Privacy Policy

1. Basic Information About Data Controller

2. What Data Do We Collect?

When you order a personalized meal plan from us, we collect the following categories of data:

2.1. Mandatory Personal Data

• Full name
• Email address (for meal plan delivery and order confirmation)
• Phone number (if needed)

2.2. Health and Physical Data Needed for Meal Plan Creation

• Age, height, weight
• Health status (allergies, intolerances, chronic diseases if relevant to nutrition)
• Dietary preferences (vegetarian, vegan, etc.)
• Goals (weight loss, muscle gain, weight maintenance, etc.)
• Physical activity level

2.3. Transaction Data

• When entering payment card information, confidential information is transmitted over the public network in a protected (encrypted) form. At no point is payment card data accessible to our system.

2.4. Technical Data (Automatically Collected)

• IP address
• Device and browser type
• Operating system
• Pages you visit on our site
• Time spent on site

3. Why Do We Collect Your Data? (Legal Basis for Processing)

We process your personal data based on the following legal grounds:

Processing Purpose	Legal Basis
Creating personalized meal plan	Contract performance (Article 12 of Personal Data Protection Act)
Meal plan delivery via email	Contract performance
Communication regarding order	Contract performance
Payment processing	Contract performance
Archiving transaction evidence	Legal obligation (Consumer Protection Act)
Improving user experience	Legitimate interest (Article 13 of Personal Data Protection Act)
Website analytics (Google Analytics)	Your consent via cookies
Showing relevant ads (Google Ads, Facebook Pixel)	Your consent via cookies

4. How Do We Use Your Data?

We use your data exclusively for the following purposes:

1. Creating personalized meal plan based on your physical characteristics, health status and goals
2. Meal plan delivery via email to the address you provided
3. Order and payment confirmation
4. Communication related to your order (technical questions, clarifications, complaints)
5. Improving quality of our services and user experience on the site
6. Website performance analysis via Google Analytics
7. Fulfilling legal obligations (archiving transaction evidence)

5. Cookies

Our site uses cookies to improve your website experience.

5.1. What are Cookies?

Cookies are small text files stored on your device when you visit a website. They enable the site to "remember" your activities and settings.

5.2. What Cookies Do We Use?

Cookie Type	Purpose	Duration
Essential Cookies	Enable basic site functionality (session, cart, security)	Session / Up to 1 year
Analytics Cookies (Google Analytics)	Collect anonymous statistics about site usage (visitor count, popular pages, etc.)	Up to 2 years
Marketing Cookies (Google Ads, Facebook Pixel)	Enable showing relevant ads and tracking advertising effectiveness	Up to 1 year

5.3. How to Manage Cookies?

You can control or delete cookies according to your preferences. Most internet browsers automatically accept cookies, but you can change your browser settings to refuse cookies or warn you when a cookie is being sent to your device.

6. With Whom Do We Share Your Data?

We do not sell, rent or exchange your personal data with third parties for marketing purposes. We share data only with trusted partners who help us provide services:

6.1. Payment Service Providers

• OTP Bank Serbia a.d. Novi Sad - for processing payment card payments
• Note: Payment card data is transferred directly to the bank and never passes through our system

6.2. Analytics Services

• Google Analytics - for website usage analysis (anonymous statistical data)
• Google LLC - more info at: https://policies.google.com/privacy

6.3. Advertising Services

• Google Ads - for showing relevant ads
• Facebook Pixel (Meta) - for conversion tracking and showing personalized ads
• Meta Platforms Ireland Limited - more info at: https://www.facebook.com/privacy/explanation

6.4. Government Authorities

We may share your data with competent government authorities only if legally required (e.g., based on court order).

7. How Long Do We Keep Your Data?

Data Type	Retention Period	Reason
Order and transaction data	2 years	Legal obligation (complaints, tax documentation)
Email correspondence	2 years	Proof of service delivery and communication
Analytics data (Google Analytics)	Up to 26 months	Website performance analysis
Marketing cookies	Up to 12 months	Personalized advertising

After expiration of stated periods, your personal data will be permanently deleted or anonymized in a way that can no longer be linked to you.

8. How Do We Protect Your Data?

We take the security of your data that is accessible to our system very seriously. We implement numerous security measures:

• SSL/TLS encryption - All communication between your device and our site is encrypted
• Secure storage - Data is stored on protected servers with restricted access
• Regular security checks - We conduct regular system security checks
• Restricted access - Only authorized personnel has access to personal data

9. Your Rights Regarding Personal Data

In accordance with the Personal Data Protection Act ("Official Gazette of RS", no. 87/2018) and GDPR regulation, you have the following rights:

9.1. Right of Access

You have the right to request confirmation whether we process your personal data and to obtain a copy of that data.

9.2. Right to Rectification

You have the right to request correction of inaccurate or updating of incomplete personal data.

9.3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in the following cases:

• Data is no longer necessary for purposes for which it was collected
• You withdraw your consent (if processing is based on consent)
• Data is unlawfully processed

Note: We cannot delete data if we are legally required to keep it (e.g., transaction data must be kept for 2 years).

9.4. Right to Restriction of Processing

You have the right to request temporary restriction of processing your data in certain situations.

9.5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format.

9.6. Right to Object

You have the right to object to the processing of your personal data in certain situations.

9.7. Right to Withdraw Consent

If you have given consent for data processing (e.g., for marketing cookies), you can withdraw it at any time.

9.8. Right to Lodge a Complaint

You have the right to file a complaint with the Commissioner for Information of Public Importance and Personal Data Protection:

10. How to Exercise Your Rights?

If you wish to exercise any of the above rights, contact us:

We will respond to your request within 30 days of receipt. In more complex cases, the deadline may be extended by an additional 60 days, about which you will be informed in a timely manner.

11. Children and Minors

Our services are not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected data from a minor, we will immediately take steps to delete that data.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us so we can take appropriate measures.

12. Changes to Privacy Policy

We reserve the right to occasionally update this privacy policy to reflect changes in our practices, technologies or legal obligations.

You will be notified of all significant changes in one of the following ways:

• By posting a notice in a prominent place on our site
• By sending email notification (if we have your email address)

We recommend that you periodically review this page to stay informed about how we protect your data.

13. Contact Information

If you have any questions, concerns or requests regarding this privacy policy or the way we process your personal data, contact us: