Personalization and Optimization: We use your information to personalize and optimize

your user experience, tailoring the content and recommendations to suit your preferences
and needs.

3.3 Marketing and Communications

a) Promotional Materials: With your consent, we may send you promotional materials,
newsletters, and updates to keep you informed about our products, services, and offers.
 b) Service and Policy Notifications: We use your information to notify you about any
changes or updates to our services or policies that may affect you.

c) Surveys and Promotional Activities: We may conduct surveys, contests, or other

promotional activities and use your information to invite your participation and provide
relevant updates.

4. Informa�on Sharing and Disclosure

4.1 Service Providers

We may share your information with trusted third-party service providers who assist us in
delivering our services, such as hosting providers, payment processors, and customer
support teams. These service providers are authorized to use your information solely for
the purpose of providing services to us.

4.2 Legal Compliance

We may disclose your information if required by law, regulation, legal process, or

governmental request. We may also disclose your information to enforce our rights,
protect the safety and security of our users, or investigate fraud or security issues.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of Fitbase, your information may be

transferred to the acquiring entity or third party involved in the transaction. We will notify
you via email or prominent notice on Fitbase of any change in ownership or use of your
personal information.
5. Data Security

We take appropriate measures to safeguard your personal information from unauthorized access,
disclosure, alteration, or destruction. We use industry-standard security technologies and
procedures to protect your data. However, no method of transmission or storage is 100% secure,
and we cannot guarantee the absolute security of your information.

6. Your Choices and Rights

6.1 Account Settings

You can review and update your account information and preferences within Fitbase. You
can also delete your account, but note that some information may be retained as required
by law or for legitimate business purposes.

6.2 Communications Preferences

You have the option to opt out of receiving promotional emails or marketing
communications from Fitbase. You can manage your communication preferences within
your account settings or by following the instructions provided in the emails we send.
However, please note that even if you opt out of marketing communications, we may still
send you non-promotional messages, such as those related to your account or important
updates.
 6.3 Do Not Track Signals

Fitbase does not currently respond to "Do Not Track" signals from web browsers or other
mechanisms that provide a method to opt out of the collection of information across
websites or online services.

6.4 Rights of Access, Rectification, and Erasure

You have the right to access, correct, or delete your personal information held by Fitbase.
You can exercise these rights by contacting us using the contact information provided at
the end of this Privacy Policy. We will respond to your request in accordance with
applicable data protection laws.

7. Third-Party Links and Services

Fitbase may contain links to third-party websites, services, or applications that are not operated
or controlled by us. This Privacy Policy applies only to Fitbase, and we are not responsible for
the privacy practices of third parties. We encourage you to review the privacy policies of any
third-party websites or services that you visit.

8. How long we keep your informa�on

We keep your information only so long as we need it to provide our services to you, fulfill the
purposes described in this policy, comply with our legal obligations, resolve disputes, and
enforce our agreements. Actual retention periods can vary significantly based on your
expectations and consent, the sensitivity of the data, the availability of automated controls, and
our legal or contractual obligations.
9. Children's Privacy

Fitbase is not intended for use by individuals under the age of 18 (the following age may vary
according to the minimum age to enter legal contract in different jurisdictions). We do not
knowingly collect personal information from children. If you are a parent or guardian and
believe that your child has provided personal information to us, please contact us using the
contact information provided below, and we will take steps to remove their information from our
systems.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal
requirements. Any updates will be posted on Fitbase, and the "Last Updated" date at the top of
this policy will be revised. We encourage you to review this Privacy Policy periodically to stay
informed about how we collect, use, and protect your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of
your personal information, please contact us at:

Fitbase Privacy Office

Address: ______________.

Email: support@fitbase.com

Phone: ______________.
Thank you for trusting Fitbase with your personal information. We are committed to protecting
your privacy and providing you with a safe and secure experience.